In the first six months of 2018, nearly as much cryptocurrency was stolen as was snatched in all of 2017. More than $750 million in cryptocurrency value has been stolen so far this year.
The criminals who are mounting these attacks on cryptocurrency exchanges are the same thieves who two years or so ago targeted financial institutions with phishing, ransomware and other malware attacks.
According to a new report from security firm CipherTrace, what the cryptocurrency attacks lack is a basic understanding of operational security. The attackers can mount extremely competent attacks against the exchanges because they know cryptocurrencies inside and out.
CipherTrace CEO Dave Jevans explained to Dark Reading:
It’s clear these people really understand cryptocurrency and crypto assets really, really well. What they don’t understand is old-school operational security … they’re just not sophisticated that way. Legacy folks, they definitely have better operational security. They’re better at how they interface with it, how they distribute malicious code, how they manage user handles on different forums.
That is changing, however, and once the crypto thieves get a handle on how to cover their tracks they’ll be a lot harder to catch. The anonymous nature of cryptocurrency blockchains and transactions complicates even further tracking stolen money.
Another complicating factor is an expanding network of money-laundering sites that clean the stolen crypto money through a series of steps that involve moving the funds around, making them harder to trace with each move, before integrating the cleaned funds in the mainstream financial system. Just as in the movies, though, there are costs associated with all this finagling and each step in the laundering process can cost up to 3% of the ill-gotten funds.
CipherTrace estimates that between 100 and 200 gambling websites that accept cryptocurrencies are also used to launder crypto money. Just drop the crypto funds into your account, play a few hands, then empty the account. Pretty simple.
The U.S. Financial Crimes Enforcement Network (FinCEN) that $1.5 billion have been stolen in the past two years in hack attacks on crypto exchanges. FinCEN’s associate director told CipherTrace, “We have seen virtual currency exploited to support billions of dollars in what we would consider suspicious activity.”
The full CipherTrace report is available at the company’s website.