Bitcoin and other cryptocurrencies reached new heights of popularity this year, propelled by Elon Musk's tweets, Coinbase's blockbuster IPO and bitcoin's growing acceptance as an investment and store of value.
But a new report points to a downside: Criminals are trying to cash in on the growing interest in bitcoin and crypto. In fact, as the price of bitcoin has risen, so has the number of cyber attacks, a report published Tuesday by Barracuda Networks said.
"The danger is absolutely out there," Fleming Shi, Barracuda's chief technology officer, told Protocol. "That correlation between attacks and cryptocurrency value is stunning."
The Barracuda report focused mainly on bitcoin, whose value soared by more than 500% between October 2020 and April 2021. In that same period, the number of crypto-related attacks, including phishing impersonations and business email compromise incidents, jumped 192%, the security software company said.
The report used natural language processing technology to track online threats related to bitcoin and other cryptocurrencies. Threats related to non-bitcoin currencies was "a small portion of overall attacks," most of which cited bitcoin, the company said.
Bitcoin's price has fluctuated since mid-April, when it peaked near $65,000 around the time Coinbase shares began trading. In October, it traded around $10,600. Bitcoin's price was around $34,000 on Monday, according to CoinMarketCap.
That rally coincided with bitcoin's rising profile, pushed higher by news like Tesla's decision to take bitcoin as payment for cars, since reversed over concerns about bitcoin's environmental impact.
All that attention triggered more trading volume, which criminals quickly saw as an opportunity to strike, Shi said: "That drives the criminals to think, 'OK, now I can actually do a mass phishing campaign. I can get people to click on things more easily.' …As it becomes more popular, as it becomes more mainstream, they're leveraging that."
In general, bitcoin and other cryptocurrencies are considered "a perfect currency for criminal activity" since they are "unregulated, difficult to trace and increasing in value," the report said. Cybercriminals have sent emails to employees of specific organizations to entice them "to purchase bitcoin, donate to fake charities or pay a fake vendor," the report said.
Cryptocurrency advocates dispute the idea that bitcoin and other digital currencies are uniquely suited for crime, arguing that cash is harder to trace and used for more illicit transactions.
To the chagrin of crypto enthusiasts, though, bitcoin has emerged as the payment of choice in ransomware attacks. This was underscored in June when the FBI and the Justice Department announced they had recovered $2.3 million in bitcoin ransom paid to DarkSide, the criminal group that hacked Colonial Pipeline.
The Barracuda study offered insights into ransomware, which Shi said is definitely on the rise. The typical ransom demand has also been rising sharply, from "a few thousand dollars to $2 million" in 2019, to up to more than $20 million in 2021, the report said. "A majority of them are over $10 million ransom asks," Shi said.
He speculated that the spike in ransomware attacks was based on the belief of criminals that bitcoin and crypto offer them total anonymity. "When blockchain and cryptocurrency came out, it felt very secure for the bad guys," he said.
But as the Colonial Pipeline case demonstrated, he said, "While cryptocurrencies are hard to trace, they're not untraceable. With enough effort, you will get there."
And the trend toward higher ransom demands suggests "fewer organizations are actually paying the ransom and choosing to take the hit," the report said. This has led criminals to make bigger ransom demands, which has also prompted more ransomware targets to turn to law enforcement for help, Shi said.