Hundreds Of Blockchain Platforms At Risk Of Being Hacked
Online platforms for cryptocurrency exchange are not as well prepared against threats in the ever-evolving cyberspace as they believe themselves. Since 2017, 14 blockchain platforms have been the victim of hacking attacks, leading to a total loss of over 800 million dollars. Recently we discovered and avoided a new long-term attack preventing the stealing of over half million dollars in cryptocurrency from a large cryptocurrency exchange platform.
During a scheduled penetration test against one of the largest exchange platforms, a long-term ongoing attack came to light. This sophisticated attack had secretly been going on for almost two years. This attack could have led to the downfall of many of today’s blockchain platforms. Hundreds of cryptocurrency exchange platforms are still at risk of being hacked.
Blockchain platforms have been the targets of hackers worldwide since the beginning of cryptocurrency. The anonymity of transactions on the exchange platforms allows cybercriminals to steal funds without compromising. Hacks that lead to relatively small amounts of cryptocurrencies being stolen therefore happen quite often, but every once in a while a big cryptocurrency hack happens. The biggest Bitcoin hack till now was in 2011, when platform Mt. Gox, the biggest Bitcoin exchange platform at the time, was hacked for the second time. The hackers stole more than 750.000 bitcoins, with a value of over $350 million, bankrupting Mt. Gox in the go. Unfortunately, other exchange platforms did not learn from this and big heists happened again in 2012, 2014, 2015 and 2016. Many of these exchanges went bankrupt due to the hack and users lost their money.
In 2017, the number of breaches and hacks peaked. Over 10% of all ICO funds have been stolen. Since 2018, hackers have also been attacking private ICO’s. The TON project of Telegram creator Pavel Durov was hacked for example in this year. The cybercriminals managed to steal $35.000 of cryptocurrencies.
Due to the nature of the vulnerability and a signed NDA with our client, we cannot reveal the identity of the platform this most recent attempted attack was directed towards. As of today, we are still in the process of conducting a research in collaboration with other cybersecurity companies in order to identify any large-scale breaches.
The main concern is that even parties with limited technical knowledge can potentially take over an undefined number of accounts and by doing so, accessing end-user wallets. A similar thing happened in 2016 when BITFINEX was hacked due to a vulnerability in its multi-sig wallet architecture. This was the second largest Bitcoin hack ever made after Mt.Gox. The breach claimed 120,000 BTCs with a value worth of $72 million. However, with the technique that was used in this recent attack, the vulnerability is not specific to any software and does not purely rely on technical causes. This makes it that more dangerous and widespread.
Our cyber intelligence in the field has shown that vulnerabilities of such nature are a lot more common than previously thought.
The number of cyber attacks will most likely increase in the next years. Cybersecurity and computer security are therefore becoming more and more important. When cybersecurity companies work together to identify the vulnerabilities of the platforms and ICO’s, we will keep one step ahead of cyber criminality.
We will keep our clients and readers up-to-date with the latest news surrounding this viral topic.