According to research conducted by Group-IB, clients of cryptocurrency exchanges risk less than the owners of trading platforms. Since the beginning of 2017, 14 successful attacks on exchange offices were committed, resulting in financial losses of $ 882 million. The largest of them occurred in January 2018. Then the attackers managed to pick up more than 500 million NEM (XEM) tokens from the Coincheck exchange, totaling $ 534 million.
It is not known how many hacker attacks were committed over the past years. In some cases, companies prefer to cover losses on their own and not advertise the fact of vulnerability. Now we know for sure that 14 attacks have been crowned with success. According to a Group-IB study, hackers tend to seize access to personal wallets and user passwords.
To do this, they find loopholes in the servers where this information is stored. By sending emails with malware, they sometimes manage to get on local networks. It is from there that the necessary data is downloaded. The most famous group of hackers is South Korean Lazarus, which launched the attack on Coincheck. In total, it took responsibility for 5 successful actions.
However, to withdraw the stolen is not so simple. Despite the blockchain's anonymity, it is enough to simply track the chain of movement of information. Attempts by hackers to cash tokens stolen from Coincheck have not yet succeeded.
Not only stock exchanges are attacked. According to experts of Group-IB, the organizers of ICO in 2017 lost more than 10% of all funds raised. The most common problem was the lack of technical preparedness of the projects and the low level of awareness of their management.
Since the blockchain was just beginning to enter the world, project developers had little experience in terms of security. Now the situation is changing, and technical training of specialists has become much higher.
So, during the research, it was found out. Most often, hackers acted in the most primitive way, through phishing. That is, they simply picked up passwords by randomly sorting out combinations of characters.