Consumers, businesses and governments are finding new ways to use cryptocurrency, but a recent string of cyber attacks has highlighted serious security risks and shortcomings
In this era of globalization, the cryptocurrency market is expanding exponentially but the recent wave of cyber-attacks and scams has shown that the industry is struggling on the security front. The steep rise in cryptocurrency market capitalisation has significantly mirrored a marked increase in threats and attacks that target or leverage cryptocurrencies. To encompass this phenomenon, there exists a term ‘cryware’ to refer to the malware that focuses on the theft of cryptocurrency information.
By Megat, Julia, Yolin
https://www.youtube.com/watch?v=nfWdAyY4DfE
Cryware able to steal information that collect and exfiltrate data directly from a non-custodial cryptocurrency wallet, also known as hot wallets. Hot wallets enable personal information to be stored locally on a device and provide easier access to the cryptographic keys needed to perform a transaction, which can be dangerous in the cryptocurrency market unlike custodial wallets. In addition, cryware signifies a shift in the use of cryptocurrencies in attacks where it is no longer as a means to an end but the end itself.
<aside> 🔑 For instance, some ransomware campaigns prefer cryptocurrency as a ransom payment.
</aside>
However, that requires the target user to manually perform the transfer. Meanwhile, there is also a prevalent cryptocurrency related malware called cryptojacker that tries to mine cryptocurrencies on their own, but such a technique is heavily dependent on the target device’s resources and capabilities.
<aside> ⚠️ Crypto crime is rising especially since the pandemic of COVID-19 began. Crypto economy and decentralised finance (DeFi), matched with record cryptocurrency prices in 2021, has provided attackers with lucrative opportunities. Hackers stole a fivefold increase of USD 3.2 billion worth of cryptocurrency from 2020 to 2021. Besides, many incidents are left unreported, due to embarrassment by victims.
</aside>
Let’s talk about the hot wallet data to understand the attack surfaces that cryware takes advantage of. When creating a new wallet, the user is given a private key, seed phrase, public key and sometimes a wallet password.