According to the Cryptocurrency Anti-Money Laundering Reportfrom Ciphertrace some $927 million had been stolen from cryptocurrency exchanges in the first three quarters of 2018 alone. That total will almost certainly have hit, if not smashed straight through, the $1 billion mark by now. So, who were the hackers behind the heists and how did they get away with it?
The how remains sadly predictable throughout the year, truth be told; exploiting vulnerabilities in crypto wallet software and servers, social engineering/password compromises and insider theft. The who covers equally predictable territory with lone wolf criminal opportunists at the lower end of scale through to well-resourced nation-state actors at the other.
So, there’s a 21 year old opportunist criminal who managed to steal $1 million from the Coinbase and Gemini accounts of San Francisco resident Robert Ross after convincing the victims mobile network provider to assign that phone number to his own device. Once he had succeeded in this SIM-swapping endeavor, an increasingly common method used to compromise otherwise secure accounts by gaining access to two-factor authentication codes sent via SMS, the criminal was able to access the crypto accounts with relative ease.
Then there are the state-sponsored actors.
North Korea remains firmly in the cross-hairs for anyone investigating cryptocurrency theft, especially at the bigger end of the attack scale. One group in particular, the Lazarus Group, is thought to have been involved in a number of attacks. Often launching their attacks out of China, possibly in order to try and obfuscate accurate geo-political attribution, the Lazarus actors are widely thought to be nation-state players tasked with cyber heists to help boost the beleaguered North Korean economy. In this regard, Lazarus is thought to have been spectacularly successful: more than $571 million in cryptocurrency is reported to have been stolen by the Lazarus Group since the start of 2017 and it is thought that 65% of stolen cryptocurrency ends up in North Korea.