Cryptocurrency exchanges, wallets and other crypto services remain the most vulnerable infrastructure to cyberattacks. The number of attacks on crypto exchanges doubled in the second quarter, a report says.

According to Positive Technologies, the number of attacks on cryptocurrency trading platforms doubled in the second quarter of 2018 compared to the first quarter. The most popular methods of attack were:

  • malware installation,
  • use of zero-day vulnerabilities (bugs and malware, unknown to the parties responsible for patching or otherwise fixing the flaw),
  • theft of administrators' passwords through social engineering.

Market participants also note that new ways of stealing cryptocurrencies emerged in the industry. Among those illegal methods is stealing of API keys. According to Andrey Grachev, the founder of Crypsis Blockchain Holding, attackers buy a large amount of illiquid cryptocurrency with low capitalization. Then, using stolen API keys, he buys illiquid coins from other accounts converting them into more popular cryptos or fiat and for a overestimated price. And owners of cracked cryptocurrency wallets remain with cheap and useless cryptocoins, while the hacker receives needed popular cryptos or fiat.

Comparing with the banking industry, cryptocurrency services have not still developed stable security mechanisms and certified verification procedures, Yuriy Katin, CTO of Quppy crypto exchange, believes. He added that the industry around the blockchain technology is still not mature enough, and it has few really experienced specialists.