Cryptocurrency needs Cyber Security, it's really not that secure!

Cryptocurrency necessitates Cybersecurity and here's why.

Cryptocurrency is nothing but a digital currency that can be exchanged for good and services like fiat currency ( paper currency ) is used. But 2 major differences between fiat currency and cryptocurrency are:-

  1. Crypto is a decentralized currency, which means no single authority has power over its regulations( to an extent), deciding its price, becoming an intermediary, or easily able to track the sender and recipient.

Let’s take a deep dive into this revolutionary technology of crypto & blockchain and find out is it really as secure as we think it is!!!

So How does this amazing cryptocurrency actually work?

Cryptocurrency is based on amazing blockchain technology. In blockchain when a crypto transaction occurs, i.e sending and receiving of crypto, a block of data (an alphanumeric code that signifies the cryptocurrency and its value) is created and shared across all the computers (or nodes) attached to the network. Think of this block as a series of such transactions. Once this block is verified by the crypto mining computers, a formal record gets entered into the decentralized database(decentralized ledger)for everyone (who is on that network) to see. Then, when that same cryptocurrency has to be sold again, another block gets created. The previous transaction (or block) is not erased. The new block gets attached to the old block to form a chain (hence the term blockchain) for everyone to see the trail. This way of record-keeping also means that the transaction cannot be reversed.

According to many blockchain experts

Blockchains could potentially help improve cyber defense as the platform can secure, prevent fraudulent activities through consensus mechanisms, and detect data tampering based on its underlying characteristics of immutability,
transparency, auditability, data encryption & operational resilience (including no single point of failure)

So if this Blockchain is soo good then why does it need CyberSecurity?

As Cillian Leonowicz, Senior Manager at Deloitte correctly said

Blockchain’s characteristics do not provide an impenetrable panacea to all cyber ills, to think the same would be naïve at best, instead as with other technologies
blockchain implementations and roll outs must include typical system and network cyber security controls, due diligence, practice and procedures.

There is a very significant reason behind this statement: Blockchain was initially created without specific access controls due to its public nature and cryptocurrency is an open-source project and people have access to the source code and can make new cryptocurrencies based on other crypto models. But here is the tricky part, many of the upcoming shit coins (as traders like to call it) do not have even a single entity/person backing them. . People are just investing in the meme coins because it is cool these days and they expect to make a huge amount of money overnight but for many of these there is no team that can work on it to improve it or take immediate action if something goes wrong in the network as it happens with many stable cryptos as well such as ETH or UNI, and if this actually happens and you lose your money who do you look up to for help?

The answer is NO ONE.

On top of that many of these have no technical use cases because they were never made from a technological POV.

Okay, this was not an alarming CyberSec. concern and I'm not against crypto in fact I love it but we have to understand as technology has evolved so have Cyber attacks. Well, there are many but let's take a look at my 2 favorite Cryptocurrency threats, not Blockchain but specifically Cryptocurrency.

1. CRYPTOJACKING

Cryptojacking is the unauthorized use of someone else's computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser. Hackers have 2 ways to get into a victim's computer and mine cryptocurrency i.e by a phishing attack that will send the victim email which looks legitimate but have malicious javascript obfuscated within it. When the victims click the link, the script gets loaded in the background and starts mining crypto for the hacker and the victim won't even know what happened.

The other way is to inject a script on a website or an ad that is displayed on many websites. Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers. Whichever method is used, the code runs complex mathematical problems on the victims’ computers and sends the results to a server that the hacker controls. These scripts also have worms that means these scripts will infect all devices on that network and the only thing the victim would notice is slow and downgraded speed and processing of their computer which makes these scripts even harder to detect.

Click here to read the full report

The mined crypto is then converted into another crypto such as Monero or Zcash which is much harder to track. If you want to read and understand it in more Depth you can go through a detailed ISTR report by Symantec which explains how machines that are fully patched can also fall victim to this attack.

2. Crypto Malware

Now this an interesting topic, we've seen ransomware and other malicious malware but have you seen malware that will not cause any damage to the victim's files and information by encrypting and asking him/her for money but still manages to earn a fortune? And yes there are Cryptomining malware’s as we discussed above but here I want to especially talk about a particular type of malware that I really like.

JavaScript-based Remote Access Trojan (RAT) and cryptocurrency stealer aka ViperSoftX. This malware has spawned in the last 2–3 years as cryptocurrency is gaining popularity and more & more people are investing in it. Its main functionality is to replace crypto wallets and steal cryptocurrency.

Persistency

ViperSoftX starts by placing a copy of itself under %APPDATA%. It attempts to disguise itself by using legitimate names such as vpn_port.dll, reg.converter.sys, etc. To establish persistency, the malware drops another script file under %APPDATA% and creates a shortcut in the startup directory to invoke it. The dropped script is a VBScript file, which in turn, executes ViperSoftX:

VB Script

RAT Functionality

After that, it queries its server to fetch commands for execution and sleeps for a certain time period. Then it starts the malicious activity it was designed for i.e. cryptocurrency stealing.

ViperSoftX checks the content of the clipboard persistently using the following code:

It then checks to see if the content matches either of two regex patterns that aim to match either a Bitcoin or an Ethereum address. In case of a match, and if the addresses are different from the addresses hardcoded in ViperSoftX, it sets the clipboard data to its own addresses using the following command.

This may seem like simple malware by a script kiddie but what's interesting is that the malware is 8 Layers obfuscated before it actually executes the actual payload which makes it even difficult to reverse engineer and find the source. 4 types of Obfuscation techniques were used:-

  1. AES Decryption

This malware did not cause extreme damage to a single person in particular but there are many different renditions of this malware and when that is taken into consideration it accounts for millions of dollars that are stolen in cryptocurrency worldwide. Here is a video analysis of one of its renditions by John Hammond.

So How to mitigate these attacks and protect ourselves?

  1. Deploy a network monitoring mechanism.

Hope you found this helpful. If you liked this article or if it helped you in any way. Please leave some claps and comments. I wouldn’t mind all 50 of them ;)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prateek Parashar

Computer Science graduate who is passionate about CyberSecurity. An IoT and Crypto enthusiast.