Crypto market capitalization reached nearly $2 trillion in March and there has never been more interest in cryptocurrency globally. But with the influx of investment has come a variety of cybersecurity risks to cryptocurrency wallets and evolving threats to exchanges.
The most common attack methods dominating conversation in cybercriminal forums are reverse proxy phishing, cryptojacking, dusting and clipping, according to a new study from Digital Shadows.
The company’s Photon Research Team scanned the dark web to sort out the most popular techniques used to either steal or mine for cryptocurrency. Many of the widely used tactics, like reverse proxy phishing, revolve around getting past two-factor authentication by effectively snooping in on traffic between two people.
Cryptojacking has long been a popular scam leveraged by cybercriminals, allowing an attacker to use a victim’s device to mine cryptocurrency. Clipping is when attackers manage to steal cryptocurrency while it is being sent during a transaction and crypto dusting involves “deanonymizing your crypto wallet by sending tiny amounts of crypto ‘dust’ to multiple wallets,” the report described.
All of the methods are riffs on brands of cyberattacks used in other contexts outside of cryptocurrency. Chris Morales, CISO for Netenrich said it was “the same game with a different name,” with attackers moving on from financial documents and bank accounts to digital wallets and crypto mining.
“The method is still social engineering with phishing and malware for mining on your hardware. I see names like dusting and I think about credit card skimming,” Morales said. “I see clipping and I think of URL redirecting.”
The study notes that even cybercriminals themselves deal with thefts from their own wallets.
“We’ve recently seen a few forum threads where threat actors complain about having their virtual currency stolen,” the report said.
“One user even held an ‘ask me anything’ session after they lost ‘100k’ due to ‘being phished’ in May 2021. Another wrote, ‘I want my currency back, this is god damn bad,’ after their Etherium was stolen.”
A report from Atlas VPN in January found that cybercriminals stole “nearly $3.78 billion” in cryptocurrency throughout 2020. Other data from Slowmist Hacked listed 122 attacks in 2020, with most targeting cryptocurrency exchanges, Bitcoin wallets, and decentralized apps running on the Ethereum platform.
Coalfire director Karl Steinkamp noted that software wallets will only be as strong as their software and security development processes, as well as how the end user secures it.
“I wouldn’t be surprised to see vulnerabilities in some of the software wallet providers over time that allows these wallets to be accessed before being patched or updated. The same is not generally true for hardware wallets as these tend to be purpose built and would require a more sophisticated skill set to compromise,” Steinkamp added.
James McQuiggan, security awareness advocate at KnowBe4, explained to ZDNet that using phishing to steal cryptocurrency will be the easiest way for cybercriminals to get money from a victim. “Clicking the link in a phishing email is like having a high-tech security system at home and leaving the door open when you click on the link or open the attachment from the phishing email. Unfortunately, if you are not monitoring your crypto wallet or computer, you might overlook the cyber criminal rooting around on your computer,” McQuiggan said. “Cryptojacking is another attack method that cyber criminals utilize to make money without doing a lot of work. But, again, phishing becomes the easiest way for cyber criminals to work their way through a network and find servers to run their cryptomining to generate the currency.”
