Over the past month, criminals have successfully stolen significant amounts of cryptocurrency, making international news headlines on multiple occasions.
Why have we seen a surge in the number of criminals focusing their attention on cryptos?
I believe that there are at least 11 reasons:
1. Many technical novices are now buying cryptocurrency
A short time ago, the vast majority of cryptocurrency holders were relatively technologically sophisticated (on both sides of the law). Skyrocketing cryptocurrency prices, however, have caused large numbers of technologically-unsophisticated folks to invest. Many of these newcomers to cryptocurrencies do not understand how to adequately protect their investments--a fact criminals seek to exploit.
2. Cryptocurrency values have skyrocketed
Investing time and money to create bitcoin-stealing malware obviously makes a lot more sense for criminals when bitcoins are worth over $10,000 a piece than when they were worth $5 each. (Even with the recent drop in values, bitcoins are still worth many hundreds of times more than they were just a few years ago.)
3. Numerous ICOs are occurring--and not all of the teams involved have adequate security expertise
Initial Coin Offerings are happening today on a regular basis, and not all of the teams involved with each ICO have adequate security expertise. This can impact not only the ICO (an example of which we saw last week) but the software development related to the new coins, thereby creating amazing opportunities for cyberthieves--and they know it. In some ways, the arrival of many alt-cryptocurrencies has translated into the perfect storm of a situation where it's both easier than ever before to steal and much less likely than ever before to get caught. One hacker even told me that our current era of often inadequately designed, created, implemented, and protected, yet relatively valuable, alternative cryptocurrencies has ushered in "the golden age of hacking--with so little hacking [sic] you can get so much gold."
4. For the first time in history, malware can directly "print dollars" for criminals
Malware that steals infected computers' processing power to mine cryptocurrency enriches criminals--usually providing them with cryptocurrency untraceable to them or to their crimes--offering criminals a much simpler and more direct method of monetizing their skills than do most other forms of hacking.
5. Newer cryptos offer simpler mining and anonymity than bitcoin
The arrival of cryptocurrencies such as Monero, that are both easier to mine and offer better anonymity than does bitcoin, have incentivized more criminals to invest in creating and spreading mining malware.
6. Cryptocurrency-targeting malware is available for purchase or rental
The availability of cryptocurrency-targeting malware on the Dark Web means that, today, even technologically unsophisticated criminals can jump on the cryptocurrency-stealing bandwagon--something that they could not do just a couple years ago.
7. Malware can steal cryptocurrencies from wallets
While cryptocurrency-stealing malware is not new, it is easier than ever to write such cyberweapons. There are many more forms of digital wallets today--including so-called "hot wallets," which are stored at exchanges and accessed via apps or a Web browser--and not all of them are adequately secure. Furthermore, malware (especially on a laptop) may be able to steal from secure accounts if a user logs in from that device. A simple Web injection attack can literally make a user think that he or she is experiencing a normal wallet session, while, in fact, malware transfers all of the digital money in a user's wallet to a crook, without the user noticing that anything is wrong until it is too late.
8. There are many poorly-protected jackpots
If a criminal breaches a crypto-exchange, he or she can potentially steal an extremely large amount of cryptocurrency in seconds. When, in the not so distant past, there were only a few major exchanges--each with generally decent information-security practices and possessing relatively small amounts of value to criminals compared with many other online sites--other targets were more attractive to criminals. Today, however, there are many cryptocurrency exchanges around the world holding large amounts of valuable cryptocurrency--and they vary wildly in terms of their level of information security expertise. Unlike banks, exchanges typically cannot reverse fraudulent transactions, and even the cryptocurrency creators often cannot do anything (in some cases they may be able to prevent criminals from cashing out stolen tokens, but they usually cannot restore the tokens to their rightful owners). In the last few weeks alone, we have heard of multiple breaches at exchanges--with thefts totaling many hundreds of millions of dollars' worth of crypto. Likewise, the amount of money that criminals can steal from unprotected ICO participants, or via inserting backdoors into poorly-protected apps handling cryptocurrency, is astounding.
9. It is relatively easy for criminals to manipulate some cryptocurrency prices over the short term
Techniques such as stealing specific coins from exchanges, DDoS-ing exchanges, social engineering ICO participants, and other methods, provide criminals with the ability to manipulate cryptocurrency prices in a way that they probably could not dream of manipulating major fiat currencies such as the euro, sterling, or dollar.
10. Cryptocurrencies help rogue regimes circumvent sanctions
Rogue regimes under international sanctions can leverage cryptocurrencies in order to purchase goods that they would otherwise find difficult, if not impossible, to obtain. As a result, especially as the values of major cryptocurrencies rise, various nation/states--that is, parties with significant budgets to develop cyberattacks--have likely directed some portion of their armies of cyberwarriors to join the cryptocurrency stealing and malware-based-mining world.
11. Cryptocurrency theft was not newsworthy until recently
Relatively few people outside of the technology industry were interested in cryptocurrencies until recently, and the theft of cryptocurrency was not a story of interest to the general population. Hence, even when there were thefts, they were not usually reported in the news with the same type of coverage as cryptoheists receive today.
The bottom line: Criminals are, with good reason, increasingly focusing their attention on cryptos. If you invest in cryptocurrency, work for an exchange, or are developing a cryptocurrency or cryptocurrency-related application, make sure you are adequately armed with cybersecurity expertise--your adversaries have it, and are planning to use it against you.