Seven major cryptocurrency exchanges were victimized in 2019, totaling over $160 million in financial theft. As predicted, cybercriminal hackers targeted crypto exchanges in 2019 and the trend will continue into 2020.
Crypto exchanges are relatively new, as compared to those in the traditional financial markets. It is a hotbed of competition which drives innovation and is attractive to criminals. Over 400 cryptocurrency exchanges exist and all are vying for a piece of the growing $200+ billion market. New features and updates are constantly modifying the software and technology infrastructure. Over six thousand unique digital coin and token assets exist and the scope of management complexity continues to grow for these online markets. With constant change, vulnerabilities are inadvertently introduced.
Many of the exchanges have not matured, from a cybersecurity perspective, to properly validate, maintain, and defend their online services. Most of the sites focus on maintaining services and growing the user-base, with little attention to security. The race to establish themselves and be competitive has blinded them from investing in the necessary cybersecurity controls. In comparison, the brick-and-mortar banking sector is well versed in the risks of cyber-attacks. With decades of experience, they spend an inordinate amount higher than other industries on security.
Wherever there is value, the risk of theft exists. Digital tokens and coins are different than dollars and government-issued currencies, but they have value and can be transformed into just about any desirable form of money on the planet, which makes them a desirable target.
Additionally, the risks of being caught are small. Crypto assets can be easily stored, hidden, transferred, and laundered. Law enforcement's effectiveness is less than optimal and not a significant deterrent. Their tools lack refinement, international cooperation is weak, and cybercrime laws are poorly defined. Investigation and recovery of crypto assets are problematic at best, which increases the lure to attackers. Improvements and new capabilities for pursuing criminals in the digital landscape are being made, but progress is slow.
The combination of significant wealth, online accessibility, numerous vulnerabilities, and a plausible exit strategy for stolen assets makes for attractive targets. The result is that cybercriminals are beginning to explore and invest in targeting cryptocurrency exchanges, where vast amounts are consolidated in one place. The results have been staggering, with some hacks netting over $40 million to the digital thieves.
- Upbit $49M November 26th
- Bitpoint $32M July 12th
- Bitrue $4M June 27th
- Binance $40M May 7th
- DragonEx $7M March 24th
- Bithumb $13M March 30th
- Cryptopia $16M January 15th
The successful heists embolden and encourage more to attempts to target this industry. Until the cybersecurity measures increase to align with the threats, attacks will continue to rise and a wider range of targets will fall victim. It is a self-reinforcing cycle.
I predict 2020 to see even greater numbers of attacks and losses to the cryptocurrency exchanges, product vendors, service providers, and the holdings sector. Cyber criminals will find new ways to exploit, defraud, and steal from the cryptocurrency ecosystem at a scale never seen before. This trend is here to stay for the foreseeable future.