Bitcoin, Ripple. Ethereum. Monero. BTC, XRP, ETH and XMR.
The names, the jargon, the flow of white papers that proclaim the endless possibilities of blockchain, startups, token sales – also known as Initial Coin Offerings (ICO) – all have culminated in an explosion of interest in the currency virtual at the end of 2017.
Furthermore: the risky business of Bitcoin: high profile cryptocurrency catastrophes
The excitement about virtual currency was a worldwide phenomenon, which also brought to Venezuela the idea of Petro, a token designed to help the country out of its economic crisis.
At the time, Bitcoin, the best known cryptocurrency on the market, gained value and achieved an unprecedented value of just $ 20,000 for a single virtual currency.
Since then, the market has dropped and the price has dropped to less than $ 5,000, which may also be due to a controversial hard fork and the creation of Bitcoin Cash SV, a token that Kraken has labeled as a "high risk investment" .
Last year, the cryptocurrency market was filled with ICO scams and scams, as well as the theft of both portfolios and exchanges.
Little seems to have changed, except that attacks are becoming more new and malware seems to become a more widespread threat, with the old and new merger in order to jeopardize portfolios and steal user funds.
Furthermore: the update Quant Trojan targets Bitcoin and cryptocurrency portfolios
Estimates suggest that the cryptocurrency market could potentially hit $ 1 trillion before the end of the year. It might sound like a lot, but considering how much Bitcoin and Ethereum alone represent – at least before the recent crash in encryption prices – if interest reignites and the market stabilizes, this may be possible.
Profitable resources, an overwhelming approach to regulation around the world, cryptocurrency exchanges with low security and malware that can use our CPUs to extract virtual money behind the scenes: all these factors have led to a mature market for exploit by certain aggressors.
In the course of 2018, we have seen everything from student attacks to university systems to secretly hide cryptocurrency at 51% of the attacks and exchanges were left without a coin in their name after a cyber attack.
So let's take a deeper dive.
January
It was not long after the welcome celebrations in the new year ended with a headache caused by an excess of champagne by those in the field of cryptocurrency.
The BlackWallet application became a target for attackers, who were able to compromise the browser-based cryptocurrency storage application and fill up with about $ 400,000 in Stellar Lumen (XLM) coins.
In the same month, a software developer revealed the CoffeeMiner attack, a means of using public Wi-Fi networks to perform cryptography, or the secret extraction of cryptocurrency without the user's consent.
Facebook has decided to ban the advertising of ICO, cryptocurrencies and binary options on the social network due to the prevalent risk of frauds and fraudulent schemes.
Kodak decided to jump on the blockchain bandwagon and launched his own token, KodakCoin, but in November the developers labeled the scheme as a scam and claimed that the contractors owed at least $ 100,000 in unpaid wages.
One of Japan's biggest cryptocurrency exchanges, Coincheck, has been violated. The security incident resulted in the loss of $ 530 million in cryptocurrency.
All these events are important, but one of the decisive moments was the closure of BitConnect, a platform that allowed users to grant cryptocurrency – made in Bitcoin (BTC) and exchanged on the platform in its BitConnect BCC token – in exchange for returns inflated "on average one per cent per day".
Also: Engineers of the Russian nuclear center arrested for the use of supercomputers for cryptocurrency
BitConnect has blamed the regulators for closing the lending platform, which caused the collapse of the BCC values and the users were unable to convert these tokens into BTC or ETH, which made their investments almost useless.
The organization had previously been accused of being a Ponzi scheme and "too good to be true". The closure of the platform is considered a scam at the exit.
However, January was about to get worse for cryptocurrency investors. Well, one of the most publicized startups that wanted to launch an ICO, pulled out a scam and stole what is believed to be up to $ 4 million from potential investors.
February
It certainly was not a fun situation for operators or order forces, but the idea of a nuclear plant used to extract cryptocurrency must have raised a bit of eyebrows.
In February, employees of the nuclear center of the Russian Federation were arrested for using the center's supercomputing power to extract virtual coins. The Sarov nuclear power plant researches nuclear weapons computational and theoretical and has a one-petaflop supercomputer in operation.
In the United Kingdom, the government was facing its problems related to cryptocurrency.
Government service websites, including the UK Information Commissioner's Office (ICO), Student Loans Company (SLC) and the UK National Health Service (NHS) Scotland, have been infected by mineral cryptocurrency via a vulnerable third-party plugin.
This discovery led to the examination of US and Australian websites, both of which were infected with the cryptography code using the same means of exploitation.
While visitors browsed the websites in question, of which about 4,000 were affected, the power of the PC was stolen for the purpose of extracting the cryptocurrency on behalf of the actors of the threat.
March
Following the guide of Facebook, in March, Google has taken steps to tackle the problem of fraudulent ICOs and has chosen to ban ICO advisory services, wallet and cryptocurrency from the purchase of ads for the display on the search engine of the colossus technological.
Binance was forced to face the consequences of a credential theft scheme that was used en masse to sell user funds and convert them into altcoins, which raised the price of lesser-known virtual currencies. While the Binance platform has not been compromised, users have reported the sale of their coins without consent – and it seems that a fault has been a smart phishing campaign.
Also: most antivirus programs can not detect this malware that can be crypto-rated
In the same month, the Palo Alto Network researchers published an analysis on ComboJack, a new form of malware able to steal Bitcoin Litecoin, Monero and Ethereum replacing the cryptocurrency transaction addresses with the addresses of the portfolios controlled by the attackers .
April
Also April was not without incidents related to cryptocurrency. A suspected fraud case emerged with the Chief Strategy Officer (CSO) of the cryptocurrency exchange that was blamed for Coinsecure for the loss or misappropriation of 438 Bitcoins, worth approximately $ 3.3 million at the time.
could
In May, the Bitcoin Gold (BTG) fork, originated from the Bitcoin blockchain (BTC), suffered a 51% attack. These attacks use hash power to perform a double expense, in which attackers attempt to control the control of at least 50 percent of a chain.
If successful, as in this case, they can force a blockchain to reorganize and will be able to modify and exclude transactions of their own coins from blocks.
The BTG's attack was taken against trade and led to the theft of about $ 17.5 million.
Taylor, a startup that aims to connect the connection between cryptocurrency exchanges and mobile technology through the design and launch of a dedicated trading app, said in the same month that the company had been completely cleaned up by cryptocurrencies and token reserves.
Furthermore: what can we expect from the future regulation of global cryptocurrency
In total, 2,578.98 ETH and TAY tokens of the Taylor Team and Bounty teams were stolen, or about $ 1.5 million at the time.
Taylor said the incident appeared as a "highly advanced and coordinated attack" and in a roadmap published in June based on the recovery from the attack, the startup summed up things:
"Yes, we fucked up! We could have prevented this unfortunate situation, but we're doing our best to fix everything."
A tea blockchain project, the Shenzhen Puyin Blockchain group, conducted a fraudulent ICO and reportedly raised about $ 48 million from investors. In total, 3,000 individuals were scammed by the scam, which claimed that the value of its tokens was connected – in a so-called stable fashion – to the value of particularly rare mixtures of Chinese tea.
Bitcoin ABC mining software also advised users of its software in the same month to update their builds to protect themselves from a critical flaw that could be used against mining pools to force a Bitcoin Cash division.
June
While a research paper appeared, claiming that the cryptocurrency stolen malware market was worth millions of dollars, Coinrail's South Korean cryptocurrency trade was relieved of around 30% of its currency reserves – worth about $ 40 millions – from hot wallets due to a cyber attack.
Only a week later, another South Korean stock exchange, Bithumb lost $ 31.5 million to hackers.
Another ICO exit scam was also performed in the middle of the year, this time by Block Broker, an organization that claimed to develop blockchain antiblock technologies.
Also: Cryptocurrency: the bubble is over, here comes the boom
Ironically, while the company said it was working to prevent ICO fraud, Block Broker stole $ 3 million from merchants and canceled its online presence after it was found that the CEO's image had been stolen from an unaffiliated photographer.
July
In July, the startup blockchain Bancor stated that a company portfolio has been compromised. While the alleged attackers apparently tried to steal $ 23.5 million, but once the wallet was identified and frozen, only $ 12.5 million in Ethereum (ETH), plus $ 1 million in Pundi X (NPXS) and 10 million in Bancor's network tokens (BNT) have been taken.
August
BitConnect, which ran a scam in January, re-emerged in the August news, as the Indian chief of the studio was arrested in Dubai. Two months later, former BitConnect investors joined to launch a lawsuit alleging the fraud company.
In the same month, three Chinese citizens were arrested for alleged theft of $ 87 million in cryptocurrencies, targeting both individual and corporate portfolios.
September
In September, the Osaka-based cryptocurrency exchange, Zaif, lost $ 60 million in funds for companies and users as a result of a cyber attack in which hackers subtracted Bitcoin, Bitcoin Cash and MonaCoin from the Zaif portfolios.
In September, a new phishing scheme was also discovered, in which the legitimate Jaxx portfolio became the target of a fraudulent campaign designed to spread malware that could compromise user portfolios and theft of funds.
In the Monero system, a vulnerability was discovered that could allow attackers to steal large amounts of cryptocurrency. After a theoretical question was published online, the developers made a serious bug in the framework and worked quickly to correct the problem.
October
In October, an Australian woman was accused of stealing 100,000 chain tokens, worth about 450,000 Australian dollars, to a man in her fifties.
The Pincoin operators have come down with $ 660 million in trader funds after pulling a scam out of ICO, which is not surprising considering the 48% return that the organization promised investors.
Also: Coinbase file patent for the security of the freeze logic cryptocurrency wallet
November
In November, an unfortunate cryptojacking scheme was discovered in which St. Francis Xavier University, located in Canada, Nova Scotia, was forced to close its network to stop using the power of the institution to the extraction of cryptocurrencies.
A public communication on Ethereum transactions was also issued that allowed what is known as a griefing carrier, allowing attackers to force trades to burn off their Ethereum at high transaction costs. By combining GasTokens, hackers could also profit from anyone who creates ETH transactions on arbitrary addresses.
The researchers also revealed the existence of DarkGate, a cryptographic malware that avoids detection from most traditional antivirus programs.
However, there is another way in which attackers seeking cryptocurrency can compromise your systems – and this is a new twist for an old attack.
Known as a SIM exchange, a scammer calls the customer service provider responsible for your mobile number and tries to convince them to divert the number to a new phone. If successful, even temporary, this can be used to bypass two-factor authentication methods and offer attackers the opportunity to recover passwords and access valuable online accounts.
You must read
In this particular case, a 21-year-old girl executed a SIM-swap attack, stealing a victim's savings.
The managing director of AriseBank, a blockchain startup that promised to allow users to "serve as their own bank", was then arrested for charges that the executive was operating a scam to defraud investors $ 4 million.
Also: Hackers steal nearly $ 400 million from ICO cryptocurrency
As we move towards December, it will be interesting to see how the cryptocurrency market will perform. There are many legitimate and potentially lucrative programs and coins out there, but as with any investment or speculation, there is often a certain degree of risk – whether it's the value of a currency, security or ICO scams.
Previous and related coverage:
In this country, your cryptocurrency must go through your bank
If you think your cryptocurrency is not guarded by a central authority, think again.
Cryptocurrency for the masses
Nick Saponaro, GM and lead stack developer at The Divi Project, sits with Tonya Hall and talks about government, banks and cryptocurrency.
Cryptocurrency: the bubble is over, here comes the boom
Like the early stages of the dot com boom, the initial speculative bubble is over. Expect waves of rapid evolution after maturity has begun and serious players emerge and climb.