In view of COVID-19 precaution measures, we remind you that ImmuniWeb Platform allows to easily configure and safely buy online all available solutions in a few clicks.

Total Tests:
Stay in Touch

Weekly newsletter on AI, Application Security & Cybercrime

Your data will stay confidential Private and Confidential

Bitcoin hacks rocket as 4th biggest breach investigation begins

Thursday, December 14, 2017 By Read Time: 2 min.

Hackers have field day as BTC prices spike, recent attack grabs 4th biggest slot...

As cryptocurrency prices continue to soar, with a new all-time price record being set almost every day recently, the attacks are also amping up. As well as creating a vast range of malware to hijack user PCs in order to mine various cryptocurrencies, hackers are also turning their attention to bigger targets. Most recently one of the biggest bitcoin exchanges, Bitfinex, was hit with a string of DDoS attacks, while the recent NiceHash hack investigation is ongoing.

The Bitfinex exchange has said that it has regained control of its trading platform after hackers created “hundreds of thousands of new accounts,” causing severe stress on Bitfinex’s infrastructure.

Bitcoin hacks rocket as 4th biggest breach investigation begins

For that reason, please note that new user signups have been temporarily disabled to help defend against the attackers and improve platform service for existing customers”, said the firm in a statement.

Meanwhile, the hack just days ago of crypto-mining service NiceHash has continued to develop, with some of the approximately $70m in Bitcoin that was allegedly stolen from the company’s coffers now being transferred from its initial Bitcoin wallet. NiceHash requested that BTC node operators reject the transactions in a Tweet, a move intended to slow the movement of funds and improve the prospects of tracking the stolen BTC to an identifiable wallet.

Bitcoin hacks rocket as 4th biggest breach investigation begins

The NiceHash hack ranks as the fourth largest heist in cryptocurrency history, and resulted in NiceHash going offline. The company claims it is working towards recommencing activities in the near future. In a touch of potential drama, NiceHash’s chief technical officer at the time of the devastating hack was Matjaz Skorjanc, infamous for creating the Mariposa botnet. A fact which has led to much as-yet-unfounded internet speculation.

The Mariposa malware hijacked about 12.7 million computers around the world in 190 countries. Skorjanc was arrested in 2010 and sentenced to just shy of 5 years in jail.

Ilia Kolochenko, CEO, High-Tech Bridge said: “Since the beginning of this year, Bitcoin’s popularity has skyrocketed both among private and professional investors. However, Bitcoin remains unregulated and therefore bears all the associated risks, such as high volatility and uncontrollable fluctuations.

Nonetheless, a simple DDoS attack will unlikely cause any tangible consequences, unless wisely and carefully prepared. For example, if a major proponent or Bitcoin trade platform will suddenly go offline, accompanied with fake news that Feds have seized servers and arrested the Bitcoins – a large-scale panic can undermine Bitcoin’s exchange rate in a few hours. But such attacks require rigorous preparation and significant resources for execution.

If a dozen of Bitcoin exchanges will simultaneously go offline at a time of a major negative announcement concerning Bitcoin or cryptocurrency in general, and sellers won’t be able to sell their Bitcoins, again - a huge depreciation may appear on the horizon. One should keep in mind, however, that DDoS attacks are omnipotent against many different businesses, not just cryptocurrencies. What exacerbates damages from DDoS attacks against Bitcoin is that its exchange rate cannot be controlled and entirely depends on rumours, gossips, unfounded expectations and will of new investors to buy it.

It is certain that as the value of cryptocurrencies continues to rise, so will their attractiveness to criminals, as well as legitimate investors. However, security levels continue to be a concern - a recent High-Tech Bridge investigation into cryptocurrency apps on the Google Play store found that even among the most widely downloaded, 94 per cent contained at least three medium-risk vulnerabilities. Using the company’s new free online service Mobile X-Ray, the researchers also found the 94 per cent of applications were still using SSLv3 or TLS 1.0 banned by PCI DSS.

Looks like the world of cryptocurrency (at least on Android) as some way to go yet...

Mark Mayne has covered the security industry for more than 15 years, editing news for SC Magazine and editing SecurityVibes UK. Mark has a background in national news journalism and tech reporting, and has run b2b and b2c editorial sites.

User Comments
Add Comment

How it Works Ask a Question