NEW YORK – Bitcoin’s popularity and the emergence of about 1,500 other digital coins or tokens have drawn more hackers into the red-hot cryptocurrency space, expanding opportunities for crime and fraud, cybersecurity firm Digital Shadows warned in a report on Thursday (Feb 1).
“Cybercriminals follow the money and right now they see in the unregulated and largely unsecure world of digital currencies a huge opportunity to target people, businesses and exchanges and make money quickly and easily,” said Rick Holland, vice president of strategy at Digital Shadows.
Digital currencies have quickly grown into a more mainstream asset class over the last two years as corporations and financial institutions have expanded use of the underlying blockchain technology.
In crypto jacking, cybercriminals secretly take over another computer user’s browser and use it to fraudulently mine or create cryptocurrencies, according to Digital Shadows’ report. Miners use special software to solve math problems and are issued a certain number of bitcoins or cryptocurrenices in exchange.
Crypto Jacker software allows users to clone popular websites and initiate spam campaigns.
The cybersecurity company said criminals also perpetrate mining fraud using botnets, collections of internet-connected devices, which may include PCs, servers, and mobile devices that are infected and controlled by a common type of malware. Users are often unaware a botnet has infected their system.
Botnets were first used to mine bitcoin in 2014. The process was too complex to be financially viable, but botnets have made a comeback because newer cryptocurrencies like Monero are easier to “mine”, Digital Shadows said.
The company said botnets could be rented for $40. It said one such offering had “flown off the shelves” with almost 2,000 rentals so far.
Rather than selling scam tokens, criminals target legitimate currencies, either by stealing funds from ICOs or by manipulating prices through the type of “pump and dump” schemes often used with penny stocks and other less-liquid assets, the report said.