The emergence of cryptocurrency has coincided with an increased awareness of investment avenues, especially among millennials. However, it is not just the investors who are looking at blockchain-backed cryptocurrency as a way out of a centralized financial system. Thieves and malicious actors are also excited about the prospect of unregulated money. It opens new attack surfaces for hackers to breach and vanish without leaving any trace.
The use of cryptocurrency in criminal activities was first observed in the infamous Silk Road marketplace. The site, which was accessible only through the Tor network, allowed users to buy and sell illegal goods and services using Bitcoin. The site was eventually shut down by the FBI in 2013, but not before it had generated $1.2 billion in sales.
What is cryptocurrency and blockchain?
Cryptocurrency is a digital tender created using computers' programming and processing powers. Cryptocurrency’s legitimacy is ensured through a blockchain, which is a decentralized public ledger where all transactions are democratically verified and stored.
A blockchain transmits and confirms cryptographic transactions almost instantly. Because they are controlled by a worldwide network of computers, they are difficult to trace back to their original location. You can send cryptocurrency to someone in your neighbourhood or worldwide without scrutiny.
See more about Blockchain Smart Contracts
What makes blockchain appealing to cybercriminals?
The key advantage that blockchain has over traditional financial systems is that it is decentralized. There is no central authority like a bank or government that can shut it down. This makes it an attractive target for criminals who want to launder money or carry out other illegal activities.
Another advantage of blockchain is that it is pseudonymous. Transactions are stored on the blockchain, but they are not linked to any real-world identities. This makes it difficult for law enforcement to trace who is behind a particular transaction.
This ease of transaction, coupled with its anonymity, makes cryptocurrencies the most popular form of payment on the dark web. The Darknet has proven to be a popular location for illegal operations using private currencies, such as Monero and Verge, which provide even greater anonymity. Cybercriminals target cryptocurrencies in numerous cyberattacks, the most common being ransomware, DDoS extortion, cryptojacking, and cryptocurrency exchange attacks.
See more about Cryptojacking
Important cryptocurrency security measures
Cryptographic keys and seeds need to be generated safely and securely when used in cryptocurrency. Developers must prioritize confidentiality when reviewing security procedures for an organization. Newly developed keys and seeds are kept confidential and away from prying eyes. Unguessable numbers assure that nobody can mimic the genuine holder of the key/seed.
Use of a wallet/key
Maintaining the integrity of bitcoin wallets and keys is critical. Developers and organizations can use best practices to avoid hazards, such as lost or stolen keys or unintentional revelation of the wallet owner's identity. A few best practices are:
Creating distinct addresses for each transaction
Requiring at least two signatures to spend funds from the wallet
Only use keys/seeds in trusted contexts
Verifying the identity, references, and background of all key/seed holders
Creating duplicate keys for each wallet for recovery purposes
Storing keys with signing authority across locations
Using blockchain for business
If you are using blockchain technology in your business, it is important to:
control all cryptographic information
Provide training for each key holder
Have processes for withdrawing rights when employees leave the company
Apply the principle of least privilege where users get only the permissions their role requires.
Cryptocurrencies and blockchain technology are here to stay. While they have many legitimate uses, they are also attractive to criminals due to their anonymity and decentralization. It is important to be aware of the risks associated with these technologies and take steps to protect yourself and your business.
10 January - Blog
Your Guide to Objective-Based Penetration Testing
14 December - Blog
2022 in Review and Our Predictions for 2023: Cyber-Threat Landscape
05 December - Blog
Choosing a Penetration Testing Company: Methodology & Certifications