Cryptocurrency Exchanges are Cyber Hackers Next Targets

Cryptocurrency Exchanges are Cyber Hackers Next Targets

Where will online criminal hackers look next? Cryptocurrency. There are already hacks going on, but this will ramp up significantly as some of the more highly competent criminals are targeting cryptocurrency exchanges. 

No alt text provided for this image


According to Coingecko’s quarterly report, in the first half of 2019, over 83 million dollars’ worth of cryptocurrency was stolen from many exchanges. 

The sheer number of new exchanges is growing at a tremendous rate.  Coingecko added over 300 to its tracking in just the last 18 months. It is no surprise that many of the newer sites simply don’t have the resources to properly defend themselves. It makes sense they would be easy targets, but small exchanges don’t have as many users or assets to victimize.

Attackers Shift Tactics

What is really interesting is that bigger exchanges, like Binance, are being targeted. Binance has the resources to front a set of good defenses and has proactively planned for such attacks by creating a separate recovery fund to compensate for customers of losses. The fact that cyber criminals are taking the time and exerting the necessary effort to target such a well defended exchange is telling. They are going after high profile targets with the intention of a big score. 

No alt text provided for this image


This strategy changes the normal equation for defenders. No longer does simply following the best practices deter attackers to look for easier targets. They are pinpointing a specific high-value victim then looking for the easiest path to compromise. The mindset is different. Such attacks can be relentless until they find a way in. There is constant pressure for security to remain a step ahead. The challenges for protection are more complex and the rewards for the attackers are much higher.

The Binance attack yielded $40 million for the criminals. That is a huge payday and will motivate future attacks, regardless of the defense posture.  Such attacks can be crippling and will put serious pressure on these organizations. Some will not be able to weather the potential impacts. In January, Cryptopia suffered a hack and lost an estimated $16 million which catapulted it into liquidation and eventually bankruptcy.

Predictions

Looking forward, I expect to see many more cryptocurrency exchanges being hacked in 2019 and 2020. The stakes will be higher and we may even see repeat attacks on the same exchanges. The lure of a huge payout will motivate the most skilled cyber criminals to hack exchanges and manipulate Decentralized Applications (DApps).

Criminals are honing their skills and tools. In the Binance attack, even 2-factor (2FA) customer authentication was undermined, which is normally a very strong control. The exchanges will need time to understand the risks, embrace the needed additional protections, implement solutions, and tune them to be more effective.  

Moreover, an entire new way of thinking will be needed to manage the risks. Most only look to prevent attacks, but as Binance did, they also planned for a quick recovery when an attack eventually happened. 

Advanced strategic planning is needed to be able to improve the prediction, prevention, detection, and response capabilities that will reduce the overall risk and impacts. With a steep learning curve ahead, I suspect it won’t be until mid 2021 that we see a downturn in attacks due to better cybersecurity.  

Share this article

Leave your comments

Post comment as a guest

0
terms and condition.
  • Paige Maddock

    Even the crypto world is in danger.

  • Karley Watson

    We will see more attacks. I am afraid that this is just the beginning.

  • David Santella

    Consecutive large scale attacks, yet they keep on repeating the same mistakes instead of learning from them.

  • Nick Carter

    Hackers are using sophisticated technologies to gain unauthorised access into user accounts.

  • Kevin Dekens

    At least Coinbase is insured.

Share this article

Matthew Rosenquist 

Cybersecurity Guru

Matthew Rosenquist is #7 LinkedIn Global Top Voice 2018 – Technology. He is an industry-recognized pragmatic, passionate, and innovative strategic security expert with 28 years of experience. He thrives in challenging cybersecurity environments and in the face of ever shifting threats. A leader in identifying opportunities, driving industry change, and building mature security organizations, Matthew delivers capabilities for sustainable security postures. He has experience in protecting billions of dollars of corporate assets, consulting across industry verticals, understanding current and emerging risks, communicating opportunities, forging internal cooperation and executive buy-in, and developing practical strategies. Matthew is a trusted advisor, security expert, and evangelist for academia, businesses, and governments around the world. A public advocate for best-practices, and communicating the risks and opportunities emerging in cybersecurity. He delivers engaging keynotes, speeches, interviews, and consulting sessions at conferences and to audiences around the globe. He has attracted a large social following of security peers, is an active member on advisory boards, and quoted in news, magazines, and books. Matthew is a recognized industry expert, speaker, and leader who enjoys the pursuit of achieving optimal cybersecurity. Matthew Rosenquist is experienced in building world class teams and capabilities, managing security operations, evangelizing best-practices to the market, developing security products, and improving corporate security services. 

   

Latest Articles

View all
  • Science
  • Technology
  • Companies
  • Environment
  • Global Economy
  • Finance
  • Politics
  • Society