Online platforms for cryptocurrency exchange are not as well prepared against threats in the cyberspace as they believe themselves. In 2017 over 10% of all ICO funds have been stolen.
As Cryptodaily.co.uk reports since 2017, 14 blockchain platforms have suffered of hacking attacks, leading to a total loss of over 800 million dollars. A new long-term attack was recently discovered and avoided by TAD GROUP, based in Newport Beach, CA, preventing the stealing of over half million dollars in cryptocurrency from a large cryptocurrency exchange platform.
During а scheduled penetration test against one of the largest exchange platforms, a long-term ongoing attack was revealed. According to the experts from TAD GROUP, this attack could have led to the downfall of many of today’s blockchain platforms. Hundreds of cryptocurrency exchange platforms are still at risk of being hacked.
Blockchain platforms have always been the targets of hackers worldwide. The anonymity of transactions on the exchange platforms allows cybercriminals to steal funds without risk of being caught. Hacks that lead to stealing of small amounts of cryptocurrencies happen regularly, but often a big cryptocurrency hacks occur. The biggest Bitcoin hack till now was in 2011, when platform Mt. Gox, the biggest Bitcoin exchange platform at the time, was hacked for the second time. The hackers stole more than 750.000 bitcoins, with a value of over $350 million, bankrupting Mt. Gox in the go. Unfortunately, other exchange platforms did not learn from this and big heists repeated in 2012, 2014, 2015 and 2016. Many of these exchanges went bankrupt due to the hack and users lost their money.
Since 2018, hackers have also been attacking private ICO’s. The TON project of Telegraph creator Pavel Durov was hacked for example in this year. The cybercriminals managed to steal $35.000 of cryptocurrencies.
TAD GROUP cannot reveal the identity of the platform this most recent attempted attack was directed towards, due to client confidentiality. However, their CISO, Joshua Alexander, told us that many other platforms might still be at risk. Alexander, who was recently assigned to the European office in Chertsey, UK, states: “As scary as it may seem, our research has shown that this, unfortunately, is a vulnerability that is present in a huge amount of ICO’s, which do not even suspect this to be out there.”
The cybersecurity company did not release any further information about the precise vulnerability of these platforms, as this is information that they do not want to fall into the wrong hands before ICO’s are even aware of it. Alexander: “We are still in the process of conducting a research in collaboration with other cybersecurity companies in order to identify any large-scale breaches.”
TAD GROUP experts state that the impact of the vulnerability might be critical, allowing even parties with limited technical knowledge to potentially take over an undefined number of accounts and by doing so, accessing end-user wallets. A similar thing happened in 2016 when BITFINEX was hacked due to a vulnerability in its multi-sig wallet architecture. This was the second largest Bitcoin hack ever made after Mt.Gox. The breach claimed 120,000 BTCs with a value worth of $72 million. However, with the technique that was used in this recent attack, the vulnerability is not specific to any software and does not purely rely on technical causes.
Cyber intelligence in the field has shown that vulnerabilities of such nature are quite common. For now, the experts from TAD GROUP were able to prevent the breach, which would have led to the stealing of at least $500.000 in Bitcoin.
The number of cyber attacks might increase in the next years. Cybersecurity is thus becoming more and more important. When cybersecurity companies work together to identify the vulnerabilities of the platforms and ICO’s, we will keep one step ahead of cyber criminality. Tools like penetrations tests from cybersecurity companies will help with this. TAD GROUP offers cybersecurity solutions, performs penetration tests to check the cybersecurity of a platform or wallet.