Posted on Mar 22, 2018

Cryptocurrencies Attract Cyber Security Attacks: And What to Do About It

Bitcoin’s price soared from $985 to $19,300 in 2017, and they are just one example of the many cryptocurrency companies experiencing exponential growth last year. Astronomic valuations have caught the attention of cybercriminals, who are subjecting the currency to growing numbers of attacks, as criminals realize that this avenue too can be hacked. This turn of events is ironic considering that cyber criminals originally used cybercurrency as a an anonymous way to receive payments from ransomware attacks.

Old Exploits for a Modern Purpose

Hackers are repurposing a raft of old exploitative techniques to steal cryptocurrency. Criminals have come up with fake cryptocurrencies that convince victims they are buying units of a successful cryptocurrency when in fact they paying for numbers that show up on a website. Others trick newbie investors with fake Initial Coin Offerings (ICOs).

Even traditional cybercrime techniques are getting into the act. Phishing attacks use emails and fake websites to trick victims into giving them sensitive information regarding their cryptocurrency, such as login details from an exchange or online wallet.

SecurityScorecard, recently became aware of the latest hacker trick: Man-in-the-Browser attacks (MitB) are being used to potentially steal cryptocurrency.

Our testing confirmed that Web Injects, a type of MitB attack, have been used to target at least two cryptocurrency websites--coinbase.com and blockchain.info.

How to Outsmart Hackers Targeting Cryptocurrency

SecurityScorecard researchers analyzed how this exploit works. To help you prevent yourself from becoming a victim, here’s a few things you can check for

  • Does the web page’s source code contains obfuscated code? If it does, you might be infected and should not sign in.
  • Is the Enter key disabled for the fields from the sign-in form? Hackers often disable the Enter key to force you to click the Sign-In button to execute the injected button callback when you sign in
  • If you’re using Coinbase, is the setting page accessible? If it isn’t, you may be infected. If it is, enable multi-factor authentication for all transactions.
  • If you’re using Blockchain, do you get a message saying “Service unavailable” immediately after signing in? This message might indicate a compromise.

For more insights, read our white paper “Man-in-the-Browser Attacks Target Coinbase and Blockchain Websites: A Detailed Technical Analysis of Web Injects as a Threat to Cryptocurrency.”

Security Research in your Inbox

Thanks for siging up for the newsletter!

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!