Are my coins safe? Cybersecurity in cryptocurrencies
Ábel Maróti (Jr Marketing Manager, Avatao)
For technology today, the sky is the limit, with new and exciting methodologies popping up in every industry. One such technology is cryptocurrency – you’ve probably heard of the most popular one, Bitcoin – which is said to be a game-changer in the global financial market. It’s possible that these popular digital assets will supplant our traditional ways of money-trading. But to understand how cryptocurrencies work and the risks associated with using them, first we need to tackle the fundamentals of this technology.
What is a cryptocurrency?
Cryptos are a form of virtual currency secured by cryptography and other encryption technologies (hence the name). These cryptos, often referred to as tokens, can be traded for goods or services. The concept isn’t so unfamiliar – after all, many companies have their own unique currency which can be exchanged for their own products or services. Most cryptocurrencies are decentralized by using blockchain technology, with the blockchain working as a ledger that stores the individual coin ownership in the form of a record-keeping network of computers. One of the major features of cryptos is that they are not centralized or issued by any authorities, and therefore can’t be manipulated or controlled by government activities.
Bitcoin, the first cryptocurrency, was launched in 2009 and has been the most popular and valuable cryptocurrency ever since. In August 2021, the total market cap of Bitcoin was over $733 billion, with more than 18 million coins in circulation. There are thousands of other types of cryptos on the market, however, and in September, all together they had a total value of $1.9 trillion. Needless to say, this technology represents a considerable part of the financial system. According to some projections, cryptocurrencies might replace traditional trading methods in the future. Whether that truly turns out to be the case or not, more and more businesses are using blockchain technology as part of their operations today.
Utilizing cryptos in business
According to research from 2020, in the US alone more than 2300 companies accept Bitcoin. Whether for transactions, business operations, or other purposes, the number of companies accepting or using cryptocurrencies is on the rise all over the world. A good example of institutional adoption is Tesla, the company that recently invested $1.5 billion in Bitcoin, and now accepts the token as payment. Payment providers such as MasterCard, Visa, and PayPal also endorsed Bitcoin, and in so doing, are paving the way for mainstream institutional adoption.
Using cryptos for business operations can have many advantages. For instance, by introducing it as a new payment option, a company may open the door to new customer segments. People who prefer having the option to pay with cryptocurrencies not only become potential new customers, but, according to a study by Forrester Consulting, these people are even willing to pay more than the average customer when a company implements cryptos as a payment option. What’s more, deploying cryptos enables real-time, secure money transfers, accurate revenue sharing, and increased transparency among both employees and customers.
Cryptocurrencies may be favorable assets, but, like most new technologies, they do carry risks. It is essential to understand the existing threats and potential factors of exposure before engaging with cryptocurrencies.
Weak links and threats in the cryptocurrency market
Like all new technologies, cryptocurrencies come with a chance to be exposed, and as they assume monetary value, they are naturally more likely to be targeted by cybercriminals. As previously stated, the blockchain technology underlying cryptos is based on decentralization – this is an advantage, in that no central government or authority can control cryptos, but it is also a disadvantage, in that it opens up new opportunities for criminals. So how can hackers take advantage of this blockchain technology?
Unauthorized access to data
First, we need to understand how people can access their coins. Several companies are specified for trading and using cryptocurrencies, and these companies offer ways of trading, storing, and exchanging coins through websites or mobile applications. Just like traditional money, you can store cryptos in wallets – crypto wallets don’t hold money, however, but rather the private keys that grant you access to your coins. Your tokens are stored in the blockchain, and wallets provide the access you need to send, receive, or trade cryptocurrencies. Crypto wallets come in different forms – from paper to hardware to online wallets – but it is the online wallets which allow you to manage your private keys, review your existing coins, trade, or shop at places that accept cryptocurrencies. Naturally, the wallets require personal information such as address, phone number, email address, etc. for identification purposes, and as a result, can be a tempting target for attackers. One such attack occurred in 2020, where a database containing personal information of 270,000 Ledger users was leaked (Ledger is a company providing hardware wallets). This customer data, including full names, email addresses, physical addresses, and phone numbers, was shared on RaidForums, a platform for trading hacked information. After the leak, several Ledger customers were victims of scams and phishing emails which threatened them and demanded ransom. As you can see, it isn’t about the monetary value of the cryptocurrency, but rather about the customer data connected to the wallet accounts or compromised registration forms. Financial regulations force companies to require sensitive data from their customers, and when these regulations meet decentralized databases (with users unaware of phishing threats, no less), mistakes and vulnerabilities are bound to follow.
Since monetized transactions are a part of cryptocurrencies, tokens being stolen is of course a large concern. The value of cryptos is constantly changing, and there are several factors that determine their prices, including supply-demand dynamics, investors, the number of competing cryptocurrencies, regulations, and even social media activity. But regardless of whether values are currently rising or falling, the chance of exposure is always there. Recently, hackers pulled off the largest heist of decentralized financials in history, stealing $600 million in cryptocurrency. According to the victim of the hack, a blockchain site called Poly Network, “vulnerability between contract calls” was exploited by the hacker. This allowed different kinds of coins to be transferred to separate wallets. Even though the money was later returned by the hacker, the lesson remains: due to the increased risks of decentralization, both companies and users must pay close attention to every detail in crypto transactions.
Exposed mining operations
To further explain this risk, we first need to understand how coins “come to life”. Just like precious metals, cryptocurrencies are mined. But in this case, instead of using pickaxes, miners use computers – powerful ones. Mining requires a computer with very strong processors, graphics cards, and other significant hardware. But what is the actual mining? It’s a process of validating blocks by solving hashes and adding transaction records to the blockchain. The more you mine, the more resources you need, and the more expensive your electric bill will be. Miners are awarded payment in coins, but the costs of mining are on the rise. You can read more about crypto mining here.
Hackers can make use of coin mining by using malware, illicit software which infects the mining computer so it does all the heavy lifting for them. Cryptojacking is also gaining popularity amongst hackers. This involves malicious software which is easy to deploy, hard to detect, and difficult to trace back to the sender. While the code runs in the background, the perpetrators collect the rewards in their own wallets, leaving nothing but a slow-running network and negative financial impacts for the targeted company.
Demanding ransom in crypto
There are certain ransom attacks which aren’t necessarily related to cryptocurrencies, but the ransom payment is often requested in the form of digital coins. Crypto-ransomware can be delivered via email, direct messages, downloadable files, or exploit kits, any of which, when opened, infects the computer and encrypt several files. The number and type of files encrypted depends on the type of ransomware, but in any case, after the encryption is complete, a message pops up detailing the demands of the attackers. The ransom is frequently asked for in the form of Bitcoin or other cryptocurrencies, making the payment difficult, if not impossible, to trace back to the attacker. Even if you can identify and remove the infection, recovering the encrypted data can be extremely difficult. Sensitive data is sometimes lost to ransomware attacks, since without paying, the only solution may be to completely wipe your computer clean and reboot.
Protect your assets
The world of cryptocurrencies can pose many challenges, full of both opportunities and risks. So far, we’ve discussed the threats which can occur while mining, trading, storing, or spending coins, but how can you mitigate or prevent the risks? Let’s go over a few options:
Train and educate: Developers and IT teams form the first line of your defense. They need to be aware of the latest trends and best practices, as their knowledge is essential to detecting the first signs of a potential vulnerability and identifying external threats. Aside from basic security awareness, regular cybersecurity training is a great way to strengthen the pillars of security at your company.
Regular backups: Make sure to back up your important files on a regular basis. This way, if you need to reboot your computer(s), you can minimize data loss.
Updates and patches: Downloading and installing the latest updates for operating systems and applications is essential to close the door to potential vulnerabilities in previous versions.
Anti-cryptomining extensions: If you are interested in mining crypto, there is a lot to consider. From a security perspective, using every patch and extension that protects your computer and network is essential. Building a strong defense can prevent malware from getting through your lines.
Pay attention: Several attacks come in the form of phishing e-mails, scams, and other messages that prompt you to open specific pages or files. The best way to avoid these harmful files is to be aware of the potential attempts. It’s important to recognize suspicious or illicit content, so that instead of opening it, you can simply delete it, eliminating the threat.
Since the invention of the first Bitcoin in 2008, cryptocurrencies continue to gain popularity. They have a strong standing in the financial system, with more and more companies accepting them as a form of payment. The unique blockchain technology enables individuals and businesses to manage large-scale transactions online without external financial governance. The decentralized form of cryptocurrencies makes trading, receiving, and spending money easy, and provides the opportunity for a financial tool accepted worldwide. Of course all of this is unrealistic without some kind of risk involved. As mentioned above, several risk factors come into play when dealing with cryptos, and both people and companies need to be vigilant when using blockchain technology. Cryptocurrencies may be a step forward in financials, but they can also be two steps back if we do not pay attention to mitigating risks, and using cryptos responsibly.
Reading Time: 6 minutes For most companies, security is considered a side quest, which is partly related to the daily processes. In reality, security ought to be a strong foundation of any organization. To ensure the defense of the enterprise, the relevant teams need strong security knowledge and abilities.
Reading Time: 7 minutes To build an enterprise security program, one has to go back to the well-known fundamentals of organizational change: People, Process, and Technology (originates from Harold Leavitt’s “Applied Organization Change in Industry”, 1964).
Reading Time: 9 minutes If you are working on Java projects you might have heard about other languages that run on the JVM, like Clojure, Kotlin, or Scala. Programmers like to try new things out but is it worth it to pick one of them over Java?