As the cryptocurrency market and the related trend of ICOs continue to be dynamic and profitable, it was only a matter of time before the space became a target for hackers.
While the distributed ledger technology that underpins cryptocurrencies is often touted as tamper-proof, the wider system that has built up around it has a number of key vulnerabilities.
The new Group-IB Hi-Tech Crime Trends report highlights the main ways that hackers have been targeting the space over the last two years.
The problem is not an insignificant one, with a number of high-profile hacks and thefts occurring. But, there is also a constant threat to both smaller companies and investors. According to Chainanalysis, thieves have got their hands on around 10% of all the money invested in ICOs using Ethereum this year.
The report notes that:
“The number of threats to cryptocurrency and blockchain projects tracked by Group-IB’s Threat Intelligence system has risen along with the Bitcoin exchange rate.”
So, what are the main areas of vulnerability?
Source code vulnerabilities
Source code vulnerabilities have led to the two of the largest and most high-profile attacks in recent history.
In June 2016, an error in the code of The DAO facilitated an attack that caused the loss of over $60 million USD. The vulnerability was called ‘recursive invocation’ which essentially allowed unlimited numbers of withdrawals of DAO funds and transfers to a subsidiary.
The community eventually managed to take control of the situation and all DAO tokens were frozen, which managed to somewhat mitigate the damage of the attack.
July 2017 a vulnerability in smart contract multisig Parity Wallet code allowed a hacker to withdraw ETH 153,000. This time, developers detected the attack early and were able to halt it and return the stolen funds.
Secret keys are an important source of weakness within the ecosystem, but not really for technological reason. The importance comes from the key’s central role of confirming transactions (therefore making them one of the most valuable asset for a crypto service), and that fact that their loss or theft essentially means the forfeiting of control of the account in question.
The methodology here is often very similar to that used to gain control of a critical system inside a bank and involves gaining access to the company’s local network.
Some examples of this kind of attack:
August 2016 – cryptocurrency exchange Bitfinex was compromised and lost 120,000 bitcoins. The accounts were protected by multisig tech where two of the three keys were held by the exchange. The theft indicates that hackers gained control of Bitfinex’s corporate infrastructure.
June 2017 – the Bithumb exchange has hacked. The computer of a single employee was compromised, which led to access information of over 30,000 users being leaked.
July 2017 – CoinDash had its ICO hacked where the site address was substituted for another Ethereum wallet, meaning investors were paying ETH directly to the hackers.
The report provides two examples of high-level domain hacking attacks from the last two years:
October 2016 – the DNS data of web-wallets Blockchain.info was changed and CloudFlare was substituted by another hosting-provider which meant that people visiting the website were rerouted to different servers where they became vulnerable to a range of attacks.
June 2017 – criminals gained control of the Classic Ether wallet where the website settings were altered so that users were redirected to servers that then copied private keys and used them to steal funds.
Phishing attacks on ICOs have increased as the practice has gained popularity. Here, new projects launching an ICO are targeted with phishing pages that ask people to hand over their private keys. Hackers then use the keys to withdraw user funds.