A walk through the investigative procedures following security breach instances of major trading exchanges.
With the soaring popularity of cryptocurrency, it’s spectacular, how young adventurers pour into the exchanges often to be ripped off. And this isn’t just a bad day or a miscomputation or even an intuition failure. This is a plain and simple security breach. Cybercriminals infiltrating the security layers to rob you of your coins.
An instance of a security breach can disrupt a trading platform’s operations for weeks, affecting customer confidence and impairing a reputation built over time. This may even cause crypto markets to fall in some cases.
What are the Concerns?
There are many. The commonest ones appear thus:
1) Infections of zero-day and keyloggers by the cybercriminals.
2) Management of electronic wallets requires the understanding of strong crypto, strong password management, knowledge of multi-factor authentication, and good computer hygiene. This includes patch management, antivirus cleanup, vulnerability remediation, host-based intrusion prevention, daily backup, and advanced firewalls. Without a competent mix of these tasks wallets are at risk of being compromised and stored cryptocurrency stolen.
3) Online trading platforms may be trustworthy but never 100% secure. This is because cryptography, however strong, is never undecipherable.
The Breach Cases
A Slovenia-based cryptocurrency mining marketplace shut down following a breach of their website, compromise of their wallets and loss of 4700 Bitcoins, and reported loss of USD 64mn.
A start-up company offering dollar-backed digital tokens reported that their systems were hacked and tokens worth USD 31 mn stolen.
A crypto-based social trading platform saw their website get hacked into and crypto worth USD 7nm stolen.
A polish trading site reported the loss of 2300 BTC.
The largest crypto security breach reported to date was one involving a Japanese exchange in 2018.
Thus far, $3 billion has been pilfered through security breaches and another $4.8 billion through scams, summing up to $7.8 billion worth of cryptocurrencies in total that have been stolen since 2011.
Detecting the Fraud
As an immediate response to any threat-entity movement, their crypto-address is identified. Very often there isn’t sufficient information found. Even then the transaction date filtering can be used. This information once collected can be passed on to the software analytics department where they can tag the address as high risk. This ensures the entity is easier to track.
The next leg of investigation involves swift sweeping across networks to track the bad actor who in the meantime may start to obscure the stolen funds. They may begin transacting with other exchanges or use mixing services and darknet entities. This process of obfuscation may commence immediately after the funds are stolen or months or years later when the entity assumes it safe to do so. The analytics service providers can offer transaction alerts to notify the victim every time funds flow into or out of an address.
The transaction alerts notified by the analytics must be followed up in hot-footing to catch up on the trail. An important step in the process is to alert exchanges of some of the crypto that might land with them. They must be able to block the crypto once they flow into their accounts. Visualization tools may reveal the addresses that may be directly or indirectly traced back to the criminal entity.
A Live Case
A software analytics service providing company detailed their steps that followed immediately after a crypto hot wallet was compromised and Bitcoins stole in 2020. In this case analytics software triumphed on several high points leading the chase to a near-finish.
The exchange had successfully detected the crypto address that the analytics company could tag maliciously. Thereafter, the address along with tier connections was traced.
Using their connection tools, the analytics company was able to confirm that the tracked entity had indeed received funds from that exchange along with several others. Those have been distributed to a long list of unnamed entities. The analytics team further uncovered that 80% of the total stolen funds were transferred to a mixing service. The case was still open until January 15 but the progress has been reassuring.
The thumb rule of cryptography states that there cannot be a code that is indecipherable, hence no network is fully secure. Eventually, the flaws and the vulnerabilities in the systems are uncovered by malicious entities and taken advantage of. However, losses can be checked with the implementation of upgraded technology and also by remaining alert and suspicious while protecting individual keys and maintaining trading platforms. Time is of prime importance in cases of breach. Acting promptly may help recovery.