Cryptocrimminal tendencies: hacks of exchanges

Cryptocrimminal tendencies: hacks of exchanges
Cryptocrimminal tendencies

As cryptocurrencies gain their popularity, they drive more and more attention of miners all over the world. Sadly, hackers do neglect crypto as well. They are constantly developing new, keep means of stealing money. Even the most popular, well-developed, fancy exchanges have no 100% guarantees for safety. As an example: Youbit, NiceHash, and the most scandalous of all Coincheck.

Means of crypto criminals

Nowadays there are probably a lot of methods to steal crypto. We have come up with the list if the most popular ones.

  • DDoS

You have seen this abbreviation in the news DDoS, which is short for Distributed Denial of Service. You could have seen this on the main pages of the exchanges and crypto platform, everyone is now familiar with this technology and tries to protect the money of the customers from being taken away this way.

Darkness attack
Darkness attack

Plotters channel fake traffic, that comes from several sources onto the services to overload them and make it collapse. Platforms suffer not only from direct consequences like stealing but also from indirect ones. In case service is down for a significant period clients stop using it. Bitfinex has somehow managed to survive this kind of attack in 2017.

  • XSS

Almost every platform is susceptible to Cross-Site Scripting. Due to finding vulnerabilities, hackers implement hostile code on the web page that channels readers on other web sites. This way plotters deploy stealer-viruses on trader’s laptops and steal the crypto-wallets keys.

  • Configuration vulnerabilities

Some exchanges do not have HTTPS-headers (HyperText Transfer Protocol Secure), which increase a website's safety from attacks. When hackers find a platform without this header, they know that this might be a loop for them.

  • Smart contracts vulnerabilities
Smart contracts vulnerabilities
Smart contracts vulnerabilities

Hackers seek from vulnerabilities or mistakes in the code of smart contracts and use it no crack it. This way they can perform not only targeted attacks, but also a mass one, on a lot of wallets in case they have similar mistakes in them.

  • Phishing

This is a kind of scam that is based on the bases of social engineering. Firstly, they create almost an identical copy of the companies website.

Phishing
Phishing

Then, they send out spam emails that look like the one that the actual company could send out. All the logotypes, first and last names are the same. This message informs customers that either due to some technical works or hackers attack they have to confirm or change login info. After the user clicks on the hyperlink inserted in this email – all of the data channels on the fake web page and is stoled this way.

Protection against hackers and scammers

Save yourself from cryptocurrency hacking | cdlconline24
Save yourself from cryptocurrency hacking | cdlconline24

Do not start panicking! There is still something that you can do to minimize the risks of being robbed. Auditing of internal and external risks, constant monitoring of users' activity and their usage of expert recommendations can help. There are even international standards that comprise all of the recommendations. For example, CobiT (Control Objectives for Information and related Technology).

One of the basics of blockchain is the usage of Smart Contracts. It also has to be audited due to standard protocols. To protect their clients, platforms and exchanges use 2FA and so-called cold servers. Some even require copies of the IDs.

Nothing hacked with cdlconline24
Nothing hacked with cdlconline24

There are also AML (anti-money laundering) and KYC (know your customer) regulations that almost all the platform implement.

Even though blockchain is not perfect and it can be hacked, the risks of that happening are slimmer than of your bank being robbed. Moreover, users have a right to demand their money back in cases of proven hacker attacks.