Crypto Caper: How Cybercriminals Steal Crypto from Blockchain Networks

This blog was originally published by TokenEx here.

Written by Valerie Hare, TokenEx.

In 2009, the first established cryptocurrency was born – Bitcoin. If you aren't familiar with cryptocurrency, it's an online currency with ledgers secured by encryption. Since those early years, digital currency has become increasingly popular among individuals and businesses interested in these non-traditional investment opportunities. Like any technology, crypto has security and financial risks, such as the lack of control and the ability for crypto users to remain anonymous. Keep reading to learn all about one of the most devastating crypto cyberattacks, as well as common cyberattacks used by cybercriminals.

What Is Wormhole?

Wormhole refers to one of the biggest blockchain bridges between the Ethereum and Solana blockchain networks. This digital bridge is a web-based application that enables users to transfer cryptocurrency and non-fungible tokens (NFTs) between the two networks. This crypto bridge interacts with various blockchain networks, including Avalanche, Binance Smart Chain, Ethereum, Oasis, Polygon, and Terra. For example, if a user transfers 20 ether (ETH) from Ethereum to Solana, they would use Wormhole to lock their 20 ETH into a smart contract within the Ethereum network. Smart contracts are digital contracts stored on blockchain networks to run when specific requirements are met automatically. These contracts temporarily lock the original cryptocurrency and mint or release a wrapped token of the user's requested token.

Once the contract is established, the user can mint an equivalent amount of wrapped ETH on the Solana network. A wrapped token represents a cryptocurrency from another blockchain or type of token worth the same as the original cryptocurrency. Unlike the original crypto, wrapped tokens can be used on non-native blockchain networks and redeemed for the original cryptocurrency.

Wormhole Cyberattack

On February 2, 2022, cybercriminals identified a vulnerability in the Wormhole platform, allowing them to steal a staggering $321 million in wrapped Ethereum (wETH). When the attack was discovered, Wormhole immediately disclosed the hack and shut down their platform for further investigation. The hackers minted and then stole 120,000 wETH tokens on the Solana blockchain network. Additionally, the crypto thieves also converted 80,000 of the stolen wETH tokens to Ethereum, selling the remaining tokens on Solana. Indeed, this marked the most significant hack for the new year and is ranked as our digital age's fourth-largest crypto cyberattack.

During the investigation, Wormhole temporarily paused all token transfers on its blockchain bridge. Wormhole's team spent 16 hours patching the exploit. A trading firm, Jump Crypto, replaced all of the stolen ETH, which meant user funds were not affected by the exploit. Furthermore, a Wormhole representative messaged the hacker's address with a $10 million bug bounty and Whitehat agreement offer in exchange for returning all of the stolen funds. Whitehat agreements are contracts that allow ethical hackers to find security vulnerabilities in hardware, software, or networks in exchange for a specific reward and ideally avoid criminal punishment.

Common Cyberattacks

If you're keeping the pulse on tech news, it's no surprise that cryptocurrency comes with security risks. Blockchain bridges like Wormhole are especially risky because it's incredibly complex to code. Indeed, these crypto bridges must be compatible with numerous chains, which means there are possibilities for security vulnerabilities that hackers can find and use to steal crypto. Let's look at a few of the most common cyberattacks within the crypto market.

Compromised Registration Forms

Hackers can steal users' sensitive information from online registration forms. These criminals can then sell the exposed information via the black market for profit.

Cryptojacking

Cryptojacking is when an individual gains unauthorized access and use of another person's computer, phone, tablet, or server. With this access, the hacker can mine cryptocurrency and sell the stolen tokens for profit. Cybercriminals typically conduct this attack by getting the user to click on a harmful email link that loads crypto mining code on the victim's device. Alternatively, hackers may infect a website or ad with malicious JavaScript code designed to automatically run once it's loaded in the user's browser environment. Unfortunately, this code runs in the background, which means the user will likely not know that someone has stolen their cryptocurrency. A couple of signs that a user's device is compromised include running and performing much slower than usual.

Cryptocurrency Scams

When it comes to money, cybercriminals will work hard to scam people, including crypto. Hackers use a variety of tactics to scam crypto users:

• Creating fake Android application PacKages (APKs) to trick people into downloading fake software on their operating system (OS).
• Fake domains that look like an official blockchain platform.
• Using phishing ads and campaigns on social media platforms includes malicious links and attachments.
• Sending spam emails to lure people into entering sensitive information or buying or trading tokens on fake sites.

Hacked Trading Platforms

Cybercriminals take advantage of the lack of control, flexibility, and anonymity of trading platforms to steal cryptocurrency from users. There are dozens of examples to prove this since establishing the first digital token. Aside from the Wormhole attack, another primary example is a decentralized finance (DeFi) project called PolyNetwork, which was hacked in 2021 and lost a whopping $600 million. Another example is a crypto trading platform, Bitmart, which was also hacked in 2021 and lost nearly $200 million from just one company account.

Phishing

Phishing is a technique hackers use to gain unauthorized access to sensitive data, such as credit card information, Social Security numbers, and bank account numbers. Hackers create phishing campaigns that target crypto trading platforms. The goal is to trick users into entering their login credentials into a fake form, website, or mobile application. Once they receive the stolen credentials, these scammers will sell the information for profit or hold it for ransom until the victim provides the demanded funds.

Third-Party Applications

Hackers also target third-party applications to steal user data. With this sensitive information, cybercriminals will use it to launch attacks on blockchain platforms. As the news reports illustrate yearly, these large-scale attacks have a negative impact on typically millions of crypto users. Since many people invest in crypto for their family's future, business opportunities, and emergency funds, it's easy to see that these attacks have a massive impact on many people's lives.

How to Combat Blockchain Cyberattacks

Since cryptocurrency is still considered new in a predominantly traditional financial industry, cyber thieves can leverage their advanced skills and resources to take advantage of a world still learning about cryptocurrency. These criminals have multiple tricks to launch small and large-scale attacks against blockchain platforms, third-party applications, organizations, and individual users. While some believe cryptocurrency should be banned due to the lack of regulations and centralized control akin to current financial institutions, it's more likely that digital money is here to stay. Instead, businesses and individuals must find ways to combat these cyberattacks. Furthermore, businesses must stay up-to-date on the latest cyberattacks, security best practices, and recommendations. By being aware of these threats, companies can be better equipped to decide which blockchain networks to use and implement a layered security solution that protects what matters most to them.