Bitcoin soared past $50,000 per coin for the first time on Tuesday, and three days later its market cap surpassed $1 trillion. To say the cryptocurrency and altcoins have been on a tear is an understatement — especially after Tesla (TSLA) bought $1.5 billion in bitcoin earlier this month. And as the prices of these digital assets increase, so does the temptation to heist cryptocurrency.
The Justice Department unsealed an indictment Wednesday alleging North Korean military hackers schemed to steal money and cryptocurrency around the world as part of a larger plot involving Sony Pictures. That indictment spurred a warning from the FBI and Department of Homeland Security: Hackers are upping their games to steal cryptocurrency.
But it’s not just nation states stealing digital wallets worth millions. Cybercriminals are increasingly targeting individuals and businesses to surreptitiously mine cryptocurrency using unsuspecting victims’ computer systems in a cyberattack called cryptojacking.
“We've certainly seen in the past, a pretty reasonably good correlation between the price of bitcoin and the amount of cryptojacking activity,” Chester Wisniewski, principal research scientist at cybersecurity firm Sophos, told Yahoo Finance.
Experts say there are ways to reduce vulnerability to attacks by following basic and more sophisticated cybersecurity measures, starting with secure passwords.
International cybercriminals are stealing millions
North Korea and Iran, which are subject to U.S. sanctions, have leaned on cyberattacks against digital wallets to grow their coffers.
“North Korea's operative, using keyboards rather than guns, stealing digital wallets and cryptocurrency instead of stacks of cash, have become the world's leading bank robbers,” federal prosecutor John Demers told reporters this week after the indictment was unsealed.
Prosecutors allege hackers working for North Korea’s government targeted cryptocurrency companies and stole tens of millions of dollars’ worth of cryptocurrency, including $11.8 million from a financial services company in New York in 2020. The hackers used malware called CryptoNeuro Trader as a backdoor into victims’ computers, stealing $24 million from an Indonesian cryptocurrency company in 2018, and $75 million from a Slovenian cryptocurrency company in 2017, according to the indictment.
The malware provided a back door to steal private keys, the indictment said. The illegitimate software was marketed under names including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale.
“It appears that this malware is very sophisticated, in the sense in that it is impersonating a legitimate piece of software...which is a powerful concept,” says Yehuda Lindell CEO & Co-founder of Unbound Tech, which provides cryptographic infrastructure, including key management and protection.
While crypto asset holders may avoid clicking on an unfamiliar link, Lindell said, they might be more inclined to install an update that appears to come from a trading platform.
“Once you have malware, that has access to whatever keys you have done, then obviously that malware can go ahead and do whatever it wants and steal your funds,” Lindell said. ”If somebody manages to steal your funds, there's actually no way of getting them back, at all.”
Another problem is that not all cryptocurrency exchanges have the same security posture, compared to traditional banks, Lindell said. And when the incentive is so high, he said, the methods for theft become more sophisticated. “It’s direct money,” he said, unlike credit card number and password hacks that take added steps to convert to something of value.
According to a report from Amsterdam-based blockchain analytics firm Crystal Blockchain cited by Coindesk, hackers and scammers are known to have stolen $7.6 billion in cryptocurrency between 2011 and late 2020.
Rise in “Cryptojacking” targeting consumers, businesses
Beyond direct attacks on crypto wallets, cybercriminals are increasingly launching cryptojacking attacks against consumers and businesses to mine bitcoin and other cryptocurrencies. The criminals infiltrate and gobble up a target machines’ system resources, as a substitute for investing in their own computing power. Telltale signs of a cryptojacking attack can include sluggish performance and use of an unusually large amount of energy.
“Whenever you have something like this that is valuable, now all of a sudden more people are going to be willing to do things like...put little Trojan software and other things like this on people's computers to mine this cryptocurrency,” NYU Tandon School of Engineering processor Justin Cappos told Yahoo Finance.
For the average user, cryptojacking could mean a slowdown in their computer’s performance, or an increase in their electricity bill as hackers force victims’ machines to operate at full throttle to mine cryptocurrencies as fast as possible. More sophisticated cybercriminals, however, will go after large businesses that rely on cloud platforms like Amazon’s (AMZN) AWS or Microsoft’s (MSFT) Azure to mine cryptocurrencies, Cappos said.
According to Wisniewski, cybercriminals install malware in businesses’ software running on AWS or Azure. The malware doesn’t touch AWS or Azure, but forces the business’s software to use a greater amount of computing resources from those services than they otherwise would to handle the intensive task of mining.
Such a dramatic increase in usage could add several thousand dollars to a company’s electric bill in a single month — and that high bill could be the only sign of an intrusion.
Protecting your digital wallet
To stave off an attack on a digital wallet or platform, Lindell advises individuals and entities to invest in professional security. Protecting cryptocurrency the same way as protecting your bank account, he said, “That's not going to cut it.”
Experts say the best way to think about the abstract concept of cryptocurrency funds, is to consider the funds and the account holder’s secret key as one and the same. How those keys are stored can vary, depending on how the assets are held.
Among three models, one is a custody model where an entity, such a cryptocurrency trading platform like Coinbase, holds and is responsible for protecting the key, and the asset holder uses a password to access funds associated with that key. A second model is one where the asset holder independently holds and is responsible for the key.
“Both of these models are dangerous for different reasons,” Lindell said.
A third model adopts a hybrid solution where two parties share the key, making it more difficult for hackers to infiltrate an account because no single point of attack could breach the key. Large institutions and major holders of cryptocurrencies also protect keys using “cold wallets” that store keys in physical vaults.
For consumers with an insignificant percentage of their assets held in cryptocurrency, the best bet may be to use secure passwords for email, messaging and other apps. Experts say it’s also critical to remain vigilant about opening email attachments, and steer clear of risky websites.
It doesn’t appear that the temptation to cryptojack or steal cryptocurrencies will go away anytime soon. On Friday, bitcoin was up 7.6% just after 4:30 p.m. ET, valued at nearly $56,000 a coin.
Alexis Keenan is a legal reporter for Yahoo Finance and former litigation attorney. Follow Alexis Keenan on Twitter @alexiskweed. Daniel Howley is the tech editor for Yahoo Finance.
Got a tip? Email Daniel Howley at dhowley@yahoofinance.com over via encrypted mail at danielphowley@protonmail.com, and follow him on Twitter at @DanielHowley.