It’s not just that lucky investors get rich from cryptocurrencies.
Hackers have given up billions of dollars in virtual assets over the past year by endangering some of the crypto exchanges that emerged during the Bitcoin boom.
This year, there have been over 20 hacks where digital robbers stole at least $ 10 million in digital currency from crypto exchanges or projects. Hackers stole more than $ 100 million in at least six cases, according to data compiled by NBC News. By comparison, bank robbers averaged less than $ 5,000 per robber last year. FBI Annual Crime Statistics..
Despite the large amount of money associated with these thefts, they often lack the drama and attention of traditional bank robbery. However, cryptocurrency experts say it warns potential crypto investors: exchanges are now a lucrative target for hackers.
“Hacking a Fortune 500 company today can steal usernames and passwords,” said Esteban Castaño, CEO and co-founder of TRM Labs, where companies are building tools for tracking digital assets. increase. “Hacking a cryptocurrency exchange can cost millions of dollars in cryptocurrencies.”
The strangeness of the Internet, which requires some technical know-how to buy, has spurred cryptocurrencies to emerge as a more mainstream investment and speculative tool. Over 300 A company launched in recent years to provide people with an easy way to buy and sell anything, from Bitcoin to the more fringed “altcoin” such as dog-inspired Dogecoin.
Cryptographic exchange works like a traditional currency exchange, pricing different currencies and taking a small fee to allow users to trade one. However, despite strict regulations in a few countries, it is relatively easy for tech entrepreneurs to set up and operate exchanges almost anywhere in the world.
Cryptocurrencies generally provide some degree of security — some of their names come from “encryption”. However, the exchanges that manage them, especially the new exchanges that build businesses from scratch, often start with a small staff. In short, few full-time cybersecurity professionals. Their developers can work hard to get their code to work, accidentally leaving behind flaws that give hackers a foothold. Exchanges are a particularly mature target for criminal hackers, coupled with the fact that volatile markets often suddenly bring property to them.
Exchanges often continue to access some of their cryptocurrencies with so-called cold wallets that live securely offline. The rest is in a “hot wallet” that can be sent to the user in liquid form. That is, if a hacker has access to a particular employee account (a common security breach on the Internet), the hacker can stop the big robbery and create CipherTrace, a company that tracks cryptocurrency theft and fraud. Dave Jevans said.
“Stealing a hot wallet’s private key is not like stealing a database of people’s names or social security numbers,” Jevans said. “You basically just stole all their money.”
If the exchange is wealthy enough and plans for emergency funding, it can compensate customers if its operations are hacked, Jevans said. Otherwise, they often go out of business.
“Not all exchanges are so wealthy or visionary. It just goes, pop,’We’re out of business. Sorry, you’re all confused.” He said.
Recent cases
One of the biggest robbers was the crypto trading platform Bitmart, where hackers broke into company accounts and Stealed almost $ 200 million..The company has frozen all customer transactions three days Before it allows them to exchange their money again.
The problem is exacerbated by the fact that many cryptocurrency projects aimed at circumventing government regulation were set up in countries where law enforcement agencies have little power to chase cross-border hackers. Or, if hacked, it tends to be less likely to seek government support for ideological reasons, said Chainalysis’s U.S. investigator, who is tracking cryptocurrency transactions for both private and government agencies. One Beth Bisbee said.
“Ecosystems generally want to be anti-banking and anti-surveillance,” Bisby said. “Therefore, if that happens, they are considered victims and, even if they are worth it, they do not necessarily want to work with law enforcement agencies.”
Low profile
Exchange hacks offer some similarities to old bank robbers, but do not leave the features that once made them one-sided news. Public scrutiny of these hacks can be lacking despite the large amount of money. Most replacement hackers are caught and leave little closure to consumers. And there is rarely physical evidence or the aftermath of the real world. There is no bank teller or perp walk with trauma.
However, some hacks have a happy ending. In one strange public case, a hacker stole $ 600 million from the cryptocurrency platform PolyNetwork. Instead of blaming the thief, the company calls him “Mr. White Hat”, a cybersecurity term for researchers working to make things safer. Polynetwork thanked us for revealing a flaw in the code and asked for a refund. The hacker eventually forgave, Returned everything..
However, those instances are rare. Usually, when major law enforcement agencies tackle major cryptocurrency hacks, they try to track all leads. This is a much slower process than the criminals you are tracking.
Claire Georges, deputy spokesman for Europol, the European Union’s international law enforcement agency, said the European Union’s international law enforcement agency is aware of many cases of hackers stealing digital assets. But she said building a solid case is a long and slow process that hasn’t kept pace with the attack.
“While we’re talking, we’re doing a lot of research,” Georges said. “They take a long time because we also want to destroy the entire criminal network,” she said. “These cases often affect other cases.”
“They can last forever,” she said. “These investigations usually take time.”
