Posted on Mar 22, 2018
Bitcoin’s price soared from $985 to $19,300 in 2017, and they are just one example of the many cryptocurrency companies experiencing exponential growth last year. Astronomic valuations have caught the attention of cybercriminals, who are subjecting the currency to growing numbers of attacks, as criminals realize that this avenue too can be hacked. This turn of events is ironic considering that cyber criminals originally used cybercurrency as a an anonymous way to receive payments from ransomware attacks.
Old Exploits for a Modern Purpose
Hackers are repurposing a raft of old exploitative techniques to steal cryptocurrency. Criminals have come up with fake cryptocurrencies that convince victims they are buying units of a successful cryptocurrency when in fact they paying for numbers that show up on a website. Others trick newbie investors with fake Initial Coin Offerings (ICOs).
Even traditional cybercrime techniques are getting into the act. Phishing attacks use emails and fake websites to trick victims into giving them sensitive information regarding their cryptocurrency, such as login details from an exchange or online wallet.
SecurityScorecard, recently became aware of the latest hacker trick: Man-in-the-Browser attacks (MitB) are being used to potentially steal cryptocurrency.
Our testing confirmed that Web Injects, a type of MitB attack, have been used to target at least two cryptocurrency websites--coinbase.com and blockchain.info.
How to Outsmart Hackers Targeting Cryptocurrency
SecurityScorecard researchers analyzed how this exploit works. To help you prevent yourself from becoming a victim, here’s a few things you can check for
For more insights, read our white paper “Man-in-the-Browser Attacks Target Coinbase and Blockchain Websites: A Detailed Technical Analysis of Web Injects as a Threat to Cryptocurrency.”
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and we'll instantly send your score to your business email.
Download the detailed technical analysis of web injects and learn our analysis of MitB attack targeting.