Through Ryan Berg, Data Scientist, Alert Logic
the global cryptocurrency market value reached $ 2.37 trillion, exceeding Apple’s $ 2.33 trillion market capitalization. Big banks and governments are starting to dip their toes in the crypto water, with many talks and exploratory efforts underway. For many, cryptocurrencies are still seen as a tool used by criminals as the primary currency of the dark web for ransomware payments and the buying and selling of illicit goods and services. While some of these claims may be true, there is more to cryptocurrency than for criminal use. In fact, 2021 is the year that Bitcoin even became a national currency. If there is anything to be learned from history, it is that criminal activity and fraud always follow money. The purpose of this article is not to argue for or against the use of cryptocurrency, but as the crypto industry is currently formed, organizations and consumers alike should be aware of the risks.
How many times have you forgotten your password? Forgetting your password has a whole new meaning in cryptocurrency. This risk is not simply forgetting your password, even for those who think that this will not happen to them because they are using a password vault. While your password vault has no known security weaknesses, malware increasingly targets the exchange and theft of credentials – your password can be stolen just by being infected. This type of attack is of course not limited to the cryptocurrencies themselves, but many crypto exchanges don’t offer the same level of fraud protection that traditional banks often offer.
Anyone can create a cryptocurrency – it just takes a bit of programming. As a result, many crooks are taking advantage of the overall rise in popularity and the real ‘fear of missing out’ (especially those who were not the original investors in Bitcoin). A perfect example of this in 2021 was the Squid Game Token. These types of scams are sadly too easy for people to create and take advantage of as they rush to move on to the next big thing in crypto.
Another popular scam this year has been the use of ICOs to raise funds outside of the traditional funding systems available. While some may view this as mere fools parting with their money, it just goes to show that the crypto market is still the wild, the wild, the western and if it sounds too good to be true, it is. probably the case.
As the widespread adoption of crypto continues to increase, the concentration of bad actors, be they nation states, malicious hackers or fraudulent entities, will also increase. One of the challenges inherent in cryptocurrencies is the lack of standardization and – dare I say it? – regulation. Not all cryptocurrencies are created equal, and exchanges are no different. An example from this year was the two billion dollars stolen from the fraudulent Thordex exchange. Unfortunately, it’s not just fraudulent exchanges to worry about. The mere fact that cryptocurrency is entirely software-driven means that the entire cryptocurrency ecosystem is threatened by the same type of vulnerabilities that have plagued the software industry as a whole. Bitmart recently suffered a major breach in which around US $ 150 million was stolen. Poly Networks was hit by an attack in which approximately US $ 600 million was stolen, and while much of that was eventually returned, it was not to be expected.
Cryptocurrency has even led to the development of a new class of malware: crypto-miners. These malicious applications steal CPU cycles to mine various cryptocurrencies using the resources of the targeted machine as a source of passive income. One only needs to look at the major vulnerability of Log4j to get an idea of the massive exposure this creates.
So what can we anticipate for 2022 and beyond? Unfortunately, I expect that we will continue to see an increase in criminal activity across the cryptocurrency industry. As the adoption of cryptocurrency increases and becomes part of more commercial activities, the criminal activity that targets this complex supply chain will also increase. Cryptocurrency may be here to stay for the foreseeable future, and while some of the risks are shared with many of our traditional monetary systems, cryptocurrency in its current form introduces additional risks that everyone should pay attention to. before jumping into the pool with both feet.
For those who decide to participate in the cryptocurrency market, always read the fine print, fully understand the risks involved, and never invest more than what you are willing to lose. As this continues to be an attack of choice for malware authors, it is critical that organizations maintain visibility into how their IT resources are being used and who / what they communicate with to ensure that activities of the malicious cryptocurrency mining does not take place.