Crypto price surge invites a torrent of crypto crime

Crypto price surge invites a torrent of crypto crime

Bitcoin soared past $50,000 per coin for the first time on Tuesday, and three days later its market cap surpassed $1 trillion. To say the cryptocurrency and altcoins have been on a tear is an understatement — especially after Tesla (TSLA) bought $1.5 billion in bitcoin earlier this month. And as the prices of these digital assets increase, so does the temptation to heist cryptocurrency.

The Justice Department unsealed an indictment Wednesday alleging North Korean military hackers schemed to steal money and cryptocurrency around the world as part of a larger plot involving Sony Pictures. That indictment spurred a warning from the FBI and Department of Homeland Security: Hackers are upping their games to steal cryptocurrency.

But it’s not just nation states stealing digital wallets worth millions. Cybercriminals are increasingly targeting individuals and businesses to surreptitiously mine cryptocurrency using unsuspecting victims’ computer systems in a cyberattack called cryptojacking.

[Read more: Tesla’s big bitcoin bet could come back to bite the EV maker]

“We’ve certainly seen in the past, a pretty reasonably good correlation between the price of bitcoin and the amount of cryptojacking activity,” Chester Wisniewski, principal research scientist at cybersecurity firm Sophos, told Yahoo Finance.

Experts say there are ways to reduce vulnerability to attacks by following basic and more sophisticated cybersecurity measures, starting with secure passwords.

International cybercriminals are stealing millions

North Korea and Iran, which are subject to U.S. sanctions, have leaned on cyberattacks against digital wallets to grow their coffers.

“North Korea’s operative, using keyboards rather than guns, stealing digital wallets and cryptocurrency instead of stacks of cash, have become the world’s leading bank robbers,” federal prosecutor John Demers told reporters this week after the indictment was unsealed.

Assistant Attorney General for National Security John C. Demers speaks during a virtual news conference at the Department of Justice in Washington, U.S., October 28, 2020. He announced the unsealed indictment against the North Korean hackers on Feb. 17, 2021. Sarah Silbiger/Pool via REUTERS

Prosecutors allege hackers working for North Korea’s government targeted cryptocurrency companies and stole tens of millions of dollars’ worth of cryptocurrency, including $11.8 million from a financial services company in New York in 2020. The hackers used malware called CryptoNeuro Trader as a backdoor into victims’ computers, stealing $24 million from an Indonesian cryptocurrency company in 2018, and $75 million from a Slovenian cryptocurrency company in 2017, according to the indictment.

Story continues

The malware provided a back door to steal private keys, the indictment said. The illegitimate software was marketed under names including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale.

“It appears that this malware is very sophisticated, in the sense in that it is impersonating a legitimate piece of software…which is a powerful concept,” says Yehuda Lindell CEO & Co-founder of Unbound Tech, which provides cryptographic infrastructure, including key management and protection.

[Read more: What is dogecoin? Elon Musk has sent the meme cryptocurrency soaring]

While crypto asset holders may avoid clicking on an unfamiliar link, Lindell said, they might be more inclined to install an update that appears to come from a trading platform.

“Once you have malware, that has access to whatever keys you have done, then obviously that malware can go ahead and do whatever it wants and steal your funds,” Lindell said. ”If somebody manages to steal your funds, there’s actually no way of getting them back, at all.”

Another problem is that not all cryptocurrency exchanges have the same security posture, compared to traditional banks, Lindell said. And when the incentive is so high, he said, the methods for theft become more sophisticated. “It’s direct money,” he said, unlike credit card number and password hacks that take added steps to convert to something of value.

According to a report from Amsterdam-based blockchain analytics firm Crystal Blockchain cited by Coindesk, hackers and scammers are known to have stolen $7.6 billion in cryptocurrency between 2011 and late 2020.

Rise in “Cryptojacking” targeting consumers, businesses

Beyond direct attacks on crypto wallets, cybercriminals are increasingly launching cryptojacking attacks against consumers and businesses to mine bitcoin and other cryptocurrencies. The criminals infiltrate and gobble up a target machines’ system resources, as a substitute for investing in their own computing power. Telltale signs of a cryptojacking attack can include sluggish performance and use of an unusually large amount of energy.

“Whenever you have something like this that is valuable, now all of a sudden more people are going to be willing to do things like…put little Trojan software and other things like this on people’s computers to mine this cryptocurrency,” NYU Tandon School of Engineering processor Justin Cappos told Yahoo Finance.

[Read more: MicroStrategy CEO sees an ‘avalanche’ of companies buying bitcoin]

For the average user, cryptojacking could mean a slowdown in their computer’s performance, or an increase in their electricity bill as hackers force victims’ machines to operate at full throttle to mine cryptocurrencies as fast as possible. More sophisticated cybercriminals, however, will go after large businesses that rely on cloud platforms like Amazon’s (AMZN) AWS or Microsoft’s (MSFT) Azure to mine cryptocurrencies, Cappos said.

A Bitcoin ATM sign is pictured in a bodega in the Manhattan borough of New York City, New York, U.S., February 9, 2021. REUTERS/Carlo Allegri

According to Wisniewski, cybercriminals install malware in businesses’ software running on AWS or Azure. The malware doesn’t touch AWS or Azure, but forces the business’s software to use a greater amount of computing resources from those services than they otherwise would to handle the intensive task of mining.

Such a dramatic increase in usage could add several thousand dollars to a company’s electric bill in a single month — and that high bill could be the only sign of an intrusion.

Protecting your digital wallet

To stave off an attack on a digital wallet or platform, Lindell advises individuals and entities to invest in professional security. Protecting cryptocurrency the same way as protecting your bank account, he said, “That’s not going to cut it.”

Experts say the best way to think about the abstract concept of cryptocurrency funds, is to consider the funds and the account holder’s secret key as one and the same. How those keys are stored can vary, depending on how the assets are held.

Among three models, one is a custody model where an entity, such a cryptocurrency trading platform like Coinbase, holds and is responsible for protecting the key, and the asset holder uses a password to access funds associated with that key. A second model is one where the asset holder independently holds and is responsible for the key.

“Both of these models are dangerous for different reasons,” Lindell said.

A third model adopts a hybrid solution where two parties share the key, making it more difficult for hackers to infiltrate an account because no single point of attack could breach the key. Large institutions and major holders of cryptocurrencies also protect keys using “cold wallets” that store keys in physical vaults.

For consumers with an insignificant percentage of their assets held in cryptocurrency, the best bet may be to use secure passwords for email, messaging and other apps. Experts say it’s also critical to remain vigilant about opening email attachments, and steer clear of risky websites.

It doesn’t appear that the temptation to cryptojack or steal cryptocurrencies will go away anytime soon. On Friday, bitcoin was up 7.6% just after 4:30 p.m. ET, valued at nearly $56,000 a coin.

Alexis Keenan is a legal reporter for Yahoo Finance and former litigation attorney. Follow Alexis Keenan on Twitter @alexiskweed. Daniel Howley is the tech editor for Yahoo Finance.

Got a tip? Email Daniel Howley at dhowley@yahoofinance.com over via encrypted mail at danielphowley@protonmail.com, and follow him on Twitter at @DanielHowley.

Sign up for Yahoo Finance Tech newsletter

What’s in store for crypto investors? Find out

Unlike other currencies, cryptocurrencies may also be traded, resulting in huge fluctuations in their values.

Countries like the US, China, Japan, Switzerland, South Korea and South Africa have embraced cryptocurrency, while uncertainty looms in India. After facing a ban on cryptocurrency transactions once, crypto investors and other stakeholders are skeptical about their future as the Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 is scheduled to be presented in the current Budget session of Parliament.

With Bitcoin crossing the $50,000 level after sustained demand from institutions like Tesla, MasterCard, Paypal, Microstrategy etc, cryptocurrency players are hopeful that the government won’t put a blanket ban.

Referring to acceptance of Bitcoin and other crypto currencies like Ethereum, Doge etc, Nischal Shetty, CEO, WazirX, said, “Institutional participation is also very low in India in crypto and regulatory uncertainty is the biggest hurdle in that. Institutional players would need regulatory clarity before participating in a new asset class like crypto. Introduction of a regulatory framework will certainly help cryptocurrencies thrive in India.”

Earlier, the Reserve Bank of India (RBI) had banned the cryptocurrencies in India as there is no regulation. Although the Indian Rupee (INR) can only be used as a currency in India, cryptocurrencies are used more like digital assets.

Unlike other currencies, cryptocurrencies may also be traded, resulting in huge fluctuations in their values.

As a result, there is no stability in the value of cryptocurrencies, while stability is one of the parameters that determines the quality of a currency.

However, in a cryptocurrency blockchain, only the respective cryptocurrency – like Bitcoin, Ethereum etc – may be used and not the other traditional currencies.

To avail the benefits of cryptocurrencies, what is needed is a regulation framework to safeguard the interests of crypto investors.

“A right crypto regulation will push India ahead, while a ban on Crypto will set our country back by a decade,” Shetty said.

However, it’s up to the government to decide whether to put a regulatory framework in place or put an outright ban on cryptocurrencies.

Bitcoin Hits $1 Trillion Value as Crypto Leads Other Assets

(Bloomberg) – Bitcoin’s market value reached $1 trillion for the first time, a surge that’s helping cryptocurrency returns far outstrip the performance of more traditional assets like stocks and gold.

The largest digital-asset has added more than $450 billion of value in 2021 to more than $1 trillion, data compiled by Bloomberg show. The Bloomberg Galaxy Crypto Index, which includes Bitcoin and four other coins, has more than doubled.

Speculators, corporate treasurers and institutional investors are thought to have stoked Bitcoin’s volatile ascent. Crypto believers are dueling with skeptics for the dominant narrative around the climb: the former see an asset being embraced for its ability to hedge risks such as inflation, while the latter sense a precarious mania riding atop waves of monetary and fiscal stimulus.

At the same time, the argument has been made that assigning a market capitalization isn’t an accurate representation since Bitcoin isn’t a company or even an asset. Skeptics say without real-world assets that companies possess or government backing like the dollar, all investors are really buying into is faith in the cryptocurrency’s network.

Still, FOMO – fear of missing out – may be at play, said Shane Oliver, head of investment strategy with AMP Capital Investors Ltd. in Sydney, adding that “in times of easy money this gets magnified and it’s partly what’s driving the current interest.”

The crypto index’s performance towers over stocks, gold, commodities and bonds in 2021.

This month, Tesla Inc. disclosed a $1.5 billion investment and MicroStrategy Inc. boosted a sale of convertible bonds to $900 million to buy even more of the token. That brought the coin closer to corporate America.

“If companies’ fundamentals are going to become closely tied to movements in Bitcoin because they’ve suddenly become speculators on the side, we’re going to be in bubble territory before you know it,” said Craig Erlam, senior market analyst with Oanda Europe Ltd.

Story continues

Tesla Chief Executive Officer Elon Musk posted a somewhat cryptic tweet Friday that appeared in part to defend the company’s action, saying Bitcoin “is simply a less dumb form of liquidity than cash” while adding that the electric vehicle maker’s decision isn’t “directly reflective of my opinion.”

In a subsequent tweet, he said the price of Bitcoin and Ethereum “seem high,” in reply to Peter Schiff – a cryptocurrency skeptic and noted gold bug – who said the precious metal is better than Bitcoin and fiat money.

Read More: Musk Defends Tesla Bitcoin Move, Says Token Less Dumb Than Cash

The “long Bitcoin” trade is seen as among the most crowded in the world alongside technology exposure and dollar shorts, according to the February edition of Bank of America’s global fund manager survey.

AMP’s Oliver said if Bitcoin “falls out of favor – for example due to government regulation or investors just moving on to the next new thing – then it could quickly plunge.”

(Updates with subsequent Musk tweet in 10th paragraph)

For more articles like this, please visit us at bloomberg.com

Subscribe now to stay ahead with the most trusted business news source.

©2021 Bloomberg L.P.