How Cryptocurrency thefts occur.

avatar

Hello dear friends of LeoFinance. I hope you are all well and having a great week.

imagen.png

Source

The recent news of the millionaire robbery to the BitMart Exchange https://markets.businessinsider.com/news/currencies/bitmart-crypto-hack-exchange-suspends-withdrawals-stole-millions-floki-shiba-2021-12 has made me deepen in the topic of hacks, attacks and thefts to cryptocurrency platforms, in the previous article I talked in particular about the theft to BitMart, how, when, and how much they stole. But today I want to share information about the common ways that malicious people use to steal cryptocurrencies, either to large companies or individuals like you or me, the purpose of this is that through the knowledge of the vulnerabilities that we may have, and the methods used by thieves, we can make informed decisions and with caution when investing or using our resources.

I think the first thing we should cover is the logical issue of WHY it is possible is the Hacking or Stealing of cryptocurrencies.

In Principle, a blockchain Algorithm which is the system used by most cryptocurrencies should be extremely difficult to hack, as an alteration to an unauthorized line of code would be detected throughout the chain, making it possible to apply security measures immediately. But this is true when the code is written correctly and without errors. Which we will talk about later.

But assuming that the code is well executed and audited, as would be the case with bitcoin, it does not prevent bitcoins from still being stolen, this happens for the simple reason of the existence of what I call the Jail Paradox.

By the Jail Paradox I mean the following dilemma, the purpose of jail is to keep a certain group of people locked up and prevent them from interacting with the outside. The more dangerous those people are, the more security your cartel needs, but no matter how much security you implement, it is impossible to reduce the possibility of an escape to 0%. For the simple fact that you still need your security guards to be able to get in and out, you still need to be able to bring new inmates in and out, you still need to feed inmates, you still need sanitary facilities. So an inmate can always get out, however improbable and difficult it is....

Something like that happens with cryptocurrencies, the code and platform of the currency may be almost impossible to hack, but the fact that they have to be accessible through the internet by the users of it is an intrinsic vulnerability... everything connected to the internet is hackable. Not even the Pentagon is safe if the hacker is bright enough. Like this case https://www.csmonitor.com/World/Passcode/Security-culture/2016/0705/Meet-David-Dworken-the-teenager-who-hacked-the-Pentagon

Now, according to the latest estimates from CoinMarketCap there are $2.6 TRILLION in cryptocurrencies worldwide, that's a lot of money, more than many small countries have. that attracts a lot of ill-intentioned people with advanced computer skills who want to steal a part of it... this generated a kind of permanent war between cryptocurrency platforms and hackers, cryptocurrencies defend themselves with security measures and stronger algorithms, hackers attack exploiting vulnerabilities... In military strategy theory it is sometimes mentioned that the attacker has an intrinsic advantage over the defender. The attacker decides when, or how to attack, while the defender has to prepare for things he does not know, or things he does not know he does not know, what they call, Unknown Unknowns, answers to questions not yet asked....

All this does not lead to why cryptocurrency thefts occur, and surely, will continue to occur as long as there are humans interacting with them. But this is not to say that cryptocurrencies are more vulnerable than traditional currencies. Since Cyber Theft started with traditional currencies, and still happens today, famous bank platforms have been hacked and stolen, in fact we can argue that traditional money is more vulnerable since it shares the same vulnerabilities of cryptocurrencies, without the benefit of blockchain algorithms. And the fact that it can always be stolen in its physical form.

Covered the broader part of the fact, let's move on to briefly mention what are those vulnerabilities that can be exploited and the how.

-Private Keys.


imagen.png

Source

Private keys are small lines of code that allow access to cryptocurrency wallets, although being part of the blockchain code makes them almost impossible to duplicate or hack... does not mean that they cannot be stolen, because as long as they have to be known to a human being, and he has to have access to them, they can be compromised in different ways, either hacking and subsequent theft of information stored on the computer of the person who owns the key. Its involuntary disclosure, or sometimes voluntary disclosure by an employee of a cryptocurrency company who wishes to associate with thieves, the theft of these by a person close to the custodian of the key, and even the theft of these in any of its possible physical forms, such as the theft of a book where it is written down.

This vulnerability has existed since the password concept was invented, and although there are now 2-step or biometric authentication mechanisms, not all platforms have them, and even if they do, there are still methods of circumventing them and exploiting their possible flaws.

This is perhaps the most common way used to steal cryptocurrencies. So we can say that it is the biggest vulnerability.

-Wallet vulnerability.


We could say that wallets are an interface to interact with the cryptocurrency code, they allow us to access our assets, save them or interact with them. By including human interaction they become vulnerable, since being an external and accessible part of the code this can be hacked and the information contained in the wallet platform can be compromised, some wallets to facilitate the use of people keep the keys of these within the files, so a hack to the database of a wallet can cause the theft of user information and assets in one blow. This applies to individuals as well as to Exchanges wallets, some of which move millions.

Of course there are measures to minimize the risk, such as the system of Cold Wallets and Hot Wallets, being Hot Wallets the ones used to move assets day by day being permanently connected to the Internet. In general, only a fraction of the total assets of the person or company would be kept in these wallets. While the Cold Wallets would be where the bulk of the assets are stored and these are storage units for the code that would not be connected to the internet, which would make them much more secure, avoiding the Jail Paradox to a great extent.

-Fraudulent Funds and Exchanges.


This part I think the title explains it by itself... whether it is Investment Funds that ask you for a cryptocurrency deposit with the promise of future profits, or Exchanges that after they accumulate a good amount in cryptocurrencies disappear from the network, as long as cryptocurrency trading exists there will be people willing to deceive others by creating a whole fake infrastructure just in order to steal from the unwary. Fraud is as old as mankind itself.

In this case common sense and caution on everyone's part is very important to avoid such cases. If something seems too good to be true... maybe it is... and it is an act of collective responsibility to always read the blue paper of new cryptocurrency projects and always verify the certification and auditing of the same.

-Direct cyber attack to Exchanges or similar.

imagen.png

Source

This part refers to the most classic perception we have of what a hack is, Exchanges can have more or less robustness in their lines of code, and sometimes it can be the case that a hacker or group of hackers sufficiently versed in their art, can see a vulnerability in the code of an Exchange and exploit it, as happened in August this year with the hacking of the Poly network. The hacker or hackers basically found a flaw in the Exchange smart contract, and after overloading it with something like a DDoS attack managed to modify its protocol and stole $600 million in cryptoassets. More information here https://www.reuters.com/technology/how-hackers-stole-613-million-crypto-tokens-poly-network-2021-08-12/

This method requires a level of sophistication on the part of the perpetrator in conjunction with a flaw in the code of the platform in question, but although remote it is still possible.

-Businesses in sub capable of the internet such as the Dark Web.


Although this has elements of all of the above, it deserves its own separate mention, as doing business in areas of the Internet where sometimes the material is there because it is illegal in the most supervised layers of it involves several security risks, as there are greater chances of encountering unscrupulous individuals or entities willing to any means to make profits, not to mention that traditional auditing systems do not reach there. Whether they are fraudulent exchanges, content with Malware or Ransomware, and even illegal material. Once in the internet underworld the risks multiply, but people still appreciate the freedom that such internet capabilities give, and therefore millionaire thefts can occur in them. Case example https://blockonomi.com/mt-gox-hack/

To close


And not to make this any longer, I want to tell you that tomorrow I will close this saga with a post about how best to protect yourself from cryptorobos, and be prepared for the eventuality of a hack to the platform of our preference, however unlikely it may be.

But what do you think about the issue, how do you see the outlook regarding cryptocurrency theft and the new security measures created every day. Do you think that someday we will reach a network where theft is impossible, tell me, I'll read you in the comments.

Recommended Bibliographic Reference

[1] top 5 ways how criminals steal crypto in 2020

[2] promoted international economic –common ways criminals use to steal bitcoin

[3] ways protect your bitcoin investment against theft and hacks

[4] half of 2020 crypto hacks are from defi protocols and exchanges

[5] kucoin September 2020 hack hacken research



0
0
0.000
0 comments