While the overall volume of phishing attacks across all industries in the first half of 2021 soared by 22% compared to the same period last year, cryptocurrency exchanges saw a massive 10x increase in phishing, claims the latest report by cyber threat intelligence company PhishLabs.
A phishing attack is one in which the victim receives an email or notification that resembles an official notice from a company or even colleague, but is in fact a ploy to extract sensitive information about the recipient. This information could then be used to access bank details or crypto exchange accounts.
Notably, a significant part of phishing attacks is happening on social media platforms, where most of the activity and communication is taking place, with a combination of brand, executive, and employee impersonation attacks accounting for more than a half (54.7%) of all social media attacks on the cryptocurrency sector.
“Bad actors continue to utilize phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on,” said John LaCour, founder and CTO of PhishLabs.
Per the firm’s findings, Q2 of 2021 saw a 13% average increase in phishing attacks on cryptocurrency exchanges over the first three months of the year, with the researchers anticipating that the crypto industry “will continue to be aggressively targeted by threat actors through social media in future quarters.”
Phishing attacks target crypto
“As the cryptocurrency and digital asset markets mature, so have hackers' approaches to compromising exchanges, asset owners, and other parts of the crypto-financial ecosystem,” LaCour told Decrypt.
According to LaCour, financial institutions' willingness to offer cryptocurrency vehicles to their clients, Coinbase's recent listing on Nasdaq, and Bitcoin hitting an all-time high in Q2, have all resulted in increased attention (and validation) to the industry, with more investors entering the space. This, in turn, means that “any place where money is flowing in, hackers will follow,” he said.
“With Bitcoin again above $45,000, and the entire crypto market worth over $2 trillion today, we expect we will continue to see a strong focus from hackers on this market in Q3,” said LaCour.
At the same time, the researchers see positive signs on the horizon, including the governments' improved ability to clawback crypto ransomware payments–as was the case with Colonial Pipeline earlier this year, as well as the industry's willingness to work together on security solutions.
The latter, according to LaCour, could be seen during the recent $600 million attack on the Poly Network, as exchanges and stablecoin providers agreed to refuse transactions coming from the addresses associated with the hackers.
“In some ways the 'computational trust' that digital ledger and cryptocurrency provide should enable these systems to be more secure in the long run,” he added. “But today, they are only as secure as their weakest link, of which there are many.”
The firm believes that recent government actions make it apparent that one or more agencies will eventually step in to further regulate the crypto market as much as they can. However, while the power struggle between these agencies continues, investors are still essentially “on their own,” without any of the protections afforded to other asset classes, such as FDIC insurance.
As such, crypto investors “should exercise additional levels of diligence around where they hold their assets, and what kinds of security measures are offered.”