Why Were Crypto Exchanges So Vulnerable To Crimes In 2018?


The research firm, Ciphertrace’s latest study report shows the extent and depth of cryptocurrency exchange crimes. The report called the Anti-money Laundering Report revealed that over $927 million was stolen by cybercriminals between January and September 2018. Theoretic calculations based on this report indicate that by the end of the year, nearly 1 Billion could well be stolen by crypto hackers from exchanges.

Who and how were Exchanges exploited?

In hindsight, cryptocurrency exchanges were the most exploited of the decentralized ledger platform services. Exchanges were variously broken-into, both indie hacker and powerful governments saw it as a means to amass cryptocurrencies which exchanged against high fiat value.

The pattern of exploitation was compromising crypto wallet servers as well as software, apart from manipulations of the network, social engineering, along with opportunities to compromise password besides theft by people from with-in cryptocurrency exchange system.

$1 million picked from Gemini/Coinbase

Of the innumerable crypto pranks, the most notable crime was SIM-swapping based heist when Robert Ross was victimized by a clever hacker who persuaded the former’s mobile network service provider to issue the phone number registered with Gemini and Coinbase accounts to the hacker’s mobile. This allowed the criminal to take away as much as $1 million resting in Ross’s crypto accounts from both the exchanges.

Another technique used by these criminals was to steal two-factor authentication codes sent via SMS and thereby accessing the crypto accounts with the least obstacles.

Formidable state-sponsored criminals

In the case of Ross’s crime, the hacker was an individual with the knowledge to exploit the exchange systems and mobile networks to rob victim accounts.

However, the scariest is the emergence of state-sponsored cybercriminals. Network security forensic experts are quick to point out that North Korea emerges as a leading cyber attack-trigger region. More importantly, crimes by such criminals involve very large amounts as in the case of Lazarus Group. Their North Korean origins were revealed only after wide-spread investigations because the group took great care to masquerade as Chinese attackers. Their haul across their escapades amounted in excess of $571 million in 2018.

Largest crime ever in 2018 was $532 million from Japanese exchange CoinCheck in January with no news yet establishing the method of crime, though there are indicators that CoinCheck may have held the stolen coins, essentially NEM, in its hot wallets rather than the sterile cold wallets.