On October 29, the Canadian cryptocurrency exchange MapleChange was hacked, and earlier last week, the Bitcoin exchange Poloniex was interrupted twice due to technical problems, and these are just a few of the failures that disrupt the operation of the platforms. The main interference in cryptocurrency trading and the necessary network architecture for it is still carried out by hackers who break into the platforms. A popular (and possibly the easiest) way to steal a crypto asset is attacking trading applications. What kind of methods do the hackers use?

Disappointing Performance: There Are Vulnerabilities in Absolutely All Trading Applications

Cryptocurrency exchanges, as well as ICO projects, are most advantageous to attack from weakly protected places, namely from applications for smartphones and desktop versions for trading. These conclusions were drawn by specialists from Positive Technologies, a company that specializes in developing information security software.

The analysts took eleven trading platforms (six Android applications, five for iOS) of six vendors whose activities are related to trading to conduct a study on client parts of the applications. As a result, it turned out that every vulnerability found in absolutely all of the analyzed programs allows for attacking users.

Each investigated application for trading on Android and iOS contained three vulnerabilities. Most of the vulnerabilities are related to unsafe data storage, such as backups and other information in public directories, and encryption keys in the source code of the platform.

Thus, in 33 percent of applications contain vulnerabilities that allow hackers to act and conduct financial transactions on behalf of other users. Scammers interested in a particular asset can manipulate the value of the currency, thereby lowering or increasing its demand and causing artificial interest. This happened in early 2018 when the hackers attacked the Coincheck cryptocurrency exchange and withdrew NEM coins worth more than $500 million. Then the asset lost 16 percent in value and led to a general tendency for the rate of digital coins to fall.

In 61 percent of the cases, the hacker can get access to the user's personal data that is stored on the exchange and in the trading application itself. Often, developers of mobile versions for exchanges pay insufficient attention to verification and do not include two-factor authentication. Using the banal selection of a PIN-code in the application, the hacker can intercept the user's work session and conduct all kinds of activities instead of the trader, or carry out a phishing attack.

17 percent of applications are subject to vulnerabilities, with the help of which one can change indicators for the prices of assets, which are reflected on the screens of devices. That is, for example, if Bitcoin will actually cost $6,260 (price as of October 30, 2018), after the application has been hacked, the hacker has the ability to tilt the indicators in any direction by indicated $10,000 or $10, depending on personal interests.

Also, the attackers can change the indicators of rates on the graphs of asset movements in real time. In stressful situations, especially when prices fall, fake candlestick adjustments can trigger the sale of coins. Let us consider some specific examples of substitution:

 The figure below shows the real trading session of the asset with the prevailing bearish trend and the last Japanese candlestick, which is not critical.

 The candle after the intervention of a hacker. Such a fall in an asset can cause not only its sale but also a real headache.

Two Main Attack Scenarios

The researchers have identified a couple of basic methods by which trading applications are hacked. The first scenario of the attack is triggered when a trader trades on the exchange and visits various websites on the internet from the same device and enters the same login and password for all social networks. On one of the portals, the hacker places a malicious JavaScript code that automatically launches activities on the exchange instead of the trader. Moreover, the installed anti-virus protection does not respond to the malicious segment in any way, since the file is not downloaded to the computer and does not require the execution of actions.

Script of a mass attack on users of the application.

The second popular method of hacking online trading platforms involves intercepting network traffic. With this attack, the hacker uses the same wave as the user to connect to the same Wi-Fi and begins to control the flow of internet traffic. This intervention is possible on the part of the provider if the communication channel is weakly protected. For example, such an attack took place with MyEtherWallet's cryptocurrency wallet in April of this year, when, fortunately, the attackers failed to steal assets with a value of more than $250 million.

Script of an attack based on network traffic interception.

How to Stay Protected

Private traders are advised by experts to first secure the device used to access the exchange. One should update the device to the latest version, follow the news from the developers and download information only from trusted sources. It is not recommended to install mobile versions of applications on devices with root or jailbreak rights. It is advisable not to connect to public Wi-Fi networks that are most vulnerable to confidential trading applications. In the presence of two-factor authentication, be sure to pass it. Do not forget about social engineering type attacks: do not follow suspicious links, do not open spam mailings, and check all attachments sent by e-mail.