What is a DDoS attack?
Cybercriminals have already mastered the world of cryptocurrencies well. Now they have adopted DDoS (Website Denial of Service) attacks. In July-September 2017, the number of attacked resources related to cryptocurrencies (mainly crypto-exchanges) increased by 15% compared to the previous quarter and by 36% compared to January-March. The number of attacks also increased proportionally.
Since then, the world of cryptocurrencies has changed a lot, but cybercrime has not stood still either. How does it work?
What is DDoS?
DDoS (Distributed Denial of Service) is a type of hacker attack when attackers send artificially created traffic to the server so that the server, unable to cope with the load, stops serving normal traffic.
The rapid development of cryptocurrencies comes with risks. Sites are increasingly subject to hacker attacks, including DDoS. The goal of such an attack can be at least a failure of the competitor service and discredit it, and at most a DDoS attack can be a cover for a more sophisticated attack. While site administrators are distracted by restoring functionality, attackers can steal cryptocurrency.
There is another motivation for cybercriminals. They may attack for blackmail. For example, if the exchange is popular, you can calculate the cost of a day of its downtime and demand money so that the exchange does not stop working. But it is difficult to say what goals cybercriminals pursue more often.
Also, many crypto exchanges are anonymous and operate outside the legal field, so they can use almost any means to fight each other. But still, DDoS attacks from competitors come less often, and more often from ordinary criminals.
Aim of crypto criminals
When attacking a crypto exchange, an attacker is most driven by the desire to gain access to the money that rotates on this exchange and withdraw it from wallets. For example, in 2014, this happened to the Mt. gox. DDoS is just one of the ways to attack websites, there are other ways of hacking: phishing, sql injection, and more.
Hacking investment platforms can be more profitable than other online platforms. Attackers need to force the software to perform the functions that were not included in it. When they succeed, then at an equal cost of hacking, the monetization of an attack on a crypto exchange exceeds attacks on other targets.
The profitability of cryptocurrency crimes is also illustrated by viruses. Recently, a virus has been identified that steals various types of cryptocurrencies from the wallets of their owners. When a wallet owner transfers cryptocurrency to someone, the malicious file replaces the name of the recipient’s wallet with its own, and the money is sent to the attackers. Also very often there are viruses that mine cryptocurrency without the knowledge of the owner of the equipment.
Whether the number of attacks related to cryptocurrencies will increase depends on the number of platforms for trading them. If there are two or three of them left, then they will pay more attention to security. However, the legal part is very important, that is, whether they will actually punish such crimes.
Is it worth it to be afraid?
In the case of cryptocurrencies, technologies are already emerging that protect them from hacking and unauthorized actions from outside. Blockchain is inherently transparent, and it is possible to completely track all the paths that tokens have taken from a stolen wallet to a hacker’s wallet. Some tokens have a mechanism to cancel a forced, unauthorized transfer.
There are also technologies that analyze the state of the network and return the blockchain to its original state before the network was hacked. With the growth of cryptocurrencies, the number of cryptocriminals is also growing. But following them, the number of technologies, services and companies that are trying to protect cryptocurrencies from fraudsters as much as possible is growing.
What should an ordinary user do?
First of all, don’t panic. Too much alarmism will only get on your nerves. There is an old principle. Can you do something? Do It. If you can’t, then don’t get on your nerves.
The simplest tips that will save you, first of all, from getting your data, passwords, logins, phone numbers and other confidential information to third parties. It is necessary to follow the basic principles of protection and security on the Internet, have an antivirus, check your computer for malware, use authorization through a 2FA code, do not “remember” the login data on the site, but enter it yourself each time, do not disclose all this data to anyone and do not be naive and trusting.