The world of the Blockchain and cryptocurrencies is upon us.  Blockchain is a technology that amongst other things helps decentralize trade, and allows for more peer-to-peer transactions.  Most people these days have heard of the cryptocurrency called Bitcoin and many have bought or traded in this new digital currency.  There are no real Bitcoins – it is just digital zeros and ones. You interact with the Blockchain through Wallets.  Wallets are where you receive and send your cryptocurrencies.  Trading of Bitcoin and other cryptocurrencies like Ethereum or Litecoin, is often done through a Cryptocurrency Exchange.

A Cryptocurrency Exchange is a marketplace where investors can use conventional money to purchase and trade cryptocurrencies, like you would at a stock exchange.  As with any new technology, cyber-criminals will always try to find a way to exploit it, and the world of cryptocurrencies is no exception. Unlike a fiat currency stock exchange, digital currency exchanges are not regulated or insured against fraudulent activity.  It is vital that companies who manage Cryptocurrency Exchanges, put strong security measures in place, to protect themselves and their customers from significant financial losses.

Threats to cryptocurrency exchanges

There are a variety of attack methods that cryptocurrency exchanges may face.  These include DNS hijacking, a fake DHCP server being created, clickjacking and other phishing attacks. If a hacker obtains a user’s login details, there’s a risk that all of the funds associated with their account could be stolen.  This is a huge problem for the Cryptocurrency Exchange that is managing and storing currency for those users.  Their brand reputation is on the line.

On the Dark Web, there are many offerings to assist hackers in stealing account details.  Cryptocurrency Exchanges are imitated with fake phishing sites, to trick account holders into providing their login details and sometimes even their Private Key, which is a unique code assigned to every transaction on the Blockchain to provide proof that an individual has the permission to transact with a particular currency.

Figure 1: Example of an offer on the Dark Web

Some offers on the Dark Web even provide hackers with already hacked accounts from an Exchange.

Figure 2: Dark Web sale of hacked accounts











Financial Loss

If cyber-criminals manage to hack a Cryptocurrency Exchange, the results can be catastrophic for anyone who holds an account with them.  An example of this, is the breach that occurred in January this year, when $400 million in NEM coins was stolen from Japan’s Coincheck exchange.

The exchange platforms on which people buy and sell digital currencies are not regulated, so if the platform is hacked, there is no protection and users will have no legal recourse. In most countries, cryptocurrencies are not recognized as legal tender. Cryptocurrency hacks in the past have lost investors significant amounts of real money.  Stolen account details are used to log into the website portals of Crypto companies and these hacked accounts are then used to buy and sell or even cash out currency.  Any transaction that goes through the Blockchain is final.  There is no way to retrieve money lost through fraudulent transactions.

A report by the Australian Competition and Consumer Commission (ACCC) stated that in 2017 an estimated AUD$2.1 million was lost by those chasing the digital currency dream, or paying a virtual ransom. The ACCC wrote “Scammers adapt each year and find ways to exploit popular trends, new platforms, new ways of communicating, fad products, changes to legislation, or new investment opportunities.”

How can Cryptocurrency Exchanges protect themselves?

Security is the key and Cryptocurrency Exchanges need to get on-board quickly.  With Blockchain transactions being anonymous and untraceable, cryptocurrency companies need to protect their brand from being imitated and their users from being hoodwinked.  Monitoring of their websites and mobile apps to detect possible attacks before they wreak havoc is vital.  Prevention rather than cure.  This can be achieved by putting in place rigorous Anti-Phishing, Mobile Apps and Brand Abuse protection.

The cryptocurrency marketplace/website can be protected from being used on phishing sites, and FraudWatch International can offer this protection to Cryptocurrency Exchanges, as we do for all of our other clients that have login portals.  Our teams and systems at FraudWatch International provide active monitoring twenty-four hours a day, seven days a week for malware attacks, as well as global and localized social media sites. We will alert you as soon as criminal activity is detected and confirmed.

We provide the fastest site takedown times in the industry for Anti-PhishingAnti-MalwareSocial Media, Mobile Apps, and Brand Abuse sites.  This means that we can minimise the impact online abuse has on your business. Contact us to find out more about our takedown services.