Exclusive Cryptosecurity briefing — Here’s what you missed
In light of the recent hack of South Korean bitcoin exchange Coinrail, security continues to be a growing concern for the crypto community. A Bloomberg report estimates that a total of more than $2bn of crypto assets has been stolen to date. As a result, more effective security around the blockchain system is becoming an urgent priority.
Rubica hosted its first cryptosecurity briefings in San Francisco and Seattle, bringing the crypto community together to discuss the concerns of security around crypto. Following, you’ll find a condensed recap of the insights presented at the briefings.
State of the crypto-hack
Cybersecurity technology firm Carbon Black estimates $1.1bn of crypto has been stolen this year. The majority of this comes from businesses paying for ransomware attacks with crypto. Exchanges continue to be a prominent center of crypto losses with individual consumers not far behind — demonstrating the risks individual users face in the environment.
The categories of malware offerings developed for crypto theft are ranked by popularity as follows: 1) Stealer Malware; 2) Covert Mining Malware; 3) Mining Botnet; 4) Bitcoin Stealers; 5) Mobile Phone Malware; and 6) Malicious Offerings.
The most popular category, Stealer Malware, which targets consumers, continues to become more sophisticated. The Nocturnal Stealer kit offered for 1500 rubles (US$23), lays dormant on machines waiting for specific crypto coins to be used before activating. Nocturnal Stealer isn’t the first piece of malware to have this capability, but it is the first at such a low price point.
Profit always drives innovation — so it’s no surprise to see new and more sophisticated malware being deployed to steal crypto.
Rubica’s consumer defenses
Rubica’s defenses operating on all smartphones, tablets or computer, include protections against Nocturnal Stealer. Rubica’s secure VPN offers a private protection, as well as key rule-sets and anomaly detection engines designed to block keyloggers, mobile malware, phishing, and a host of crypto-specific defenses, including protection from:
• Cryptojacking/Coinminer malware
• Crypto wallet phishing
• Cryptocurrency exchange phishing
• Bitcoin and other main coin use detection remediation
51% attacks
A 51% attack happens when a malicious network participant manages to gain control of over 51% of a network’s computing power. It involves the creation of an alternate blockchain, which replicates digital assets (e.g., tokens, bitcoin, etc.) that are running on the legitimate blockchain. Attackers can then double-spend assets or prevent transaction confirmations causing significant losses or even total losses given the damage to the confidence in the network.
Mining resources around bitcoin have caused environmental concerns due to their large energy usage but concentration of bitcoin mining is also becoming a potential issue. With a majority of mining resources being held in China, this is an interesting geo-political consideration for bitcoin holders to consider. If Bitcoin does indeed emerge as some form of reserve digital asset, having all the mining resources situated in one country runs counter to the ideal of decentralization.
While it would take tremendous computing power to damage a project like bitcoin with a 51% attack, this is not the case with lesser coins. Security, in this case, can determine the viability of these coins — if they can be attacked in this manner for relatively low-cost then their long-term future seems doubtful. Bitcoin Gold, ZenCash, and MonaCoin have all suffered some form of 51% attack this year.
Cryptolaundering
One of the more interesting aspects of the recent theft of $400M of NeM was the ability of the thieves to launder the tokens despite the NeM foundation marking the stolen coins as stolen property.
The process involved in laundering cryptocurrencies is complex but within the reach of most cybercrime actors. The seeming transparency of the tokens proved to be of little defense.
Security will drive institutional investment
Security of digital transit and digital storage remain a critical factor in the development of the crypto-currency ecosystem. Thus, we’re seeing the emergence of custodial services for buying, selling and storing coins/digital assets in alternative asset investment funds, i.e., institutionally tradable instruments. The following companies have all been in the news recently, as providers of custodial services:
· Kingdom Trust/Bitgo Kingdom Trust/Bitgo
· Gemini
· Coinbase
This growing market for custodial services indicates that core security functions need to be solved for the overall ecosystem to progress. Innovations in this space are worth tracking as they point to the progress of the crypto environment.
Stay updated on cryptosecurity
Rubica has attracted interest from the cryptocurrency community, due to our solution’s ability to secure crypto transactions and blockchain environments. Interested in securing your crypto? Contact us to learn more on how Rubica can provide advanced cyber security protection.
Stay tuned for future events.
