Fintech

Bitcoin’s star is rising. Cybercriminals are looking to cash in.

Even with the crypto market's recent pullback, bitcoin's value has more than tripled in a year. And the wave of novices entering the field are attractive targets.

Handcuffs next to bitcoins

Crypto crime is rising along with the surge in the value of digital currencies.

Photo: Bermix Studio/Unsplash

Bitcoin and other cryptocurrencies reached new heights of popularity this year, propelled by Elon Musk's tweets, Coinbase's blockbuster IPO and bitcoin's growing acceptance as an investment and store of value.

But a new report points to a downside: Criminals are trying to cash in on the growing interest in bitcoin and crypto. In fact, as the price of bitcoin has risen, so has the number of cyber attacks, a report published Tuesday by Barracuda Networks said.

"The danger is absolutely out there," Fleming Shi, Barracuda's chief technology officer, told Protocol. "That correlation between attacks and cryptocurrency value is stunning."

The Barracuda report focused mainly on bitcoin, whose value soared by more than 500% between October 2020 and April 2021. In that same period, the number of crypto-related attacks, including phishing impersonations and business email compromise incidents, jumped 192%, the security software company said.

The report used natural language processing technology to track online threats related to bitcoin and other cryptocurrencies. Threats related to non-bitcoin currencies was "a small portion of overall attacks," most of which cited bitcoin, the company said.

Bitcoin's price has fluctuated since mid-April, when it peaked near $65,000 around the time Coinbase shares began trading. In October, it traded around $10,600. Bitcoin's price was around $34,000 on Monday, according to CoinMarketCap.

That rally coincided with bitcoin's rising profile, pushed higher by news like Tesla's decision to take bitcoin as payment for cars, since reversed over concerns about bitcoin's environmental impact.

All that attention triggered more trading volume, which criminals quickly saw as an opportunity to strike, Shi said: "That drives the criminals to think, 'OK, now I can actually do a mass phishing campaign. I can get people to click on things more easily.' …As it becomes more popular, as it becomes more mainstream, they're leveraging that."

In general, bitcoin and other cryptocurrencies are considered "a perfect currency for criminal activity" since they are "unregulated, difficult to trace and increasing in value," the report said. Cybercriminals have sent emails to employees of specific organizations to entice them "to purchase bitcoin, donate to fake charities or pay a fake vendor," the report said.

Cryptocurrency advocates dispute the idea that bitcoin and other digital currencies are uniquely suited for crime, arguing that cash is harder to trace and used for more illicit transactions.

To the chagrin of crypto enthusiasts, though, bitcoin has emerged as the payment of choice in ransomware attacks. This was underscored in June when the FBI and the Justice Department announced they had recovered $2.3 million in bitcoin ransom paid to DarkSide, the criminal group that hacked Colonial Pipeline.

The Barracuda study offered insights into ransomware, which Shi said is definitely on the rise. The typical ransom demand has also been rising sharply, from "a few thousand dollars to $2 million" in 2019, to up to more than $20 million in 2021, the report said. "A majority of them are over $10 million ransom asks," Shi said.

He speculated that the spike in ransomware attacks was based on the belief of criminals that bitcoin and crypto offer them total anonymity. "When blockchain and cryptocurrency came out, it felt very secure for the bad guys," he said.

But as the Colonial Pipeline case demonstrated, he said, "While cryptocurrencies are hard to trace, they're not untraceable. With enough effort, you will get there."

And the trend toward higher ransom demands suggests "fewer organizations are actually paying the ransom and choosing to take the hit," the report said. This has led criminals to make bigger ransom demands, which has also prompted more ransomware targets to turn to law enforcement for help, Shi said.

Workplace

Is it legal to fire someone while they’re on parental leave?

Twitter is in chaos right now. But that’s still not a good reason to fire someone while they’re on parental leave.

Kayvon Beykpour was terminated during his parental leave.

Screenshot: Twitter

This week, Twitter fired the company’s head of Consumer, Kayvon Beykpour, in the latest shakeup related to the Elon Musk deal.

According to Beykpour’s tweet, the senior executive was on paternity leave after welcoming a daughter last month. This brings up a lot of questions around the ethics — and legality — of firing someone while they’re on parental leave.

Keep Reading Show less
Michelle Ma

Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.

Sponsored Content

Foursquare data story: leveraging location data for site selection

We take a closer look at points of interest and foot traffic patterns to demonstrate how location data can be leveraged to inform better site selecti­on strategies.

Imagine: You’re the leader of a real estate team at a restaurant brand looking to open a new location in Manhattan. You have two options you’re evaluating: one site in SoHo, and another site in the Flatiron neighborhood. Which do you choose?

Keep Reading Show less
Fintech

Crypto is crumbling, and DeFi hacks are getting worse

The amount of crypto stolen in the first quarter of 2022 has already surpassed criminal hackers’ 2021 haul. There aren’t any easy fixes.

The biggest hacks of 2022 were carried out by attackers spotting vulnerabilities in smart contracts and protocols, especially in cross-chain bridges and flash loan protocols.

Illustration: Christopher T. Fong/Protocol

Until recently, DeFi seemed like it was on an exponential trajectory upwards. With the collective value of crypto peaking near $3 trillion, hackers saw a big opportunity. The only thing that may slow them down is the precipitous drop in the value of the tokens they’re going after.

DeFi hacks have been getting worse and worse, with no clear solutions in sight. According to a recent report by blockchain security firm PeckShield, the amount of money netted from DeFi hacks in the first four months of 2022, $1.57 billion, has already surpassed the amount netted in all of 2021, $1.55 billion. A report by Chainalysis found a similar trend, with the hacker haul in the first three months of 2022 exceeding a record set in the third quarter of 2021.

Keep Reading Show less
Lindsey Choo
Lindsey Choo is a San Francisco-based reporter covering fintech. She is a graduate of UC San Diego, where she double majored in communications and political science. She has previously covered healthcare issues for the Center for Healthy Aging and was a senior staff writer for The UCSD Guardian. She can be reached at lchoo@protocol.com.
Policy

Privacy by Design laws will kill your data pipelines

The legislation could make old data pipelines more trouble than they’re worth.

Data pipelines have become so unwieldy that companies might not even know if they are complying with regulations.

Image: Andriy Onufriyenko/Getty Images

A car is totaled when the cost to repair it exceeds its total value. By that logic, Privacy by Design legislation could soon be totaling data pipelines at some of the most powerful tech companies.

Those pipelines were developed well before the advent of more robust user privacy laws, such as the European Union’s GDPR (2018) and the California Consumer Privacy Act (2020). Their foundational architectures were therefore designed without certain privacy-preserving principals in mind, including k-anonymity and differential privacy.

Keep Reading Show less
Hirsh Chitkara

Hirsh Chitkara ( @HirshChitkara) is a reporter at Protocol focused on the intersection of politics, technology and society. Before joining Protocol, he helped write a daily newsletter at Insider that covered all things Big Tech. He's based in New York and can be reached at hchitkara@protocol.com.

Enterprise

Why AI-powered ransomware could be 'terrifying'

Hiring AI experts to automate ransomware could be the next step for well-endowed ransomware groups that are seeking to scale up their attacks.

Ransomware gangs don’t have AI ransomware. At least not yet.

Photo: Max Duzij/Unsplash

In the perpetual battle between cybercriminals and defenders, the latter have always had one largely unchallenged advantage: The use of AI and machine learning allows them to automate a lot of what they do, especially around detecting and responding to attacks. This leg-up hasn't been nearly enough to keep ransomware at bay, but it has still been far more than what cybercriminals have ever been able to muster in terms of AI and automation.

That’s because deploying AI-powered ransomware would require AI expertise. And the ransomware gangs don’t have it. At least not yet.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@procotol.com.

Latest Stories
Bulletins