Cryptocurrency exchanges are the infrastructure used to transfer and exchange – as the name suggests – cryptocurrency. From as early as 2010 with the founding of Mt. Gox, crypto exchanges have been targets for cyber criminals and malicious nation state actors due to the lucrative prizes open to them from gaining unauthorised access.
On close analysis of many of the scams and exploits focusing on cryptocurrencies, it is clear that many of them have a long history of use.
Cyjax has compiled for the first time a detailed analysis of and understanding of the cryptocurrency industry attack surface, and the findings have been published in a new White Paper.
Areas covered include details of several well-known incidents involving the theft of cryptocurrencies carried out using “ice-phishing” techniques, such as in the attack on OpenSea in February 2022. Here, malicious actors took advantage of the company’s decision to migrate their listings to a new smart contract, and sent out a cloned version of the migration email but with modified links: this was designed to lure victims into signing a transaction migrating their Non-Fungible Tokens (NFTs) from their wallet to one operated by the attackers. In total, over $2 million worth of NFTs was stolen.
Design and infrastructure flaws are also covered in the White Paper. When cryptocurrencies are invented, there is a design process behind them, as with any software product. Elements of this design process can be vulnerable to attacks. These can include the code behind the blockchain, the design of the blockchain or the hardware it relies on due to the distributed nature of the chain.
Attacking the blockchain network itself can result in devastating attacks taking place. Exploiting this network can allow for the integrity of the entire blockchain to be compromised: the threat actors will have opportunities both to gain directly from the possible compromise, and to cause disruption and the potential collapse of the cryptocurrency.
One example here concerns the recent attack on a DeFi platform called Wormhole. The threat actor found a bug within the platform’s code where the site was not properly validating input accounts, and so was able to spoof guardian signatures. The attack resulted in the theft of $326 million dollars.
Binance, the largest global exchange, suffered an attack in 2019 where over $40 million worth of cryptocurrency was lost. Hackers stole API keys, 2FA codes and other information as part of the attack.
In early 2022 crypto.com revealed that a flaw on its platform resulted in over $34 million of cryptocurrencies being withdrawn without authorisation. This occurred after there was a bug in the company’s 2FA that enabled the attacker to approve transactions without the need to use it.
Malware is one of the most common tools within a malicious actor’s arsenal. As the popularity of crypto wallets to manage the customer’s crypto assets has grown, threat actors have developed specific capabilities for stealing keys and passphrases to gain access, often seeking out quick and simple wins, dropping malware into a compromised system which scans for crypto wallets and executes simple exploit code.
In 2022 an infostealer known as Arkei was discovered specifically targeting cryptocurrency wallets alongside other information such as passwords, cookies and tokens.
Cryptojacking malware is a technique that enables threat actors to gain instant profits by compromising other machines to use as mining resources. This attack hijacks and can spawn more mining systems leveraging cloud-based infrastructure, making the victim pay to mine crypto and bringing in large profits to the threat actor’s wallets.
Other issues highlighted in the White Paper include cryptocurrency scams and dusting attacks.
The paper concludes with a list of key recommendations for organisations working in the digital currency space. These ten steps are high-level objectives which an organisation should ideally have in place before activity within the cryptocurrency eco-system is considered.
- Adoption of, certification and adherence to a cyber-security framework such as ISO 27001 (EU/UK) or NIST (USA)
- A Software Development Life Cycle (SDLC) focusing on security and contemporary threat models
- Convergence of Anti-Money Laundering (AML) investigation capabilities with cyber defence teams; coordination and cross communication of activities
- More robust and rigorous cyber defence activities and controls
- An aggressive “scam” awareness and best practice security advice campaign for both customers of the services and the organisation’s end-user
- Terms & Conditions modified to indemnify and reduce potential litigation against the organisation and company officers
- An appropriately large amount of and wide-ranging insurance to cover cyber, company director, and business interruption
- Awareness of significant changes in legislation and regulation of cryptocurrencies and Know Your Customer (KYC) requirements
- Adherence to the General Data Protection Regulation (GDPR) and various US privacy regulations and cyber security requirements such as the New York Department of Financial Services (NYDFS) and the California Consumer Privacy Act (CCPA) (if applicable)
- A cyber threat intelligence function to identify and anticipate threat actor activity in both the crypto and the general financial services industries
Our White Paper can be accessed here.