How Crypto Exchanges Lost Over $882 Million In Two Years

"Banks should reconsider their approach to the system of protection against cyberattacks: the defensive strategy has already exhausted itself. It's time to become a hunter, not a target for attacks”, — Ilya SACHKOV, CEO and founder of Group-IB, said at CyberCrimeCon 2018. According to this company, today the main danger comes from nation-state hackers. The TOP 3 countries involved in cyberattacks include China, North Korea and Iran. The goal of nation-state cybercriminals is sabotage and spying. Energy, nuclear, commerce and military infrastructure are under threat. The Asia-Pacific region has remained the main battlefield for the past year. There were more hacker groups registered in that region than in Europe and the USA. Group-IB says that the new trend of spying is hacking of officials personal devices.

Nevertheless, at the international level, phishers are not interested in the financial sector, but in cloud storage. The TOP 3 phishing sites include the United States, France and Germany. According to the Group-IB report, 73% of all phishing resources fall into the following three categories: cloud storage (28%), financial (26%), and online services (19%).

The cryptocurrency sphere has become the main target for hackers in recent years. For 2017 and 2018, the phishers stole about 56% of the funds from the ICO fees. 14 crypto-exchanges also suffered (the total damage is estimated at more than $882 million). Some major attacks are attributed to hackers from the North Korean group Lazarus. Moreover, the cryptocurrency exchanges can also suffer from Silence, MoneyTaker and Cobalt. The main tool will still be targeted phishing.

One more hacking weapon that has been detrimental to cryptosphere in 2017-2018 was cryptojacking (a hidden mining). This kind of mining became possible due to Coinhive, designed for hidden mining, and seven similar programs. Group-IB experts predict that the largest miners will be attacked by nation-state hackers. The danger is that cybercriminals with proper skills will be able to take control over 51% of the capacity for mining and obey the management of virtual currency. In the first half of this year, the total amount of financial damage already done to miners ranges from $0.55 million to $18 million.

The analysis revealed a new source of menace to information security — side-channel attacks and vulnerabilities of microprocessors of different vendors. The root problem is that software updates cannot just close the “gaps” quickly, so the hackers take advantage of this weakness.

"No antivirus program will help when the problem is at the firmware level, at the hardware level", — Dmitry VOLKOV, CTO Group–IB, warns. — First, the infection of the equipment is difficult to detect through the existing vulnerability. Secondly, this problem is difficult to fix. The combination of a side-channel attack with a hardware vulnerability (that allows multiple actions to be performed on the operating system) opens up new opportunities to infect devices invisibly."

Ilya SACHKOV thinks that the cornerstone of actions against cybercrime should be the synchronization of legislation at the international level. It is also necessary to strike a blow to the funding channels of hacker groups and to impose a moratorium on the development and sale of digital weapons that can fall into the hands of hackers.

"It is believed that countering cyberattacks is a typical competition of armor and projectile.  That is why the paradigm of protection has changed now: the main idea is to be a few steps ahead of cybercriminals and completely prevent crime”, — SACHKOV said.