Cryptocurrency, often associated with ‘geeks’ or those looking to raise cash quickly, has turned into a popular payment method. According to a recent report from Kaspersky Lab, one-in-ten people (13%) have now used it to make a purchase. However, cybercriminals are also embracing this trend by targeting cryptocurrency exchanges and modifying old threats to attack investors. This is leaving people at risk of losing their savings stored in this unprotected technology, as hackers develop sophisticated techniques to access funds.
There are a growing number of businesses now offering cryptocurrency as a payment method, with retailers and food outlets now accepting it. Prices are falling and major sports teams are even partnering with crypto-exchanges. Yet, as people show interest in using cryptocurrency to both invest and spend their money, their funds are vulnerable to being stolen from cryptocurrency wallets, insecure exchanges and Initial Coin Offerings (ICOs). There have been high profile incidents where sums of up to $530 million worth of digital tokens have been stolen.
Threat actors can use a wide range of practices to steal funds from crypto wallets, as well as cryptocurrency exchanges and ICOs. High profile cases, including when 120,000 bitcoins were stolen from segregated customer wallets on Bitfinex four and a half years ago, and when Coincheck was hacked for $530 million in 2018, demonstrate the insecurity of these exchanges and the ease with which cybercriminals can access live networks and cause extensive, irreparable damage. If all the money in a cryptocurrency exchange is stolen, then it simply closes, and nothing can be returned to investors.
ICOs are particularly at risk because the individuals who set them up often do not have any background or experience in cybersecurity. This leaves them unable to protect funds and respond effectively should an incident take place. Ultimately, the cryptocurrency market still isn’t regulated and there are no risk assessment mechanisms in place.
Vitaly Mzokov, Head of Verification, Growth Center at Kaspersky Lab said: “Despite a fall in cryptocurrency prices, there is still a strong desire for digital transactions amongst consumers. Our consumer research has found that 13% of people have used cryptocurrency as a payment method, which was surprising to see. However, there are also real dangers associated with online exchanges as they are still in their infancy. There could be devastating financial consequences for consumers if funds are not secure.
“With threat actors becoming more sophisticated in their attacks, cryptocurrency exchanges and ICOs are prime targets and offer cybercriminals a straightforward solution to stealing substantial funds due to the lack of cybersecurity measures in place. There is also no substitute for vigilance – if something looks suspicious in any way, do not make an investment.”
Crypto-investors who don’t store money on crypto-exchanges for security reasons, should remain aware they may face the following difficulties and inconveniences:
- Exchanges usually incur service fees for withdrawing money
- Users cannot react to coin prices swiftly if they choose to remove their money
- Numerous operations with fiat money coming from anonymous sources can raise questions from government regulators
For consumers who want to continue using cryptocurrency as an investment and payment method, Kaspersky Lab recommends:
- Always verifying a web wallet’s address and not following links to an online bank or web wallet
- Using cryptocurrency hardware wallets
- Double-checking recipient addresses, the amount being sent, and the size of the associated fee before sending a transaction
- Writing down a mnemonic phrase that allows you to recover a crypto wallet if you lose it or forget your password
- Installing high-quality security solution, such as Kaspersky Internet Security, to safeguard the devices you use to access crypto wallets and trade on crypto-exchanges.
Kaspersky Lab is actively working towards securing the future of cryptocurrencies and ICOs. The company has run a cybersecurity audit for Merkeleon – an Austrian crypto exchange software provider – to ensure their solution is protected against potential threats.