Cryptocurrency hacks are shaking the faith of cryptocurrency investors and cryptocurrency enthusiasts. Is investing in cryptocurrency actually safe?’
Let’s look at the four large segments of cryptocurrency hacks:
- Double spend attack or 51% attack
- Distributed Denial of Service (DDoS)
- And Attacks on the Cryptocurrency exchanges .
- Attacks on User’s Wallets.
- Double spend attack or 51% attack
The most prominent attack is the 51% attack or double spend attack. This occurs when a miner or group of miners on a blockchain are trying to spend their cryptocurrencies on that same blockchain twice and control more than 50% of the network’s mining hashrate or computing power. The attacker(s) prevents new transactions from being confirmed by other miners and reverses transactions that were completed allowing them to trade the same cryptocurrency token or coin twice. Imagine a situation where you buy a house using 3 units of bitcoin. You transfer your bitcoin to the realtor’s address for payment. When a 51% attack occurs on the Bitcoin blockchain, the transfer can be reversed and the 3 units of bitcoins can be spent again and again.
How does this actually work?
In order to understand how the 51% attack works, there’s a need to understand how the blockchain works. The blockchain technology is a chain of blocks which serves as a public financial transaction database to record all completed cryptocurrency transactions during a given period of time. Once a transaction takes place it is put in the pool of unconfirmed transactions. Miners then select from this pool to form a block of transactions. In order to add the transaction with the rest of the block, they need to solve a mathematical problem using computational power. As soon as a miner solves this mathematical problem, it is broadcasted to the other miners for validation and acceptance. Once the transaction is confirmed to be valid, it is accepted by these miners and added to the blockchain. So whoever has the most computing power, in this case, solves the mathematical problem faster.
However, once a malicious miner has over 50% of the computing power he can reverse these transactions and create an offspring of the blockchain by not broadcasting the solutions to the other miners. This creates two versions of the blockchain- the original and the corrupt version. This malicious miner can now spend all his cryptocurrency on the original blockchain again and again- Double spending. They can also prevent other miners from completing blocks and earning all the rewards themselves.
There have been a number of Double spend attacks in recent times. In May 2018, Bitcoin Gold was attacked, April 2018, The Verge Blockchain also suffered from this attack- the attacker was able to get hold of a bug in the code of the verge blockchain protocol that allowed him to produce new blocks at a very fast rate within a short period of time. Other examples include; Monero, Litecoin cash, and Zencash with approximately 21,000 zen worth $550,000 taken from it. These cryptocurrency hacks have a negative impact on the cryptocurrency value and causes the exchange value of the cryptocurrency to drop.
The double spend attack was previously considered highly unlikely and rare because of the amount it would cost to actually attack a cryptocurrency. Hacking a blockchain involves a large amount of computing power and funds to possess the networks hash rate. However that claim has since been invalidated, especially for cryptocurrencies with small networks and PoW cryptocurrencies.
- Attacks on the Cryptocurrency exchanges
In January 2018, the Japanese cryptocurrency exchange Coincheck was hacked with 533 million NEMcoins valued at about $534.8 million stolen. This is said to be have been the biggest hack so far – bigger than the Mt.Gox hack where about $437 million worth of bitcoins were stolen. 980,000 Bitcoins have been stolen from exchanges, from 2011 to 2017, and the entire industry has lost $606m worth of crypto assets. (List of cryptocurrency exchange hacks)
When a cryptocurrency is being held on an exchange, this simply means the owner of the cryptocurrency is entrusting the security and storage of the private keys that are associated with their funds, to the owners and operators of the exchange.
The cause of some cryptocurrency exchange hacks is compromised credentials. The cryptocurrency exchange administrators are often the prime targets since they have authorised access to people’s private keys on the exchange. In June 2011, the Mt.Gox’s auditors account was compromised, giving access to people’s private keys.
- DDOS Attack
In the fourth quarter of 2017, there was an increase in DDOS attacks of bitcoin related exchange sites, making Bitcoin the most targeted cryptocurrency due to the major surge in its value.
A DDOS attack which stands for distributed denial-of-service attack, is a malicious attempt on a service provider that looks to disrupt its service, flooding the server with traffic and requests from so many different sources, that the server cannot handle. In October 2017, Bitcoin Gold was a victim of a huge DDoS attack, which produced over 10 million requests every minute and rendered their site completely inaccessible.
In December 2017, the South Korean cryptocurrency exchange Youbit was forced to declare bankruptcy after a major cyber-attack on its servers, that wiped out 17% of its overall assets. Bitfinex, Poloniex, and Coin secure also witnessed these DDOS Attacks.
- Attack on User’s Wallets
Hackers carry out attacks on user’s wallets by simply having access to their private keys.
How do these hackers get access to people’s private keys?
Hackers often create emails (Phishing emails) from supposed reputable organizations in order to trick recipients into sharing sensitive data such as login details and passwords so as to get access to their private keys or withdrawal system.
Other methods include:
- Test Accounts: Developers use test accounts to test their codes and verify that everything works fine. Once a hacker is able to get into these test accounts, the system becomes automatically vulnerable.
- Transaction malleability: This occurs when the transaction details are edited by an individual to make it look like the transaction never took place. Exchanges using a centralized database are susceptible to this transaction malleability attacks.
How to Protect your Cryptocurrency Wallet
There are various ways in which a cryptocurrency owner can protect his or her wallet and avoid;
- Avoid downloading unknown mobile applications
- Beware of slack bots; Slack is an online messaging system. One of the features of Slack is the use of bots; automated programs that can do a number of tasks. Unfortunately hackers have started using these bots to steal cryptocurrency. These bots will send alerts about a security breach on your wallet, directing you to a link that then asks for your login information or private keys.
- Avoid using public wifi to perform cryptocurrency transactions
- Use https protocol when interacting with cryptocurrency websites.
Flaws in cryptocurrency exchanges and how cryptocurrency exchange hacks can be avoided?
There are a number of recommendations cryptocurrency exchanges should take into consideration in order to avoid being hacked;
- Protection of Hot wallets: These wallets have been the target of many cryptocurrency exchanges. In order to avoid these attacks, it is important to secure these hot wallets with a multisignature private key. Another way to secure the hot wallet is to use a cold wallet alongside. A cold wallet is a hardware wallet similar to an external hard drive or USB device with a built-in unique chip and a password. The device has a private key inside it and can be attached to the smartphone or computer when a transaction needs to take place. Cryptocurrency exchanges could make use of cold wallet to store a majority of their cryptocurrencies, rather than save it in a hot wallet and be vulnerable to attackers. The only problem with this is that trades are being carried out 24/7 and requires the hot wallet to be adequately funded for transactions to be successful.
- Compromised Internal Login Credentials: As noted earlier, the cause of most of the major cryptocurrency exchange hacks is the ability of hackers to obtain employee’s login details. A biometric factor for authentication or having a two-step authentication of all employees could prevent this from happening.
- Bug in cryptocurrency code: A cryptocurrency exchange should consider using public-facing bug bounty program, where the white hat hackers will be rewarded for finding flaws in the code before the black hat hackers(cybercriminals) attack the exchange.
The blockchain is an immutable, decentralized, public and distributed ledger. The immutable nature of the blockchain means that once a data is recorded on a blockchain, it is almost impossible to make changes to the data after they are recorded. The 51% double spend attack (which involves hackers having control over the network and being able to alter blocks and manipulate data) questions if the blockchain is truly immutable or if it only appears in theory. “However, any system invented by person can be hacked by another person so it needs to develop general principles” Magas, J. These cryptocurrency hacks are one of the barriers to the widespread cryptocurrency adoption, especially since there is no insurance policy on most exchanges or clear regulation to protect investors.
The contents of CryptonomicsAfrica.com provide general as well as detailed information on cryptocurrency and blockchain technology. This should not in any way be treated as investment, business or legal advice. Users are encouraged to verify the information provided before acting on same. CryptonomicsAfrica.com would not be liable for any loss to any individual or entity occasioned by a reliance on the information provided as same is done solely at the risk of the individual or entity in question.