Cybersecurity Risks in the Cryptocurrency Industry

The US Securities and Exchange Commission (SEC) social media account being compromised is concerning. Impersonations and hacks are nothing new in the cryptocurrency space but could the hack have been avoided?

After the post, the SEC started an internal market manipulation investigation on itself. X, formerly known as Twitter, confirmed the SEC’s account was compromised when it posted the fake spot Bitcoin ETF approval announcement.

Market Manipulation 

Senator Cynthia Lummis tweeted: “Fraudulent announcements, like the one that was made on the SEC’s social media, can manipulate markets. We need transparency on what happened.”

X confirmed that the compromise did not stem from any vulnerability in their systems. Instead, an unidentified individual gained control over a phone number associated with the SEC account through a third party.

We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…

— Safety (@Safety) January 10, 2024

In turn, the SEC then tweeted the importance of protecting your investment accounts. Despite the false announcement, analysts believe that this security lapse won’t be a reason for the delaying of spot Bitcoin ETF approval which is expected to happen late on Wednesday. Unfortunately, instances of market manipulation in the cryptocurrency sector are a recurring tactic.

Here are the most common risks in the cryptocurrency sector.

Phishing Attacks: This is when users can be tricked into revealing their private keys or login credentials through phishing emails or websites. This involves the practice of sending fraudulent communication.

Hacks and Cryptocurrency Exchanges: Cryptocurrency exchanges are often targeted for large-scale thefts. If an exchange is compromised, users’ funds can be at risk.

Third-party Applications and Software: Third-party applications are any applications that aren’t created or supported by the maker of the device the app is installed on. Hackers may find new ways to exploit bugs in third-party software to retrieve sensitive information.

Wallet Vulnerabilities: Malicious actors can exploit vulnerabilities in cryptocurrency wallets to steal funds.

Smart Contract Flaws: Vulnerabilities in smart contracts can be exploited to drain funds from decentralized applications (dApps) or blockchains.

Ponzi Schemes: Fraudulent schemes promising high returns can deceive users into investing their cryptocurrencies, resulting in significant losses.

51% Attacks: In smaller blockchain networks, malicious actors can gain control of a majority of the network’s mining power, allowing them to double-spend coins. 51% attack is an attack on a cryptocurrency blockchain by miners who control more than 50% of the network’s mining hash rate.

Social Engineering: Manipulating individuals to disclose sensitive information or transfer funds through social engineering tactics is another risk. Social engineering isn’t a direct cyber-attack. It is when actors with bad intentions gain the trust of their targets, so they lower their guard and give up sensitive information.

Insider Threats: Employees or individuals with insider access to sensitive information can misuse their privileges to steal funds or sensitive information.

Lack of Regulation: The decentralized nature of cryptocurrencies can make it challenging to enforce security standards and protect investors.

Mitigating Cybersecurity Risks: To mitigate these risks, users and organizations should adopt best practices, such as using hardware wallets, keeping software up-to-date, and conducting thorough due diligence before investing or participating in cryptocurrency transactions. Setting up 2FA is an important first step for security because it immediately neutralizes the risks associated with compromised passwords.