It is well known that centralized cryptocurrency exchanges have been vulnerable to attacks since the beginning of their existence. Hackers have exploited vulnerabilities in third-party exchanges, targeted cryptocurrencies directly, or used flash loans to their advantage. To date, $4 billion has been stolen this way.
In August 2021, a hacker attacked Poly Network by exploiting a vulnerability in its system and managed to steal over $600 million worth of funds — one of the largest attacks in the crypto market history.
Source: Comparitech, CNBC. The world’s 11 most expensive crypto heists by amount stolen
In December 2021, central exchanges Bitmart and Ascendex lost funds from their hot wallets due to hacker attacks. Let’s dive deep to find out how this happened.
On December 4, 2021, at approximately 6:30 pm EST, BitMart noticed a breach. The investigation revealed that an attacker had gained access to two of the company’s web-accessible cryptocurrency wallets by stealing important private keys.
Peckshield, a blockchain security company, described the hack as a simple “transfer-out, swap, and wash.” Below is a flowchart illustrating the use of a decentralized exchange aggregator and privacy mixer to make the stolen funds harder to trace.
Source: PeckShield. Transfer scheme of stolen Bitmart tokens.
After a security review by leading companies, it was determined that the breach affected two hot wallets: a BSC wallet and an ETH wallet. According to an initial investigation, a malicious attacker captured $200 million in digital assets.
In a recent case, AscendEX reported that a hacking attack took place. While the platform protected the cold wallets, the hot wallets were significantly damaged. In total, AscendEX lost around $77 million. The attack focused on Ethereum, BSC, and Polygon networks, with ERC20 tokens being the main target of the thieves. So far, scammers have stolen ERC20 tokens worth about $60 million, BSC tokens worth $9.2 million, and Polygon tokens worth $8.5 million.
The source: PeckShield. The list of the transferred-out assets and their amounts
After noticing several unauthorized transactions from one of its hot wallets, the company detected the breach. The cold wallets were not affected as the funds in the untouched hot wallets were immediately transferred to cold storage.
An attacker can use several methods to penetrate an IT system, but most attackers rely on similar techniques to carry out cyber attacks.
Common types of cyber attacks
Malware is an application that can perform a variety of tasks. Some strains are designed to disrupt the system, while others steal users’ data or extort victims.
Phishing is probably the most widespread form of cyberattack, mainly because it is easy to carry out and surprisingly effective. A phishing attack is when a cybercriminal tries to trick you into giving out sensitive information, for instance, your password or credit card details. It often comes in the form of emails pretending to be from a company offering cryptocurrencies or wallets.
- Man-in-the-middle attack (MITM)
MITM attack occurs when a hacker intercepts communications between two parties and attempts to steal information, spy on the victims, etc. Since most email and chat systems today use end-to-end encryption, MITM attacks are rare nowadays.
- Distributed Denial-of-Service (DDoS) attack
When a cyber attacker floods the target with an overwhelming amount of traffic, it is called a DDoS attack. While sophisticated firewalls can detect traditional denial-of-service attacks, a DDoS attack uses multiple compromised devices to bombard the target with traffic.
- SQL injection
SQL stands for Structured Query Language and is used to communicate with databases. SQL injection is a common attack method. Web applications allow users to enter data into a form; after that, the app interprets that data by sending it to an SQL database. If the permissions on the database are not appropriately set, the attacker can exploit the form to send commands that modify the data stored in the database.
- Zero-day exploit
In a zero-day exploit, a hacker uses a vulnerability discovered in specific widely used software applications and operating systems before the software developer has released a fix.
- DNS tunneling
The Domain Name System (DNS) is a network service that translates domain names into IP addresses. Browsers use this translation to load Internet pages over the Internet Protocol (IP). The DNS tunneling attack takes advantage of a sophisticated attack vector. Attackers can exploit DNS requests by injecting malware into them. This malware creates a persistent communication channel that most firewalls fail to notice. According to inCyber, nearly 80% of cyber security incidents are due to a DNS query. This is due to the digital transformation of businesses, accelerated by the Covid 19 pandemic.
- Business Email Compromise (BEC)
BEC stands for Business Email Compromise and occurs when an attacker targets specific employees aimed at transferring money to a bank account controlled by the attacker. BEC attacks usually require a lot of planning. For example, if the attacker knows the bank’s executives and their roles and responsibilities, he/ she can convince one of them to transfer the money. BEC Attacks can result in significant losses of revenue for companies.
Cybercriminals can compromise a user’s computer or device to mine digital currencies. With cryptojacking, companies are less transparent, which means someone could be using your network’s resources to mine cryptocurrencies without you knowing.
- Drive-by Attack
Drive-by downloads occur when malicious code is transferred to a computer or device through a compromised website or in an advertisement. Some malicious software is offered in banner ads or other forms of online content. It is an exploit kit that even novice hackers can use to host malware on their websites or distribute malicious content through other means.
- Cross-site scripting (XSS) attacks
Cross-site scripting attacks are similar to SQL injection attacks, but instead of extracting data from a database, they usually infect other users who visit the site. For example, if the comments are not filtered, an attacker can post a malicious script. When you visit this page, the script is executed and either infects your device, steals cookies, or redirects you to a malicious website.
- Password Attack
It’s a type of cyber attack where hackers try to guess or “crack” your password. Even if the hacker guesses your password, they can not transfer your money from your wallet or purse without a 2FA code. That’s why it’s so important to have a strong password and enable two-factor authentication.
- Eavesdropping attack
An eavesdropping attack is when a malicious hacker looks for unsecured network communications to intercept and access data sent over the network. Therefore, using a virtual private network (VPN) when accessing sensitive data through an unsecured public Wi-Fi hotspot is recommended.
- AI-Powered Attacks
The use of artificial intelligence (AI) to carry out sophisticated cyberattacks is a growing concern, as we do not yet know what these attacks will be capable of. The most notable AI-driven attack we have seen so far was using AI-driven botnets to carry out a huge distributed denial of service (DDoS) attack. However, we can expect to see much more sophisticated attack vectors in the future.
How to protect yourself from cybercriminals?
Besides the basic rules of not using the same password on different websites or storing your passwords in one place, there are several essential steps you need to take to protect yourself from fraudsters:
- Always enable two-factor authentication to protect your transactions. This provides an extra layer of security for your wallet or purse. Without 2FA, if an attacker were to gain access to your mail and password, he can easily withdraw money from your account.
- Be sure to manage your wallet properly — you should keep the majority of your funds in cold-storage wallets with multiple signatures. Do not keep all your funds in a single wallet. Hot wallets responsible for automated transactions should only have a minimum balance as they are the most vulnerable to hacking. Also, use a separate wallet address for each platform. That way, if one platform gets hacked, the other will be safe.
- If you invest in decentralized projects, check your wallet credentials regularly. If you no longer wish to use a particular DeFi project, revoke that project’s permissions to your wallets.
- Avoid phishing links — These are malicious advertisements or emails that use clones of official domain names and logos to lure you to a third-party website under the pretense that it is affiliated with an established company. Be careful when visiting the websites of exchanges or wallets — sometimes attackers buy hosting services with similar names and then redirect users to their malicious websites.
- Do not access exchanges or wallets through public networks. The open nature of the network allows hackers to monitor whether the networks are full of compromised machines, or worse, the access point itself could be malicious. If you are working with sensitive data while searching over public Wi-Fi, use an encrypted website or VPN service to protect yourself.
Security is a top priority for PointPay
In order to identify threats and vulnerabilities, we are using automated vulnerability scanning tools. For instance, TrustedSite constantly monitors the pointpay.io website for security threats such as malware, malicious links, and phishing. Our company also uses SSL to encrypt transmitted data with industry security protocols. Our website has also passed SiteLock’s security check.
Our website also complies with the requirements of PCI DSS (Payment Card Industry Data Security Standard) — the standard developed by the international payment systems Visa and MasterCard. The certification of PCI DSS guarantees protection against theft of customer data and other fraudulent activities during the processing of transactions.
For more information, please see the bottom right corner of the website.
We are constantly conducting internal and external audits, including the smart contract of our token. You can view the latest audit of the PXP token here. Furthermore, we monitor the current-day vulnerabilities and use encryption/decryption procedures for certain types of data.
Our team is also constantly working to improve the security of our websites. In 2021, we added the security feature of 2FA via email and Google Authenticator in the app. PointPay is also implementing the KYC process to prevent financial crimes and money laundering through our platform.
We work with cybersecurity experts, ecosystem partners, and regulators to further strengthen PointPay’s defenses against attacks and security breaches. We are committed to developing new ways to provide users with a more secure experience with our platform.
🔥 Buy PXP tokens on Bittrex: https://bit.ly/32VWsci
🔥 Buy PXP tokens on Bitrue: https://bit.ly/3JEreHu
🔥 Buy PXP tokens on BitHumb: https://bit.ly/3qOK6e9
🔥 Buy PXP tokens on WhiteBIT: https://bit.ly/3qJrjRH
💰 Earn up to 20% yearly with PXP staking program in PointPay Bank: https://bank.pointpay.io/staking
💡 Check PointPay Live-Roadmap (PointPay development in real-time): https://pointpay.io/live-roadmap/
🏦 Remember, we are PointPay, and we are beyond banking!