Crooks Flocking to Crypto Exchanges as Prices Shoot up
Cos fear legal liability, put in place framework
Sachin Dave & Saloni Shukla
Every month Zebpay, one of the country’s oldest and largest cryptocurrency exchanges, experiences about two Distributed Denial of Service (DDoS) attacks when cyber criminals overload the exchange’s systems to disrupt service or snoop for a vulnerability in the platform’s defences.
That’s the simple part. Zebpay and other prominent exchanges have discovered that the most serious security threat they face daily is sophisticated criminal frauds that combine social engineering with computer intrusion.
Criminals are impersonating or spoofing social media identities in order to deceive consumers into giving them access to their cryptocurrency wallets.
Not only investors, but also cyber criminals appear to be flocking to cryptocurrency exchanges, which have experienced a twofold increase in the number of attacks in recent months as crypto currencies have touched alltime highs multiple times.
Fearing that the upcoming cryptocurrency regulation could hold them accountable for investor losses, some of the world’s major exchanges are rushing to put in place a framework and robust systems and protocols to protect themselves from cyber attacks.
“ZebPay is constantly under attack. Whether it’s from white-hat hackers trying to find issues they can submit to our bug-bounty programme or nefarious black-hat hackers trying to overload our systems to cause disruption and find holes in our defences. As cryptocurrency becomes more mainstream, the frequency of these attacks is increasing, meaning we must develop more sophisticated methods to quickly identify and neutralise them,” said Sam Noble, chief technology officer, ZebPay.
Some exchanges have also reached out to their legal experts to figure out their liability in the event of investor losses through cyber attacks.
Even in cases where cyber criminals can hack into the crypto wallets of customers. “Presently, many crypto operating exchanges are vulnerable to cyber attacks as, in most cases, the crypto assets sit in wallets that do not have a robust security and password mechanism. It is only a matter of time, before we witness large-scale, targeted cyber attacks on exchanges and various platforms, and it will become crucial not just to keep a security framework in place, but even to ascertain liability in such cases,” said Siddharth Keskar, CEO of MZM Analytics, a legal-forensic firm.
According to sources, all big exchanges have experienced at least two to three large attacks in the previous month, and many investors have lost their crypto holdings when their wallets were hacked into.
Take Srikrishna Ramesh, alias Sriki, for example. As per media reports, Karnataka police detained a 26-year-old man last week for reportedly hacking into Indian exchanges and stealing bitcoins by “exploiting a bug.” Sriki informed the police that he spent all his earnings — roughly ₹3 lakh per day — on alcohol and stayed in posh hotels.
According to industry sources, as the number of cryptocurrency exchanges in the country grow, most of them are vulnerable to cyber attacks. This comes at a time when cryptocurrency valuations in India have touched new highs. Cryptocurrencies hit the $10 billion mark, ET reported on November 1. Currently, around 10.5 crore, or 7.9% of Indians, have invested in cryptocurrencies through Indian exchanges, as per the data compiled by CREBACO, a research firm.