Entrepreneurs, governments, hackers, and fraudsters are becoming even more interested in cryptocurrencies. To conduct financial transactions is very easy, but the numerous incidents that have happened recently raise the alert level.

Another element of concern is the apparent volatility of the value the cryptocurrencies.

Principal actors in the world of digital transactions are the exchanges where virtual currencies are bought, sold and stored. They have become a privileged target for hackers and in some cases too easy to compromise.

With the rapid growth of the value of Bitcoin, the number of investors and speculators is rapidly increased. Billions of dollars’ worth of Bitcoins and other cryptocurrencies are daily traded on exchanges.

Figure 1 – Bitcoin Value (USD)

We are facing a revolution in the financial world and regulators and governments are debating how to handle it.

Common problems are related to the level of security implemented by exchanges and the financial protection offered to the investors.

Cyberheists, it is the Digital Far West

There have been at dozen heists of cryptocurrency exchanges since 2011, in many cases, the incidents caused the shutdown of the organizations. It has been estimated that more than 980,000 bitcoins have been stolen, not too bad if we consider that at the current price it would be worth about $4bn.

In February 2014, the most significant Bitcoin exchange at that time MtGox shut down and closed into bankruptcy in Japan, more than 25,000 customers are still waiting for compensation. The exchange said it lost about 650,000 bitcoins, claims approved by the bankruptcy trustee total more than $400m.

As explained before, another threat to the emerging world of digital financial transactions is the intervention of governments. A few weeks ago, the Chinese Government ordered some mainland Chinese cryptocurrency exchanges to stop trading. Two of the country’s bitcoin exchanges, BTC China and Via BTC, halted trading.

Both exchanges said the decision to cease trading was the response to the announcement by Chinese authorities of banning initial coin offerings (ICOs), in which companies issue “digital” tokens similar to shares in exchange for cryptocurrencies.

According to the experts, Chinese authorities are preparing a wider crackdown on bitcoin trading amid concerns that it is being used for money laundering.

Not only Governments are boycotting exchange activities, but many banks have also refused to deal with them making impossible for exchanges to process wire transfers that allow customers to buy or sell cryptocurrencies with traditional currencies such as dollars or euros. At a bank investor conference held in New York recently, Jamie Dimon, chief executive of JPMorgan, called bitcoin “a fraud” and predicted it will “blow up.”

In March, Wells Fargo stopped processing wire transfers for the Bitfinex exchange leaving customers unable to transfer US dollars out of their accounts, except through special arrangement with the exchange’s lawyer. Banks fear cryptocurrency exchanges could be involved in money laundering, criminal activity or can be used by nation-state actors to bypass international sanctions.

Using virtual currency could allow US citizens to conduct financial transactions with individuals in Iran and North Korea even if explicitly prohibited.

Anyway, hackers’ assaults represent the principal threat to digital coin.

“On 7 May, traders on a US exchange called Kraken lost more than $5m when it came under attack and couldn’t be accessed, according to a class-action lawsuit filed in Florida. During the incident, the suit alleges, the exchange’s price of a cryptocurrency called ether fell more than 70 percent, and the traders’ leveraged positions were liquidated. They received no compensation,”
reported the Independent.

Lights and shadows of cryptocurrencies

Bitcoin is the first digital currency to gain widespread acceptance, it overwhelms the problems related to a currency system controlled by a central authority a Central Banks or a Government, at the same time conducting financial transactions is more cheaply, and under the specific condition, they are secured by cryptography.

Even if a limited number of retailers accepts it, the interest in the digital money is rapidly increasing. According to the experts, most of the cryptocurrencies today now are more commodities than currency, investors operate for a mere speculation.

Some cryptocurrencies are becoming more attractive to individuals seeking anonymity; this is the case of Monero and ZCash.

Of course, they represent a privileged instrument for payment in the cyber-criminal underground, that continues to choose them to remain under the radar.

Let’s now discuss the crucial role of exchanges in the world of virtual currencies, how can we select the best one?

Probably the best way is to select an exchange based on its trading volume, the more trades an exchange handles, the faster buyers and sellers can be matched.

According to the website bitcoinity.org, since 2014 until late January this year, Chinese exchanges accounted for about 90 percent of global bitcoin trading volume.

Analysts observed that high volume occurred because traders were attracted by the fact that these exchanges at that time charged no transaction fees. According to six former employees at two Chinese exchanges, some of the volumes were artificially pumped-up in China with the intent of influencing investors choice.

Four former employees at BTCChina, including one of its co-founders, confirmed the exchange inflated trading volumes, the circumstance was denied by a spokesman for the exchange.

Hackers and digital currencies

Hackers continue to target any actor involved in the business of cryptocurrencies, single users, miners and of course exchanges.

One of the most recent security breach that interested an exchange occurred in July when Bithumb, one of the world’s largest Bitcoin and Ether cryptocurrencies exchanges, has been hacked. The hackers have stolen more than $1 Million in cryptocurrencies from the accounts of several users of the exchange.

At the time, Bithumb was the first Ethereum exchange worldwide and the fourth Bitcoin exchange; the company was accounting for 20% of global Ether trades and nearly 10% of the global bitcoin trade.

Crooks compromised some of the user accounts stealing the precious currencies.

The Bithumb exchange confirmed Yonhap newspaper that it reported the incident to South Korea’s cybercrime watchdog on June 30, after it learned of the security breach on June 29.

According to the local newspaper Kyunghyang, hackers stole around 10 Million Won worth of bitcoins from a single account. It is quite impossible to estimate the overall losses exactly, a survey of victims states that hundreds of millions of Korean Won have been stolen from accounts of one hundred users.

Hackers also stole personal information from 31,800 Bithumb users, including names, email addresses, and mobile phone numbers states the South Korean Yonhap News.

According to the exchange, the hackers breached the home computer of one of its employees; it also excluded that its entire network was compromised.

The Bithumb security breach was not an isolated case, in a few months, there were reported numerous security breaches involving the Ethereum Initial Coin Offering (ICO), in some cases, the incidents influenced the value of the digital currency.

In June, the value of the Ethereum digital currency plummeted following a hack on The DAO’s Ethereum holdings. The DAO is a decentralized and virtual organization that was established to fund new projects; it has chosen the Ethereum as digital currency for its operations. The DAO is the single largest holder of Ether (15% of the total amount of Ether), it was in possession of more than 9.2 million of Ether prior to the hack, the hackers stolen 3.6m of Ether.

According to the experts, the attackers have exploited a known vulnerability, a circumstance confirmed by Vitalik Buterin, the founder of Ethereum.

“An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the ‘split’ function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction,” Buterin announced in a Pastebin post.

The consequences of the incident highlight the volatility of current cryptocurrencies, the news of the hack caused a massive sale of holdings by the holders of the cryptocurrency. In a few hours, the value of the Ethereum digital currency dropped from $21.16 to $14.66.

Figure 2 – Value of the Ethereum

A few days later, crooks stole $7 Million worth of Ethereum in just 3 minutes; the cyber heist was possible due to “a simple trick.”

Hackers have stolen the money from the Israeli social-trading platform CoinDash while it launched an Initial Coin Offering (ICO) to allow investors to pay with Ethereum and send funds to token sale’s smart contact address.

Hackers were able to divert over $7 million worth of Ethereum by replacing the legitimate wallet address used for the ICO with their own.

In three minutes after the ICO launch, the attacker tricked CoinDash’s investors into sending 43438.455 Ether to the wrong address owned by the attacker.

Ethical Hacking Training – Resources (InfoSec)

As part of the ICO, CoinDash published an Ethereum address on its website to allow investors to transfer the Ethereum funds.

After a few minutes of the launch, the company warned that its website had been hacked and confirmed that the ICO legitimate address was replaced by a fraudulent address.

The startup asked to stop sending Ethereum to the posted address.

“GUYS WEBSITE IS HACKED! Don’t send your ETH!!!” reads the message from CoinDash HQ. “Wait for the announcement of the address.”

The company confirms it gathered around $6 million during the first three minutes of the ICO. It announced that it would issue tokens to the people who sent these funds to the correct wallet, but it also ensured that it would issue the tokens for the users that have been impacted by the hack and that sent the money to the hacker’s wallet.

However, CoinDash clarified that it would not compensate users who sent funds to the hacker’s address after the website was shut down by the company.

“CoinDash is responsible to all of its contributors and will send CDTs [CoinDash Tokens] reflective of each contribution,” the company noted.

“Contributors that sent ETH to the fraudulent Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io official address will receive their CDT tokens accordingly.”

A few days later, a hacker stole nearly $32 Million worth of Ethereum from wallet accounts by exploiting a critical flaw in the Parity’s Ethereum Wallet software.

In July another clamorous cyber heist made the headlines, an unknown hacker stole nearly $8.4 Million worth of Ethereum cryptocurrency, the victim is Veritaseum. The attackers hit the Initial Coin Offering (ICO) stealing $8.4 Million in Ether (ETH) on July 23. Further investigation is ongoing; it is still unclear which vulnerability was exploited by the hacker.

The hacker first dumped the stolen funds into two separate Ethereum wallets and then moved them to other accounts.

On August, an unknown hacker has stolen more than $471,000 worth of Ethereum cryptocurrency from the investment platform, Enigma. According to an announcement made on Enigma website, an “unknown entity” hacked their website, slack accounts and email newsletter accounts.

“WARNING: ENIGMA SLACK COMPROMISED, DO NOT SEND FUNDS

Hi Everyone, Our Slack channel and certain email lists have been compromised. We are working diligently to resolve the issues.

DO NOT SEND FUNDS TO ANY ADDRESSES.

We will provide further updates on the situation shortly.

DO NOT SEND FUNDS”

The attackers uploaded a fake pre-sale page with the following fake ETH address to send money:

0x29d7d1dd5b6f9c864d9db560d72a247c178ae86b

The hacker spread the fake ETH address via the website newsletter to trick victims into sending their funds to his ETH address.

Figure 3 – Enigma Newsletter compromised

Hackers have received more than 1,487.90 ETH then started transferring the stolen ETH.

In October, another hack involving an Ethereum ICO (Initial Coin Offering) was reported. The victim is the Etherparty website that sells tokens for a blockchain-based smart contract tool. The attackers replaced the legitimate address for sending funds to buy tokens with a fraudulent one they controlled.

Etherparty is a platform for the creation of smart contract that leverages on the blockchain.

Etherparty launched its Fuel token sale on October 1 at 9 A.M. PDT, but just 45 minutes, attackers hacked into the ICO website and replaced the wallet address, hijacking cryptocurrencies sent by investors.

According to Etherparty, its staff detected the hack after 15 minutes, and it immediately took the ICO website down for nearly one and half hour preventing more investors from sending funds to the attackers’ wallet.

The website, hosted on a new server, went online at 11:35 A.M. PDT.

The website displays the following message to investors:

“Always check the URL and verify the contract address before sending ETH to any ICO.”

The blockchain company also “promised to compensate any affected contributors, with its proprietary FUEL token, prior to the temporary website shutdown at 10 A.M. PDT.”

“One hour after the ICO officially went live, the company identified a security issue, caused by a fraudulent contribution address, and temporarily shut down the website to protect all participants,” reads the press release published by the company on Medium.

“Etherparty’s site was later restored after the issue was resolved at 11:35 A.M. PDT, after going offline for 90 minutes. The blockchain company has promised to compensate any affected contributors, with its proprietary FUEL token, prior to the temporary website shutdown at 10 A.M. PDT.

The Etherparty ICO is still ongoing, and it will be open until October 29, 2017. According to the company, the ICO had a great start “selling over 10,000,000 FUEL tokens in the first hour.” The company sold more than 400,000,000 FUEL tokens before the official launch in the pre-sale.

“Our team has been consistently and successfully thwarting potential security issues to avoid further escalation,” Etherparty Founder Lisa Cheng said. “However, we do acknowledge and apologize for the temporary disruption to our otherwise successful launch day. Etherparty is eager and committed to compensating all affected contributors for the inconvenience.”

Conclusion

In response to the string of incidents the US Securities and Exchange Commission (SEC) issued an official warning about the risks of ICOs, meanwhile, China has already announced a ban on all ICO across the country.

The number of attacks will increase in the next months; it is likely that crooks will increase their pressure on end-users, launching a malware-based campaign to steal their funds form unprotected wallets.

Other illegal activities that we will see include the hack of websites to deploy crypto-mining scripts and cyber-attacks against unprotected miner machines exposed online.

References

http://www.independent.co.uk/news/business/analysis-and-features/cryptocurrencies-hackers-fraudsters-digital-financial-transactions-bitcoin-virtual-currency-failures-a7982396.html

http://securityaffairs.co/wordpress/22569/security/largest-bitcoin-exchange-mtgox-shut-earthquake-bitcoin-industry.html

http://securityaffairs.co/wordpress/60702/cyber-crime/bithumb-hacked.html

http://securityaffairs.co/wordpress/48511/cyber-crime/ethereum-currency-hack.html

http://securityaffairs.co/wordpress/61126/cyber-crime/coindash-cyber-heist.html

http://securityaffairs.co/wordpress/61351/cyber-crime/veritaseum-cyber-heist-ethereum.html

http://securityaffairs.co/wordpress/62219/hacking/enigma-platform-hacked.html

http://securityaffairs.co/wordpress/63791/hacking/etherparty-hacked.html