While the cybercrime story for 2022 has yet to be fully written, cryptocurrency theft will no doubt have a starring role. Buoyed by the collective pilfering of billions of dollars’ worth of cryptocurrency already this year, stealing more will no doubt be a top New Year’s resolution for the criminally inclined.
Illicit interest in cryptocurrency continues despite fallout from the crash and burn of cryptocurrency exchange FTX, which on Nov. 11 filed for bankruptcy.
Cue the value of a bitcoin plunging from a high this month of over $21,000 down to a low this week of $15,500, which is what it was worth about three years ago. But that is still a lot of value, especially for attackers who are able to steal Bitcoin, Monero, Ether and other cryptocurrency and use money-laundering tactics to convert it to a fiat currency.
Count FTX among recent victims. The exchange itself was ransacked by attackers – many market watchers suspect insider involvement – as it was collapsing, with FTX tokens then worth $400 million going missing. On Sunday, blockchain analysis firm Chainalysis reported that the attacker converted about $60 million worth of stolen funds via the decentralized renBTC bridge, which can be used buy bitcoins, which were “likely to be mixed prior to a cash-out attempt” (see: Cybersecurity Analysis of the FTX Crypto Heist).
Recent transactions for a cryptocurrency wallet allegedly tied to the theft of FTX account balances (Source: Etherscan)
Whoever attacked FTX continues to try and cash out. “Blockchain data from Etherscan shows that a crypto account associated with the FTX exploiter moved a total of 180,000 ether – worth roughly $200 million at current prices – to 12 crypto wallets Monday,” CoinDesk reports. As of Friday, those efforts were continuing.
Crypto Criminals Prefer Trickery
Setting aside the FTX example, direct targeting of cryptocurrency exchanges is often the province of nation-state attack groups . Here’s looking at you, North Korea.
Criminals operating without nation-state affiliation, however, have been “more likely to hunt for cryptocurrency using phishing, offering dubious cryptocurrency exchange platforms and launching cryptojacking to illicitly mint cryptocurrency,” cybersecurity firm Kaspersky reports.
Cryptojacking refers to using malware that quietly squats on systems and uses its computational power to mine for cryptocurrency, which involves solving computationally intensive tasks in return for a chance to receive free cryptocurrency as a reward. As Western law enforcement agencies have worked to disrupt ransomware operations, cryptojacking is again hot, and this time at scale (see: Weary Cybercriminals Turn to Cryptojacking Banks: Report).
“Previously, mining was mostly a threat for general users, but today miners are stealing power from large businesses and critical infrastructures,” Kaspersky reports. “Even big ransomware operators – for example, AstraLocker – are shutting down their operations to switch to cryptojacking.”
Stealing cryptocurrency outright also remains a favorite tactic of attackers. But centralized exchanges are no longer attackers’ top target; DeFi protocols have seized that mantle. In October alone, blockchain analysis firm Chainalysis reported that 11 attacks had resulted in the theft of $718 million from DeFi protocols.
“At this rate, 2022 will likely surpass 2021 as the biggest year for hacking on record,” Chainalysis reported. “So far, hackers have grossed over $3 billion across 125 hacks.”
From Rug Pulls to Scam Token Contracts
Scams also persist, including the rug pull. This involves debuting a new type of cryptocurrency, operators amassing funds from investors, then freezing trades and stealing all of the funds invested. One of the best-known alleged rug pulls involved the Squid Game token, and its developers in November 2021 apparently running away with $3.4 million in investors’ funds.
One rising cryptocurrency threat is the scam token smart contract. Last month, Solidus Labs, which sells anti-fraud and anti-money laundering tools for Web3 applications, warned that in addition to “rug pulls, phishing attacks and token impersonations,” it had seen a surge in scam token contracts, which are “cryptocurrencies that have been hard-coded to steal investors’ funds.”
“Scam token contracts can be automatically deployed and easily repeated, allowing serial scammers to rapidly execute thousands of small value attacks without raising red flags among regulated exchanges, regulators and law enforcement,” the company warns, estimating that it sees 15 new scams of this type debut every hour.
As we head into a new year, expect cryptocurrency-targeting attacks and schemes to become “more advanced and widespread,” Kaspersky warns.
“We believe that users are now much more aware of crypto and will not fall for primitive scams, such as a video featuring an Elon Musk deepfake promising huge returns in a dodgy cryptocurrency investment scheme that went viral.” Instead, it says, expect to see a rise in better-crafted – but fake – initial coin offerings and non-fungible tokens, as well as malicious smart contracts.
For criminals who operate online, time is money. If an attack has been working, it’s a no-brainer that criminals will refine the business model, seeking to boost their profits even more, while trying to stay one step ahead of defenders. As innovation abounds, the message for cryptocurrency users – not to mention anyone with infrastructure on which cryptojacking malware might take hold – should remain clear: beware of criminally inclined cryptocurrency enthusiasts and schemes.