The number of hacked accounts of crypto exchange users swelled by 369% on the year in 2017, reflecting weaker information security amid surging interest in cryptocurrencies, according to a research by Moscow-based information security firm Group-IB.
In a “bleak conclusion”, as defined by the company, no digital asset platform currently running is able to ensure absolute security for its customers. Data leaks have to do with errors in the source code, phishing attacks, illegitimate access to user databases and weaknesses connected to the storage and withdrawal of funds, the research found.
Data breaches occur, because exchanges put scarce attention to information security and digital asset protection. This is why at least five out of the 19 marketplaces examined have suffered attacks, including Bithump, Bitfinex, Bitstamp, Poloniex, HitBTC and presumably, Huobi, as per the research in which Group-IB examined 720 hacked user accounts using its Threat Intelligence tool.
The crypto exchange industry is “not ready to defend itself and protect its users,” Group-IB director for special projects Ruslan Yusufov claimed.
The top-three countries in terms of fraudulent activities are the US, Russia and China, followed by Indonesia and Germany. Notably, one in three victims is based in the United States.
The majority of malicious programs used to hack user accounts is also located in the US (56%), followed by the Netherlands (21.5%).
The researchers at Group-IB observed a spike in cyberattacks in January 2018 – their number surged 689% from the monthly average in 2017, and according to Yusufov, the grim tendency will continue throughout 2018. He underlined that for this situation to be corrected, all stakeholders need to take prompt measures.
Crypto exchanges are urged to introduce two-factor authentication throughout their operations, carry out regular security checks and allocate funds to make their personnel aware of the issue. In the case of users, Group-IB recommends them to be mindful when choosing their passwords, to avoid public Wi-Fi networks and be careful what traces they leave on social media.