Cryptocurrency Exchange Cyber-Attack Vectors
As cryptocurrency becomes more popular and more valuable, more cryptocurrency exchanges have been targeted with cyber-attacks. In addition to trying to satisfy the needs of a widely increasing interest, cryptocurrency exchanges have to do their best to fight against hackers who try to steal crypto assets.
Although it’s relatively new, according to the data provider coinmarketcap.com twenty-four-hour trade volume in the cryptocurrency market passed the $30 billion mark in late 2018. This being the case, various attack vectors in cryptocurrencies have arisen very fast.
In this article, we would like to examine the most famous 4 attack vectors towards cryptocurrency exchanges some of which has already affected the perception of people and is the reason why people approach them with such suspicion whereas they hold the potential of some kind of a financial revolution.
And finally we’ll give you a table that summarizes all cryptocurrency attack vectors.
1. DDoS (Distributed Denial of Service) Attacks
DDoS is the most common attack on cryptocurrency exchange websites and their platforms; three out of four bitcoin sites were victims of DDoS attacks in the third quarter of 2017 alone.[1]
It is a cyber-attack on a service provider that aims to disrupt its service, usually by flooding the server with too many requests to respond.
It’s like having a hundred people in front of you calling your name and trying to get an answer from you while never listening to what you’re saying and calling you again and again.
By using multiple sources to attack a server DDoS attacks can be difficult to stop.
Some DDoS Attack Examples on Cryptocurrency Exchanges
Mt Gox (2013)
Country: Japan
Damage: The value of a single bitcoin fell to a low of $55.59 from above $100
When Mt Gox was under a DDoS attack, claiming they were victim of their own success with apparently millions of accounts registering since Mt. Gox traded 150,000 bitcoins per day around mid-May 2013, per Bitcoin Charts.[2] It means back in the time 7 of every 10 trade was happening at Mt Gox.
Bitfinex (2017)
Country: British Virgin Islands
Damage: Prices of cryptocurrencies NEO, OMG, and ETP plummeted by as much as 90%
Bitfinex scheduled server maintenance and were hit by a DDOS attack on December 4th 2017. After the first DDoS attack, normal operations were back up and running within an hour. But this shock was followed by another DDoS attack which “started during earlier maintenance and has been ongoing since” according to a tweet posted by Bitfinex that day.[3]
Bittrex (2017)
Country: U.S.
Damage: Exchange had to stop receiving new user registrations
After bitcoin has reached $11,000 milestone in November 2017 that caused the increased trading traffic and new users to come, Bittrex also had to deal with DDoS attacks.
Bitcoin Gold (2017)
Country: China
Damage: Website wasn’t accessible to the users for hours
In addition to above large exchanges, a massive DDoS attack hit Bitcoin Gold during its launch, which resulted the site to be inaccessible for hours.
BTG’s team hasn’t added any more information on the attack.[4]
Protection Advice against DDoS Attacks
Cryptocurrency exchanges should increase the protection against DDoS attacks since currently they are the prime targets of it. Latest DDoS defense solutions can detect, mitigate and report on multi-vector DDoS attacks of any size and any scale.
By renting out bandwidth (data transfer capacity) on a blockchain, these attacks can be moderated by the increased capacity that can handle website traffic. Also, ISP systems and some technical tools could be used to mitigate DDoS attacks.
2. Transaction Malleability Attacks
In bitcoin network, each transaction has a hash that is at the same time the ID of the corresponding transaction (TXID). If the attacker can change the transaction ID without invalidating it then he/she can broadcast a transaction with a changed hash to the network.
And if it becomes confirmed before the original transaction, then the sender will think that their initial transaction has failed, while the funds still being withdrawn from their account. As a consequence, if the sender repeats the transaction, they’ll spend the same amount twice.
Some Transaction Malleability Attacks
Mt Gox (2014)
Country: US
Damage: $500 million
The Mt. Gox story is well-known in the crypto world since it’s the largest bitcoin hack to date.
On February 10 2014, Mt. Gox, world’s then third-largest bitcoin exchange issued a statement — now no longer available online — warning that due to a “design issue,” attackers could take the hashes of recent trades and claim them as their own before they’d been committed to the bitcoin blockchain. It was discovered that hackers had stolen 850,000 Bitcoins over a period of three years resulting Bitcoin had lost 36 percent of its value.
Protection Advice against Transaction Malleability Attacks
There is hardly a way to prevent such an attack automatically. However, there are at least two ways to avoid massive losses:
*required transaction confirmation
*manual verification of bitcoin withdrawals from exchanges
In general, if an exchange notices suspicious pending transactions, it is already an alarm for something going wrong, and can serve as a signal of transaction malleability attack.[5]
3. Phishing Attacks
These are the attacks where the attacker tries to impersonate either a legitimate person or a corporation through an email that asks the user to take an action that would give the attacker an access point to critical data or information.[6]
If phishing attack is especially targeted a particular victim (e.g. a personalized e-mail to the victim’s name) then this phishing attack is called “spear phishing attack”.
Some Phishing Attacks
Bitstamp (2015)
Country: Slovenia
Damage: $5 million
By the phishing attack towards Bitstamp, the cryptocurrency exchange employees received personal emails and messages in Skype from seemingly friendly sources. One of the employees clicked the link in the messages and downloaded malware onto the working computer. Consequently the exchange was hacked and 19,000 BTC was stolen that is equivalent to $5 million.[7]
Bitstamp has immediately partnered with BitGo for a multi-signature protection on cryptocurrency transactions and moved 98% of their digital assets to a cold wallet.[8]
Bithumb (2018)
Country: South Korea
Damage: $31 Million
Although Bithumb did not officially announced what exactly allowed the hackers to access their hot wallets, a news agency cited anonymous sources from the industry that malicious emails had been sent to Bithumb users earlier that month. This possibly led to the hack, as hackers would be able to obtain account information if users clicked on links inside the phishing email.[9]
Protection Advice against Phishing Attacks
1. First and foremost, the companies should educate their staff on possible phishing attacks.
2. Secondly, the cryptocurrency exchanges should give controlled and limited admin rights to their staff. Which also means layered access rights.
3. Also, there are many updated IPS (Intrusion Prevention System), IDS (Intrusion Detection System) and AVS (Anti-Virus System)
And of course, they should follow the best practices such as storing a great majority of the assets offline aka in cold wallets to minimize the risk of an attacker to access.
4. Attacks on Hot Wallets
Hot wallets are online (connected to the Internet) applications used for storing private keys for cryptocurrencies.
Cryptocurrency exchanges serve you by storing private keys of your cryptocurrencies in hot wallets in order to offer you more security, and they claim that they keep their users assets in cold wallets (disconnected to the Internet). But it’s not always the case.
Some Hot Wallet Attacks
CoinCheck (2018)
Country: Japan
Damage: $500 million
CoinCheck, one of the largest cryptocurrency exchanges in the world, reported a security breach on January 26, 2018 but by the time they discovered the breach, hackers had already stolen an enormous number of XEM coins — the native token of the NEM blockchain.
Main mistake that CoinCheck did turned out to be that they stored all of the NEM in a single hot wallet and did not use the NEM multi signature contract security recommended by the developers.[10]
Despite this hack, CoinCheck is now fully operational.
BitFloor (2012)
Country: US
Damage: $250,000
BitFloor suffered from a large hack in September 2012 and the service has taken a loss of 24,000 BTC, worth about $250,000 at the time of the theft. Like CoinCheck, BitFloor’s error was, again, leaving large amount of money in a hot wallet.
Protection Advice against Attacks on Hot Wallets
To minimize the risk of loss, a cryptocurrency exchange service usually retains the control of the majority of their private keys in cold wallets where it’s slower to operate than hot wallets and keeps only a minimal amount that is enough for the circulation in hot wallets.
Also, cryptocurrency exchanges need to constantly monitor network activity around their wallets in order to detect any unauthorized transactions in an instant.
Conclusion
Despite the fact that cryptocurrencies and cryptocurrency exchanges attract enormous attention, the number of cyber-attacks towards the crypto exchanges has increase since cryptocurrency exchanges don’t invest money on cyber-security and don’t take precautions.
That’s why a cryptocurrency exchange should have a team which is constantly working on developing secure blockchain cyber security solutions. Bitmatrix cyber-security team which consists of professionals keeps continually monitoring all security risks.
For the latter two attacks vectors, Bitmatrix believes that the key is the proper management of control of the private keys, therefore holds the majority of their users’ digital assets in cold wallets to minimize the risk of loss. Also, by conducting cryptographic R&D studies they present a new and secure cold wallet solution called threshold signature scheme.
Threshold signature scheme enables distributing the authorization of a transaction between n people such that any subset of t+1 can jointly sign a transaction, but any smaller subset cannot.
This does not only eliminates the single point of failure but also lowers the risk of a malicious action caused by a hacker since in order to steal the digital assets in a cold wallet the attacker has to capture all t+1 signers.
Hope this article helped you understand some basics about security on a cryptocurrency exchange.
Read more about how the single point of failure can cause a cryptocurrency exchange to go offline, and learn more about how to avoid that by threshold signature scheme on our medium publication or contact Bitmatrix directly from the website.
Finally, here’s a table that summarizes all cryptocurrency attack vectors. Enjoy!
References
For the attack vector table:
https://www.ernesto.net/attack-vectors-in-cryptocurrencies/
https://www.apriorit.com/dev-blog/578-blockchain-attack-vectors
[1] https://cointelegraph.com/news/report-shows-cryptocurrency-exchanges-most-common-ddos-victims-worldwide
[2] https://en.wikipedia.org/wiki/Mt._Gox
[3] https://www.welivesecurity.com/2017/12/06/cryptocurrency-bitfinex-ddos-attacks/
[4] https://www.ccn.com/bitcoin-gold-website-taken-down-by-massive-ddos-attack
[5] https://news.bitcoin.com/identify-transaction-malleability-attacks/
[6] https://www.bitsight.com/blog/attack-vectors-types-of-security-breaches
[7] https://hacked.com/biggest-bitcoin-hacks-thefts-time/
[8] https://cointelegraph.com/news/crypto-exchange-hacks-in-review-proactive-steps-and-expert-advice
[9] https://www.yna.co.kr/view/AKR20180620126300017
[10] https://blockonomi.com/coincheck-hack/
