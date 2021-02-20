Crypto price surge invites a torrent of crypto crime

Alexis Keenan and Daniel Howley

Bitcoin soared past $50,000 per coin for the first time on Tuesday, and three days later its market cap surpassed $1 trillion. To say the cryptocurrency and altcoins have been on a tear is an understatement — especially after Tesla (TSLA) bought $1.5 billion in bitcoin earlier this month. And as the prices of these digital assets increase, so does the temptation to heist cryptocurrency.

The Justice Department unsealed an indictment Wednesday alleging North Korean military hackers schemed to steal money and cryptocurrency around the world as part of a larger plot involving Sony Pictures. That indictment spurred a warning from the FBI and Department of Homeland Security: Hackers are upping their games to steal cryptocurrency.

But it’s not just nation states stealing digital wallets worth millions. Cybercriminals are increasingly targeting individuals and businesses to surreptitiously mine cryptocurrency using unsuspecting victims’ computer systems in a cyberattack called cryptojacking.

[Read more: Tesla's big bitcoin bet could come back to bite the EV maker]

“We've certainly seen in the past, a pretty reasonably good correlation between the price of bitcoin and the amount of cryptojacking activity,” Chester Wisniewski, principal research scientist at cybersecurity firm Sophos, told Yahoo Finance.

Experts say there are ways to reduce vulnerability to attacks by following basic and more sophisticated cybersecurity measures, starting with secure passwords.

International cybercriminals are stealing millions

North Korea and Iran, which are subject to U.S. sanctions, have leaned on cyberattacks against digital wallets to grow their coffers.

“North Korea's operative, using keyboards rather than guns, stealing digital wallets and cryptocurrency instead of stacks of cash, have become the world's leading bank robbers,” federal prosecutor John Demers told reporters this week after the indictment was unsealed.

Assistant Attorney General for National Security John C. Demers speaks during a virtual news conference at the Department of Justice in Washington, U.S., October 28, 2020 Sarah Silbiger/Pool via REUTERS
Assistant Attorney General for National Security John C. Demers speaks during a virtual news conference at the Department of Justice in Washington, U.S., October 28, 2020. He announced the unsealed indictment against the North Korean hackers on Feb. 17, 2021. Sarah Silbiger/Pool via REUTERS

Prosecutors allege hackers working for North Korea’s government targeted cryptocurrency companies and stole tens of millions of dollars’ worth of cryptocurrency, including $11.8 million from a financial services company in New York in 2020. The hackers used malware called CryptoNeuro Trader as a backdoor into victims’ computers, stealing $24 million from an Indonesian cryptocurrency company in 2018, and $75 million from a Slovenian cryptocurrency company in 2017, according to the indictment.

The malware provided a back door to steal private keys, the indictment said. The illegitimate software was marketed under names including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale.

“It appears that this malware is very sophisticated, in the sense in that it is impersonating a legitimate piece of software...which is a powerful concept,” says Yehuda Lindell CEO & Co-founder of Unbound Tech, which provides cryptographic infrastructure, including key management and protection.

[Read more: What is dogecoin? Elon Musk has sent the meme cryptocurrency soaring]

While crypto asset holders may avoid clicking on an unfamiliar link, Lindell said, they might be more inclined to install an update that appears to come from a trading platform.

“Once you have malware, that has access to whatever keys you have done, then obviously that malware can go ahead and do whatever it wants and steal your funds,” Lindell said. ”If somebody manages to steal your funds, there's actually no way of getting them back, at all.”

Another problem is that not all cryptocurrency exchanges have the same security posture, compared to traditional banks, Lindell said. And when the incentive is so high, he said, the methods for theft become more sophisticated. “It’s direct money,” he said, unlike credit card number and password hacks that take added steps to convert to something of value.

According to a report from Amsterdam-based blockchain analytics firm Crystal Blockchain cited by Coindesk, hackers and scammers are known to have stolen $7.6 billion in cryptocurrency between 2011 and late 2020.

Rise in “Cryptojacking” targeting consumers, businesses

Beyond direct attacks on crypto wallets, cybercriminals are increasingly launching cryptojacking attacks against consumers and businesses to mine bitcoin and other cryptocurrencies. The criminals infiltrate and gobble up a target machines’ system resources, as a substitute for investing in their own computing power. Telltale signs of a cryptojacking attack can include sluggish performance and use of an unusually large amount of energy.

“Whenever you have something like this that is valuable, now all of a sudden more people are going to be willing to do things like...put little Trojan software and other things like this on people's computers to mine this cryptocurrency,” NYU Tandon School of Engineering processor Justin Cappos told Yahoo Finance.

[Read more: MicroStrategy CEO sees an 'avalanche' of companies buying bitcoin]

For the average user, cryptojacking could mean a slowdown in their computer’s performance, or an increase in their electricity bill as hackers force victims’ machines to operate at full throttle to mine cryptocurrencies as fast as possible. More sophisticated cybercriminals, however, will go after large businesses that rely on cloud platforms like Amazon’s (AMZN) AWS or Microsoft’s (MSFT) Azure to mine cryptocurrencies, Cappos said.

A Bitcoin ATM sign is pictured in a bodega in the Manhattan borough of New York City, New York, U.S., February 9, 2021. REUTERS/Carlo Allegri
A Bitcoin ATM sign is pictured in a bodega in the Manhattan borough of New York City, New York, U.S., February 9, 2021. REUTERS/Carlo Allegri

According to Wisniewski, cybercriminals install malware in businesses’ software running on AWS or Azure. The malware doesn’t touch AWS or Azure, but forces the business’s software to use a greater amount of computing resources from those services than they otherwise would to handle the intensive task of mining.

Such a dramatic increase in usage could add several thousand dollars to a company’s electric bill in a single month — and that high bill could be the only sign of an intrusion.

Protecting your digital wallet

To stave off an attack on a digital wallet or platform, Lindell advises individuals and entities to invest in professional security. Protecting cryptocurrency the same way as protecting your bank account, he said, “That's not going to cut it.”

Experts say the best way to think about the abstract concept of cryptocurrency funds, is to consider the funds and the account holder’s secret key as one and the same. How those keys are stored can vary, depending on how the assets are held.

Among three models, one is a custody model where an entity, such a cryptocurrency trading platform like Coinbase, holds and is responsible for protecting the key, and the asset holder uses a password to access funds associated with that key. A second model is one where the asset holder independently holds and is responsible for the key.

“Both of these models are dangerous for different reasons,” Lindell said.

A third model adopts a hybrid solution where two parties share the key, making it more difficult for hackers to infiltrate an account because no single point of attack could breach the key. Large institutions and major holders of cryptocurrencies also protect keys using “cold wallets” that store keys in physical vaults.

For consumers with an insignificant percentage of their assets held in cryptocurrency, the best bet may be to use secure passwords for email, messaging and other apps. Experts say it’s also critical to remain vigilant about opening email attachments, and steer clear of risky websites.

It doesn’t appear that the temptation to cryptojack or steal cryptocurrencies will go away anytime soon. On Friday, bitcoin was up 7.6% just after 4:30 p.m. ET, valued at nearly $56,000 a coin.

Alexis Keenan is a legal reporter for Yahoo Finance and former litigation attorney. Follow Alexis Keenan on Twitter @alexiskweed. Daniel Howley is the tech editor for Yahoo Finance.

Got a tip? Email Daniel Howley at dhowley@yahoofinance.com over via encrypted mail at danielphowley@protonmail.com, and follow him on Twitter at @DanielHowley.

Sign up for Yahoo Finance Tech newsletter

Recommended Stories

  • Morgan Stanley sees ‘GM SPACtopus’ taking on EV market

    Morgan Stanley mobility analyst Adam Jonas is pretty adept at keeping his finger on the pulse of what’s hot with the investment community - and right now it’s all about SPACs (Special Purpose Acquisition Companies) and EVs (Electric Vehicles).

  • Anthony Scaramucci Believes Bitcoin Price Will Reach $100K 'Before The End 2021'

    SkyBridge Capital Founder told CNBC that the firm’s Bitcoin Fund had done quite well since its launch in December, and he is even more bullish about its performance going forward. What Happened: Anthony Scaramucci, the founder of SkyBridge Capital, said he believes the Bitcoin (BTC) price is going to reach $100,000 by the end of the year. In January, SkyBridge Capital announced the launch of the SkyBridge Bitcoin Fund LP to provide mass-affluent investors with an institutional-grade vehicle to gain exposure to Bitcoin. To launch the fund, SkyBridge and its affiliates invested over $25.3 million, with Fidelity serving as its custodian and Ernst & Young committing to audit the fund. “We believe Bitcoin is in its early innings as an exciting new asset class,” stated Scaramucci in the initial press release. On Wednesday, he told Yahoo Finance that the SkyBridge Bitcoin fund is “heading towards $100 million” in assets under management. While Scaramucci started as a Bitcoin skeptic, he went on to embrace the digital currency as an asset class which he now believes has a big future. “I’ve looked at the landscape, and I recognize that there is a spot now for Bitcoin, and I’m trying to encourage my colleagues, I’m trying to encourage investors that have been with SkyBridge for many, many years to think about it that way,” he said. What Else: Aside from SkyBridge’s Bitcoin Fund, the company has reportedly invested over half a billion dollars in Bitcoin across its other investments. According to the SkyBridge CEO, the largest cryptocurrency by market cap has lifted its 'fund-of-funds' performance since the value amidst the coronavirus pandemic. Bitcoin was trading at a new all-time high of $52,891 at press time, up 1.78% in the past 24-hours. See more from BenzingaClick here for options trades from BenzingaWhy Golem (GLM) Cryptocurrency Surged 102% TodayBitcoin Surges To ,000, Pushes Market Cap To Trillion© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

  • VNRX: VolitionRx Launched Nu.Q Vet Cancer Screening Test; Silver One Manufacturing Opened; Equity Offering & Cash Grant Provide Over $20 million

    By Steven Ralston, CFA NYSE:VNRX READ THE FULL VNRX RESEARCH REPORT VolitionRx (NYSE:VNRX) is engaged in multiple epigenetic projects coupled with several corporate initiatives . The company is involved with developing numerous blood-based clinical assays , primarily focused on detecting certain cancers (CRC, lung, haematological), along with one targeting canine cancer. Management also saw an

  • Bill Gates on sustainable investing: 'There's probably some Teslas out there'

    Bill Gates has a net worth of nearly $124 billion, according to Forbes. One way he's putting some of that money to work is an investment effort to spur the private sector towards green innovation as a means to combat climate change.

  • Dr. Atul Gawande: It will be 6-8 weeks before more Americans can access vaccines

    One of the nation's top health experts says the U.S. is on its way to righting the ship on vaccine equity and global support.

  • Former NBA all-star Chris Webber launches Cannabis fund

    Chris Webber, five-time NBA All-Star & founder of Webber Wellness and Jason Wild, JW Asset Management Founder & President joined Yahoo Finance to discuss their new cannabis fund.

  • The top housing market New Yorkers are looking to buy into

    New Yorkers are actually looking to move -- in New York.

  • Walmart just dealt a major blow to other retailers

    Walmart is going to invest a ton in its business in 2021. Here's what that means.

  • It looks like Elon Musk isn't moving Tesla out of California after all

    The electric car maker's application for a permit to expand its Fremont assembly plant undercut its CEO's rhetoric about abandoning California.

  • 15 Fastest-Growing Fintech Companies

    In this article, we mention the 15 Fastest-Growing Fintech Companies in the world. If you want to skip our discussion of the growth of the fintech industry and recent trends in the sector, go directly to the 5 Fastest-Growing Fintech Companies. Increasing connectivity and technology penetration is revolutionizing the way people handle money. This shift […]

  • Stimulus Update: 4 Things That Could Prevent You From Receiving Another Direct Stimulus Payment

    Congress has yet to put the finishing touches on a third direct stimulus payment to the American public, but enough details have leaked to give us a fair idea of what we can expect this time around. Take a quick look at these four issues that could prevent you from receiving a direct payment and decide what you want to do about anything standing in your way. If you haven't filed your 2020 tax return yet, the only address the IRS has for you is the one listed on your 2019 return.

  • The Johnson & Johnson Vaccine Has Competition in the Race to Treat New Strains

    You might have thought the coronavirus vaccine race ended when Pfizer (NYSE: PFE) crossed the finish line first in December. Variants from Brazil, the U.K., and South Africa worry the scientific community (and the rest of us) the most at the moment. Johnson & Johnson (NYSE: JNJ) highlighted exactly how its investigational vaccine performed against those new strains in its phase 3 trial.

  • This man used his 2021 Ford F-150 to heat his house during Texas winter storm blackout

    A retired refinery worker in Texas used his 2021 Ford F-150 Hybrid pickup to power his home during the state's winter storm blackout.

  • All the Electric Vehicle Stocks You Can Invest in Right Now -- and 3 Top Picks

    The automotive industry is going electric at a frantic pace, with new companies seemingly coming on the scene daily. It can be difficult for even the most dedicated auto investor to keep up with the action.

  • Here's why gas prices are rising — and how high they're likely to go

    Prices are already the highest since the pre-pandemic days — and they're likely to spike.

  • Tesla CEO Elon Musk takes major u-turn on Bitcoin

    Tesla CEO Elon Musk was involved in another Twitter storm overnight, tweeting that Bitcoin is “almost as BS as fiat money” in spite of Tesla’s recent $1.5 billion investment.

  • The 5 Most Popular Penny Stocks on Robinhood

    As of Monday, Feb. 15, the following five penny stocks were the most held on its platform. More investors have chosen to put money into Sundial than into great companies like Amazon, Microsoft, and Walt Disney.

  • Pfizer and BioNTech Coronavirus Vaccine Effective After 1 Dose, Can Last 2 Weeks in Standard Freezer, Separate Research Shows

    On Friday, Pfizer (NYSE: PFE) and BioNTech (NASDAQ: BNTX) announced that they have submitted new data about their BNT162b2 vaccine to the Food and Drug Administration. With this submission, the two companies hope that the FDA will update the emergency use authorization (EUA) it has granted the vaccine. The new data indicates that Pfizer and BioNTech's BNT162b2 can be kept for as long as two weeks at temperatures common to pharmaceutical freezers and refrigerators, as opposed to the constant ultra-low temperature storage it initially seemed to necessitate.

  • WhatsApp’s Jan Koum Pays $87 Million for the Malibu House Next Door

    In recent years, WhatsApp founder Jan Koum has become widely known for two things: his love of rare Porsches and his collection of $100+ million homes, the latter of which has been assembled over the past few years. Besides his $100 million main estate up north in Atherton, Calif. — where he’s got an outrageous […]

  • As ice from winter storm thaws, Southern pool owners wait to learn extent of damage

    The winter storm caught many Southern pool owners by surprise. Now they must for the thaw to determine the extent of the damage to their equipment.