Deloitte Nigeria has said that the advent of initial coin offerings (ICOs) raises the chance for new investors or unsuspecting people to be tricked into investing in a fake cryptocurrency.
ICO refers to an unregulated means of raising funds for a new cryptocurrency venture. It is used by start-ups to bypass the rigorous and regulated capital-raising process required by venture capitalists or banks. The first successful ICO ever issued by a Nigerian start-up was from SureRemit. The company was able to raise $7 million three weeks to the end of the ICO.
Tope Aladenusi, Partner and Head of Cyber Risk for Deloitte Nigeria noted in a Tweet Chat on Wednesday that cryptocurrencies by nature are prone to cyber attacks.
A primary selling point for cryptocurrencies is their anonymity, which means they are untraceable. In view of this, money launderers and cyber criminals find them very attractive in perpetrating their enterprise. Presently, bitcoin is the most preferred payment option for Ransomware attackers.
“Cyber criminals are operating at every phase of the cryptocurrency ecosystem. One common cyber attack is on cryptocurrency exchanges,” Aladenusi explained. “It involves flooding the exchange with requests so that it becomes unusable (what we call Distributed Denial of Service (DDoS) attacks), in order to swing the value of the currencies.”
Attackers do not just go for the existing cryptocurrencies, they also look to control computer systems with the aim of converting them for mining purposes. In November, 2017, AlienVault, a US cybersecurity company said it had found a piece of malware, of malicious software, that places a mining application on a victim’s computer. Any mined cryptocurrency is then sent to North Korea – specifically to Kim II Sung University in Pyongyang.
There were other instances of North Korean attackers mining monero. A group called Andariel took over a server at a South Korean company last year and used it to mine the cryptocurrency.
Crypto wallets also present vulnerability spot for attackers. Most of the transactions on cryptocurrencies take place inside the wallets which are equivalents of bank accounts. People use their wallets to monitor their balance, send money and conduct other operations. As protection, each wallet come with a private key that helps verify ownership of cryptocurrencies.
Criminals however, attack these wallets to steal the cryptocurrencies.
Recently, a North Korean hacking outfit called Lazarus associated with the Sony Entertainment data theft was reported to have targeted cryptocurrency investors and exchanges late last year. The malware used in the attack was created in mid-October and November, just as bitcoin began surging to jaw-dropping heights, according to a report from Recorded Future, a cybersecurity firm.
The attack on the South Korean company, Yapian, the operator of crypto-exchange Youbit, in December 2017 halted trading to cryptocurrencies on the company’s platform while it later filed for bankruptcy. The Wall Street Journal reported that Yapian had 17 percent of its digital currency holdings stolen.
A research from Kaspersky Lab has also revealed that out of $3.5 billion realised from ICOs in 2017, about $300 million of them were stolen through cyber attacks. The interest of attackers to ICO is caused by large amounts in this market. Kaspersky Lab noted that hackers are interested in the ICO procedure, as this direction is actively developing and attracting more banks and companies.
Aladenusi expects the trend to continue in 2018 as cryptocurrencies and ICOs continue to dominate the headlines.
