Last fall, the Poloniex Bitcoin exchanger suspended work several times due to “technical problems” in a short time. This happens from time to time at all sites, temporarily ceasing their operation, interrupting the ability to make deals. Unfortunately, this is not the worst that can happen. Until now, the main obstacles to trading cryptocurrencies are hackers . So, at the end of October 2018, the popular Canadian cryptocurrency exchange MapleChange underwent a hacker attack and hacking. The most common way to steal deposits is to attack specialized trading applications. Below we consider the most common methods that attackers use.
Any trading application has its own vulnerabilities.
The weakest part of most ICO projects and popular cryptocurrency exchanges are their trading mobile clients and computer programs . The company Positive Technologies , which specializes in software development in the field of information security, conducted its own research on this topic.
For the analysis, 11 trading platforms from 6 companies that are related to trading on exchanges were taken . Some applications are created for Android platforms and some for iOS . The result was very bad. All discovered vulnerabilities undermined the reliability of the cryptocurrency exchange and made it possible to launch attacks against users .
Absolutely in all applications revealed at least three vulnerabilities. The most common was unprotected storage of critical data . So, backup copies were placed in open directories , and encryption keys could be found directly in the source code of the program . Below you can see it clearly.
Vulnerabilities in Android applications
Vulnerabilities in IOS applications
It turned out that more than a third of the programs make cryptocurrency trading unsafe and make it possible to carry out financial transactions on behalf of other users . The actions of intruders can significantly affect the value of a specific digital asset during an attack. For example, in January 2018, during the hacking of the popular exchange of the Coincheck cryptocurrency , hackers withdrew NEM coins of more than $ 500 million . This provoked a 16% price reduction and the subsequent general downward trend in the cryptocurrency market .
Another disappointing fact is that in more than 50% of cases a hacker can get personal user data that is on the exchange or directly in the application. Unfortunately, when developing mobile versions, protection is given much less time. Almost never used two-factor authentication . Often it is enough to pick up a normal PIN or conduct a phishing attack in order to intercept a work session and trade instead of the user .
Another vulnerability discovered in the application part is the ability of attackers to change the value of assets that is displayed on the device. For example, at the present price of a coin in $ 3600, it will show the figure of $ 5600. Such manipulations can be performed in real time, thereby pushing the user to actions that are beneficial in the personal interests of the hacker. It is especially easy to provoke for sale in the event of a sharp fall in value, causing panic. Below we consider a visual situation.
The screenshot shows a fragment of a trading session on the cryptocurrency market with a dominant bearish trend. The last candlestick is not so critical as to close its positions.
And now let’s see what the chart will look like after the hacker has adjusted it.
It is clear that in the second case, even those who have been trading cryptocurrency for several months will try to close positions .
What are the types of attacks in hacking applications?
There are a lot of ways, but there are those that are used more often than others. The easiest scenario for an attacker – when a trader from one device and trades , and comes to the various sites , and uses all the same password . In this case, whatever the reliability of the cryptocurrency exchange , unfortunately, this does not help much. A malicious script is being deployed to one of the sites the user visits.. Through it, the attacker gets the opportunity to make transactions on the exchange account of the user. Due to the fact that the script is not installed directly on the device, anti-virus protection does not react to it in any way. In most cases, the user does not even realize that he has undergone a hacker attack until he finds a record of transactions that he has not committed.
Another common option is to intercept network traffic . The main requirement for the attacker – to be connected to the same network with the victim . It is for this reason that information security experts point out the danger of using public wi-fi points to work with banking applications and trading programs . The attack with the interception of network traffic occurred in the spring of 2018 with a cryptocurrency wallet MyEtherWallet. The developers managed to prevent the most negative outcome, but they risked losing assets of more than $ 250 million .
How to protect your cryptocurrency ?
The first and most important thing is to maximize the security of your device . Keep track of fresh service updates, monitor information from developers and install applications only from trusted sources. If the program requires the presence of root rights on android devices or a jailbreak on ios , it is better to carefully examine why this is necessary. It is likely that this is a malicious program modified by an intruder. As noted above, do not use public wi-fi networks for trading cryptocurrencies and making any financial transactions. Be sure to use two-factor authentication where there is such a possibility. This significantly increasesreliability of the cryptocurrency exchange .
In addition to complying with all the technical recommendations, no one has canceled the human factor and the use of social engineering methods by hackers. Remember that in no case you can not follow unclear links , open attachments in mail that came from suspicious addresses and download files from unknown people in social networks and instant messengers . Too high a chance to get to a phishing site or launch a “steeler”, which in an instant will send hackers as much information as possible about usernames and passwords of accounts stored on the device.