Cybercrime is a problem; there’s no sugarcoating the truth, but when it comes to cryptocurrency, it appears this crime is occurring on unprecedented levels. According to a new report released by Moscow-based cybersecurity firm Group-IB, nearly $900 million has been stolen from digital currency exchanges by hackers over the last two years.
In addition, investors can likely expect this number to grow in 2019, as professional hackings groups in both Russia and North Korea such as Cobalt, Silence, Money Taker and Lazarus are specifically targeting digital currency platforms and initial coin offerings (ICOs). The report states:
“In 2019, cryptocurrency exchanges will be a new target for the most aggressive hacker groups usually attacking banks. The number of targeted attacks on crypto exchanges will rise.”
The Two Biggest Crypto Hacks
Mt. Gox took place in 2014. At the time, the company was the world’s biggest bitcoin exchange, but from one night to the next, roughly $400 million in BTC disappeared. To this day, answers are still not entirely clear on what occurred, though the process of reimbursing affected customers has begun. The scruples of the company’s chief executive officer Mark Karpeles have been repeatedly called into question, and Karpeles even served time in a Japanese jail. It can also be argued that many of the modern-day regulations we see in the crypto space stem from Mt. Gox.
However, things got worse four years later when Coincheck – one of Japan’s biggest digital exchanges – was the victim of a hack that saw over half-a-million dollars in cryptocurrency disappear. At the time, evidence emerged suggesting that Coincheck was not implementing cold storage tactics to keep tokens safe, and as a result, the country’s Financial Services Agency (FSA) began taking steps towards regulating the industry and ensuring Japan never suffered another irreparable embarrassment.
The organization began sending warnings to various exchanges that didn’t meet proper protocols or agency standards. Those that didn’t comply had only a limited amount of time to fix their operations, and if they failed to do so, they’d be shut down.
One of the biggest problems with cryptocurrency hacks as that stolen funds are often gone for good unless the hackers choose to voluntarily return them, which is rare. Through cryptocurrency transactions, once funds are moved, they are moved permanently unless the person on the receiving end decides to send them to a different address.
In its report, Group-IB shows which organizations and projects have been the subjects of such hacks. Interestingly, most of the organizations in question are headquartered in South Korea, including Bithumb, YouBit and Yapizon. All three were hacked in February of 2017, for example, and each lost more than $5 million in BTC each.
Both Bithumb and YouBit were later hacked again, YouBit in December 2017 and Bithumb in June 2018. This time, the attacks and losses were even bigger, with Bithumb losing more than $30 million in BTC during the second round. Other South Korea-based victims were Coinis and Coinrail, which lost a reported $40 million in BTC last June.
Funds Stolen from ICOs
During the months monitored (early 2017 through September of this year), the report shows that approximately ten percent of the stolen funds came from ICO projects. Group-IB suggests that more than half of these funds were linked to phishing attacks, though it’s unclear if crypto funds were the hackers’ true targets. Instead, the report suggests that the criminals may have also been after investors’ identities for future blackmail.
The authors write:
“Attacks on ICOs will remain a threat for every project potentially able to attract investors.”