Crypto-industry hacking: top cases and types of attacks
Blockchain stands as a secure and decentralized technology. However, the massive spread of centralized crypto exchanges, marketplaces, and custodial digital wallets gives hackers ways to try to steal cryptocurrency by attacking less secure platforms. Our article explains how hackers work and what to watch out for.
Analysts point out that the blockchain industry has already lost a total of $13.6 billion between 2012 and 2020. Cybercriminals keep attacking, targeting both single crypto projects and entire exchanges where key altcoins are traded. In 2019, the most common hacker attacks involved cryptocurrency platforms, allowing scammers to steal tens of millions of dollars to their accounts. In 2020, there was a trend of DeFi projects being hacked, allowing attackers to appropriate up to $100 million in total for all attacks.
Who gets attacked by hackers: the most notorious hacking cases
Since 2016, a year when the cryptocurrency industry boomed, cybercrime cases have increased rapidly. Experts report that the rate of cybercrime increases by an average of 300% each year. At the same time, hacking particularly hits cryptocurrency owners since fraudsters target investments in digital assets. Poor user skills are one of the main reasons behind this. Moreover, there are still no information systems that can provide full protection for centralized platforms.
In late summer 2021, hackers stole $600 million worth of tokens from the Poly Network platform. Even though the funds were recovered later, the attack revealed the severe vulnerability of the crypto platform and the costly consequences.
Last December, crypto hackers managed to steal $150 million from the BitMart exchange, partly due to security breaches.
However, fraudsters keep attacking not just marketplaces or cryptocurrency wallets. For example, there are cases when attackers launch ransomware demanding ransom payments in cryptocurrency. This dynamic is driven by the fact that there are no intermediaries in virtual currency transactions, ensuring complete anonymity for cybercriminals.
North Korean hackers managed to attack a number of cryptocurrency exchanges, stealing $400 million in assets. The most frequent targets were investment companies and centralized exchanges, using phishing attacks, coding vulnerabilities, and malware activation to execute the cyberattacks. According to UN reports, the stolen money was used to finance a missile project.
The Lazarus Group, a group of hackers under US sanctions, launched most of the cyberattacks. The fraudsters have previously been accused of hacking into international banks, customer accounts, and the 2014 unauthorized attack on Sony Pictures Entertainment. Investigators uncovered $170 million in stolen assets arising from 49 realized hacking attacks between 2017 and 2021.
2016 saw the largest cryptocurrency theft in the crypto industry, with 119,754 bitcoins stolen from the Bitfinex crypto exchange, which equates to more than $3.6bn at today's exchange rate. The hackers were caught only in February 2022.
The 2019 case involving the CoinBene cryptocurrency exchange remains one of the most mysterious attacks made by hackers in the crypto industry. Users observed a flood of strange, high-volume transactions originating from the platform's hot wallets. What happened next was the transfer of remaining funds to cold wallets. The exchange staff reported that all customer assets were safe, but a month-long rush of technical work and procedures was immediately started.
It was definitively a theft of virtual assets, but the exchange did not comment anymore on the situation. There were rumors that the break-in had caused $100 million in losses.
Types of cryptocurrency hacking attacks
Today, hackers use a variety of methods and approaches to compromise the security of cryptocurrency wallets, marketplaces, and DeFi projects. Among the most notable are the following:
Such an attack occurs when one or more miners control more than 50 percent of the network's processing power. In this case, attackers rent hash power and disrupt the network by interrupting the writing of new blocks, preventing other miners from completing block formation. Monero digital coin has recently reached a similar point - Monero mining pool took 47.5% of all capacities, while investors point to a possible 51% attack.
Well-known cases of hacking by 51% attack:
- August 2016, disruption of Shift and Krypton, which are both Ethereum-based blockchains;
- May 2018, the Bitcoin Gold cryptocurrency hack, where attackers managed to take control of a large amount of hash power and steal around $18 million. In 2020, the attack was repeated;
- August 2021, an attack on the Bitcoin SV network.
The idea behind such an attack is that the attacker makes spending via his wallet and then eliminates the implementation of the outgoing transaction in the blockchain in order to retain ownership for the money spent.
A fake transaction log is sent to the seller, who then confirms the fake transaction. Double-spending can be combined with a 51% attack.
Some of the notable examples of such intrusions include:
- In 2013, a user in the bitcointalk thread spent $9,800 twice via an OKPAY provider. But the transaction wasn't fraudulent, so the transaction sender returned all funds;
- In May 2018, an unknown actor, who had access to a large amount of hash power, attacked Bitcoin Gold with a 51% attack method so as to conduct double-spending transactions, thereby stealing $17.5 million;
- In June 2018, ZenCash cryptocurrency faced a 51%+ double-spending attack combination.
Such an attack method involves the hacker gaining control of multiple network nodes. Due to the system's decentralization, no one is aware that such a power distribution is taking place, undermining the peer-to-peer network's reputation by gaining one user a large-scale influence.
A prominent example of an attack is the case of the Monero cryptocurrency, where a hacker launched multiple computer nodes to keep the blockchain running and wanted to compromise user privacy by recording IP addresses and calculating the associated transactions.
Attack containment blocking (selfish mining attack)
The idea is that the miner intentionally fails to send found blocks to the pool, thereby reducing the system's profitability. Such an attack lasts for a long time, and its purpose is to bankrupt the pool completely.
It is often done by unscrupulous teams who own other mining pools. By bankrupting other pools, they increase their chances of getting rewards.
It is a new type of hacker malicious activity that involves sending the smallest amounts of cryptocurrency to owners' wallets. The attack does not aim to steal funds, but instead focuses on identifying cryptocurrency wallet owners in order to breach anonymity and privacy.
Subscribe to our Telegram channel for the most relevant, interesting, and informative news from the crypto industry.