Crypto currencies are a relatively new form of digital currency that have become rapidly popular for their accessibility and high security. They are deemed incredibly secure because they operate on the block chain network. However, nothing is impervious to hacking.
In this post, I’m going to go briefly over crypto currencies, the block chain, and common methodologies hackers use to abuse crypto.
Why should I care about crypto?
Although crypto is a relatively new form of currency and has yet to be used in our daily lives, it is rapidly becoming mainstream.
In a report by Wirex and SDF in 2022, it was found that around 81% of the general population has heard of crypto, while 39% has owned crypto. Crypto also has a large market capitalization of $850 billion.
To be clear, crypto is not it’s own entity. It is an umbrella term for any digital currency that operates on the blockchain (I’ll explain that term later on). In fact, since the first crypto currency, Bitcoin, launched in 2009, there has been an explosion of new currencies. At the time of Wirex and SDF’s analysis, there were around 21,910 cryptocurrencies.
Of course, crypto’s rapid growth in popularity has drawn the attention of hackers.
Before we dive into how attacker’s exploit crypto, we must first dive into the heart of it all—the blockchain network.
The blockchain is a data structure (a way of organizing and accessing data) made up of two main components: blocks and chains.
Blocks are simply groups of data. In the case of crypto, the data are transactions. Each block is uniquely identified by a hash and this hash is fairly rigorous to calculate (Bitcoin’s hash takes around 10 minutes to calculate on average).
Blocks are chained (or linked) together by pointers to the previous block’s hash. Sort of like a linked list if you are familiar with data structures in programming.
The security behind a blockchain is taken one step further by storing this data structure on a peer-to-peer (p2p) network. Anyone can volunteer their computer resources to join a blockchain network. Members of the network are referred to as nodes and each node stores a copy of the blockchain.
To validate the blockchain (ensure that everyone has the correct copy), nodes will partake in a majority vote called a consensus. Therefore, the most popular blockchain is the correct one.
Altering the Blockchain Network
This makes it fairly difficult to modify the blockchain as you would have to:
- Recalculate the hash of the of the modified block
- Recalculate the hash of every block proceeding the modified block
- Own a majority of nodes on the network to pass the modification
Obviously, steps one and two would take a very long time given the time it takes to generate just one hash. And step three could be difficult if there exists a large network of nodes (imagine a network of hundreds or even thousands of computers).
Of course, this can be and has been done as we’ll explore in the next section.
Exploiting the Blockchain
The blockchain is theoretically nearly impossible to alter. However, this is only in theory.
When anything is put into practice in the real-world, there is always room for error. Us humans aren’t perfect, and neither are the blockchain networks we’ve created.
In this section, I’m going to introduce some of the common ways hackers abuse the blockchain to their benefit.
Since the blockchain operates on a peer-to-peer network, there must be a reason for people to voluntarily join the network. Therefore, many currencies reward users in crypto for calculating hashes and validating the blockchain. Validating the blockchain for reward is called mining.
Crypto mining provides an incentive for people to join the network (I mean, who would want to do this for free)? It also doubles as a way of putting more crypto into circulation (you can’t print crypto).
Cryptojacking is the act of mining crypto using computers you don’t own. This enables attackers to mine crypto while maximizing their profits.
Mining is a very expensive task. When mining crypto, you’re competing with others to calculate hashes. So, you need extremely powerful hardware in order to calculate the hash first and get rewarded. Not only that, but you’re going to need a lot of electricity to keep all of your machines running around the clock.
Smart hackers don’t need to pay for hardware or a high electric bill.
This form of attack was extremely popular in 2021. SonicWall reported around 97.1 million attacks. Of course, this attack remains popular today.
When it comes to cryptojacking, hackers will take a power in numbers approach. They do so by acquiring a botnet or an army of computers under a central control.
To start a botnet, you have to find machines you can run commands on remotely, which is easier than you might think. There are tons of open-source scripts out there that enable users to spray common exploits across the internet and see what sticks. If you do this you’ll almost certainly get a response back.
If you don’t have the technical know-how to do this (or just don’t want to) botnets are surprisingly cheap. I found 1,000 hosts being sold online for only $25.00 (assuming this was legit).
Cryptojacking the Cloud
The term “cloud” is used to describe computer resources you can access from the internet. This can range from huge amounts of online storage, to powerful and scalable machines you can connect to and control.
This makes cloud machines prime targets for cryptojackers. In a study conducted by the cybersecurity team at Google, researchers concluded that 86% percent of exploited cloud machines were used for crypto mining. In 2022 for example, VmWare Horizon Servers were compromised using the popular log4shell vulnerability and leveraged for cryptomining.
Cryptojacking is still a pressing issue for cloud companies today. It’s the reason behind why many cloud companies, like the hosting platform, Heroku, have chosen to get rid of their free-tier.
Smart Contract Exploits
The beauty of the blockchain is that they don’t rely on a central authority or a middleman to verify agreements (or in the case of crypto, transactions). Smart contracts help facilitate this by automating agreements.
Essentially, smart contracts are just code added to the block chain. While they may make crypto more efficient, they also increase their attack surface. Wheres there’s code, there’s possibility for errors that lead to vulnerabilities.
In August of 2021, a company called DAO Maker fell victim to a smart contract exploit. Around $7 million dollars was removed from over 5,000 user accounts.
In a sybil attack, attackers create multiple fake identities to cause all sorts of havoc. This form of attack has many applications. I’m sure we’ve all had our fair share of running into the occasional bot on social media trying to promote a product or boost an account’s follower count.
When applied to crypto, this attack can be truly devastating. For instance, hackers can clone a legitimate node enough times to gain control of a majority of nodes on the network. With control of the majority, they own the network.
This is known as a 51% attack. Owning the majority enables attackers to block all transactions in a form of DOS attack and modify transactions. Hackers can even modify transactions in such a way that they can return any crypto they spent back to themselves. This is called double spending and basically let’s hackers buy anything for free.
Verge crypto was an unfortunate victim of a sybil attack in 2021. Hackers deleted 200 days of transaction history, presumably just for kicks.
Phishing is an umbrella term in cybersecurity for tricking users into hacking themselves. This comes in many forms: from scam calls to emails with malicious links—there are tons of creative strategies.
A great example of this applying to crypto is the attack on Axie Infinity and their Ronin blockchain. A group of hackers from North Korea under the name Lazarus was able to own their network using phishing.
The group conducted fake interviews with Senior Engineers from the company who were drawn in by the allure of lofty prices. Hackers then sent a job offer in the form of a PDF. This PDF was actually a trojan virus, which poses as a normal file but runs malicious code in the background.
Once Lazarus owned the an engineer’s computer, they were able to get access to 5 out of the 9 nodes and own the network. They got away with a whopping $625 million.
Moral of the story: if it seems too good to be true, it’s probably too good to be true.
A subset of phishing, typosquatting involves registering a very similar domain name to a legitimate website (as if it had a typo hence the name) and hosting a malicious copy. Unsuspecting users are often tricked into giving away their log in information thinking that they are logging into the usual site.
Six people in Europe applied this to crypto by creating a scam crypto site. They not only harvested login information to bitcoin user’s wallets but also deceived them into installing crypto stealing and mining software onto their computer with fake installers. This affected more than 4,000 users and resulted in a payday of more than $27 million for the hackers.
How to use crypto safely
So, now I’ve done my job at making you aware of all these methods hackers use to exploit crypto. I bet if you’re a crypto owner you’re (or want to own crypto in the future) this made you a little nervous. Don’t fret though because there are several actions you can take to minimize the risk of getting attacked.
1. Use a popular currency
Unless you’re trying to take advantage of new currencies and ride them to the moon, you’ll probably want to use a stable crypto to keep your money safe. The most popular and mature crypto out there is undoubtedly Bitcoin.
Popular cryptos have the advantage of having time to amass a large peer-to-peer network, making them more invulnerable to 51% attacks.
Their code and architecture is also more likely to be stable as well. That being said, this in no way means that they are going to be full-proof. It just means that attack probability decreases just a bit.
2. Be wary of scams
I know this sounds trivial but scams constantly claim victims. So, be extra careful online. Especially in situations where you are entering sensitive information. Learn to be suspicious of everyone. It might save you.
3. Store crypto securely
Once crypto moves off of the blockchain, it is up to you to keep it safe. Luckily there are a few ways to make sure your crypto is safe.
Crypto is stored in special software called a wallet. There are various types of wallet but I recommend avoiding the use of hot wallets. Hot wallets are wallets you can access online. This means you are leaving it up to the server to keep your crypto safe and anyone can access them with the right login information.
I recommend using cold wallets which are stored offline on your computer. You can take this one step further by storing your crypto in a hardware wallets. Hardware wallets are devices separate from your computer. This prevents your crypto from being stolen if someone compromises your computer.
You can also use mutli-sig wallets. Wallets usually require a signature (a type of cryptographic key) to verify transactions. Multi-sig wallets require multiple signatures to verify transactions. Signatures can be delegated to multiple different people, so to verify a transaction you can have multiple people sign it off. Alternatively, you can implement a form of multi-factor authentication by using different devices (like your smartphone and tablet) to sign transactions.
The big take-away here is that anything can be hacked (and most likely will be). No matter how secure the technology poses to be in theory, we humans often make mistakes when putting something into practice.
Attackers are smart as well. Just as corporations and governing bodies have access to powerful forms of technology to secure their data, attackers have access to the same technology.
I hoped you liked this article. I had a ton of fun researching this topic and of course, there will be many more articles to come!