Cryptocurrency is a major target for account takeover

By Alex McConnell / 16th Jun 2021

Cryptocurrency and blockchain are two of the hottest trending topics in the financial and tech worlds, with interest in Bitcoin, Ethereum, XRP and even Dogecoin exploding in recent years.

This growing interest in cryptocurrencies has made them a target for fraudsters. But it’s not just the popularity of crypto trading that has criminals chomping at the bit.

The nature of blockchain currencies makes them highly susceptible to fraudulent activity. Transactions are difficult if not impossible to trace, making it easy for adversaries to get away with stealing large amounts of virtual cash undetected.

Between October 2020 and March 2021, 7,000 people reported a collective $80 million stolen in cryptocurrency – 12 times the number of reports than in the same period the previous year, with over 1,000% more money stolen.

What is the safest way to buy cryptocurrency?

Purchasing cryptocurrency from an exchange is considered safer than using a credit card or wire transfer through sites like Coinbase or Cex.io.

What is the safest way to store cryptocurrency?

The safest way to store cryptocurrency is in a hardware wallet, a small device that can generate, store and transfer data securely and cannot be hacked remotely as they do not have an online connection.

How is cryptocurrency stolen?

Cryptocurrency fraud takes several forms, ranging from wallet fraud (account takeover) through to social media swindles and even romance scams. This rise in activity across the board has been fueled by the rapid adoption of cryptocurrency by those new to the concept – and naïve to the risks.

Here are some of the most prevalent types of cryptocurrency fraud:

Guru cons and investment scams

As awareness of cryptocurrencies like Bitcoin has grown and the topic has become more mainstream, more people have been drawn in by the promise of increasing their own wealth through smart investments. This combination of huge interest plus limited knowledge has left the door wide open for “crypto gurus” to cash in by offering advice and tips to newbies.

Unfortunately, along with the usual snake oil merchants charging over the odds for such advice, fraudsters are taking advantage of the situation by conning amateurs out of their cryptocurrency balances.

In one scam, more than $2 million was stolen by fraudsters impersonating cryptocurrency advocate Elon Musk. These con artists promised to multiply the victims’ investments, but instead stole the money with no hope of retrieval.

Romance scams

Criminals have long exploited hopeful singletons for monetary gain. The tactics haven’t changed over time. The fraudster poses as an ideal partner for the victim, gaining their trust and admiration. Eventually the con artist will concoct a story of financial hardship in the hopes that their victim will offer to send them money to help.

The difficulty in tracing transactions after the fact makes cryptocurrency a perfect tool for romance scammers. In fact, 20% of money lost in romance scams since October 2020 was sent via cryptocurrency.

Account takeover (ATO)

The digital-only nature of crypto wallets makes them an ideal target for cybercriminals. $3.03 billion was stolen from crypto wallets in 2020, making wallet fraud the costliest attack type last year.

As with any account takeover attack, adversaries will follow a kill chain of tactics to break into wallets. The starting point is usually techniques such as buying stolen credentials from illegal forums and sites like the Genesis Market, or cracking knowledge-based authentication (KBA) with social engineering to target specific victims. Attackers also target specific crypto exchanges they know their victims frequently visit, looking to inject malicious code in the classic “watering hole” attack.

After priming their tools, fraudsters will undertake a credential stuffing attack using bots to brute force their way into crypto wallets. If they come up against multi-factor authentication (MFA), criminals may use defense bypass techniques like SIM swapping or SMS rerouting services to gain entry. Once accessed by criminals, crypto wallets can be emptied very quickly.

Why account takeover is especially dangerous in crypto wallet fraud

Unlike traditional banking, crypto transactions are hard to reverse or trace. There is little support due to the decentralized nature of the currencies; password recovery mechanisms are less robust than traditional banks, and repatriating stolen accounts is harder as proving yourself to be the legitimate account owner is not straightforward.

These factors make cryptocurrency wallet fraud attractive to ATO attackers where risk and cost are low but potential rewards are extremely high.

Tackling the rising tide of account takeover

Malicious bots are growing in complexity and in their ability to emulate legitimate devices and human behaviors. Account takeover is one of the most damaging types of business logic attack, often aided by such automated bots orchestrated by criminal groups.

As their use spreads into the emerging field of cryptocurrency, it is vital to have a full understanding of these bots and their strategies.

Netacea recently announced the BLADE (Business Logic Attack Definition) Framework, an open-source collaboration between vendors, cybersecurity professionals and customers. Inspired by traditional cyber-attack frameworks like MITRE ATT&CK, BLADE is designed to help all organizations classify malicious bot activity, including account takeover.

Gain understanding of business logic attacks and malicious bot threats by visiting the BLADE website.