Bitcoin Owners and Exchanges Increasingly Under Threat?Thursday, December 21, 2017
Fears over Bitcoin security begin to mount as more exchanges hacked
Security warnings around the cryptocurrency boom continue to mount up, as investors pile into the market, in part due to Bitcoin derivatives trading going live on several markets this week alone.
However, two cryptocurrency exchanges were hit by issues, which have led to one company declaring bankruptcy. Yapian, the umbrella company that operates the Youbit exchange in South Korea, suspended trading after a hack decimated 17 per cent of its assets, according to a statement from the company.
Ilia Kolochenko, CEO of web security company, High-Tech Bridge said: “This is a sad reality of Bitcoin. Offering unprecedented growth and ROI, it also brings the risks of your investment vaporization. Differently from heavily regulated banking sector, where innocent victims may count on some protection and remedy from government, victims of Bitcoin security incidents virtually have no legal means to get compensated.
Based on reliable blockchain technology, Bitcoin unfortunately remains vulnerable because of the surrounding intertwined technologies such as exchanges. While BTC price goes up, we shall expect continuous growth of cybercrime targeting Bitcoin, its users, related platforms and exchanges.”
Interestingly, that growth in cybercrime - especially around ransomware - has been credited with helping drive at least some of the demand for Bitcoin. “Companies are definitely stockpiling Bitcoin in order to be prepared to pay ransoms,” Paul Taylor, former Ministry of Defence cyber chief and KPMG partner told The Sunday Telegraph. He added that one of the reasons behind maintaining a crypto-currency ‘slush fund’ was to keep options open in the event of a data breach.
The Youbit attack has already been linked to North Korea, which has been accused of seeking to hack Bitcoin assets around the world, potentially in order to avoid international sanctions. Earlier this week, the US blamed North Korean hackers for the WannaCry ransomware attack that hit thousands of PCs around the world earlier this year.
The attack on Youbit comes eight months after the exchange experienced a cyber breach in April, and just weeks after popular mining service NiceHash ceased operations after suffering the loss of around $64m in BTC.
NiceHash subsequently resumed operations this week, and has pledged to return buyers and hashpower sellers BTC that was held on the platform and involved in the hack by late January.
A recent investigation into cryptocurrency apps by High-Tech Bridge found that vulnerabilities are rife, in spite of the rising value of cryptocurrencies across the board. Using the free online service Mobile X-Ray, that delivers SAST, DAST and IAST capabilities for native and hybrid Android and iOS applications, and also tests for various vulnerabilities including OWASP Mobile Top 10, the results were startling.
Of the first 30 applications with more than 500,000 installations, the initial 94 per cent all contained at least 3 medium-risk vulnerabilities, while a further 77 per cent of applications contained at least 2 high-risk vulnerabilities. Half of the apps were sending [potentially] sensitive data with weak or insufficient encryption, and a whopping 94 per cent of the applications tested are using implementations of SSL or TLS banned under PCI DSS.