Hundreds Of Blockchain Platforms At Risk Of Being Hacked

Online platforms for cryptocurrency exchange are not as well prepared against threats in the ever-evolving cyberspace as they believe themselves. Since 2017, 14 blockchain platforms have been the victim of hacking attacks, leading to a total loss of over 800 million dollars. A new long-term attack was recently discovered and avoided by TAD GROUP, preventing the stealing of over half million dollars in cryptocurrency from a large cryptocurrency exchange platform.

During P0 scheduled penetration test against one of the largest exchange platforms, a long-term ongoing attack came to light. This sophisticated attack had secretly been going on for almost two years. According to the experts from TAD GROUP, this attack could have led to the downfall of many of today’s blockchain platforms. Hundreds of cryptocurrency exchange platforms are still at risk of being hacked.

Blockchain platforms have been the targets of hackers worldwide since the beginning of cryptocurrency. The anonymity of transactions on the exchange platforms allows cybercriminals to steal funds without compromising. Hacks that lead to relatively small amounts of cryptocurrencies being stolen therefore happen quite often, but every once in a while a big cryptocurrency hack happens. The biggest Bitcoin hack till now was in 2011, when platform Mt. Gox, the biggest Bitcoin exchange platform at the time, was hacked for the second time. The hackers stole more than 750.000 bitcoins, with a value of over $350 million, bankrupting Mt. Gox in the go. Unfortunately, other exchange platforms did not learn from this and big heists happened again in 2012, 2014, 2015 and 2016. Many of these exchanges went bankrupt due to the hack and users lost their money.

In 2017, the number of breaches and hacks peaked. Over 10% of all ICO funds have been stolen. Since 2018, hackers have also been attacking private ICO’s. The TON project of Telegraph creator Paul Durov was hacked for example in this year. The cybercriminals managed to steal $35.000 of cryptocurrencies.

TAD GROUP cannot reveal the identity of the platform this most recent attempted attack was directed towards, due to client confidentiality. However, their CISO, Joshua Alexander, was able to tell us that many other platforms might still be at risk. Alexander, who was recently assigned to the European office in Chertsey, UK, states: “As scary as it may seem, our research has shown that this, unfortunately, is a vulnerability that is present in a huge amount of ICO’s, which do not even suspect this to be out there.”

The cybersecurity company did not release any further information about the precise vulnerability of these platforms, as this is information that they do not want to fall into the wrong hands before ICO’s are even aware of it. Alexander: “We are still in the process of conducting a research in collaboration with other cybersecurity companies in order to identify any large-scale breaches.”

TAD GROUP experts did bring forwards that the impact of the vulnerability might be critical, allowing even parties with limited technical knowledge to potentially take over an undefined number of accounts and by doing so, accessing end-user wallets. A similar thing happened in 2016 when BITFINEX was hacked due to a vulnerability in its multi-sig wallet architecture. This was the second largest Bitcoin hack ever made after Mt.Gox. The breach claimed 120,000 BTCs with a value worth of $72 million. However, with the technique that was used in this recent attack, the vulnerability is not specific to any software and does not purely rely on technical causes. This makes it more dangerous and widespread.

Moreover, the researchers found that this was not an isolated case. Cyber intelligence in the field has shown that vulnerabilities of such nature are a lot more common than previously thought. For now, the experts from TAD GROUP were able to prevent the breach, which would have led to the stealing of at least $500.000 in Bitcoin.

Since the new GDPR Privacy Policy took effect on 25 May 2018 a new fraud affected blockchain company owners. Cybercriminals threaten to harm companies by disclosing stolen user data on the internet, violating the new GDPR rules. Hackers demand a ransom to avoid private information disclosing. According to the GDPR, this means the regulatory authority would penalize companies. As TAD GROUP specialists state, companies that have already been a victim of the new “ransomhack” scheme have developed a security policy. But omitting appropriate checks lead to fatal consequences. Cybercriminals expect to get a ransom of between $1,000 and $20,000 US dollars, while fines for violating the GDPR are about 4% of the annual turnover for the previous year. The total amount of losses may come to 20 million euros.

The number of cyber attacks will most likely increase in the next years. Cybersecurity and computer security are therefore becoming more and more important. When cybersecurity companies work together to identify the vulnerabilities of the platforms and ICO’s, we will keep one step ahead of cyber criminality. Tools like penetrations tests from cybersecurity companies will help with this. TAD GROUP offers cybersecurity solutions, performs penetration tests to check the cybersecurity of a platform or wallet.

Source: Read Full Article