23 Jan 2020 Anthony Lehrman
Hacker Attacks On Crypto Exchanges Are Going Up
As the crypto sector seeks further ways for eliminating hacker attacks, last year, Chainalysis recorded 11 attacks on exchanges and custodial services. Despite the number of attacks, 2019 isn’t as fruitful for hackers, as the total amount reached “just” $238 million. 2018, for instance, records an all-time high of crypto heists as $875,5 million worth of cryptocurrencies were stolen in only six cyber attacks.
The research team at Chainalysis came up with a report showing the number and amount of funds stolen from hacking. The group clarified that phishing attacks or sudden exit scams are not taken into consideration, as they use less-technical attacks like malware and luring victims into providing their wallet addresses and private keys. Furthermore, the Chainalysis team only took into consideration the attacks that lead to illicit activities on exchanges.
The most significant hacking attack in 2019 was on CoinBene, with total worth of $105 million through the theft of 109 different ERC-20 tokens stolen from the exchange. At the beginning, the exchange was refusing about the attack, but researchers found out the total amount of tokens was forcefully taken from Coinbene’s hot wallet.
Binance, the world’s largest crypto exchange to date, also suffered from a hacking attack. Despite Binance’s tight security measures, the hackers gained access to the hot wallet via a combination of phishing attacks and a special withdrawal algorithm to bypass Binance’s security protocol.
Bitpoint lost $32 million worth of various cryptocurrencies, Bithumb got stung with $19 million worth of Ethereum (ETH) and Ripple (XRP) tokens. At the same time, Cryptopia suffered from a $16 million worth of ETH and ERC-20 token hit. The 11 hits also include exchanges like DragonEx, Bitrue, Vindaxm, and LocalBitcoins.
The Chainalysis team created a break down of occured thefts, based on the average and median amount stolen. It turns out, the number of crypto funds stolen per heist dropped drastically in 2019, when comparing it with 2018, for example. The data suggest exchanges are now increasingly aware of the situation and are trying to mitigate or at least lessen the effect of potential crypto theft.
Most of the stolen funds are going into other exchanges, then exchanged for fiat currencies. However, there are still funds, sitting in wallets, which gives law enforcement officials a chance to discover the culprits.
And as exchanges are increasing their security measures, hackers also sophisticate their methods for infiltration. Exchange operators now keep small amounts in their hot wallets, while most of the funds are locked in cold wallets. Also, exchanges are relying more on authentication procedures and transaction monitoring. Exchanges in 2019 shared more information on the crypto hack than ever before, which is beneficial for the entire crypto community.
However, hacker groups like the Lazarus project take crypto attacks to a whole new level. Believed to be behind the WannaCry ransomware attacks in 2017, as well as the 2014 Sony Pictures attack, Lazarus now uses more and more sophisticated hacking methods. Most of their hacking is based on social engineering, evolving into one of the most elaborate hacking strategies in the crypto sector. Lazarus also uses mixing pools to cover up their tracks. Mixing pools gather illicit funds and then transfers them back with a “mixed” origin for a 1-3% fee.