Cybercriminals continue to mine for opportunities in the crypto space – here’s what you should know about coin-mining hacks and crypto theft.
Wherever you look these days, cryptocurrencies are in the news. And it’s not just because of the recent slump in their prices. Everybody seems to have grabbed a slice of the crypto pie over the past few years, as ‘things’ like Bitcoin have gone from fringe curiosities to household names in a span of a decade, all while giving rise to hordes of newly-minted crypto millionaires. These days, it feels like you’re either in or you’re out (and left behind by the crypto revolution and the gold rush).
Naturally, the fascination with all things crypto and the (almost) gravity-defying increase in the value of many cryptocurrencies haven’t escaped the notice of criminals. After all, they always want to be where the money is – or in some cases, where it is being created.
Let’s look at how criminals hijack computing power to mine new coins and how they make off with other people’s ‘crypto cash’.
A primer on cryptocurrencies
At its simplest, cryptocurrency is a form of currency that is secured by cryptography and uses a public blockchain ledger to record transactions. Unlike conventional currencies, cryptocurrencies are not backed by governments (though there are some exceptions) and the crypto sector is subject to little to no regulatory oversight. Many people view crypto as a viable alternative to traditional asset classes such as stocks and bonds and as a better store of value than fiat currencies. In May 2021, some 220 million people worldwide were estimated to own cryptocurrencies.
Beyond Bitcoin, the granddaddy of cryptocurrencies, there are thousands more currencies, with new projects springing up and others dying a quick death every day. New coins and tokens are created via cryptomining, a computationally and energy-intensive process where computers solve mathematical puzzles in order to confirm the authenticity of transactions on the blockchain. The owners of these rigs are then rewarded with newly-minted crypto in return.
- Crypto proponents swear by its decentralized architecture, improved transaction speeds, lower transaction costs, better privacy, and (pseudo)anonymity.
- Other advantages, whether actual or perceived, stem from the fact that that the supply of crypto is often finite and scarcity generally drives value higher. Indeed, contrast this with fiat money where governments can fire up “money-printing presses” and inject the money into the economy almost at will.
- Also, cryptocurrencies involve no barrier to entry, obviously as long as you already have the appropriate means – either to buy the already existing coins and hope for their increase in value or to set up extremely powerful computer rigs that can solve number-crunching puzzles to mine new coins. Ka-ching!
- Information that is once recorded in the blockchain is stored there forever and can’t be changed. This fosters transparency and helps prevent fraud.
- Some countries are “crypto tax havens” and you don’t need to explain to the tax man how you’ve amassed your coins.
- You can also use your crypto to pay for all kinds of services on the internet – not only on the dark web.
- As crypto prices fluctuate wildly, “investing” in these assets is not for the faint of heart. In fact, you could argue that dabbling in crypto is a lot like gambling.
- The market value of a cryptocurrency is a function of demand versus supply, but unlike stocks, cryptocurrencies are not pegged to underlying “real-life assets” such as ownership shares of a company.
- As the number of available cryptocurrencies increases, there is a risk that the market value of individual coins will be “diluted”.
- There’s no telling what will happen once all coins have been mined. It’s not out of the question that a cryptocurrency might become the equivalent of a “baseball card” whose value is driven solely by its limited availability.
- The mining of the individual coins is extremely computing- and energy-intensive, which has an outsized impact on the environment and possibly your energy bills.
Criminals also want a share of the pie
Notwithstanding the perpetual and notorious volatility of cryptocurrencies, the best-known coins have mostly soared in value over the past few years. This part of crypto’s appeal isn’t lost on the criminally-inclined. Add crypto’s relative anonymity to the mix, and it’s becoming clearer why criminals are eager to line their pockets to the brim.
To do so, they have two main options: illicit cryptocurrency mining and cryptocurrency theft.
(Rogue) cryptocurrency mining
As mentioned earlier, new coins are created using a process called cryptocurrency mining. This process requires significant computing power and can be very costly. It relies on graphics processing units aka GPUs (or increasingly even dedicated ASIC miner hardware), any of which is generally better suited for performing the calculations needed to mine new coins than, say, central processing units (CPUs).
The semiconductor chip shortage along with the rush by crypto “prospectors” to build specialized rigs in order to capitalize on the soaring crypto prices have conspired to a burst in demand for GPUs, ultimately sending their prices through the roof.
But these developments also bolstered some pre-existing trends in cybercrime and piqued the interest of many scammers and other cybercriminals who are only too keen on riding the crypto wave without investing their own money into custom hardware. Enter cryptojacking, the practice where your computing resources are hijacked to mine crypto for somebody else.
Of course, such malicious cryptomining is far from new. It is still a threat today, however, even for people who don’t own racks of specialized hardware where they mine crypto on a large enough scale. One risk involves falling victim to campaigns that spread malicious miners that are bundled into, for example, fake copies of legitimate software or that ask you to click on links to download seemingly genuine software updates.
Another threat involves fraudulent offers to rent some of your computing power for cryptomining in return for a share of the newly-minted coins. Such get-rich-quick schemes are just one of the many flavors of cryptocurrency scams that are doing the rounds especially on social media.
Cryptocurrencies are stored in so-called wallets (aka crypto wallets), and it’s hardly surprising that criminals are constantly coming up with new ways of getting their hands on the wallets.
In fact, you can store your crypto in two ways – using either hot or cold wallet storage. Cold wallets are physical devices the size of a USB stick that are kept offline and generally offer much better protection for your digital currency holdings.
Hot wallets, meanwhile, are connected to the internet, either on the user’s device or the server of a service provider. Both end up in attackers’ crosshairs, as they distribute fake apps impersonating legitimate wallet apps and set their sights on cryptocurrency trading exchanges.
But not even cold wallets are 100% secure, either – after all, they have to be connected to a PC at least once in a while in order to transfer coins. Also, research has already shown that even these wallets can be hacked. There’s also a possibility that criminals could place malware on victims’ computers that intercepts this transmission and the keys, although I’m not aware of any such case in real life.
The theft or loss of a physical wallet is arguably a much higher risk. If unauthorized people get their hands on a wallet that is “secured” with an easy-to-guess PIN code, your crypto may be gone forever.
A hundred years ago, it seemed unthinkable to pay with plastic cards or phones – now it’s part of our daily lives. The world of finance is constantly evolving and whether cryptocurrencies are the future of finance is anybody’s guess. They are definitely a topic du jour, however – including now the cryptocurrency market seems to be melting down.
Regardless of whether you believe that this is the beginning of the end for Bitcoin and its peers or that the tide will turn (again), you should be mindful of the cybersecurity side of things. The growing popularity of cryptocurrencies has had an effect on the threat landscape, and you can bet your last coin that cybercriminals will continue to mine for opportunities to line their pockets.
by Thomas Uhlemann, ESET