The number of compromised accounts has increased almost 5 times in 2017 and the trend is set to continue.
The United States, Russia and China are at the top of the list of countries in which cryptocurrency trading has been affected by cyber attacks. The news comes from the latest work prepared by Group-IB, a company engaged in investigations and prevention of cybercrime. Their research is based on historical data related to cyberattacks on the 19 largest cryptocurrency exchanges in 2016 and 2017.
Meanwhile, January 2018 saw the record of incidents, rose 700% compared to the monthly average of 2017.  "In 2017 the number of compromised accounts on cryptocurrency exchange sites increased by 369% compared to 2016. Due to the clamor over cryptocurrencies, the number of incidents in January 2018 rose by 689% with respect to the monthly average of 2017 " explain the researchers.
"US, Russia and China are the TOP-3 countries in which registered users have become victims of cyberattacks, with every third victim coming from the United States."
IB-Group experts found 50 botnets used from cyber criminals to launch attacks against cryptocurrency exchanges. The dominant share of the malevolent infrastructure is distributed in the United States (56.1%) and the Netherlands (21.5%). Approximately 4.3% and 3.2% of hacker equipment are located in Ukraine and Russia respectively.
Cyber criminals favor old trojan programs like AZORult and Pony Formgrabber as well as a Qbot botnet to access user accounts. However, the variety of malicious programs used by hackers has grown steadily. The cybercriminals have adapted previously used tools to attack banks and financial institutions and used them to hack cryptocurrency exchanges and portfolios, the data show.
Experts believe that in most cases clients of cryptocurrency trade are responsible for attacks while neglecting the security of their personal areas. The researchers examined the cases of 720 compromised accounts and found that the vast majority of users ignored the requirement of two-step authentication, while every fifth user had a password with less than eight characters.
After analyzing the security measures of 19 exchanges, Group-IB concluded that none of them guarantee 100% confidentiality of their customers' personal information. Furthermore, at least five exchanges have fallen victim to targeted attacks.
"Increased fraudulent activity and attention of hacking groups towards the encrypted industry, additional functionality of malicious software related to cryptocurrencies, as well as the considerable amount of funds already stolen indicates that the industry is not ready to defend and protect its users "
concluded the IB-Group experts
While the cryptocurrency industry is going through hard times and needs a consolidated response from the community, including researchers, scientists, and the developers, Group-IB has identified some road blocks that make it more difficult to evaluate the losses related to cryptocurrency. They include the high level of anonymity and the lack of cooperation on the part of exchanges, poor or non-existent regulation and various actors of blockchain, coins and cryptocurrency.