Cryptocurrency exchanges increasingly targeted by cyberattacks
News roundup: Cryptocurrency exchanges are folding because of targeted cyberattacks. Plus, five hackers were arrested in connection with international ransomware attacks, and more.
Hacks on cryptocurrency exchanges seem to be on the rise.
Youbit, a cryptocurrency exchange in South Korea, filed for bankruptcy after losing 17% of its assets in the second cyberattack it has suffered in the last year. In April 2017, Youbit lost nearly 4,000 bitcoins in the first attack -- worth about $5 million at the time of the theft but now valued at tens of millions of dollars.
Youbit has said that its customers' cryptocurrency assets will be marked down to 75% of the full value and has stopped all trading in an attempt to minimize any further losses to the company and its customers.
Korea Internet & Security Agency (KISA), the South Korean government agency responsible for internet security, linked the April cyberattack to North Korea, though there's no word yet on who may be behind the most recent attack. Attacks on other cryptocurrency exchanges Bithumb and Coinis this year have also been blamed on North Korea.
Youbit is one of the smaller cryptocurrency exchanges in South Korea, while Bithumb has about 70% of the bitcoin trading market share in the country.
A different cryptocurrency exchange, EtherDelta, took to Twitter to alert its customers to a cyberattack on its systems.
1/2 *IMPORTANT* we have reason to believe that there had been malicious attacks that temporarily gained access to @etherdelta DNS server. We are investigating this issue right now - in the meantime please *DONOT* use the current site.
— EtherDelta (@etherdelta) December 20, 2017
⚠️ 2/2 *BE AWARE* The imposer's app has no CHAT button on the navigation bar nor the offical Twitter Feed on the bottom right. It is also populated with a fake order book.
— EtherDelta (@etherdelta) December 20, 2017
EtherDelta shut down its site and services when it learned of the cyberattack. In its tweets, the exchange warned that its DNS server was compromised by malicious actors. Since the initial tweets, EtherDelta followed up Thursday morning saying it is "in the last step to bring the service back."
EtherDelta is ranked as the 85th largest cryptocurrency exchange, according to CoinMarketCap. It is known for offering a selection of alternate cryptocurrencies before they become widely available and is only a cryptocurrency-to-cryptocurrency trading platform; customers cannot convert cryptocurrency holdings to fiat currencies through EtherDelta.
DNS hijacking attacks on cryptocurrency exchanges aren't unusual either, as the websites of Classic Ether Wallet and Etherparty initial coin offering also both suffered similar attacks this year.
Hackers were also recently able to steal nearly 4,700 bitcoin, worth almost $80 million at the time of the theft, from Slovenian bitcoin exchange NiceHash.
In other news:
- The facial recognition authentication technology in Windows 10, called Hello, can be bypassed with a simple photograph, according to security researchers. Matthias Deeg and Philipp Buchegger of the penetration testing company SySS GmbH, based in Tubingen, Germany, posted a warning about the issue with the Hello program earlier this week. "Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows Hello face authentication via a simple spoofing attack using a modified printed photo of an authorized person," the researchers explained. They listed seven different builds of four different versions of Windows 10 Pro that are affected by the vulnerability. The researchers also noted that enabling "enhanced anti-spoofing" on the system makes the spoofing attack less reliable, but it doesn't actually stop the attack.
- Facebook introduced a new anti-phishing security feature this week that enables users to check if the emails they receive from the company are legitimate. Facebook notifies its users when there is a suspicious login attempt or authentication activity on their account by sending them an email. Malicious actors often try to spoof those emails and trick Facebook users into clicking on a malicious link or going to a phishing site. Now, when users receive an email, they can log in to their Facebook account, check their security settings, and see any recent emails Facebook has sent them. If an email is listed as sent, they know what's in their email inbox is legitimate. If no email is listed, users know that what they received is malicious. This new feature is the latest attempt by Facebook to prove that it takes user security seriously. The company came under fire when it was discovered that malicious actors tied to Russia placed thousands of ads on Facebook in an attempt to influence the 2016 U.S. presidential election. Mark Zuckerberg followed up by saying, "We're serious about preventing abuse on our platforms. We're investing so much in security that it will impact our profitability. Protecting our community is more important than maximizing our profits."
- Five hackers were arrested in Romania this week due to ties with international ransomware attacks. Romanian law enforcement worked with authorities from the Netherlands, the United Kingdom and the U.S., as well as Europol and security company McAfee to bring in the suspects who allegedly spread ransomware through Europe and the U.S. They seized hard drives, laptops, external storage devices, cryptocurrency mining tools and documents from the suspects' houses in connection with strains of ransomware known as CTB-Locker or Critroini and Cerber. The suspects are not thought to be the authors of the ransomware, but distributors of it. CTB-Locker ransomware is known to be difficult to detect and often spreads through phishing messages. It was one of the first ransomware families that used the Tor network to hide its command-and-control infrastructure.