malware that attacks crypto wallets
It’s not just large organizations that are losing millions to cryptocurrency theft, hackers are also targeting individual users to steal small amounts, according to new data.
According to blockchain data platform Chainalysis, scammers stole a record $14bn (£103bn) in cryptocurrency in 2021, with crypto-related crime losses increasing by 79% compared to 2020.
In its latest report, it said sophisticated attacks require careful planning and skill, but thanks to other types of malware, hackers can take a cheaper “spray-and-pray” approach, spamming millions. of potential victims and stealing smaller quantities. The sampled malware families received 5,974 victim transfers in 2021, compared to 5,449 in 2020.
He identified four types of common “cryptocurrency-focused malware families.”
The most dangerous of these is cryptojacking, probably the most prolific of all malware families, where hackers use a victim device’s computing power without permission to mine cryptocurrency. In 2020, Cisco Cloud Security Division (CSCO) reported that cryptojacking malware affected 69% of its customers.
Hackers also love Trojans, viruses that look like a legitimate program but infiltrate the victim’s computer.
There are also clippers, which hackers use to replace cryptocurrency addresses copied to a user’s clipboard with their own, allowing them to redirect scheduled transactions to their own wallets.
A 2018 report from Palo Alto Networks estimated that 5% of all Monero (XMR-USD) in circulation was mined by cryptojackers, which would represent over $100 million in revenue.
Read more: Live Crypto Prices
Another type of malware is called information stealer, which collects credentials that a user may have saved on their browser. Cryptbot, an information stealer that steals victims’ cryptocurrency wallet details, was the most prolific malware family in this group in 2021, harvesting nearly half a million dollars in stolen bitcoins (BTC -USD).
Many of these malware strains are available for purchase on the darknet, making it even easier for less sophisticated hackers to deploy them against victims.
After receiving the cryptocurrency from the victims, the malware operators send the majority of the funds to the addresses of the centralized exchanges.
However, this majority is slim and getting thinner. Exchanges only received 54% of funds sent from malware addresses in 2021, compared to 75% in 2020. Decentralized finance (DeFi) protocols account for a large part of the difference at 20% in 2021.
Watch: Watch: Can you live exclusively on bitcoin?
DeFi is a rapidly growing industry that aims to eliminate intermediaries, such as banks, from traditional financial transactions, such as obtaining a loan. But many of the newly launched protocols have code vulnerabilities that hackers are able to exploit.
Malware attacks are not necessarily carried out by administrators of the malware family itself, but rather by smaller groups who rent access to the malware family. The report says this is something law enforcement should keep in mind.
Read more: Binance and Coinbase: How Stockbrokers Spread the Gospel of Crypto
Investigating how cybercriminals launder stolen cryptocurrency may be investigators’ best bet in finding those involved, he said.
Using blockchain analysis, investigators can track funds, find deposit addresses used by cybercriminals to withdraw money, and assign services hosting those addresses to identify attackers.
Last week, Microsoft (MSFT) said it found destructive malware on dozens of Ukrainian government and private sector computers capable of wiping computers’ data and rendering them unusable.
He said there were several reasons why the activity found was inconsistent with the cybercriminal ransomware activity observed by Microsoft.
“Explicit payment amounts and cryptocurrency wallet addresses are rarely specified in modern criminal ransom notes,” but were specified in this instance, Microsoft said.
Meanwhile, in a separate report, Chainalysis said North Korea appears to be the hub of crypto crime.
Hackers in the country have launched at least seven attacks on cryptocurrency platforms that mined nearly $400 million in digital assets last year.
These attacks primarily targeted investment firms and centralized exchanges, and used phishing lures, code exploits, malware, and advanced social engineering to siphon funds from these organizations’ internet-connected “hot” wallets into addresses controlled by North Korea.
Once North Korea was granted custody of the funds, it began a thorough laundering process to conceal and collect.