Phishing has become the most effective way to steal cryptocurrency and tokens for ICO (Initial Coin Offering) projects, according to the results of a recent study by Russian Group-IB.
According to Group-IB experts ICOs currently remain a primary target of cyber-attacks on the global cryptocurrency, with phishing currently being the major tool used for such attacks.
This view is shared by the experts at the Russian Ministry of Internal Affairs department fighting cyber-crimes who told to SC Media UK that in recent years the number of such attacks both in Russia and the rest of Europe has significantly increased, while in Russia alone the losses are equivalent to £78 million to £116 million per quarter.
The largest theft of cryptocurrency as a result of a phishing attack occurred in 2015, when about 19,000 bitcoins (about (£3.9 million at the rate as of 2015) were stolen from the Bitstamp Exchange.
As a rule, phishing is used for the theft of private keys (special codes) from crypto-currency wallets. By clicking on a false link to the pseudo-ICO site, an owner of cryptocurrency enters their access code into a fake form, created and controlled by a scammer.
Another danger lurks during the sending of a money transfer request bya cryptocurrency owner. In this case, a victim is trying to make a money transfer via a fake web-site, using confidential data, which is compromised.
According to the Etherscamdb.info aggregator, at the beginning of 2018, there were 2,581 large phishing web-sites on the Internet, which includes "clones" of ICO projects on the platform. Of these, the largest number - 2,214 - were phishing copies of the MyEtherWallet crypto-currency wallet site (MEW, MyEtherWallet.com).
Alexander Lazarenko, head of the security department of Block-C projects at Group-IB said MEW is one of the most popular wallets in the world to store Ethereum cryptographic and tokens based on it. Therefore, it is the subject of the greatest number of phishing attacks.
Since the beginning of 2018, MEW has already been the subject of two serious cyber-attacks, the last of which occurred in early July. At that time the popular Hola VPN service was compromised, which created a danger of everyone who used this plugin having their cryptowallets hacked.
Earlier in April, the MyEtherWallet DNS servers were hacked, which allowed hackers to redirect MEW users to a fake website which enabled the hackers to gain access to their personal data.
Lazarenko adds that the human element is often a factor, telling SC: "When people invest in a rush, they are not inclined to spend time managing how they send the information. Therefore, often they do not check the legitimacy of postal and domain addresses. There is a need to remember that a difference of just one letter in the domain name can cost a user all of their money.
According to Positive Technologies, hackers conduct attacks on cryptographic exchanges not only to stealing money, but also to influence the exchange rates of the cryptocurrency. The likelihood of such attacks, according to analysts, has grown since the launch of futures tradings on bitcoin in December 2017.
Overall, 56 percent of all lost ICO funds are reported to be the result of phishing attacks.