While leaving behind the most critical vulnerability of the year, it is time to look at the issues discussed by the cybersecurity world throughout 2021. We have compiled the cyberattacks on the blockchain technology front, one of the frequently discussed topics of recent years.
But first, let’s try to briefly explain what this technology is and its relationship with the field of cyber security.
The Future of Finance: Blockchain Technology
In 2008, foundations of new technology were laid in the finance sector. It was blockchain technology. Popularized by Satoshi Nakamoto, an anonymous person or a group of people, a blockchain aims to establish digital network systems with four main principles: security, anonymity, transparency, and immutability.
Blockchains form a decentralized structure consisting of many computer systems named nodes; as a result, a more secure and reliable system is created. For example, if one of the blockchain’s nodes were compromised, the compromised node would be evident because all other nodes of the blockchain remain pure.
If threat actors want to infiltrate a blockchain, they would have to hack every node in the blockchain. Moreover, the fact that the system does not depend on one computer only makes it more reliable in case of a predicament.
Blockchain technology’s most common use case is cryptocurrency systems, such as Bitcoin. The reliability of blockchains has allowed people to form digital finance systems, and the plans are being developed and improved along with gaining popularity.
A downside of the increase in popularity is that hackers have turned their attention to cryptocurrency systems and blockchain in general. Even though blockchain systems are regarded as safe, many security breaches and exploits on blockchain technology have been many.
Hackers Targeting The Unhackable
Threat actors have found ways to exploit blockchain companies and cryptocurrency exchanges, devastating results. In 2018, more than $1.5 billion in cryptocurrency was lost to social engineering attacks and crypto wallet theft.
Since December 2017, around five percent of all bitcoin in circulation have been stolen by attacks on cryptocurrency exchanges. Lastly, attacks on significant cryptocurrency exchange companies such as Mt. Gox and Bitfinex have cost the companies around $350 million and $72 million, respectively.
In addition to financial damage, the threat actors exploit blockchain companies in every way they can, one of which is stealing PII, personally identifiable information of customers. Blockchain companies collect a vast amount of data from their customers for security reasons. This “Know Your Customer” policy puts the companies in the scope of hackers. If the hackers steal customer data, they leverage the stolen PII by selling the data on Dark Web forums.
Top Cyber Attacks to Blockchain Related Companies in 2021
A decentralized finance “DeFi” project named PolyNetwork was hacked in August 2021, resulting in over $600 million loss. The company has announced that more than %99 of the stolen money was returned to the firm. The attack has become the most prominent cryptocurrency theft, surpassing an attack on Coincheck in 2018, which had over $534 million stolen. After the attack, PolyNetwork has asked the threat actor to become the chief security advisor to the company.
Cream Finance, another decentralized finance project, was hacked three times this year. The first hack occurred in February, costing the company around $37 million. In August 2021, another hack worth $29 million took place because of an exploit in the company’s source code. The last attack resulted in $130million stolen cryptocurrency from the company in October. The third hack on Cream Finance has become the second biggest crypto attack in 2021.
A Japanese crypto exchange platform named Liquid was hit with an attack in August 2021. The hackers have stolen an estimated worth of $97million in digital currency. After the attack, Liquid has announced that some digital wallets were compromised and suspended all deposit and withdrawal operations.
Another DeFi platform named bZx was hacked this year in November. After the attack, the company has posted a preliminary post mortem report stating that the hacker has used a phishing attack to steal private keys and gain access to the victim developer’s wallet. The developer was phished with an email attachment, a Microsoft Word document including malicious macros. The hacker has stolen $55million worth of cryptocurrency from the company.
Discover SOCRadar® Free Edition
With SOCRadar® Free Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Try for free