Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

Cryptocurrency Theft: $1.1 Billion Stolen in Last 6 Months

Exchanges Remain Prime Target; Easily Available Hacking Tools Aid Attackers
Cryptocurrency Theft: $1.1 Billion Stolen in Last 6 Months

Evidence continues to mount that cryptocurrency-seeking criminals are no longer bent solely on boosting bitcoins or demanding ransomware or other extortion campaign payoffs only in that virtual currency.

See Also: Webinar | Don't Get Hacked in the Cloud: The Essential Guide to CISOcial Distancing

The shift, experts say, is a result of bitcoin's massive price fluctuations over the past year. Last December, the value of a bitcoin reached an all-time high of $19,891. On Tuesday, however, the value of a bitcoin had dropped to about $6,850 - a decline in value of 10 percent from Friday, which may have been triggered by the hack of South Korean exchange Coinrail early on Sunday (see Coinrail Cryptocurrency Exchange in South Korea Hacked).

In response to bitcoin's volatility, many crime gangs have been seeking payment in more stable cryptocurrencies.

"Although bitcoin is still the lead cryptocurrency for legitimate cyber transactions, cybercriminals are moving to alternative and more profitable currencies, such as monero, which is used in 44 percent of all attacks," endpoint security firm Carbon Black says in a new report, which analyzes cryptocurrency attacks that have been seen over the past six months.

"While bitcoin is king, our research revealed that cybercriminals shy away from bitcoin when conducting illicit activity or accepting payments," according to Carbon Black. "The reason for this is simple: Associated fees are too high, transactions take too long to process and criminals fear losing their ill-gotten gains. These cybercriminals appear to prefer monero due to privacy, non-traceability and comparatively low transaction fees."

Source: Carbon Black

Other cryptocurrencies popular with criminals include litecoin, dash, bitcoin cash, ethereum and zcash, according to threat intelligence firm Recorded Future (see Bitcoin's Reign on the Dark Web May Be Waning).

Hackers Refine Their Approach

Carbon Black says it's found at least $1.1 billion in cryptocurrency-related thefts since December 2017.

To steal cryptocurrency, attackers continue to leverage malware, phishing attacks and fake advertising campaigns (see Cryptocurrency Theft: Hackers Repurpose Old Tricks).

But their primary target remains cryptocurrency exchanges, from which a successful heist might result in the theft of cryptocurrency tokens collectively worth tens - if not hundreds - of millions of dollars.

"Of the attacks we identified, cryptocurrency exchanges are the most vulnerable target for cybercriminals, with 27 percent of attacks targeting exchanges directly," according to Carbon Black.

Inexpensive Attack Tools Abound

Hackers who want to target cryptocurrency exchanges - or individuals storing cryptocurrency - can buy an array of prebuilt tools to help. "There are currently an estimated 12,000 dark web marketplaces selling approximately 34,000 offerings related to crypto theft," according to Carbon Black's report, which says the tools cost anywhere from $1 to $1,000, with an average cost of $224. "We also identified a sweet spot in malware pricing for cryptocurrency-related attacks at around $10."

While exchange hacks may make headlines, most criminals are not perpetrating those types of heists, according to Carbon Black. "Cryptocurrency-stealer malware is the preferred method among crypto-targeting cybercriminals," it says.

Cryptojacking Attacks Continue

Some attackers practice cryptojacking - infecting systems with malicious code that uses CPUs to mine for cryptocurrency. Mining refers to solving complex computational challenges, which perpetrates cryptocurrency systems, for which miners receive payment in cryptocurrency as a reward.

Some enterprising attackers have implanted legitimate sites with cryptojacking malware that runs in memory on vulnerable systems that visit the websites (see Government Websites Deliver Cryptocurrency Mining Code).

Mining Rig Hackers Steal $20 Million

Others subvert specialized mining hardware directly, especially if it's been left misconfigured or poorly secured.

One such attack involves scanning for port 8545, a JSON-RPC port that provides an admin interface to systems that mine for monero. Security experts say the port should never be opened to the outside world, because it would allow remote attackers to access the admin panel and take control of the mining equipment. By default, the port is only configured to listen locally.

In March, however, Chinese IT firm Qihoo 360 Netlab warned that it had found multiple instances of systems with port 8545 open to the internet, offering attackers an easy way to make "quick money."

Many monero miners appear to have failed to heed its warning. On Monday, 360 Netlab reported that one group appeared to have stolen more than $20 million by taking control of mining rigs for which port 8545 had been left open.

BGP Leakage

Criminals also continue to test new ways to boost bitcoins and other virtual currency.

In April, an unknown attacker managed to spoof internet routing information by creating a border gateway protocol leak. The result was that anyone who attempted to visit - a free, open source web app for storing and sending ether-based tokens - was instead routed to an attacker-controlled, look-alike site, which attempted to their cryptocurrency. Thankfully, security experts say, it appears that few users fell for the attack, which was quickly blocked (see Cryptocurrency Heist: BGP Leak Masks Ether Theft).

Pure-play organized crime gangs are not the only ones targeting cryptocurrency exchanges and users. Security experts say teams trained and run by the government of North Korea, for one, have also been trying to steal cryptocurrency to help fund the regime, which has been hampered by serious sanctions (see Report: Investigators Eye North Koreans for Exchange Hack).

Money Laundering Alert

Criminals don't only steal cryptocurrency; they also use it to help launder other ill-gotten gains.

Europol, the EU's law enforcement intelligence agency, estimates that criminals in Europe generate $140 billion in illicit proceeds annually, of which about 3 or 4 percent - $4 billion to $6 billion - is being laundered via cryptocurrencies (see Criminals Hide 'Billions' in Cryptocurrency, Europol Warns).

"While the abuse of bitcoin remains a key enabler for criminal conduct on the internet, a number of other cryptocurrencies are beginning to emerge in the digital underground," including monero, ethereum and zcash, Europol warns.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.