This holiday season, the frenzy is not about the “must have” toy, it is the must have investment – Bitcoin. The TV networks cannot stop talking about the dramatic rise in its value that seems to occur on a daily basis, if not hourly. The cable business news shows shuffle in cryptocurrency and financial industry pundits to discuss the significance the new digital gold and the cryptocurrency market at large. They debate each other whether bitcoin is a sure deal that will continue returning positive dividends, or a bubble that is about to burst. Both sides of the argument have their “experts” as to why you should or should not get involved bitcoin mania. CNBC reports that people are maxing out their credit cards to buy, buy, and buy. Some people are even taking home equity loans on their house to maximize the number of coins they can afford.
Like any speculative investment, no one knows where the value of bitcoin and other cryptocurrencies is headed, but one thing is for sure. Cybercriminals are getting in on the action as well, and in some cases, making a lot more than most traditional bitcoin investors. Cryptocurrencies are traded through a decentralized exchange. The anonymity and lack of government regulation in a decentralized exchange model is one of the attractive notions behind these digital currencies. However, the lack of a governing body to regulate these transactions attracts the interest of hackers as well. The cryptocurrency industry consists of miners, wallets, and exchanges, and all of them hold sole responsibility for their own security. These currencies are not protected by the Secret Service and there is no FDIC to insure your wallets.
Last week, a cloud-based crypto-mining company, NiceHash, suspended all operations after hackers breached their network and confiscated 4,736 bitcoins. The value of the coins range from $50 to $80 million dollars depending on what day’s close you choose to value the loot. NiceHash is an exchange market that allows users to rent or buy computing capacity for cryptocurrency mining from other users or companies that have extra capacity. Users are compensated for their mining services with bitcoin that is then stored in BTC wallets hosted by Nice-Hash. The company was notified of the situation when users contacted them that their wallets were empty. The company then put up a notice on their website that all operations had been temporarily suspended as they investigated the extent of the breach.
This is not the first enterprise security breach resulting in a massive theft of bitcoins. On August 2, 2016, Bitfinex, the world's largest digital currency exchanges at the time was the victim of an enterprise security attack resulting in the loss of 119,756 coins. At the time of the break in, the loss was approximately $60 million. The incident resulted in a 20% plunge in bitcoin prices before recovering. The largest bitcoin heist of all time took place in 2014 when hackers broke into the Mt. Gox bitcoin exchange and stole 850,000 coins in a single attack. The coins were valued at roughly $450 million. Although 200,000 coins were eventually recovered, Mt. Gox was forced into bankruptcy, as the losses were unsurmountable.
Cybersecurity firms have even witnessed state sponsored bitcoin attacks. Earlier in May of this year, North Korea launched a series of spear phishing attacks against South Korean bitcoin exchanges. It is believed that the attacks are part of an overall strategy by the regime to steal virtual currencies as a means of evading sanctions and fund their operations. The anonymity of cryptocurrencies is just as attractive to rogue states, as it is criminals. Once a crypto coin is stolen, it is virtually impossible to prevent the thief from spending it in untraceable ways.
It is not just breaches though that are plaguing the bitcoin industry however. Cryptocurrency is one of the ten industries that experience the most Distributed Denial of Service (DDoS) attacks. Only gambling, banking, and online retail ranks higher. One of the reasons that make it easy to mount such attacks on this relatively new industry is the fact that there are only 70 – 80 exchanges in the world. When you compare the number of targets compared to the banking or retail industry, it is easy to understand how it is possible to disrupt the industry at large. By disrupting the industry, hackers can manipulate the price of whichever cryptocurrency they wish. This is especially true concerning an initial coin offering (ICO). Many new currencies or offshoots from existing currencies are being introduced on a regular basis. By mounting a large DDoS attack, hackers can purchase the currency prior to the attack and then prevent users from accessing the exchange to buy additional coins, thus increasing the price temporarily. Just a couple of weeks ago, a large bitcoin exchange in Hong Kong was brought down temporarily after just experiencing another attack a couple weeks earlier.
One could argue that the returns of cryptocurrencies have to be enough to compensate holders of the coins of the involved risks. The truth it, just as the world has a lot of catching up to the idea of cryptocurrency, the industry itself has a lot of catching up to do concerning security.
Next Steps: Learn more about enterprise security tips in our infographic, “Top 5 Security Threats and Smart Moves,” created by WEI, a trusted IT consulting company.