What You Need to Know about Cryptocurrency Hackability

| Updated
by Julia Sakovich · 6 min read
What You Need to Know about Cryptocurrency Hackability
Photo: Shutterstock

Most of the weaknesses of crypto security are attributable to the human factor, particularly a failure to adequately secure personal crypto wallets.

For years, crypto proponents have touted the security of cryptography and blockchain-based digital currencies. These are supposedly extremely difficult to hack. That’s why it’s puzzling why there’s never a shortage of news that involves hacking or theft of Bitcoin and other cryptocurrencies.

In mid-2019 Taiwan-based Binance, the world’s largest cryptocurrency exchange based on transaction volume, admitted that they became the victim of a large scale data breach, which resulted in the loss of over US$40 million worth of cryptocurrency. Binance said that over 7,000 BTC was stolen from the company’s hot wallet. Also, in early 2019, the Ethereum Classic blockchain was reportedly compromised.

Cryptocurrency hacking and theft may only be a small part in the cyber threat index, but they are a significant risk worth getting acquainted with. Strategies range from the simple to the sophisticated and large-scale, all of which emphasize the need for cybersecurity mindfulness.

Not Exactly Unhackable

Blockchain unhackability may no longer be a bragging right for cryptocurrency advocates. In January 2019, Coinbase’s security team observed irregular activities in the Ethereum Classic network, as the alternative currency’s history of transactions appeared to be under attack.

A hacker managed to take control of the Ethereum Classic network’s computing resources. This enabled the rewriting of the transaction history, which led to double spending of crypto coins. The hack allowed the hacker to steal coins equivalent to $1.1 million.

This attack is dubbed as the “51%,” wherein a hacker succeeds in controlling more than half of the computing capacity of a cryptocurrency network (half+1%). Armed with more computing resources than everyone else in the network combined, the hacker gains the ability to tamper with the blockchain.

Once the consensus mechanism is compromised, it’s difficult to guarantee the integrity of the system. If it’s any consolation, though, 51% attacks have only worked on smaller cryptocurrencies so far. There were reports of such attacks on Vertcoin, Monacoin, Verge, and Bitcoin Gold, but none on Bitcoin, Bitcoin Cash, Ripple, and other top digital currencies.

How the 51% Attack Works

This blockchain-defeating hack requires humongous computing power, which has to be at least 51% of the entire cryptocurrency network, hence the name. Multiple superfast computers working together or millions of devices infected by cryptojacking malware would be needed. This tremendous computing power requirement is the reason why 51% attacks have mostly focused on less popular cryptocurrency, since their underlying network of computing resources is correspondingly small.

The attack does not directly snatch coins from wallets. What happens is that the attacker generates an alternative and isolated version of the blockchain. The attacker builds blocks that are not broadcasted (which in normal situations ought to be broadcasted) to other miners. This results in a fork–one that is followed by the regular miners and another by the attacker’s miners.

Eventually, the attacker will take advantage of the isolated alternative blockchain to reverse transactions or enable double spending. This is done by broadcasting the isolated blockchain to the network and, with the superior computing resources, outpace other miners in completing blocks. Since most blockchain-based cryptocurrencies are designed to defer to the rule of the majority, the regular miners are forced to acknowledge the faster, longer, and heavier alternative blockchain version (created by the attacker’s miners) as correct and switch to it as the new canonical transaction history.

The setting of a new transaction history does not mean that new crypto coins are created out of nothing. Rather, the hack makes it possible to re-use coins that were already spent or transferred to other wallets. In the process, previously confirmed transactions can be reversed or ongoing transactions may be voided to give way to a new transaction history. The latter can mean the loss of coins held by an original owner to recognize a new holder based on the new transaction history.

‘Crude’ Attacks

Hackers messing with blockchains sounds highly alarming. However, 51% and other similar attacks are extremely challenging to undertake, especially when used on the leading digital currencies such as Bitcoin and Ripple. The 51% attack against the Verge blockchain back in April 2018 only succeeded because of a flaw in the Verge blockchain protocol, which made it possible to quickly generate a longer version of the blockchain.

That’s why cybercriminals still turn to the usual attack methods to steal bitcoin and other crypto assets. These attacks usually involve social engineering and malware.

One early example of a social engineering attack on Bitcoin happened in 2013 when 4,100 coins were stolen from the now-defunct digital wallet Input.io. The attacker succeeded in deceiving the site’s owner to provide the details needed for a password recovery request via email. The attack has since put Input.io out of commission.

When it comes to the use of malicious software, there are several possible variants. The most popular of which involves a clipboard hijacker or a malware that copies the information stored in the clipboard when someone copies something. Hackers take advantage of the natural instinct of most cryptocurrency owners to do the copy-paste combo when inputting their private keys to set up their online crypto wallets.

Attackers may also employ screenshot takers and keyloggers to steal login credentials and access online wallets. There are also those that use compromised crypto-trading add-ons written in JavaScript. Moreover, attackers may also use slack bots, which send fake notifications about nonexistent wallet issues in an attempt to convince the target to enter their private keys.

These “crude” attacks may not be as advanced direct assaults on blockchains, but they work because of the human factor in security weakness. Many still fail to use strong passwords, two-factor authentication, and other security measures. Others continue frequenting unsafe websites, exposing themselves to various kinds of malware.

The Takeaway

Cryptocurrency security is far from perfect. However, security issues are not enough to discourage the use and further development of this new class of digital assets. Most of the weaknesses of crypto security are attributable to the human factor, particularly a failure to adequately secure personal crypto wallets. Yes, Bitcoin and other cryptos are hackable, but this is not reason enough to ditch the idea of decentralized currency.

Altcoin News, Bitcoin News, Blockchain News, Cryptocurrency News, News
Related Articles