Crypto price surge invites a torrent of crypto crime
Bitcoin soared past $50,000 per coin for the first time on Tuesday, and three days later its market cap surpassed $1 trillion. To say the cryptocurrency and altcoins have been on a tear is an understatement — especially after Tesla (TSLA) bought $1.5 billion in bitcoin earlier this month. And as the prices of these digital assets increase, so does the temptation to heist cryptocurrency.
The Justice Department unsealed an indictment Wednesday alleging North Korean military hackers schemed to steal money and cryptocurrency around the world as part of a larger plot involving Sony Pictures. That indictment spurred a warning from the FBI and Department of Homeland Security: Hackers are upping their games to steal cryptocurrency.
But it’s not just nation states stealing digital wallets worth millions. Cybercriminals are increasingly targeting individuals and businesses to surreptitiously mine cryptocurrency using unsuspecting victims’ computer systems in a cyberattack called cryptojacking.
[Read more: Tesla’s big bitcoin bet could come back to bite the EV maker]
“We’ve certainly seen in the past, a pretty reasonably good correlation between the price of bitcoin and the amount of cryptojacking activity,” Chester Wisniewski, principal research scientist at cybersecurity firm Sophos, told Yahoo Finance.
Experts say there are ways to reduce vulnerability to attacks by following basic and more sophisticated cybersecurity measures, starting with secure passwords.
International cybercriminals are stealing millions
North Korea and Iran, which are subject to U.S. sanctions, have leaned on cyberattacks against digital wallets to grow their coffers.
“North Korea’s operative, using keyboards rather than guns, stealing digital wallets and cryptocurrency instead of stacks of cash, have become the world’s leading bank robbers,” federal prosecutor John Demers told reporters this week after the indictment was unsealed.
Assistant Attorney General for National Security John C. Demers speaks during a virtual news conference at the Department of Justice in Washington, U.S., October 28, 2020. He announced the unsealed indictment against the North Korean hackers on Feb. 17, 2021. Sarah Silbiger/Pool via REUTERS
Prosecutors allege hackers working for North Korea’s government targeted cryptocurrency companies and stole tens of millions of dollars’ worth of cryptocurrency, including $11.8 million from a financial services company in New York in 2020. The hackers used malware called CryptoNeuro Trader as a backdoor into victims’ computers, stealing $24 million from an Indonesian cryptocurrency company in 2018, and $75 million from a Slovenian cryptocurrency company in 2017, according to the indictment.
Story continues
The malware provided a back door to steal private keys, the indictment said. The illegitimate software was marketed under names including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale.
“It appears that this malware is very sophisticated, in the sense in that it is impersonating a legitimate piece of software…which is a powerful concept,” says Yehuda Lindell CEO & Co-founder of Unbound Tech, which provides cryptographic infrastructure, including key management and protection.
[Read more: What is dogecoin? Elon Musk has sent the meme cryptocurrency soaring]
While crypto asset holders may avoid clicking on an unfamiliar link, Lindell said, they might be more inclined to install an update that appears to come from a trading platform.
“Once you have malware, that has access to whatever keys you have done, then obviously that malware can go ahead and do whatever it wants and steal your funds,” Lindell said. ”If somebody manages to steal your funds, there’s actually no way of getting them back, at all.”
Another problem is that not all cryptocurrency exchanges have the same security posture, compared to traditional banks, Lindell said. And when the incentive is so high, he said, the methods for theft become more sophisticated. “It’s direct money,” he said, unlike credit card number and password hacks that take added steps to convert to something of value.
According to a report from Amsterdam-based blockchain analytics firm Crystal Blockchain cited by Coindesk, hackers and scammers are known to have stolen $7.6 billion in cryptocurrency between 2011 and late 2020.
Rise in “Cryptojacking” targeting consumers, businesses
Beyond direct attacks on crypto wallets, cybercriminals are increasingly launching cryptojacking attacks against consumers and businesses to mine bitcoin and other cryptocurrencies. The criminals infiltrate and gobble up a target machines’ system resources, as a substitute for investing in their own computing power. Telltale signs of a cryptojacking attack can include sluggish performance and use of an unusually large amount of energy.
“Whenever you have something like this that is valuable, now all of a sudden more people are going to be willing to do things like…put little Trojan software and other things like this on people’s computers to mine this cryptocurrency,” NYU Tandon School of Engineering processor Justin Cappos told Yahoo Finance.
[Read more: MicroStrategy CEO sees an ‘avalanche’ of companies buying bitcoin]
For the average user, cryptojacking could mean a slowdown in their computer’s performance, or an increase in their electricity bill as hackers force victims’ machines to operate at full throttle to mine cryptocurrencies as fast as possible. More sophisticated cybercriminals, however, will go after large businesses that rely on cloud platforms like Amazon’s (AMZN) AWS or Microsoft’s (MSFT) Azure to mine cryptocurrencies, Cappos said.
A Bitcoin ATM sign is pictured in a bodega in the Manhattan borough of New York City, New York, U.S., February 9, 2021. REUTERS/Carlo Allegri
According to Wisniewski, cybercriminals install malware in businesses’ software running on AWS or Azure. The malware doesn’t touch AWS or Azure, but forces the business’s software to use a greater amount of computing resources from those services than they otherwise would to handle the intensive task of mining.
Such a dramatic increase in usage could add several thousand dollars to a company’s electric bill in a single month — and that high bill could be the only sign of an intrusion.
Protecting your digital wallet
To stave off an attack on a digital wallet or platform, Lindell advises individuals and entities to invest in professional security. Protecting cryptocurrency the same way as protecting your bank account, he said, “That’s not going to cut it.”
Experts say the best way to think about the abstract concept of cryptocurrency funds, is to consider the funds and the account holder’s secret key as one and the same. How those keys are stored can vary, depending on how the assets are held.
Among three models, one is a custody model where an entity, such a cryptocurrency trading platform like Coinbase, holds and is responsible for protecting the key, and the asset holder uses a password to access funds associated with that key. A second model is one where the asset holder independently holds and is responsible for the key.
“Both of these models are dangerous for different reasons,” Lindell said.
A third model adopts a hybrid solution where two parties share the key, making it more difficult for hackers to infiltrate an account because no single point of attack could breach the key. Large institutions and major holders of cryptocurrencies also protect keys using “cold wallets” that store keys in physical vaults.
For consumers with an insignificant percentage of their assets held in cryptocurrency, the best bet may be to use secure passwords for email, messaging and other apps. Experts say it’s also critical to remain vigilant about opening email attachments, and steer clear of risky websites.
It doesn’t appear that the temptation to cryptojack or steal cryptocurrencies will go away anytime soon. On Friday, bitcoin was up 7.6% just after 4:30 p.m. ET, valued at nearly $56,000 a coin.
Alexis Keenan is a legal reporter for Yahoo Finance and former litigation attorney. Follow Alexis Keenan on Twitter @alexiskweed. Daniel Howley is the tech editor for Yahoo Finance.
Got a tip? Email Daniel Howley at dhowley@yahoofinance.com over via encrypted mail at danielphowley@protonmail.com, and follow him on Twitter at @DanielHowley.
Sign up for Yahoo Finance Tech newsletter
What’s in store for crypto investors? Find out
Unlike other currencies, cryptocurrencies may also be traded, resulting in huge fluctuations in their values.
Countries like the US, China, Japan, Switzerland, South Korea and South Africa have embraced cryptocurrency, while uncertainty looms in India. After facing a ban on cryptocurrency transactions once, crypto investors and other stakeholders are skeptical about their future as the Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 is scheduled to be presented in the current Budget session of Parliament.
With Bitcoin crossing the $50,000 level after sustained demand from institutions like Tesla, MasterCard, Paypal, Microstrategy etc, cryptocurrency players are hopeful that the government won’t put a blanket ban.
Referring to acceptance of Bitcoin and other crypto currencies like Ethereum, Doge etc, Nischal Shetty, CEO, WazirX, said, “Institutional participation is also very low in India in crypto and regulatory uncertainty is the biggest hurdle in that. Institutional players would need regulatory clarity before participating in a new asset class like crypto. Introduction of a regulatory framework will certainly help cryptocurrencies thrive in India.”
Earlier, the Reserve Bank of India (RBI) had banned the cryptocurrencies in India as there is no regulation. Although the Indian Rupee (INR) can only be used as a currency in India, cryptocurrencies are used more like digital assets.
Unlike other currencies, cryptocurrencies may also be traded, resulting in huge fluctuations in their values.
As a result, there is no stability in the value of cryptocurrencies, while stability is one of the parameters that determines the quality of a currency.
However, in a cryptocurrency blockchain, only the respective cryptocurrency – like Bitcoin, Ethereum etc – may be used and not the other traditional currencies.
To avail the benefits of cryptocurrencies, what is needed is a regulation framework to safeguard the interests of crypto investors.
“A right crypto regulation will push India ahead, while a ban on Crypto will set our country back by a decade,” Shetty said.
However, it’s up to the government to decide whether to put a regulatory framework in place or put an outright ban on cryptocurrencies.
What will Indian investors lose if govt really bans cryptocurrency
If the rumours are true, Indians will soon be banned from doing what investors in China as well as those in fellow democracies like the US and UK are safely doing: investing in crypto assets or building and backing companies that are using blockchain technology to innovate.Could we allow blockchain companies , but ban crypto assets? No. All but a few blockchains require a cryptographic token to validate information or power the process. It’s like banning a car company from using petrol or a bakery from using flour.Banning ‘cryptocurrencies’, better termed crypto assets, would also stop investment in companies that use crypto tokens to power their technology. ‘Cryptocurrency’ is a misnomer for crypto assets. If a ban is intended to protect the rupee, it is not necessary. The term ‘cryptocurrency’ is just a word. Bitcoin is not meant to be a legal tender.The better term is crypto assets. Bitcoin is like digital gold, and can be regulated like gold. If the aim is to protect Indian crypto investors (the current 7 million plus investors who are interested) from any harm, we should be clear about what investors and the country will lose to gain such a protection.Indian investors would miss out on generational opportunities, and how!First, the assets themselves. Bitcoin introduced decentralised, triple-entry accounting and a value transfer system that reduces rent-seeking, fights corruption and resists inflation. Ethereum is a global, decentralised development platform for applications that improve supply chains, energy management, insurance, healthcare, and caters to other areas of life.If they did not have ‘crypto’ in their name, most investors would call them breakthrough technologies worth investing in. Many already do.What about price volatility and bubbles? New sectors and asset classes are often volatile, but you can reduce risk with a simple, SIP-like cost-averaging strategy: the same long-term value investing that early adopters did in Google, PayPal and Tesla when they were the volatile, bubbly new kids.A ban could also ban investing in Indian blockchain startups. VCs like Draper, Ayon and Sequoia, known for backing such billion-dollar unicorns, are now investing in Indian blockchain startups. A ban would force them to shut down or move overseas. It could also block Indian investors from opportunities available to their foreign counterparts.Indian blockchain startups employ thousands and are already making breakthroughs. My company, ZebPay , recently launched ZebLab, with R&D projects in solar energy and other areas. We’re part of a thriving ecosystem eager to tackle social and economic problems.Blockchain is the new Internet, but what flows through blockchain networks is not bytes of information, but tokens of trust and value, using cryptography to prove they are valid. That’s where the word ‘crypto’ comes from. It’s an anti-fraud technology. New terminology can make innovations hard to understand and trust, but with dialogue, we can learn and decide together.To promote this dialogue, India’s blockchain companies have launched a website, IndiaWantsBitcoin.org, to let citizens send messages to their Members of Parliament and call for positive regulation to protect consumers and promote innovation.It is every investor’s right to dismiss blockchain or crypto as risky or mystical nonsense, but in a democracy like India, should not investors — and not the government — have the right to make that choice for themselves?(Rahul Pagidipati is the CEO of ZebPay. Views are his own)