This article originally appeared in ThirtyK.com on August 24, 2018.
As cryptocurrency shot up in value last year, it began receiving a lot more attention from institutional investors, the public and another, less welcome group: cybercriminals.
Potential threats lurk everywhere, including your email inbox. Earlier this week, the Federal Trade Commission warned of a new variation of a longstanding email scam in which random users are threatened to have the details of an unspecified affair revealed if bitcoin (BTC) isn’t sent to an anonymous address.
Even the savviest users can be victims of crypto-related cybercrime.
Even if you don’t get a threatening email, it’s possible your computer is silently churning away on the math problems that constitute cryptocurrency mining without your knowledge, thanks to malware.
“Hackers will continue to become ever more sophisticated, combining crypto–mining malware with a growing arsenal of techniques that, for instance, allow the malware to establish itself in a system and proliferate throughout a company’s workstations and servers.”
“Crypto–mining [malware] is the new ransomware but more stealthy, harder to detect, and easier for cybercriminals to walk away with the money,” Chris Olson, CEO of digital risk-management company The Media Trust, tells ThirtyK.
Even the savviest users can be victims of crypto-related cybercrime. It was at the industry conference Consensus 2018 that at least three attendees allegedly had their smartphones hacked, giving criminals access to their accounts and tricking others into sending them crypto. The practice, known as SIM card swapping, cost BitAngels cofounder Michael Terpin $24 million in crypto; he’s now suing AT&T for $224 million.
Follow the Money
The scope of the problem has grown as cryptocurrency values have skyrocketed, according to a series of cybersecurity reports.
One study by Group-IB found the number of compromised cryptocurrency exchange accounts rose 369 percent in 2017. In January of this year, as cryptocurrency prices were still near their December peak, the number of incidents was 689 percent higher than the monthly average last year. One in three victims is from the U.S., according to Group-IB.
In another report, antivirus and security software developer Kapersky Lab estimates cybercriminals obtained more than $2.3 million from users during the second quarter of this year through scams related to initial coin offerings. In some cases, criminals set up fraudulent sites masquerading as legitimate ICOs, which trick users into sending them crypto. Kapersky Lab also said its antiphishing system prevented 58,000 user attempts to go to phishing websites that were posing as cryptocurrency wallets and exchanges.
Other strategies cited by the Kapersky report include fake Twitter or other social media accounts, such as imposters for Ethereum co–founder Vitalik Buterin (who famously coined the term “not giving away ETH” in response to a host of imposters promising big crypto giveaways to victims who sent smaller amounts to untraceable contract addresses).
The largest number of victims, however, may suffer from malware attacks that take over their machines to mine cryptocurrency, and many of these victims have no involvement or interest in cryptocurrency. A recent survey of U.K. businesses by Citrix found nearly one in three had been hit by cryptocurrency–mining malware in the past month. More surprising, 59 percent had found mining malware on systems at some point in the past.
“Most victims will suspect nothing and will only notice a spike in power usage or a slowdown in the functions of their device or machine,” The Media Trust’s Olson says.
The allure of easy money makes crypto mining an attractive form of malware. According to Cisco, miners using malware delivered by email or a fraudulent website to others’ computers could easily make $500 a day, or $182,500 per year, from just 2,000 infected machines.
The inherent insecurity of connected computers is why disconnected hardware wallets were created, allowing users to store cryptocurrency offline where it can’t be reached by hackers. Other actions follow standard online safety practices, such as using two-factor authentication (2FA) when logging into accounts and remaining skeptical of too-good-to-be-true solicitations. Some experts suggest using a virtual phone number, such as those provided by services like Google Voice, in online signups to keep your mobile number from being a visible target to SIM swappers.
Another Citrix study of U.K. businesses using cryptocurrency found them employing a variety of security techniques. Fifty-two percent have used specific backup procedures, 36 percent have used cold/offline storage, 36 percent have moved to multiple cryptocurrency wallets, 35 percent have used a dedicated or hardened computer and 22 percent have employed practices requiring two people to gain access to wallets.
Security companies also help companies fight malware and other potential threats. The Media Trust, for example, monitors large websites in real time to ensure malware doesn’t infect their users. But users must remain vigilant, Olson warns.
“Hackers will continue to become ever more sophisticated, combining crypto–mining malware with a growing arsenal of techniques that, for instance, allow the malware to establish itself in a system and proliferate throughout a company’s workstations and servers,” Olson tells ThirtyK.