For cryptocurrency holders, hacking and account theft are inevitable. In our minds, hackers are often the master of hacker technology. However, this article proves that an ordinary person, without the need to master any skills, can use similar malwares to easily commit crimes on the internet. The hacker industry has increasingly matured.
According to the data from network security company Carbon Black, in the first half of 2018, about $1.1 billion (7.15 billion yuan) worth of cryptocurrency was stolen. Unfortunately, for the owners of virtual currencies, such incidents of hacking and account theft are almost impossible to prevent.
Criminals use the “dark web” to implement large-scale cryptocurrency thefts. According to a research report released by Carbon Black on Thursday, there are currently about 12,000 available online markets (exchanges) and 34,000 products related to password theft (digital cryptocurrency) for hackers to choose from.
Carbon Black’s security strategist Rick McElroy said in an interview with CNBC:
“It’s shocking that one can use a ransomware-like software to easily conduct illegal activities on the internet without having to master any technical skills. These criminal methods are not just mastered by large syndicates as everyone perceives these hackers to be, they can be performed by anyone.”
Michael Roy also said that these malwares even occasionally provide the accompanying “customer service” (network extortion training), which has an average price of $224 and can be purchased for a minimum of $1.04. According to the security company’s research, the market for selling malware online has reached a scale of $6.7 million.
The dark web is also part of the internet. It can only be accessed through a special software. Users can remain anonymous and untraceable.
“You can buy the criminal tools you want by simply logging in to the website. You can even call the customer service. They will also provide you with some tips. ” Michael Roy added.
Cryptographic currency theft may come from the hands of organized criminal groups, who often extort exchanges and related companies. But if a well-trained but temporarily unemployed engineer wants to make a few bucks through this illegal channel, it is not difficult.
“Many people with programming education can’t find a job in their home country,” Michael Roy explained. “Those cryptocurrency thieves may be just two Romanians who have no money to pay rent.”
As the price of bitcoin soared more than 1300% at the end of last year, new buyers flocked to the market. Unlike bank wealth management products, cryptocurrencies are usually not protected or guaranteed by third parties. This is something that greenhorn investors who are thinking about making a fortune may not fully understand.
“We usually rely on banks for investment tools that are readily available, thus investors do not usually have to worry. But, many people do not realise that in this era of cryptocurrency craze, we are using a cloud wallet which provides no foolproof way of keeping our money safe.”
The cryptocurrency exchange is the most popular target for cybercrime, with 27% of attacks this year being directed at various exchanges.
Headquartered in Tokyo, Mt.Gox (Mentougou), an exchange that was once the largest Bitcoin trading platform, encountered the first hacker attack in the history of cryptocurrencies. The company filed for bankruptcy in 2014, allegedly losing 750,000 bitcoins in the hacking attack, while the exchange owner himself lost 100,000 bitcoins.
In January of this year, hackers stole a lesser-known cryptocurrency NEM worth $530 million from the Japanese exchange Coincheck. In December last year, there was a 17% loss of digital assets by South Korean exchange Youbit. Its parent company, Yapian, also filed for bankruptcy afterwards.
In addition to exchanges, various companies are the second option for hackers, and they make up 21% of the total number of hacks. In most cases, hackers will invade the internal systems of these companies and force them to pay cryptocurrencies as ransoms.
Carbon Black said it could not provide a list of the companies that were attacked, because some of the attacks were not made public. In the United States, companies do not need to report for ransom, as long as it does not involve personal data disclosure.
Although hackers often require ransom payments in cryptocurrencies, Bitcoin does not seem to be the first choice. Blackmail cases that require ransoms paid in Bitcoin only accounted for 10%, which is a lower fraction than Ethereum. Ethereum’s blackmail incidents accounted for 11% of the total cases.
Criminals seem to prefer Monero. According to Carbon Black, 44% of all ransom attacks involve Monero, because compared to Bitcoin, Monroe provides more privacy, and is harder to track. Transaction costs are also relatively low.
From the perspective of countries, the United States has experienced the highest number of attacks in the world, with 24 cryptocurrency crime targets being US companies and exchanges. China follows closely behind with 10 attacks, and the United Kingdom temporarily takes third place with 8 attacks.