Russia, China and the USA are Top Targets for Cryptocurrency Hackers

The number of compromised accounts increased almost 5-fold in 2017 and the trend is set to continue.

The USA, Russia, and China top the list of countries where users of cryptocurrency exchanges were affected by cyber attacks. The news comes from the latest paper prepared by Group-IB, a company engaged in cyber-crime investigation and prevention. Their research is based on historical data regarding cyber attacks on the 19 largest cryptocurrency exchanges in 2016 and 2017.

Meanwhile, January 2018  saw the record amount of incidents, which rose by 700% as compared with the monthly average of 2017.

“In 2017 the number of compromised accounts on cryptocurrency exchanges websites increased by 369% in comparison with 2016. Because of the fuss about cryptocurrencies the number of incidents in January 2018 skyrocketed by 689% against the monthly average of 2017,”

the researchers explain.

“The USA, Russia, and China are TOP-3 countries in which registered users became the victims of cyber attacks. Every third victim is from the USA.”

The experts at Group-IB found 50 botnets used by cybercriminals to launch attacks against cryptocurrency exchanges. The dominant share of the malicious infrastructure is deployed in the United States (56.1%) and Netherlands (21.5%). About 4.3% and 3.2% of hackers’ equipment is placed in Ukraine and Russia respectively.

Cybercriminals favor old good trojan programs like AZORult, and Pony Formgrabber as well as a Qbot botnet to gain access to user accounts. However, the variety of malicious programs used by hackers has been growing steadily. Cybercriminals have adapted tools previously used to attack banks and financial institutions and used them to hack cryptocurrency exchanges and wallets, the data shows.

The experts believe that in most cases, clients of cryptocurrency exchanges are responsible for the attacks as they neglect the security of their personal areas. The researchers investigated the cases of 720 hacked accounts and found out that the overwhelming majority of users ignored the two-step authentication requirement, while every fifth user had a password with less than eight characters.

After analyzing the security measures of 19 exchanges, Group-IB concluded that none of them guarantee 100% confidentiality of their clients' personal information. Moreover, at least five exchanges fell victim to targeted attacks.

“Increased fraudulent activity and attention of hacker groups to crypto industry, additional functional of malicious software related to cryptocurrencies, as well as the significant amounts of already stolen funds signal that the industry is not ready to defend itself and protect its users,”

the experts of  Group-IB concluded.

While the cryptocurrency industry is living through hard times and needs a consolidated response from the community, including researchers, scientists, and developers, Group-IB identified a few roadblocks that make it more complicated to assess cryptocurrency related losses. They include the high level of anonymity and lack of cooperation from the exchanges, poor or non-existent regulation and various blockchains, coins, and cryptocurrency actors.