More than $1.1 billion worth of digital currency has been stolen in the first six months of 2018, according to a report by cybersecurity firm Carbon Black. The report unearthed a thriving dark web ecosystem related to the theft of cryptos in large quantities. Even more worrisome is how easy it is for malicious parties to acquire the necessary malware for illicit activities, with malware costing as little as $1 on some marketplaces. While it had been suspected previously that crypto theft was being carried out by well-funded criminal gangs, the report revealed that with the ease of acquiring the necessary malware, it could be done by just about anyone with a computer and access to the dark web.
A $6.7M Economy
The development and sale of crypto-related malware in the dark web is an industry that’s worth an estimated $6.7 million. According to Rick McElroy, a strategist at Carbon Black, malware even occasionally comes with customer service. In an interview with CNBC on June 7, Elroy described the process as one that’s worryingly easy.
It’s surprising just how easy it is without any tech skill to commit cybercrimes like ransomware….You just have to be able to log in and be able to buy the thing — you can call customer support and they’ll give you tips.
Such malware goes for an average of $224, but on some marketplaces, the price can be as low as $1.04, Elroy revealed. There exist over 12,000 dark web marketplaces with 34,000 offerings related to the theft of digital currencies. Despite the continued security breaches and associated great losses, many crypto owners are still lax about their security. Unlike the traditional financial industry, losses incurred in cryptos are not insured against theft, a fact that many nascent investors tend to overlook.
Usually we rely on banks; the tools are out there, but investors need to know how to do this. A lot of people are unaware in this new gold rush; people are using cloud wallets and not securing their money.
Not surprisingly, exchanges are the most popular targets for crypto thieves, making up 27% of attacks. While attacks on exchanges are nothing new, cybercriminals are still managing to make away with millions worth of cryptos. Coincheck has been the biggest casualty this year, with the Japanese exchange losing $530 million worth of NEM in an attack earlier this year. The exchange was found guilty of slacking on its security protocols, as the stolen tokens had been stored in a hot wallet while other tokens were stored in cold wallets. Bitfinex, the fourth largest exchange by daily transaction volume, recently announced that it had thwarted a DDoS attack launched a week ago. The exchange didn’t lose any assets or information, unlike in 2016 when it reported losing 120,000 Bitcoins to hackers.
Other businesses came in second at 21%, with the majority of those attacks involving the illicit mining of cryptos through malware. This crime has risen in popularity in recent months, with reports of some of the world’s biggest firms including Tesla having their systems hacked and used to mine cryptos. Cryptojacking, as it’s popularly known, is difficult to discover, with the only signs being the slowing down of one’s computer and a higher electricity bill.
Attacks on businesses also involve the hacking of systems after which criminals demand to be paid ransom in cryptos. Elroy stated that this has affected quite a number of firms, but declined to disclose the names of the victims as some of the incidences were not made public.
Monero was the favorite digital currency of many cybercriminals, largely thanks to its enhanced privacy features. According to the report, 44% of all attacks used this currency. Its ease of mining, low transaction fees, and difficulty to trace also played a big part in its popularity. The United States, China, and the UK were the most popular targets of crypto thieves respectively.