In 2018, many financial supervision authorities declared war on cryptocurrency exchanges in the interest of their clients, whose assets are being increasingly targeted by cybercriminals.
Last year the prices of bitcoin and etherum expressed in the USD fell by 80 per cent. Besides market factors, these price movements may have also been affected by the activities of the United States Securities and Exchange Commission (SEC).
In November 2018 alone, the SEC brought several charges against, among others, Zachary Coburn, the owner of the EtherDelta cryptocurrency trading platform, and against cryptocurrency exchanges, such as CarrierEQ Inc. (Airfox) and Paragon Coin Inc. The main allegations are that activities were carried out without appropriate permits. These are the first cases where sanctions for the infringement of regulations have been applied against cryptocurrency platforms.
The SEC has been waging an open war against the cryptocurrency trading platforms since the beginning of last year. Due to the increasing popularity of investment in bitcoin and etherum, such exchanges have become targets for more frequent hacking attacks. According to a report prepared by Group-IB, only in the period from 2017 to the Q3’18, hackers managed to attack at least 13 major cryptocurrency exchanges, causing losses estimated at USD877m. As much as 60 per cent of the stolen funds came from Coincheck, a Japanese cryptocurrency exchange. From 2016 to 2017, the number of hacking attempts against individual user accounts increased by 369 per cent.
Sudden attack on the exchange
The Far East Asian countries and the United States suffered from the highest numbers of attacks. Asia is home to 21 out of 40 organized groups involved in cybercrime. Many attacks are carried out by hackers from North Korea. In the period under consideration, at least five cryptocurrency exchanges were attacked by a North Korean hacker group named “Lazarus”, which stole more than USD500m.
One of the most spectacular attacks took place on January 28th, 2018, at the Japanese cryptocurrency exchange Coincheck The losses of the 260,000 victims were estimated at USD530m. This amount accounted for 25 per cent of the entire market capitalization. Despite that, this attack was less significant than the one organized in 2011 against the Mt. Gox exchange which, three years later was forced to declare bankruptcy due to insolvency.
Coincheck became an easy target for the hackers because the funds collected in the cryptocurrency were stored in a so-called hot wallet that was made available to users on-line. In order to secure the collected funds against hacker attacks, most cryptocurrency platforms use a system with multiple signatures and store their cryptocurrency tokens in a so-called cold wallet, which does not have a direct connection to the internet. On September 14th, hackers attacked the Japanese Zaif exchange in a similar way, stealing the equivalent of USD60m. This was the second attack on that exchange in 2018. However, the cybercriminals are not limiting their attacks to poorly secured cryptocurrency platforms.
Phishing is another method used for attacking the exchange users’ accounts. This method was used, among others, in March 2018, during an attack on the Golix cryptocurrency platform in Zimbabwe. The criminals used the email accounts of the exchange users, through which they obtained direct access to their exchange accounts. However, thanks to the requirement of additional verification, the Golix exchange prevented the criminals from withdrawing the funds stored on the clients’ accounts.
Phishing was also used in hacking attacks on the Chinese exchange Binance, which took place in January and February 2018. The criminals created a domain deceptively similar to the Binance exchange’s original one. The users [unintentionally] provided their data to the hackers by logging into their accounts through the fake website. However, the Binance system blocked suspicious withdrawals, thereby thwarting the attack.
Another tool in the cybercriminals’ arsenal, is malicious software (malware) which mainly attacks computers, utilizing their computing power for mining cryptocurrencies. So-called “51 per cent attacks” are becoming more frequent. On December 4th, 2018, this method was used to attack the Vercoin cryptocurrency. Such attacks take place when a “miner” or a group of “miners” [i.e. people who obtain cryptocurrencies using the computing power of their computers — editor’s note] control more than 50 per cent of the computing power of a given blockchain network. This control makes it possible to generate a false blockchain and allows other “miners” to block transaction verification. This results in so-called double spending.
Banks are terminating agreements
Because of the cyber threats resulting from the increasing popularity of investment in cryptocurrencies, the Polish Financial Supervision Authority started to monitor the activity of the cryptocurrency platforms. The PFSA has already put some Polish exchanges suspected of operating without appropriate permits on a public warnings list. As they were unable to verify the source of the capital used in the cryptocurrency transactions, a large number of banks started terminating their agreements with the cryptocurrency exchanges.
The termination of agreements by commercial banks is the result of an obligation imposed by the PFSA, pursuant to which the banks must verify the entities trading in cryptocurrencies in accordance with the Act on Counteracting Money Laundering and Terrorism Financing. This Act entered into force in July 2018, and required the cryptocurrency exchanges to obtain the relevant permits, including ones issued by the Polish Financial Supervision Authority, concerning the execution of payment services in the area of operating and managing payment accounts and the performance of payment transactions in accordance with the Payment Services Act. In order to avoid being accused of criminal activity, most cryptocurrency platforms started to apply the new rules even before they entered into force. This led to dissatisfaction among the users, who ceased being completely anonymous.
The Polish Financial Supervision Authority is not, of course, the only institution to issue warnings against investing in cryptocurrencies. In March, the Belgian Financial Services and Markets Authority warned against 19 cryptocurrency exchanges which it accused of defrauding their customers. Meanwhile, the Belgian government has been conducting an informational campaign in cooperation with the supervisory body since June last year. The website entitled “Too Good to Be True” presents, among others, the stories of people who lost funds they had invested or who were defrauded by a cryptocurrency exchange. In addition, the websites trading in tokens which use the earned funds for criminal activities and money laundering are shown as examples of fraud. In October 2018, the Belgian financial supervision authority updated the list of entities trading in cryptocurrencies, extending it to 99 entities. The supervisory body also reminded the public that at present the activity of cryptocurrency exchanges was not subject to any oversight.
A similar warning was issued by Malta. The Malta Financial Services Authority warned, among others, against the platform known as Primetradingbot. Meanwhile, in November 2018 similar warnings concerning entities trading in cryptocurrencies were issued, among others, by the Italian Companies and Exchange Commission (CONSOB) and the UK’s Financial Conduct Authority (FCA). The German Federal Financial Supervisory Authority also issued such warnings in December 2018.