Anti-Phishing Working Group (APWG), a cybercrime consortium, on Thursday released its report on cybercrime trends in 2017. The chairman Dave Jevans revealed that cryptocurrency coins valued at about $1.2 billion USD have been lost to cybercrime since 2017. He also spoke about the GDPR.
This huge outlay coincides with the period when bitcoin prices soared and cryptocurrency became popular in mainstream circles. Fundraising through Initial Coin Offerings became rampant and cryptocurrency tokens grew to over 1,500 coins.
Speaking to Reuters, Dave Jevans, reflected on the tends in cryptocurrency-related cybercrime. “One problem that we’re seeing in addition to the criminal activity like drug trafficking and money laundering using cryptocurrencies is the theft of these tokens by bad guys,” he noted.
Jevans, who is also the CEO of cryptocurrency security startup CipherTrace, further noted that only about 20 percent have so far been recovered.
The state of Cryptocurrency Cyber Security since 2017
In its Anti-Phishing Report for Q4, 2017 which was recently released, APWG noted that the major targets of these attacks SaaS/webmail providers, financial/banking sites, and file sharing platforms.
Several cryptocurrency trading platforms, Initial Coin Offerings and Cryptocurrency mining firms were victims of cyber attacks since 2017. In February 2017, customers of South Korean crypto exchange lost about $1 million in bitcoins to hackers. Later that year, ICOs CoinDash and Veritaseum reportedly lost about $7 million and $8 million worth of cryptocurrencies to cybercriminals. In December, bitcoin mining platform NiceHash were hacked and 4,700 Bitcoin worth $64 million was stolen.
In 2018, cryptocurrency operators have experienced more cyberheists notable among them is the Coincheck hack in which NEM coins worth $360 million was stolen. Investigations revealed that the attackers used phishing emails that targeted several Coincheck staff.
General Data Protection Regulation (GDPR) and Crypto security
In the light of EU’s General Data Protection Regulation (GDPR) which is being implemented, Jevans complained that it could hamper cybercrime investigations. The new regulation passed in 2016 seeks to protect internet users’ data by giving more control to the users’. According to Jevans:
“GDPR will negatively impact the overall security of the internet and will also inadvertently aid cybercriminals. By restricting access to critical information, the new law will significantly hinder investigations into cybercrime, cryptocurrency theft, phishing, ransomware, malware, fraud, and crypto-jacking.”
With the new regulation, most European domain data in WHOIS will no longer be available publicly. Jevans said that WHOIS, which contains names, addresses, and emails of people who register website domain names, is a key resource for investigations. He also explained that the impact of the GDPR goes beyond Europe.