In the crosshairs of cybercriminals. This is how the main cryptocurrency exchange and purchase platforms have been during the last year. And it is that as the famous song says: there are plenty of reasons. Unlike robbing a bank, where the thief can be stopped immediately and endangers his life, in the attack on a cryptocurrency exchange there are hardly any risks. And not only that, but these types of attacks are certainly much more lucrative than an “old-fashioned” robbery.
In fact, a report by the FBI points to precisely this. While the “hard-working” bank robbers, with pistols in hand and a half to their heads, manage to steal an average of $ 5,000 per round, in the case of an attack on an Exchange, the loot can be several million.
In fact, as reported by NBC, in the last year at least 20 attacks on these platforms resulted in a “reward” of more than 10 million euros. One of the most notorious occurred at the beginning of this month, when the hack of the Bitmart platform resulted in the theft of almost 200 million dollars in different virtual currencies.
Due to the speculative nature of this type of currency, the great misinformation that remains about how these markets work and because currencies such as Bitcoin are still far from being able to compete with fiat money, this type of robbery does not (yet) generate social alarm and for the benefit of the attackers themselves, they neither occupy too many headlines in the press nor are they investigated in depth.
The least safe banks
Unlike traditional banking, the scant regulation that affects cryptocurrency exchanges means that almost any entrepreneur can start up their own “exchange house”. In fact, in recent years, more than 300 startups have been registered whose main activity (if not the only one) is to act as an intermediation platform in the crypto market.
These platforms are presented as safe spaces, in which users can buy, sell and exchange virtual currencies ranging from the classic Bitcoin, to much more exotic ones such as Dogecoin. In a similar way to other companies that operate as currency exchange houses, for each transaction they charge a small commission.
What is the problem? Although the vast majority of these coins do offer their users a high degree of security (hence they are called cryptocurrencies), the “banks” in which many users store them are not so. Especially the new platforms that, when starting from scratch, usually have a very small staff, which means that they hardly have professionals who can ensure their security full time. Some even completely lack professionals whose mission will be to monitor and reinforce security.
Developers, on the other hand, are more interested in having a working product on the market, which can often accidentally expose vulnerabilities that can be exploited by cybercriminals to gain privileged access to the Exchange. And although it is true that the largest and most serious platforms usually store the bulk of their virtual deposits in what is known as “Cold wallets”, It is also true that they need to have a significant volume of foreign exchange online to facilitate daily financial operations.
This “online money” is precisely what cybercriminals are going to try to steal, and as we have seen, with considerable success. In almost all cases, this occurs when a hacker manages to access the access credentials of one of the Exchange employees, at which point they can proceed to transfer the currency to other accounts; By interposing different “companies”, he manages to lose track of what has been stolen.
The problem is compounded because many platforms, with the intention of avoiding lgovernment regulations, are installed in countries whose security forces do not have much power to hunt down transnational hackers. Or if they are hacked, they tend to be less likely to ask law enforcement for help.
In fact, sometimes when an attack occurs, the Exchange ends up completely disappearing and leaves no trace on the Internet and, in the worst case, it is the founders of the platform themselves who end up scamming their customers and keeping their money. Our recommendation? Unless we have a deep knowledge of the sector and very valid reasons, always bet on the most well-known and regulated platforms, capable of responding and even compensating their users if they receive this type of attack.
