A recent study conducted by Group-IB concluded that the United States is responsible for more than half of all global cryptocurrency crime. A group of 50 bots that routinely search for kinks and weaknesses in the performance of cryptocurrency programs performed an audit focusing on hacking and cybersecurity, and found that 56% percent of crimes committed are attributed to the U.S.
The U.S. is followed by the Netherlands at 21.5%, the Ukraine at 4.3% the Russian Federation at 3.2%, France at 2.6%, and Germany at 1.3%.
The high level of cyber hacking and lack of security continually proves to be a danger to the cryptocurrency issue. Nearly all top cryptocurrency platforms have been affected by these dangers. Famously, the hacking of the Japanese-based cryptocurrency exchange program CoinCheck involved the theft of 58 billion yen ($533 million US) in NEM coins. Fortunately, CoinCheck promised to refund the affected users, all 260,000 of them, in a refund that totaled $425 million.
Ruslan Yusufov, Director of Special Projects for Group-IB, in a comment about the status of the industry and security concerns, stated:
“Increased fraudulent activity and attention of hacker groups to the crypto-industry, additional functions of malicious software related to cryptocurrencies, as well as the significant amounts of already stolen funds signals that the industry is not ready to defend itself and protect its users.”
But what happens to those that commit the crime of cyber-bank robbing? This newest form of white collar crime is proving to be a head scratcher for law enforcement, as the theft of virtual currency can occur anywhere, at any time, and is practically untraceable. Cryptocurrency also lends itself to be used highly in money laundering efforts through the dark web.
So what can you do to prevent yourself from being a victim of cyber bank robbery? The answer may be as simple as securing your passwords and login credentials.
The Group-IB study found that both cryptocurrency platforms and it’s users seemed ignorant of the need for complicated passwords and two-factor authentication, two relatively simple parameters already in use for platforms like Google and Yahoo.
Yet, recent studies find that multifactor authentication sometimes falls short of expectation. Take the case of the recent hacking of Reddit, ranked a top 5 site in the US, and how SMS authentication could not stand in the way of hackers. On June 19th, it was reported by the company that a number of employee accounts had been compromised by hackers, and to move to a token-based authentication.
How is this possible, and does that mean that our smartphones are more easily susceptible to hacking than our website accounts? Yes and No. There are numerous ways to access/intercept a phone’s SMS messages. One way is obviously a full-phone hack, while others can utilize phone cloning or call forwarding by the hacker contacting the phone’s provider and prompting a forward to a new number. SMS authentication is also susceptible to hacking via the service used to send the messages, Signaling System Number 7, which are easily able to be intercepted using a number of tools. In the case of Reddit, however, it appears the employees were victims to phishing and social engineering tactics.
Given these new reports, it seems we still have a long way to go in terms of finding solutions for these security problems. The best we can do is stay conscious of these issues, and the information we release to the world.