Please check out latest news, expert comments and industry insights from Coinspeaker's contributors.
Within this article, we’ll be covering the five most common types of crypto hacks.
In the past ten years alone, the price of cryptocurrencies like bitcoin has skyrocketed, virtual currency firmly plating itself as a core segment of the modern financial world. Yet, while cryptocurrency boasts a range of useful benefits, one clear downside to this digital currency is the tendency of scammers to use breaches, hacks, and mass password leaks to wipe out wallets.
The occurrence of cryptocurrency theft has steadily risen year upon year, moving from $1.7B in 2018 to $4.5B in 2019. Although just beginning, 2021 has already seen its first major hack of the year, with Crypto.com seeing $34M liberated from the platform due to hackers this January.
But what does hacking crypto mean? How can you steal something that’s already a digital asset? Within this article, we’ll be covering the five most common types of crypto hacks, demonstrating why investors shouldn’t be as alarmed as they currently are.
What Types of Crypto Hacks and Scams Are There?
When news comes out about a recent crypto hack, the details shared are almost always who it happened to, how much was stolen, and when exactly the hack happened. However, it’s often the case that people don’t discuss the hack itself.
Without this information, it’s harder for people to protect themselves. Currently, there are five main types of crypto hack:
- Malware and Phishing
- 51% attack
- Private Key Theft
- Exit Scams
Let’s break these down further.
Malware and Phishing
By far the most common form of crypto hack, phishing is when passwords, access tokens, and user account details are obtained through targeted phishing emails. For example, a hacker might send an email to either someone that works at an exchange or someone that uses an exchange, pretending to be the exchange’s official email account.
From there, once the recipient of the email clicked on the spam link, they would be taken to a false site that mirrors exactly how the exchange looks. As they log on to the fake site, their details will be recorded and delivered directly to the hacker.
With the account information, the hacker can then sign onto the account and begin to execute transactions. The most drastic case of this was when hackers managed to phish account information from employees at Binance.
Once inside the system, they meticulously learned how the internal infrastructure worked before finding a vulnerability in the system, gaining access, and stealing 7,000 BTC.
This Binance hack happened in May of 2019, with over $40,000,000 being stolen in the blink of an eye.
In late 2018, bitcoin ATMs were constructed and distributed across Canada. Although being able to withdraw or buy and sell bitcoin on an ATM seems like an interesting idea, in reality it was a severe miscalculation.
Bitcoin cannot process many transactions in a minute, only managing around 3-7, new transactions are added to a processing queue. Scammers made the most of this fact, withdrawing money from the ATM and then canceling their order on their mobile phones. The ATM would instantly release the funds, adding the transaction to the queue – which was swiftly canceled.
Over the space of a few hours, scammers had taken over $200,000 from the ATMs before the manufacturers realized they needed to add a wait time to the ATMs.
By far the most technically complex form of cryptocurrency theft, a 51% attack requires diligent planning and incredible computing power. While it’s commonly understood that blockchain transactions are unalterable once they’ve been placed, this isn’t strictly true.
If a group of miners controls more than 50% of the entire cryptocurrency’s mining network, they’ll be able to interrupt the creation and recording of new blocks. Instead of each block being randomly assigned an owner, they’ll be able to prevent other miners from finishing new blocks, being recorded as the finders themselves.
This means that the 51% majority can then claim all of the rewards for ‘finding’ a new block, generating huge amounts of currency for each hour they continue this scam. Each new block of bitcoin generates around 6.5 bitcoin in rewards. While incredibly effective as a blockchain scam, this takes an enormous amount of computing power, which is why it’s much less common.
Bitcoin SV, Ethereum, and Verge are all cryptocurrencies that have suffered from targeted 51% attacks.
Private Key Theft
A private key is a secret, digitally stored number used in cryptocurrency to (perhaps ironically in this case) create an additional layer of security. They act similarly as a password, allowing users to confirm transactions when sending cryptocurrency.
While these are typically secure, when things go wrong, hackers are able to either code systems that systematically guess private keys or find exploits that reveal the private keys. This is especially the case when users can create their own private keys, relying on easily-guessable passwords which lead to their wallets being hacked.
One famous example of a private key theft exploit was when Coinomi accidentally sent all the private keys they generated through a Google spell checker. The hackers found this out, located the spell check history, and then directly used the private keys with the associated accounts.
In December of 2021, Vulcan Forged were the victims of another exploit. Over $140 million was siphoned off from their exchanges after hackers located 96 private keys due to an exploit.
Exit Scams are what many people think of when they think of mass losses due to cryptocurrency. An exit scam is when a new cryptocurrency launches an initial coin offering that raises money for its project.
Before the coin then even launches, the creators of the coin steal all of the money, leaving the coin to tank in value. This scam of disappearing with other people’s money was incredibly common in 2018 and 2019, with 78% of projects in 2018 being reported as scams and seeing over $1.3B.
What Type of Hack Impacted Crypto.Com?
On the 17th of January, Crypto.com, one of the largest cryptocurrency exchanges currently in action, reported a hack that resulted in the loss of over $35 million. This hack, which mostly took ethereum and bitcoin, was the result of exploitation of the Two Factor Authentication of Cypto.com.
This hack falls into the private key theft section, being a slight alteration where instead of finding out the secure keys that enable transactions, they were disabled altogether. In their statement, Crypto.com stated that they noticed transactions being approved on user accounts without the two-step authentication being triggered.
This meant that hackers that had obtained entry to accounts through malicious intent could trigger mass transfers from these wallets off the platform.
Since this hack, cryptocurrency has had one of the worst price weeks in recent history, with investors being more on edge than ever.
Should I Be Worried about Crypto Scams, Hacks, and Breaches?
While the majority of news stories that focus on cryptocurrency hacks detail the large amounts that are stolen, this isn’t the only factor that comes into play.
If one were to continue reading on the Crypto.com statement, they’d see that all of the accounts that lost their currency had that money directly restored to them. In fact, apart from ICO scams, every single example used throughout this article saw all of the lost money returned to users within the week.
While, of course, cryptocurrency scams are something that should not be happening, considering currency is always returned to the users, it’s not a thing that should worry individual investors.
The main way to protect yourself from falling prey to losing money within cryptocurrency is by using large exchange platforms that have reserves to pay back any scam attempts.
Additionally, if you’re worried about your personal information being compromised in private key thefts, then there are a range of tech solutions. One of these companies, Avarta, offers an additional layer of digital identity confirmation. Due to this, even if your account’s passwords were compromised, Avarta would prevent any transactions from taking place.
When focusing on the numbers, cryptocurrency scams seem like a huge problem. But, in actuality, the platforms that the majority of traders use have precautions in place to ensure that your money is safe on the platform.
As digital security technology continues to improve over time, cryptocurrency breaches will become less and less frequent, helping you to invest with even more peace of mind.