With the growth of bitcoin popularity comes the danger of hacker attention. Industry insiders estimate that cryptocurrency attacks have cost governments and businesses nearly $11.3 billion in the past decade. As more people invest in bitcoins—some less savvy about security than others—there are new avenues for bitcoin attacks.
Bitcoin Heist Definition and Examples
Often referred to as cryptocurrency theft, Bitcoin heists are quickly becoming a preferred method of carrying out what is commonly known as a cyberheist. Bitcoin heists are typically carried out on a large scale by means of traditional hacking, phishing, or social engineering tactics. Consider, for example, these real-life bitcoin heists:
- Mt. Gox. The first successful bitcoin exchange in the world, Mt. Gox experienced a massive heist in 2014 through which attackers made off with 80,000 bitcoins.
- Fake Job Lure. The Lazarus Group is an attacker entity that has been known for a series of spear-phishing attacks aimed at bitcoin targets. A recent fake job post for a position at a bitcoin wallet software and exchange in London held a Trojan RAT disguised as a Microsoft Word doc macro.
- Bitfinex. In 2016, a hacker managed to access the bitcoin wallets of Bitfinex, a large Bitcoin exchange, also overriding their withdrawal limits—all within such a short time, there was nothing the company could do. The result was a $60 million hit.
- NiceHash. In December of last year, NiceHash—a marketplace where bitcoin miners who want to create new coins can match up with those offering spare computing power—reported theft of more than $89 million worth of bitcoins.
The list goes on and on. With the amount of cryptocurrency being exchanged on a daily basis, Bitcoin heists are expected to continue to rise in 2018 and beyond.
Protecting Your Assets
Successful phishing and social engineering attacks are often the result of unaware users. While not all of the Bitcoin heists highlighted here were the result of phishing or social engineering attacks, they are the preferred method for cryptocurrency thieves. In addition to security controls, security awareness training for your staff is one of the best defenses against malicious cyber attacks. With the proper level of awareness and training, your team will have the ability to proactively identify threats and alert others to take action.