Bitcoin’s price soared from $985 to $19,300 in 2017, and they are just one example of the many cryptocurrency companies experiencing exponential growth last year. Astronomic valuations have caught the attention of cybercriminals, who are subjecting the currency to growing numbers of attacks, as criminals realize that this avenue too can be hacked. This turn of events is ironic considering that cyber criminals originally used cybercurrency as a an anonymous way to receive payments from ransomware attacks.
Old Exploits for a Modern Purpose
Hackers are repurposing a raft of old exploitative techniques to steal cryptocurrency. Criminals have come up with fake cryptocurrencies that convince victims they are buying units of a successful cryptocurrency when in fact they paying for numbers that show up on a website. Others trick newbie investors with fake Initial Coin Offerings (ICOs).
Even traditional cybercrime techniques are getting into the act. Phishing attacks use emails and fake websites to trick victims into giving them sensitive information regarding their cryptocurrency, such as login details from an exchange or online wallet.
SecurityScorecard, recently became aware of the latest hacker trick: Man-in-the-Browser attacks (MitB) are being used to potentially steal cryptocurrency.
Our testing confirmed that Web Injects, a type of MitB attack, have been used to target at least two cryptocurrency websites--coinbase.com and blockchain.info.
How to Outsmart Hackers Targeting Cryptocurrency
SecurityScorecard researchers analyzed how this exploit works. To help you prevent yourself from becoming a victim, here’s a few things you can check for
- Does the web page’s source code contains obfuscated code? If it does, you might be infected and should not sign in.
- Is the Enter key disabled for the fields from the sign-in form? Hackers often disable the Enter key to force you to click the Sign-In button to execute the injected button callback when you sign in
- If you’re using Coinbase, is the setting page accessible? If it isn’t, you may be infected. If it is, enable multi-factor authentication for all transactions.
- If you’re using Blockchain, do you get a message saying “Service unavailable” immediately after signing in? This message might indicate a compromise.
For more insights, read our white paper “Man-in-the-Browser Attacks Target Coinbase and Blockchain Websites: A Detailed Technical Analysis of Web Injects as a Threat to Cryptocurrency.”
