November 13, 2018
$6 Billion in Cryptocurrency Thefts in the Last Six Months Raising Alarms
Posted August 23, 2018
Why growing concerns are mounting over the security of cryptocurrency exchange platforms—and how to reverse it
On August 4, Seoul-based cryptocurrency exchange giant, Bithumb announced it will reopen deposits and unfreeze withdrawals suspended in the aftermath of a $31 million cyberattack back in June.
According to reports, withdrawals for 10 of the cryptocurrencies exchanged on the platform will resume, though others would remain frozen in order to protect customers from recent price fluctuations. But new account openings were temporarily put on hold on August 1, as the exchange underwent “service improvement processes” associated with its virtual customer accounts.
Still, despite these setbacks, Bithumb has in many ways managed the incident admirably. It was able to recover nearly half of the coins stolen from customers, about $14 million. It has also promised to reimburse customers affected by the hack. And while the exchange works to regain its footing, it can also take comfort in knowing that it’s hardly alone.
In just the first six months of the year, more than $1.1 billion has been lost in cryptocurrency-related thefts. And though crypto-jacking and crypto-based money laundering may generate more media buzz, exchanges remain the primary target.
Why? Because, as the Wall Street Journal reports, they can make such easy prey.
Hacked Accounts Rise 369%
The fact is, the hack at Bithumb was small potatoes compared to many other attacks—including January’s cyber-heist at Japan’s Coincheck, which resulted in $535 million losses.
But the origins of these and other attacks may share important commonalities.
According to the Journal, just weeks after rival Coinrail fell victim to a $40 million hack, Bithumb began noticing a rise in failed user logins and unauthorized access attempts. It’s possible these attacks may have entailed hackers and even automated bots testing stolen login credentials.
Additional security measures were taken. But it appears to have been too late to stop at least half of the losses—the latest from an estimated 369% increase in such hacks year-over-year worldwide. What’s more, these kinds of events can cast doubt on the entire ecosystem.
Indeed, even as cryptocurrencies have revolutionized the face of payments, investments and banking, they have also heralded new ways to launder money, funnel payments from ransomware schemes, and finance global cybercrime operations securely and anonymously—well outside the jurisdictions of banks and governments.
As trading in cybercurrencies gains wider traction with consumers, exchanges will be under increasing pressure to deliver a slick, frictionless experience without skimping on security. But how?
Who’s in Your Wallet?
A lot of the growing threat to exchanges comes down to identity.
With cybercriminals increasingly leveraging stolen identity information, it’s getting harder for organizations to distinguish between legitimate customers and fraudsters. As a result, crypto-wallet providers get duped into setting up bogus accounts, allowing unauthorized access to existing accounts, or processing fraudulent payments.
To counteract this, look for a growing number of exchanges in Asia and around the world to take a new approach to cryptocurrency exchange. Rather than centering their services solely around the anonymity that cryptocurrencies can afford, they are proactively assessing user behavior to differentiate between genuine customers and potential threats in real time.
According to one exchange currently working with ThreatMetrix, deploying these kinds of solutions has enabled it to dramatically reduce fraud losses by analyzing users based on the correlations between their hashed identity and payment credentials, the locations they transact from, the devices associated with the user and hundreds of other dynamic identity elements, all in real time.
By adopting a risk-based approach to fraud prevention that harnesses shared data spanning all geographies and industries, cryptocurrency exchanges are more likely to be able to spot fraudsters the first time they attempt to create an account, make an illegal payment or an illicit login.
Less Waiting, More Winning
It’s also worth noting that an identity-based approach to cybersecurity isn’t just about stopping hackers. It’s also about delivering a friction-free experience for legitimate users in an increasingly competitive marketplace.
Delaying purchases or bank transfers can certainly buy more time to verify user identity and check credit risks. But obviously, the high volatility in the value of cryptocurrencies makes this problematic for customers. This means real-time verification that doesn’t rely heavily on manual reviews will be a key differentiator for prospects and existing customers alike.
In fact, it already is. According to Forrester Research, companies in a number of sectors are starting to shift security from something that can have a negative impact on the user experience into something that can enhance it. And those that succeed can see revenues grow 4 to 8 percent above the average for their market.
How this will play out when it comes to the world of crypto-security remains to be seen. But with billions in losses already this year, the entire cryptocurrency revolution may soon be looking for answers.
To learn more, download the solution brief, “Protecting the Integrity of the Crypto Ecosystem: Stopping Cybercriminals from Causing Chaos in the World of Cryptocurrencies.”