Blockchain lost at least $4.5 billion from crypto crimes in 2019. Cybercriminals are evolving and their tactics are becoming more complex. On the other hand, exchanges, wallets, and digital asset services are boosting their defenses. The race is tense with both sides innovating and striving to outpace the prevailing state of blockchain security.
Crypto holders consider Trezor as one of the most secure wallets in the world. Recently Kraken uncovered a serious loophole on the Trezor wallet. Hackers are extracting wallets user private keys in less than fifteen minutes. Interestingly, this problem is impossible to correct.
Kraken Security Labs identified an effective method hacker could use to steal Bitcoins. Researchers at the exchange’s cybersecurity unit successfully cracked the encryption of a wallet in two minutes. The worst part is that Trezor knew of this problem and did nothing to warn users.
The majority of the attacks involve breaching administrator accounts through phishing SIM swapping and URL hijacking. Atherton Technology principal analyst Jean Su said most of these stances are pulled off with insiders’ assistance. SIM swapping has become one of the highly lethal means because end-users and exchange/wallet support cannot communicate.
This is because once the hackers switch mobile phone numbers, the exchange cant receives voice alerts, emails or SMS on their phones. It is until criminals have made away with assets, do support staff become aware.
Another popular blockchain hack is the DNS cache poisoning attack. Cybercriminals would penetrate and hijack arbitrary domains and then redirect traffic from the victim. It turned out that to counterproof the attack, there was a need for leading software vendors to coordinate a fix.
The challenge was to prevent malicious threat actors poised as ethical hackers. Although a bit complicated, DNS cache poisoning is similar to web spoofing.
Back in 2017, altcoin services EtherDelta paused its operation following the incident of hackers creating a spoof website. [Web spoofing is the creation of a hoax site to trick traffic]EtherDelta warned customers not to visit the site as the criminals could easily empty their digital wallets.
Nevertheless, thefts resulting from cyber-attacks are not the only means. Exit scams that are currently fading have also netted criminals millions of dollars. Q2 of 2019 alone, exit scam criminals raked about $3.1 billion. Exit scams were prevalent during the ICO boom -; hoax investors typically promised to launch a digital coin with a promising concept.
Detailing the concept on a “White Paper” and then lure investors into raising money through Initial Coin Offerings (ICO). Once after raising the money, criminals would disappear with funds. On most occasions of blockchain attacks, the end-user is the target. The concept underlying this belief is; Blockchains implement encryption to prevent privacy breaches. Since blockchain data is immutable (cannot be changed), a flaw in the encryption algorithm or an increase in computing power, results in the decryption of private details.
Hence why blockchains rely on end-users to safeguard their data. Hackers will therefore always target end-user devices to steal data and compromise their wallets.
Kraken security researchers advised Trezor wallet users to garner a passphrase that’s not stored on the wallet.
“This passphrase is a bit clunky to use in practice but is not stored on the device, and therefore is a protection that prevents this attack.“