Cryptocurrencies are increasingly taking an important position as an element of the financial system of the modern world. But along with the scale of their use and turnover, the risks associated with their theft, destruction and loss are also growing. Crypto cash has no embodiment, and it is impossible to store it in a safe or in another secluded place – crypto codes exist only in the memory of hard drives. On the one hand, no one can access such money without your password, which excludes possible theft [1]. At the same time, the loss of the password or the hard drive itself will lead to the loss of your funds. In view of these circumstances, it is necessary to develop and implement special protection methods that ensure their safety and security during transactions and storage.

Many of the security measures used for cryptocurrencies are similar to those used to protect accounts on websites and applications, such as: two-factor authentication, using long and complex passwords, storing passwords on paper, using different passwords for different wallets. But there are also specific measures, which include: creating a backup server to store and restore the wallet, storing the wallet offline, using separate, specially designed hardware for conducting transactions [2].

From the above it follows that, due to the high risks of loss or theft of cryptocurrency, studying methods of protecting crypto wallets is a prerequisite for their full and confident use.

This article will consider a method for restoring a crypto wallet using a seed phrase (seed key). A seed phrase is a sequence of 12 (or another number, depending on the implementation) English words. The main advantage of the recovery method using a seed phrase is its ease of use and high reliability, since the seed phrase makes it possible to generate a crypto wallet at any time, which is essentially a sequence of private keys, each 256 bits long. An example of a private key in WIF format: 5J3mBbAH58CpQ3Y5RNJpPUK. A 512-bit public key is generated from it. Then a hash is calculated from the public key. This hash is a bitcoin address, you can tell it to anyone who wants to transfer cryptocurrency to you. An example of a bitcoin address: 1CiBY4gUTcHxjELDLcds59pjMy2aoNP4fy.

The aim  of the study: to study seed phrases and their implementation in JavaScript.

In the process of achieving the set goal, the authors formulated and successfully solved the following tasks: implementation of the seed key, wallet recovery using the seed key.

Materials and methods of research

Most crypto wallets have a built-in recovery option. The recovery happens as follows: the wallet generates a set of random English words for the user, often 12, sometimes 18 or 24. An example of such a sequence of words: “happy radiance january light day swine mirror paper shirt screen yellow table”. At first glance, such a chain is a meaningless set of random words, but in fact, it is the key to restoring the wallet, regardless of the number of transactions or funds stored on it [3].

The seed key itself can be stored on any type of storage media: a piece of paper, engraving on metal, stored in memory. The most important condition is to ensure the availability and safety of the storage media itself, then you can not worry about the safety of your money in case of fire, equipment failure or any other incidents.

In principle, to use the wallet, only one seed phrase will be enough, since the wallet can be restored anywhere in the world, as long as there is access to the Internet.

Restoring a wallet is quite simple: download a wallet program that supports this technology. The list of suitable wallets is quite wide, since the technology itself is widespread. Examples of such wallets: Airbitz, Bither, BreadWallet, Coin.Space, Coinomi, CoPay, Electrum, Exodus, GreenAddress, Jaxx, Ledger, MultiBit, Mycelium, Simple Bitcoin Wallet, Trezor. Most of these wallets will require creating a seed key before opening the first wallet. In some of them, you need to look for this option yourself.

The seed key itself does not give a complete picture of the wallet and its contents. There is a cryptographic procedure called a “hierarchical deterministic wallet”. It turns the seed key into a Master Key, from which all other keys are developed in a “deterministic” order. Since the seed key is a mathematically generated deterministic sequence [4], it works regardless of the type of wallet. The only problem is that there are two types of standards. While the key phrase (seed) and the Master Key are equally standardized, there are two widely used algorithms for restoring the keys and wallet address, they are called BIP32 and BIP44. So, if the seed was created using a BIP44-enabled wallet like Bither, then trying to restore it using a BIP32 wallet like Electrum will open an empty wallet. Therefore, it is important to know which wallet is suitable for restoring from your seed phrase. Wallets with their corresponding algorithms are presented in the table.

---

Algorithms used to generate seed phrases in wallets

Wallet	BIP32	BIP44
AirBitz	x
BreadWallet	x
Coin.Space	x
CoPay		x
Electrum	x
Exodus		x
Jaxx		x
Ledger		x
MultiBit	x	x
Trezor		x

---

In addition, there are multiple implementations of the method. For example, some wallets like Ledger use a 24-word phrase, while others like Exodus will use a 12-word SEED. A 12-word SEED is not compatible with a wallet that supports a 24-word SEED. Also, not all wallets use and understand the same vocabulary, and some do not have proper implementations of deployment paths; for example, Exodus can only recover the first 4 addresses created with the Master Key, while Coin.Space does not have the ability to recover addresses created with another wallet, and so on.

There is a two-factor seed-phrase generation. It consists of using a sequence of 13/25 words, with the last of them being created by the user as a password. Some wallets use their own extended implementations of the seed-key generation algorithm, others use the BIP39 standard to extend it. But it is important to understand that if you lose your password word, it is no longer possible to restore your wallet.

To understand how a passphrase works, you need to know more about how cryptocurrencies are stored. Coins are obtained using an address. This address is formed from public keys, which in turn are formed from private keys. So, first the wallet will generate a private key, then it will unwrap the public key, and then it will transform the public key into an address.

A very simple way to save your coins is to simply write down or save your private key in an encrypted file. The private key looks like a random string of numbers and letters: L3GrBerZZXtTDcAVNiULbN84UVGjX7ezypSCsYYroBDdQDKX1E53.

To improve privacy and be more collision-proof, most advanced wallets create a new address when a transaction is made. In this case, to back up funds, you would have to save your private keys every time a new transaction is created.

In response to this problem, in 2012, one of the Bitcoin developers, Pieter Wuille, wrote a function called Hierarchically Deterministic Wallets, known as BIP32. He developed the mathematics that allows one to create a Master Key from which all other private keys can be expanded in a predetermined order [5]. That is, if we have a Master Key A, then from it we can derive keys a, b, c, d, and so on, in that order. Pieter Wuille’s method is based on public-key cryptography and elliptic curves. Later developers, such as Marek Palatinus of the Czech Bitcoin startup Satoshi Labs, developed tools to unwrap a Master Key from a 12- or 24-word seed (BIP39), as well as tools to create keys with support for multiple accounts (BIP44), which would mean that Master Key A produces accounts a, b, c, and so on, which is a fundamental feature of wallets aimed at protecting user anonymity in the face of intensive data collection from the blockchain.

Let’s look at an example of how the seed phrase generation algorithm works. First, the public and private keys are entered, as well as all additional information about the wallet (account), which is provided either by the user or the payment service. Next, based on this information, using the BIP39 algorithm, a seed is formed in base64 format, which is converted into a sequence of 12 words, as shown in Fig. 1 and in Listing 1.

Fig. 1. Generation of a mnemonic sequence

From this sequence, we can obtain a BIP32 key that can be used to fully restore the wallet, as shown in Figure 2 and Listing 2.

Fig. 2. Recreating the BIP32 key

All wallet transactions are also stored in this key, as can be seen in Fig. 3.

Fig. 3. List of transactions obtained from a BIP32 key

Research results and their discussion

Let us note the advantages of the above implementation of the method:

1. Security – since the method is based on public-key cryptography on elliptic curves, then if an attacker has a public key, he will not be able to find the corresponding private key more efficiently than by solving the discrete logarithm problem on elliptic curves (it is assumed that 2128 operations on elliptic curve points will be required) [6, 7]. Also, the ability to store a wallet as a seed phrase allows you to reduce the protection of your cryptocurrency to ensuring the confidentiality of a sequence of twelve words.

2. Ease of use for the user, who only needs to run the program. It in turn will generate a wallet and the corresponding seed phrase, which the user can then store as he likes (for example, write it down on paper or remember it).

3. Cross-platform – code written in JavaScript can be run on any computer with a modern browser installed.

4. Ease of implementation of this method into any software for working with cryptocurrency.

As a result, we can conclude that this algorithm allows the user to store their wallet as a sequence of several words, from which they are guaranteed to be able to restore the wallet in full integrity. The user is only required to ensure the necessary measures to protect the seed phrase from deliberate theft and accidental loss, then they will have a powerful mechanism to protect their crypto wallet. The article also showed the implementation of the wallet generation method using a seed phrase, which provides the necessary security, ease of use and implementation, and is also cross-platform.

---

In mid-December 2024, British experts from the School of Computing  at the University of Kent  published the results of a study indicating that quantum computers pose a threat to cryptocurrency platforms. In theory, quantum devices will provide the ability to crack  Bitcoin encryption  , allowing attackers to steal billions of  dollars .

In early December 2024,  Google  announced a quantum  processor  called Willow  with 105 qubits. The chip is said to be able to solve a problem from the RCS quantum benchmark in less than five minutes, which would take Frontier, one of the world’s fastest  supercomputers  , 10 septillion years (10 to the 24th power). This achievement has reignited the debate around  blockchain security . Some experts believe that quantum computers pose a real threat to Bitcoin’s cryptographic algorithms, such as the Elliptic Curve Digital Signature Algorithm (ECDSA) and Secure Hash Algorithm (SHA-256).

𝓲 Quantum computers threaten cryptocurrencies

However, AllianceBernstein analysts believe that the real threat of hacking Bitcoin may arise only in decades. The fact is that such an attack would require quantum computers with millions of  qubits . Therefore, the cryptocurrency community “has enough time to implement changes to protect the blockchain” from quantum attacks. This means developing quantum-resistant cryptographic algorithms. ^[1]

2022

Hackers stole $2.5 billion from blockchain platforms

In January-September 2022, the damage from  hacker  attacks  on  blockchain platforms worldwide amounted to $2.5 billion, including $483 million in the third quarter. This is stated in a report by researchers Slowmist Hacked and Atlas VPN, published at the end of October 2022.

The most popular platforms among hackers were the Ethereum ecosystem   , where $348 million was stolen as a result of 11 attacks in the third quarter of 2022. The Polkadot ecosystem is in second place in terms of the amount of funds stolen, with $52 million as a result of just two attacks. The Binance Smart Chain (BSC) ecosystem is in third place: $28 million as a result of 13 attacks.

Hackers have stolen $2.5 billion from blockchain platforms since the beginning of the year

The Solana (SOL) ecosystem lost more than $6 million in cryptocurrency during this period as a result of three hacker attacks. In four cases, blockchain-related attacks resulted in losses of $5.1 million. Three times, hacks of cryptocurrency exchanges allowed cybercriminals to steal funds worth $6.8 million.

Experts from Atlas VPN noted that the  cryptocurrency market  is experiencing a “bear” trend, due to which hackers are less active. We are talking about the fact that at the beginning of 2022, the cryptocurrency market was valued at $ 2.2 trillion. By the end of October 2022, its capitalization fell to $ 1 trillion. That is, the lower the cryptocurrency rate became, the fewer cyberattacks there were. Skolkovo and TAdviser identified the leaders of the Russian CRM systems market 7.9 t

In the third quarter of 2022, there were 55 hacks, while in April-June there were 96. The number of blockchain hacks in the third quarter of 2022 decreased by 28% compared to the same period a year ago. If the cryptocurrency market continues to fall, then in the fourth quarter of 2022, there will most likely be about the same number of hacks as in the third, the researchers predict.

DARPA: Blockchain Isn’t That Safe

In June 2022,  the US Defense Advanced Research Projects Agency (DARPA)  published a study questioning the security of the blockchain technology that powers  the software , raising concerns about its use.

Blockchain technology refers to  software that stores information in a secure, decentralized network where users require special cryptographic keys to decrypt and access the data. This key technology that governs cryptocurrency transactions must be decentralized to prevent any entity from tampering with the information stored on its network.

DARPA: Blockchain Isn’t That Safe

The report’s authors found that some forms of the technology could be subject to change, putting at risk the data stored on the blockchain, where transaction records are kept.

One of the most important components of a secure and decentralized blockchain system is the system of nodes, or participating computers, that are part of the network.

If even one of these nodes does not have proper security protocols or is simply controlled by a bad actor, the data passing through the blockchain can be hacked or altered. This fact contradicts existing ideas about blockchain security and puts the information stored in the various blocks at risk.

Additionally, inconsistency in security protocols between nodes in a blockchain network or mining pool poses a security threat to each node.

The report also notes that all  Bitcoin protocol traffic , in particular, is unencrypted, which does not initially pose a threat to the data transmitted between network nodes. However, if any route between network nodes is damaged, external actors could potentially disrupt the transaction process.  ^[3]

2020: Forrester: Blockchain is a revolutionary technology, but it has problems

Blockchain is a revolutionary technology that will continue to develop in 2020 due to mass digitalization, which is in turn happening due to the  COVID-19 pandemic, said Martha Bennett, vice president and senior analyst at Forrester Research , in mid-May 2020.   However, she noted that blockchain has some problems that still need to be solved.

Blockchain is a revolutionary technology that will continue to evolve in 2020 thanks to mass digitalization.

However, not all projects will be continued – in the era of economic crisis, due to the lack of sufficient resources, the most risky ones will be closed. The main thing for those who decide to stay is to clearly understand how to put the current project on a commercial track and benefit from it, Bennett said.

There is a gap between pilot testing and commercial launch that is not just technical, she says, because businesses have yet to fully understand the technology, which is still in its early stages.

She, for example, attributes government regulation to non-technical problems. In turn, the analyst attributed integration with  enterprise ERP systems and the need for companies to find ways to interact with several blockchain platforms, the number of which is steadily growing, to technical problems. ^[4]

2017

Threats and risks of blockchain

In 2017,  cryptocurrency transactions were considered  secure and  public key encryption schemes  were nearly impossible to crack. However, this does not mean that there are no vulnerabilities associated with insecure key storage or theft through social engineering.

The presence of weaknesses may also be due to the blockchain platform, which may be unsafe due to the development environment used or the presence of vulnerabilities in the IT architecture of the system.

Another threat is the emergence of quantum computers, which could theoretically break all public-key encryption algorithms.

There is a dangerous “51 attack” associated with the unification of a critical number of participants for the network in order to branch chains in a direction convenient for attackers

Why Blockchain Isn’t Suitable for Trading Physical Commodities

On August 16, 2018, the management consulting company  Boston Consulting Group (BCG)  presented a study that examined the problems of implementing blockchain in the retail network. Despite the fact that companies and  banks  have been actively using blockchain since 2016, the authors of the report believe that the new technology is not suitable for trading operations with physical goods.

Blockchain, originally used as a platform for  cryptocurrency , is expected to increase transaction transparency and reduce the risk of fraud. However, as of August 2018, the volume of trade using blockchain is still too small to say with certainty when its volume will reach critical mass, Reuters reports  .

Blockchain is seen by many financial institutions as improving productivity, making transactions more transparent and minimizing the risk of fraud.

According to BCG report co-author Antti Belt, the main problem with using blockchain is that  cryptocurrency  is not intended for physical transactions – it is impossible to track a physical object in the virtual world.

In addition, the introduction of new technologies must be accompanied by agreement on terminology, and it is not yet clear whether the transition to a blockchain platform is justified from an economic point of view.

The researchers also note that it is unclear to what extent merchants will embrace blockchain, which could reduce their already slim profit margins. The BCG report emphasizes that as platforms form, the pricing inefficiencies and uneven information distribution that underpin middlemen’s fees will disappear, taking merchants’ profits with them.

At the same time, according to analysts, the use of blockchain can increase the transparency of transactions, create a more efficient and liquid market. Trade transactions will no longer be limited by bilateral agreements and will move to more flexible transactions based on electronic platforms between many sellers and buyers. The more widely new technologies are implemented, the less the role of intermediaries will be, and it is not yet clear whether they will want to actively use blockchain. 

BCG report co-author Steven Kok notes that blockchain will be most useful in areas of trade where the origin of the goods plays an important role. For example, this concerns the diamond trade. For example, since May 2018, De Beers has been using distributed ledger technology to track the most expensive diamonds from the place of their extraction to the sales representative in order to rid the supply chain of fraudsters and illegal exploitation of deposits.

Natixis  , IBM and  Trafigura Group are developing a blockchain- based   solution for financial transactions in the commodity trading industry that will be used in transactions in the  US crude oil  market .

Since the buyer, seller and their servicing banks are on a single ledger, all parties can simultaneously view and share the status of the transaction. They can follow the transaction from the moment a new deal is confirmed and validated to the process of checking the quality of the crude oil, its final delivery and the cancellation of the letter of credit.

Blockchain  will only be an effective tool in the commodity market if everyone uses it. Sporadic transactions on the distributed ledger do not affect the overall picture, BCG concluded. ^[5]

Slow performance due to cryptography

Speed ​​is often cited as a serious obstacle to the widespread adoption of blockchain. In terms of performance, blockchains are significantly inferior to traditional databases, and there is a reason for this: the cryptographic component, which, in fact, gives blockchain such important advantages, involves complex calculations. For example, the throughput of the  Bitcoin system  is only seven transactions per second. Of course, this figure does not compare with the two thousand transactions per second that go through the  VISA payment system on average , the maximum performance of which reaches 56 thousand transactions per second (however, this reserve is never used more than a third, even during the most active shopping periods).

Of course, there is active work on increasing the productivity of blockchains. In particular, the BitShares crypto platform is declared to be able to process up to 100 thousand transactions per second, which, of course, sounds pretty good. However, it should be taken into account that the methods used in BitShares to determine productivity differ from the generally accepted ones. In fact, the distributed nature of the blockchain in principle complicates any comparisons, but for now the difference in productivity remains huge and the score is not in favor of the new technology.

Infrastructure setup and management

Setting up and managing the infrastructure to support blockchain solutions is another challenge for organizations experimenting with the technology. Teams involved in information security, transactions, cloud computing, and many other processes are starting to implement blockchain, positioning the technology in their companies as a new solution for working with data and/or code. At the same time, the mentioned process can be quite disruptive – in particular, because there are no proven methods for its successful implementation yet. In 2017, the first attempts to improve the situation are being made (for example, a project by  Microsoft  called Bletchley or the blockchain project  Hyperledger ), but such systems are not yet ready for a full launch.

When talking about a fashion trend, businessmen often miss the main thing: blockchain is a new technology for working with data, and not a new product that can be resold at a profit. Of course, blockchain technologies will help reduce costs when working with documents, but first you need to pay a third-party contractor to develop the corresponding product.

Lack of reliable and effective technological solutions

Another reason not to rush to implement blockchain technologies as of July 2017 is the lack of uniform rules of the game, i.e. reliable and effective technological solutions available to everyone. Work in this direction is already underway – a working group has been created in  Russia  under the leadership of First Deputy Prime Minister  Igor Shuvalov  to implement blockchain technology in public administration.

Perhaps, after the products created to solve state problems have been tested within the administrative system, they can be offered for implementation in the business community. As an example of such work, we can cite the development  by the Central Bank  , together with a number of specialized departments, of an online platform providing information and technical support for banking cyber defense systems, which should be ready by the end of 2017.

Lack of legal framework

The use of blockchain technologies in 2017 is outside the legal field. This can be illustrated by the example of  ICO  (Initial Coin Offering). Startup creators issue their own digital coins (tokens) using blockchain technologies and exchange them for  cryptocurrencies  or fiat currencies to attract the necessary funding. The legal status of ICO is not defined in any country in the world today, and therefore such investments have no guarantees of return.

Developments of fundamentally new technological solutions are underway, but their mass implementation should not be expected until the moment when blockchain technologies receive a specific legal status.

---

Many controversial articles written about bitcoin prompted me to write an article about the internal structure of this system. I was surprised that some authors  wrote  about digital coins without understanding the internal structure, and the meaning of long discussions was an unsuccessful attempt to find out whether it is a scam. I hope after this article, faith or trust in bitcoin will turn into confidence and awareness. I will not reveal the socio-economic impact of digital coins in this article, but will focus exclusively on the internal algorithms.

Electronic digital signature (EDS)

Unfortunately, I have not found suitable simple images to show how elliptic curve cryptography works from the inside. Let’s take this tool “on faith”. The same algorithms are used in the banking sector (and not only), so the collapse of the digital signature will lead to a crisis in many industries. So, with a private key we sign “letters of transfer of ownership” (transactions), and thus give our coins to someone else. With a public key we verify the authenticity of other people’s transactions.

Hashing

If you understand the hashing process, skip this section. It is quite easy to demonstrate hashing. Let’s take some number… for example, the phone number +7 (495) 606-36-02. Let’s add all the digits together, several times:
7+4+9+5+6+0+6+3+6+0+2=48 => 4+8=12 => 1+2=3
This way, you can uniquely associate any phone number with some number. The summation process is called hashing, the method itself is called a hash function, and the resulting number is called a hash sum or simply a hash.
The following properties are usually achieved from hashing:
– Knowing the hash sum (in our case, 3) cannot determine the original phone number.
– It is impossible to adjust the phone number to a pre-known sum (not applicable in our example, but required for bitcoin).
– A small change in the phone number will lead to a radical change in the hash (not applicable in our example, but required for bitcoin).
There are also many other clear everyday examples of hashing in  the wiki  article.

Transfer of ownership. Public key hash

Bitcoin operates with the hash sum of the public key as an address for transferring coins. It costs nothing to announce someone’s bitcoin address to everyone. Even participants in the “battle of psychics” will not be able to find out the original key by its hash. And the key pair itself will be used only once – when transferring ownership. This is where the life of the key pair ends.

PUB1 — public key
PRIV1 — secret key
HASH1 or HASH(PUB1) — hash sum of public key (bitcoin address).
HASH2 or HASH(PUB2) — hash of public key of the next owner.

Let’s digress from coins for a while. Let’s take, for example, a car owner whose ownership is beyond doubt.
— The owner shows everyone the hash of his public key HASH(PUB1), the serial number of the car at a public meeting (fair, TV show), and everyone agrees with it — no one makes any claims.
— Until the moment of sale, both keys PUB1, PRIV1 of the seller remain secret. Only HASH(PUB1) and the corresponding serial number of the car are known.
— As soon as the owner wants to sell the car to a buyer, he writes an open letter in which he indicates the serial number and the hash sum of the public key of the second owner HASH(PUB2). And of course, he signs the letter with his secret key PRIV1, attaching the public key PUB1.
— After the transfer of ownership, the secret key is no longer relevant — there cannot be a second such letter (see “Single History”). The public key can be used to verify the letter itself, to verify the second owner.
– Nothing is known about the second owner except HASH(PUB2), until he transfers the rights to the third owner. And this chain can be endless.
– By signing the transfer of rights using an EDS, the owner not only verifies himself, but also imposes an obligation to transfer. As the saying goes: “a word is not a sparrow, once it flies out, you won’t catch it.”
– Thanks to HASH(PUB), double protection is achieved. The first riddle is to find out the public key by its hash. The second riddle is to sign with someone else’s secret key.

If you replace a car with bitcoin, then the hash of the previous transaction acts as a factory number. And the entire chain of owners is stored publicly by each user.

“And the change!?”

You have to keep the change for yourself. But it is designed that the secret key is used only once, and part of your coins are sent to your new, undisclosed address. Because of this, it is difficult to understand how many coins belong to any address, and it is difficult to judge the volume of coins transferred per day/month/year.

A single story. What do miners dig?

To prevent double-spending, there must be a single history of all transactions. Then only the first transaction (the letter transferring rights to the coins) will be included in the journal, or at least one of several. To do this, transactions are combined into blocks and only “beautiful” blocks are recognized. A “beautiful block” is hard to find, like finding only one good nugget out of tons of gold ore. In our case, the block hash must contain a certain number of zeros.
A block consists of the previous block (hash), the hash of all included transactions, and a randomly selected number (English: nonce).
An example of  a bitcoin block  from blockexplorer.com: See how many zeros there are at the beginning of the block hash? That’s why it was so hard to find. But anyone can easily verify the authenticity of a “beauty” block. The number of zeros in the hash is chosen so that each block is born approximately once every  6-10  minutes. For finding a block, a reward is given, currently 50 coins. Also, the finder is given all fees from payments (transactions fees), for those transactions that are included in his block. A single history is achieved due to the fact that the longest chain of blocks always wins. It is not a problem if an isolated piece of users is split off from the Bitcoin network – subsequently, all split transactions will be included in a longer chain (taking into account the complexity).
* Hash: 00000000000001c21dbf4715d5da1a288061faa21e950dd8df6ae25c8b55d868
* Previous block?: 000000000000056a7dcf283f627c2a17c55ffe1937a6ed2bc467d9c524311da2
* Difficulty: 1 690 895.803052 ("Bits": 1a09ec04)
* Transactions: 184
* Total BTC: 4251.63216933
* Size: 58.913 kilobytes
* Merkle root: 98c5d975bf556f0344770eee7ab31688a1c108223c14cea908ff99b0ab8fe947
* Nonce: 3723473450

Subtleties of work

— Hashing is usually understood as double sha256, i.e. sha256(sha256(x)).
— Surprisingly, bitcoin does not encrypt anything. The entire transaction log is completely open information. Anyone can verify the integrity of all transactions, count the number of coins in circulation. There is no chance for counterfeiting. The only opportunity for evil is to suspend bitcoin for a while.
— When you first start, the bitcoin application creates a pair of keys. More precisely, it creates 100 pairs in advance, so you can make a wallet backup for no more than 100 transactions in advance.
— In fact, the transaction specifies the verification algorithm, in addition to the bitcoin address itself. Bitcoin has its own primitive, intentionally truncated  programming language built into it , which allows you to make complex transactions. For example, you can program money to be sent to several recipients (like a safe deposit box with several keys). Or include time limits on spending money (not earlier than 2013), etc.
– Transactions in a block are placed in the form of a hash tree. In this way, in the future, completed transactions can be thrown out to save disk space without violating the integrity of the blocks.
–  A Bitcoin address  contains a checksum. Therefore, it is impossible to make a mistake in the address by missing or replacing one or more symbols.

Regardless of the rate of the coin (only speculators can be offended by the system), I believe that bitcoin has become very successful in technical terms. There is much to learn here and use the experience gained in the future.

---

with the growing popularity of blockchain (and in particular the blockchain-based cryptocurrency Bitcoin)  have increased many times over

and hacker attacks, various attempts at fraud and theft of virtual cash. All this certainly makes experts and developers think about the security of blockchain as a promising technology.

Today in the article we propose to consider in a little more detail potential attacks on the blockchain as a technology, as well as products and services based on it. And of course we will look a little deeper into its cryptographic core, as the basis for ensuring the security of crypto calculations

A few words about technology

Before moving directly to security issues, just a couple of short paragraphs about  the Blockchain technology itself  in simple language.

As authoritative sources tell us 

,  BlockChain  technology appeared by IT standards quite a long time ago, namely in 2009. And after some time, it loudly announced its existence to the whole world, for example, having most vividly demonstrated itself as a technological platform for  cryptocurrency

, which is now  Bitcoin

.

Without going into complex formulations and mathematical descriptions,  Blockchain  is essentially a distributed database consisting of many blocks of information generated in such a way that their unauthorized modification or deletion is practically impossible.

The trick with this technology is that once blocks of data have been published in the registry, using cryptographic functions, time stamps, and links to the previous block (linked chain of blocks), it is impossible to roll them back or make any changes to the record. This is achieved because all calculations are decentralized, meaning there is no single control center or monopoly power over calculations. In addition, all information about calculations is stored in the network by several participants (the so-called  miners  ). Although the content of the blocks themselves is not encrypted and is available in the open, the data in the block is cryptographically protected through  hash chains  . And the decentralized database publicly stores in unencrypted form the full information about all modern transactions signed using  asymmetric encryption.

.

Therefore, the key advantages of the blockchain are often called   the transparency of the transaction process  and multiple duplication of information about transactions for each participant in the process. Hence the conclusion why it is impossible to forge a transaction or delete it from the database ( registry)

).

Blockchain  has already become a technological platform for payment systems, smart contracts, and in the future, such industries as data management, electronic voting, authentication and access rights verification, forecasting, online services (social networks, music, etc.), securities trading and even car sharing are named.

In the IT industry,   blockchain  has found its place primarily in the field of data storage and verification, for example, what is currently used for data mining

Some technical basics of blockchain

Again, without going into complex technical details, here is a quick primer on the main technical aspects of  Blockchain technology . This will help us understand later what security issues might be. So, let’s go!

As we have already found out above,  Blockchain uses cryptographic functions  for calculations and block protection   . Let’s take a closer look at the concepts of  “digital signature”  and  “hash chain” .

If we take the definition from  Federal Law No. 63 “On Digital Signature”  , then

An electronic signature (ES)  is a special document attribute that allows establishing the absence of distortion of information in an electronic document from the moment the ES is generated and confirming the ES ownership. The value of the attribute is obtained as a result of cryptographic transformation of information.

How does a digital signature work?
So, each person can create a “personal identifier” (ID, nickname) and a “digital signature” confirming the authenticity of the author for communication on the Internet or data exchange with other users via a computer and telecommunication channels.

An electronic signature  allows you to:

• Confirm the authorship of the message sender
• Ensure that no one can forge a message sent and confirmed via an EP

So,  with the private key  we sign  “letters of transfer of ownership”  (transactions), and thus, for example, we give our coins to someone else.  With the public key   (certificate) we check the authenticity of other people’s transactions.

Hashing is the transformation of an input data array  of  arbitrary length into an (output) bit string of fixed length. The function that implements the algorithm and performs the transformation is called  a “hash function”  or  “convolution function” . The original data is called the input array, “key”, or “message”. The result of the transformation (output data) is called  a “hash”, “hash code”, “hash sum”, “message summary” .

A cryptographic hash function  is any hash function that is cryptographically secure, that is, satisfies a number of requirements specific to cryptographic applications.

How does hashing work?

It is quite easy to show hashing. Let’s take some number… for example, the phone number +7 (495) 606-36-02. Let’s add all the digits together, several times:
7+4+9+5+6+0+6+3+6+0+2=48 => 4+8=12 => 1+2=3
This way, you can uniquely associate any phone number with some number. The process of adding up is called hashing, the method itself is called a hash function, and the resulting number is called a hash sum or simply a hash.

Typically  the following properties are achieved from hashing :

• Knowing the hash sum (in our case 3) it is impossible to determine the original phone number.
• It is impossible to adjust a phone number to a pre-known amount (not applicable in our example, mandatory for bitcoin).
• A small change in the phone number will result in a dramatic change in the hash (not applicable in our example, but is required for bitcoin).

The requirement for block hashes is determined by a special parameter called “difficulty”. Since the network’s computing power is not constant, this parameter is recalculated by network clients every  2016 blocks  in such a way as to maintain the average speed of blockchain formation at the level of 2016 blocks per two weeks.

Thus, 1 block should be created approximately once every ten minutes. In practice, when the computing power of the network grows, the corresponding time intervals are shorter, and when it decreases, they are longer. Recalculation of difficulty with a time reference is possible due to the presence of the time of their creation in the block headers.

Blockchain Attacks and Security Issues

Any new technologies always bring not only benefits to civilization, but also contain new risks, including risks associated with information security.

Blockchain , in addition to being an IT phenomenon, is also a social phenomenon, just remember  the hype

around bitcoin and  mining farm

in China! And as is known, sooner or later, attempts at deception (fraud) occur in any social group.

So let’s look at the most realistic and key attacks on  Blockchain technology  and products built on its basis.

Attack 51%

The essence of the attack is that the attacker, controlling more than fifty percent of the confirming resources of the blockchain network, can print his own chain of blocks, which will overtake the main chain of the blockchain and, as a result, become the main one. At the same time, he can easily and freely cancel some of the transactions made in the blocks he discarded. For example, transactions on money transfers. Thus, theoretically, it is possible to cancel a transaction retroactively.

In essence, mining is like trying lottery tickets. With different probabilities of winning. So for a successful attack, you can have even less than 51 percent of the power. The probability of success will fall, but the criminal can hope to get lucky.

In the early stages of its development, Bitcoin and any similar currency are vulnerable to the so-called “51% Attack”: as long as the attacker has more power than the rest of the network, he will be able to not confirm other people’s blocks, confirming only his own, which means receiving 100% of all new bitcoins and blocking any transactions at his own discretion. At the moment, to carry out such an attack on the Bitcoin network, the computing power required is many times greater than the power of all the supercomputers from the  TOP-500 rating

.

Denial of Service (DoS) Attacks

Sending a large amount of “garbage” data to a node processing transactions can complicate its work. For example, the Bitcoin Satoshi client version 0.7.0 blocks all suspicious nodes and transactions, does not allow duplicating transactions, controls the occurrence of DoS attacks, catches intruders in the system, fixes errors, etc.

Hacking crypto hash function algorithms

Algorithms for calculating the hash function of  SHA-256 standards

and  ECDSA

are considered to be quite robust given current computing power. However, the advent of high-performance  quantum computers

will increase the risk of breaking these cryptographic functions.

Attack of the Sybil

A hacker can try to flood the network with nodes under their control, and other users will only be able to connect to blocks created for fraud. For example, the Attacker blocks transactions from other users, disconnecting you from the general network. The Attacker then connects you only to blocks that he creates in a separate network. This will result in transactions that will send money again (double-spending).

Slowing down time in the system

The scenario of this attack is as follows: hackers attack a network in which there are subscribers of a blockchain product, for example, Bitcoin, and by creating a large computing load on the system, they slow down time within the network, which complicates the transfer of data, messages between users, updating information in the network, the formation of blocks, chains and their recording by transaction participants.

Transaction vulnerability

Although Bitcoin transactions are signed, this signature does not cover all of the information that is hashed to produce the transaction hash. In fact, it is possible to change the parameters of a transaction so that the hash changes but the signature remains the same.

Based on this, an attack can be organized when withdrawing funds from third-party services. In the original transaction, the identifier is replaced, the money reaches the recipient, but he informs the service’s technical support that the original transaction did not arrive. As a result, the service can resend the funds.

There is another variation of this attack called   “transaction malleability.”  The essence of the attack is that the attacker changes the unique identifier of the bitcoin transaction before it is confirmed in the Bitcoin network. With this change and under the right conditions, the user can pretend that the transaction was not made.

Code errors

Bugs can lead to instability in the system’s protection. For example, information in a node must be updated in a short period of time. If this does not happen due to a bug, the necessary information does not appear in the chain, incorrect data begins to spread across the network, etc. All this can cause the network to stop working for several hours.

Cryptography Guards Blockchain Security

This paragraph uses materials presented in articles  here

and  here

, and also  here

and also  here

.

Basic idea

A fundamental part of Bitcoin is, of course, cryptographic algorithms. In particular, an algorithm such as  ECDSA — Elliptic Curve Digital Signature Algorithm,  which uses  elliptic curves

(elliptic curve) and  finite fields

(finite field) for signing data so that a third party can verify the authenticity of the signature, eliminating the possibility of its forgery.

What is ECDSA

ECDSA is an acronym for  Elliptic Curve Digital Signature Algorithm . It is a process that uses  elliptic curves.

and  finite fields

to “sign” data in a way that allows third parties to easily verify the authenticity of the signature, but the signer retains the exclusive ability to create signatures. In the case of  Bitcoin  , the “data” that is signed is the transaction that transfers ownership of the bitcoins.

ECDSA has two separate procedures for  signing  and  verifying  (i.e., verifying) it. Each procedure is an algorithm consisting of several  arithmetic operations . The signature algorithm uses  a secret key  , while the verification algorithm uses only  the public key .

Elliptic Curves – Theory

There is nothing complicated about elliptic curves. Algebraically, each such curve can be represented as an equation of the form:

y² = x³ + ах + b

For a = 0 and b = 7 (which is the version that Bitcoin uses), this curve looks like this:

Elliptic curves have some useful properties. For example, a non-vertical line that intersects a curve at two points will always intersect it at a third point on the curve. Another property is that if a non-vertical line is tangent to the curve at one point, it will intersect the curve at exactly one more point.

We can use these properties to define two operations on the points that make up the curve: point addition and doubling.

To  add points , P + Q = R, we draw a line through P and Q that, by the properties of elliptic curves, intersects the curve at some third point R ‘ . We then find a point on the curve that is symmetric to R ‘  with respect to the X-axis. It is this point R that will be considered the sum of P and Q. This is most easily understood by looking at the following diagram:

This is all well and good, but how do we add a point to itself? To do this, we define the operation of  doubling a point , P + P = R. When doubling, we draw a line tangent to the given elliptic curve at point P, which, according to the properties of the curve, must intersect it at another point R ‘.  Point R, symmetrical to R ‘  with respect to the X-axis, will be considered the doubling point of P. On the graph, this looks like this:

These two operations can be used to define the  scalar multiplication operation , R  = a P , defined as adding a point P to itself  a  times. For example:

R = 7P

R = P + (P + (P + (P + (P + (P + P)))))

The process of scalar multiplication can usually be simplified by using a combination of addition and doubling of points.

For example:

R = 7P

R = P + 6P

R = P + 2 (3P)

R = P + 2 (P + 2P)

Here the 7P operation was broken down into two stages of doubling the dots and two additions of the dots – as a result, instead of 7 operations, only four need to be performed.

In fact, now you know everything there is to know about elliptic curves.

Private Key – Theory

Private key  is a fairly general term and different types of private keys may be used in different electronic signature algorithms.

As you may have noticed, Bitcoin uses the  ECDSA algorithm  – in its case, the private key is some natural  256-bit number , that is, the most common integer from   to  . Technically, even the number  123456  will be a correct private key, but very soon you will find out that your coins “belong” to you exactly until the moment the attacker gets your private key, and values ​​like  123456  are very easy to sort out.

It is important to note that today it is impossible to go through all the keys due to the fact that   this is a fantastically large number.

Let’s try to imagine it: according to this article, there are slightly fewer   grains of sand on the entire Earth. Let’s use the fact that  , that is,   grains of sand. And in total we have  , approximately  .

So we can take all the sand on Earth, turn each grain of sand into a new Earth, in the resulting pile of planets, turn each grain of sand on each planet back into a new Earth, and the total number of grains of sand will still be orders of magnitude less than the number of possible private keys.

For the same reason, most Bitcoin clients simply take 256 random bits when creating a private key – the probability of a collision is extremely low.

Open (public) key – theory

Let   be our private key,   be the base point, then the public key is  . That is, in fact,  the public key  is some point lying on the SECP256k1 curve.

Two important nuances. First, it is easy to see that the operation of obtaining a public key is defined unambiguously, that is, a specific private key always corresponds to a single public key. Second, the reverse operation is computationally difficult and, in general, a private key can be obtained from a public key only by exhaustive enumeration of the first.

Below you will learn that exactly the same relationship exists between a public key and an address, only there it is all about the irreversibility of hash functions.

ECDSA in Bitcoin

The Bitcoin protocol has a fixed set of parameters for the elliptic curve and its finite field, so that each user uses a strictly defined set of equations. Among the fixed parameters are the equation of the curve (equation), the value of the field modulus (prime modulo), the base point on the curve (base point), and the order of the base point (order). You can read about calculating the order of the base point  here

This parameter is specially selected and is a very large prime number.

In the case of Bitcoin,  they are used

the following values:

The equation of an elliptic curve is:
y² = x³ + 7

Simple module:
2256 – 232 – 29 – 28 – 27 – 26 – 24 – 1 = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

Base point:

04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8

The X coordinate in hexadecimal notation is shown in bold, followed immediately by the Y coordinate.

Order: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141

This set of parameters for the elliptic curve is known as secp256k1 and is part of the SEC (Standards for Efficient Cryptography) family of standards proposed for use in cryptography. In Bitcoin, the secp256k1 curve is used in conjunction with the elliptic curve digital signature algorithm (ECDSA). In ECDSA, the secret key is a random number between one and an exponent. The public key is formed from the secret key by multiplying it by the base point. The equation is:

Public key = private key * G

This shows that the maximum number of secret keys (and therefore Bitcoin addresses) is finite, and equal to the order. However, the order is an incredibly large number, so it is impossible to accidentally or intentionally guess another user’s secret key.

Calculating the public key is done using the same doubling and dot addition operations. This is a trivial task that a regular personal computer or smartphone can solve in milliseconds. But the inverse problem (obtaining a secret key from a public one) is a discrete logarithm problem, which is considered computationally difficult (although there is no strict proof of this fact).

Once a private/public key pair has been obtained, it can be used to sign data. This data can be of any length. The first step  is usually

hashing the data to obtain a unique value with a number of bits equal to the bit depth of the curve order (256). After hashing, the data signature algorithm z is as follows. Here, G is the base point, n is the order, and d is the secret key.

• Some integer k is selected in the range from 1 to n-1
• The point (x, y) = k * G is calculated using scalar multiplication
• Find r = x mod n. If r = 0, then return to step 1.
• Find s = (z + r * d) / k mod n. If s = 0, then return to step 1.
• The resulting pair (r, s) is our signature.

After receiving the data and the signature to it, a third party, knowing the public key, can verify it. The steps for verifying the signature are as follows (Q is the public key):

• Check that both r and s are in the range 1 to n-1
• Calculate w = s-1 mod n
• Calculate u = z * w mod n
• Calculate v = r * w mod n
• The point (x, y) = uG + vQ is calculated
• If r = x mod n, then the signature is valid, otherwise it is invalid.

Indeed,

uG + vQ = u + vdG = (u + vd)G = (zs-1 + rds-1)G = (z + rd) s-1G = kG

The last equality uses the definition of s at the signature creation stage.

The security of ECDSA is due to the difficulty of the secret key search problem described above. In addition, the security of the original scheme depends on the “randomness” of the choice of k when creating the signature. If the same value of k is used more than once, then the secret key can be extracted from the signatures, which is  what happened

with PlayStation 3. Therefore, modern implementations of ECDSA, including those used in most Bitcoin wallets, generate k deterministically based on the secret key and the message being signed.

---

There are many ways to hack into an organization’s or user’s computer system and steal valuable information. For many companies, such an event becomes a disaster. In some cases, the leakage of confidential data can completely destroy the reputation and business of the enterprise and lead to its collapse. For the user, hacking a computer most often threatens the theft of credentials and loss of money.

Positive Technologies (a developer of cybersecurity products and solutions since 2002) found that in Q2 2023, the number of cyberattacks increased by 4% compared to the previous quarter and by 17% compared to Q2 2022. The share of targeted attacks increased — they accounted for 78% of the total. The most common consequences of successful cyberattacks:

• leaks of confidential information (67%);
• disruption of core activities (44%).

In attacks with leaks of confidential information, hackers seek to steal personal data (53%) and commercial secrets (18%) of organizations. If attacks are carried out on individuals, they steal mainly credentials (43%).

A separate niche in the field of digital crimes is occupied by hacker attacks on blockchain projects, in particular on crypto services. Cryptocurrency is very attractive to fraudsters, since it is often not protected by conventional financial security measures. 

Yes, the blockchain itself is based on encryption mechanisms, but any encryption can be hacked. The more vulnerabilities in the code, the higher the risk of a successful attack by hackers. In the event of hacking and theft of cryptocurrency, it is much more difficult for the client to seek justice and return their assets. Blockchain analytics platforms help to search for stolen funds, but, unfortunately, in most cases they cannot prevent the theft of cryptocurrency, since the source of the hack is outside the blockchain.

The most common hacker attacks on the blockchain

In general, without going into details of the numerous types of hacks, there are several types of attacks on the blockchain: exploit (using vulnerabilities in software code), interaction with the victim (attack on the user), interception and substitution (clipping).

An exploit is a type of malware. It is data or executable code that can take advantage of one or more vulnerabilities in software on a local or remote computer. The user either visits a website containing malicious code or opens a file with hidden malicious code. In the second case, spam (phishing) is usually used to deliver the exploit. For example, the Deadbolt ransomware virus (appeared in 2022) encrypts information on the victim’s computer and demands a ransom in cryptocurrency for its decryption.

Fig. 1. This is what the Deadbolt ransomware pop-up window looks like

Active interaction with the victim of an attack is another common way to steal crypto. Fraudsters create fake accounts, get acquainted with the “client”, and gain their trust. The victim is encouraged to use a phishing link or a dubious resource. As a result, the client himself gives the hackers the information that is needed to steal cryptocurrency from his wallet.

Hijacking involves “faking” the interface between IT services. It happens after a user starts a session under their account. The browser creates a temporary session file with the user’s data. This is where the hacker steps in, gaining access to someone else’s session in various ways. While the user is shopping or searching for the information they need, the hacker uses their active session to steal personal data and money.

Clipping is the substitution of data in the clipboard. Such attacks use malware. They monitor the contents of the clipboard and, when they determine that the victim has copied the wallet address, they quietly replace it. The funds go to the attacker’s wallet. 

For example, the malicious Tor installer, which was actively distributed across the CIS countries in 2022–2023, was embedded in a chain of programs allowed to view the Windows clipboard. It received notifications about changes to the data in the clipboard. If it was text, the malware searched for regular expressions from an existing set. If it saw matches, it replaced the text with a randomly selected address from a specified list. After that, the money went to the attackers.

Fig. 2. Amounts of cryptocurrency stolen using malicious Tor installer in 2022–2023 (according to Kaspersky Lab)

A rather curious type of fraud is counterfeit hardware wallets. For example, Kaspersky Lab reports on this method. In its blog, you can find a detailed article with an analysis of a counterfeit Trezor Model T hardware wallet. One unfortunate day, a large sum of cryptocurrency was stolen from this wallet. Opening the wallet showed that it was a fake.

The most common method (up to 70% of all attacks) is an exploit. Moreover, if earlier attacks were mainly associated with gaining access to the consensus mechanism, now these are more often attacks on smart contracts of DeFi protocols, as well as on blockchain bridges (help conduct transactions with funds in different blockchains).

Hacker attacks of recent years

According to experts, in the third quarter of 2023 alone, the number of hacks of crypto exchanges, DeFi services and other blockchain projects amounted to 25 [1]. The exchanges subjected to hacker attacks were CoinEx (damage amounted to $70 million), Huobi (damage – $8 million), Remitano (damage – $2.7 million). DeFi services suffered the most, especially Mixin (damage amounted to $200 million), Multichain (damage – $126 million) and Curve Finance (damage – $62 million). Among blockchain bridges, Poly Network was targeted (damage – $5.5 million). Even one crypto casino Stake suffered (damage – $41.3 million). Attacks on DeFi projects predominated, followed by payment services and crypto exchanges by a wide margin.

Fig. 3. CoinEx exchange survived a hacker attack (screenshot taken on February 25, 2024)

In June 2023, an attack on the decentralized wallet Atomic Wallet occurred. Users began to have their tokens written off without authorization. According to various sources, the losses amounted to between $35 million and $100 million. Experts from the analytical company Elliptic, which launders “dirty crypto”, suggested that hackers from North Korea (the Lazarus group) were behind the hack. The hacking method is unclear, since neither passwords nor private keys were stored on the wallet servers. Perhaps the developers themselves were attacked.

In 2022, Sky Mavis (developer of the pay-to-earn game Axie Infinity) lost an estimated $540 million to $650 million in ETH (Ethereum) and USDC (USD-coin, a cryptocurrency pegged to the dollar). The Ronin blockchain bridge, which provided the connection between the in-game Axie Infinity tokens and the Ethereum network, was compromised. Transactions in Ronin were verified by nine validator nodes. The hackers managed to compromise five of them in order to sign their transfers. The network was allegedly breached through a combination of malware and outdated and unrevoked access credentials [2].

In June 2022, the Harmony’s Horizon blockchain bridge was attacked. Hackers managed to steal assets worth $100 million. And in August, fraudsters got their hands on almost $200 million as a result of a hack of the Nomad bridge.

In February 2022, hackers stole $36 million ($21 million in BTC and $15 million in ETH) from the accounts of the IRA Financial fund. This is an American pension fund that invests in the cryptocurrency industry. It was associated with the Gemini cryptocurrency exchange. It turns out that on the day of the incident, hackers made a false call to the police. They arrived at the IRA office and distracted the company’s employees from monitoring the security of transactions.

In 2022, the following exchanges were attacked: Maiar ($113 million in damage), Crypto.com ($34 million in damage), and Derbit ($28 million in damage). Among DeFi services, the victims include Beanstalk ($181 million in damage), Wintermute ($161 million in damage), and Mango Market ($114 million in damage).

Attackers do not ignore crypto exchangers either. For example, in June 2021, the Bithub.im exchanger was hacked. In seven hours, hackers received about $5 million. Some users got their money back (the company returned about $2.1 million to users).

We have listed only a few high-profile hacker attacks in recent years. In fact, there are dozens and hundreds of them. Blockchain developers do not stop searching for vulnerabilities to prevent cryptocurrency leaks, and hackers continue to try to hack.

The advantages of cryptocurrency — weak regulation and lack of government control — turn into very serious disadvantages when this very currency is stolen from its rightful owner. Threats to crypto assets are quite varied, and we recommend studying  a general overview of crypto protection methods , as well as  tips for owners of hardware crypto wallets . But our posts do not fully reveal the diversity and scale of crypto-related fraud schemes. To give you a better understanding of how attractive the cryptofinance sphere is for fraudsters, we decided to collect the most striking examples of attacks of recent years in one place. In our criminal Olympics — the winners of the most striking attacks in various nominations. We did not try to make a rating by damage caused, because it is difficult to determine for many types of attacks, and excluded  financial pyramids like BitConnect from the rating .

1. The most difficult

Damage: $30,000
Method: Trojanized hardware wallet

We have  a detailed post about this attack , as it was investigated by our experts. The investor bought a popular hardware wallet that looked and worked exactly like the real thing — until a certain point. It later turned out to be a clever fake, into which the attackers had programmed private keys and a password weakening system known to them in advance. Once the wallet contained money, the hackers easily withdrew it. The wallet did not connect to the computer at all.

2. The largest

Damage: $540,000,000
Method: server hacking

For a long time, the largest hack in cryptocurrency history was  the $460 million theft from Mt. Gox  , which led to the company’s collapse in 2014. But in 2022, the dubious lead passed to Sky Mavis, the developer of the play-to-earn game Axie Infinity. The Ronin bridge, which handles the interaction between Axie Infinity’s in-game tokens and the Ethereum network, was compromised, leading  to the theft of Ether and USDC  worth an estimated $540 million to $650 million. Without going into the specifics of the blockchain bridge hack, we note that transactions in Ronin were verified by nine validator nodes, and the attackers were able to compromise five of them to sign their transfers. Apparently, the network was breached through a combination of malware and legitimate, but outdated and not revoked in time, access credentials.

To top it all off, the hackers were hoping to make extra money from the collapse of the market capitalization of the companies they attacked, but the hack was only noticed a week later, and their attempt to play short selling failed.

3. The most persistent

Damage: Unknown
Method: Fake Chrome Extension

The attacks  we discovered in 2022 were carried out by the BlueNoroff group and primarily targeted fintech companies working with cryptocurrency. As part of these attacks, hackers penetrated the internal networks of the affected companies using phishing emails, supposedly from venture funds. When the victim opened a malicious attachment to the email, a Trojan was installed on the computer, with which the attackers could both steal information and install additional software. The hackers sat in some networks for months if the company’s correspondence was of interest to them. And the cryptocurrency theft itself was carried out using a modified Chrome extension called Metamask. By installing their own version of Metamask instead of the official one, the criminals were able to observe and modify the victim’s legitimate crypto transactions, and even using a hardware crypto wallet in this case did not guarantee protection.

4. The most incomprehensible

Damage: $35,000,000
Method: unclear

On June 2, 2023, the decentralized wallet Atomic Wallet  was attacked , in which tokens were unauthorizedly written off from the victim. This is the most recent example at the time of writing. The developers  confirmed the hack , but have not yet figured out the cause. Atomic Wallet prides itself on the fact that neither passwords nor private keys are stored on the servers, so the attack must be related to what is happening on the users’ computers themselves.

Cryptocurrency tracking experts say the methods of laundering stolen goods are similar to the Lazarus group’s signature. If so, the most likely versions of the attack are either a fake trojanized version of Atomic Wallet (similar to  the attack on DeFi ) or an attack on the developers themselves and a trojan in the official app.

5. The most cinematic

Damage: $4,000,000
Method: Personal meeting

In order to steal cryptocurrency, some criminals organize scams in the style of the movie “Catch Me If You Can.” The target is companies looking for investors, who are approached by “investment funds” and offered to discuss in detail a large investment in the business. After several calls and correspondence, the victims – startup directors – are scheduled for a personal meeting in a luxury hotel. At the meeting, legal and financial issues are discussed at length, and under a convenient pretext, a conversation arises about investments or commission fees in cryptocurrency. As a result, the victim’s seed phrase is snatched or the crypto wallet is briefly lured out of it, and then the wallet is emptied of all the money. In one case, the victims were “cheated” for  four million dollars , in another,  described in detail , for 206 thousand.

6. The most elegant

Damage: Unknown
Method: Fake letters and wallets

A plot for a good detective story: the attackers sent  paper  letters to buyers of Ledger hardware wallets. To obtain the mailing list, they either hacked an unnamed “third party” (probably one of Ledger’s contractors) or took advantage of an earlier leak of user data.

The email stated that the recipient’s Ledger Nano X hardware wallet needed to be replaced due to security issues, and that the email included a free replacement wallet under warranty. In fact, the attached box contained a flash drive with malware disguised as a Nano X. When first launched, the program required an “import key” and a secret seed phrase to restore access to the wallet – with obvious consequences. Many victims, however, did not fall for the trick: despite the convincing packaging, the email itself contained several spelling errors. Attention pays off!

7. The most invisible

Damage: Unknown
Method: Malware

One of the most inconspicuous attacks remains  the substitution of the transfer recipient , usually carried out with the help of a Trojan. Having infected the victim’s computer, the malware quietly monitors the clipboard and, when the crypto wallet address gets there, replaces it in the clipboard with the address of the attacker’s wallet. Thus, simply by copying and pasting addresses during transfers, it is very easy to sign a transaction in favor of the attackers with your own hands.

8. The most offensive

Damage: $15,000
Method: Romantic correspondence

We will describe this attack using a specific example, but “romantic scams” ​​are one of the most popular ways to deceive private crypto investors. Kevin Kok has been working with crypto for many years, but criminals managed to  lull his vigilance by awakening romantic feelings . Having met a girl on a dating site, he communicated with her for several months, and the topic of investments did not come up in their conversations at all. One day, however, she shared information from friends about a new convenient application for crypto investments. She could not figure out the application and asked for help to deposit her own (!) money there. Kevin, of course, helped, and at the same time made sure that the application works, and the assets of his passion are growing in price day by day. Then he decided to invest his money and enjoyed watching the high return on investment. Kevin suspected something was wrong only when the girl suddenly disappeared from all messengers and stopped responding to messages. It turned out that it was impossible in principle to withdraw money from the “investment system”.

How to protect yourself?

We have previously given detailed recommendations to crypto investors on how to protect their investments , and here we will repeat only two: be extremely suspicious of any offers, letters, mailings and innocent questions about cryptocurrencies and be sure to use a solution for comprehensive cyber protection of all devices that takes into account the risks of crypto investors. Of course, we recommend a  Kaspersky Premium subscription  for one or more devices, the cost of which is simply incomparable with the potential damage from even one successful fraud. Premium includes special tools to protect your crypto investments:

• protection against cryptocurrency fraud and unauthorized mining;
• additional protection for banking applications and financial transactions;
• anti-phishing;
• special protection of password entry windows from interception (keyloggers);
• detection of remote access to a computer;
• password manager and secure storage for confidential data;
• real-time antivirus with application behavior monitoring;
• warning about potentially dangerous applications;
• Automatic search for outdated versions of applications and their updates from official sources.

Various fraudulent projects (pyramids, rag-pull and scam projects), phishing schemes and, of course, hacker attacks have a regulatory impact, as well as a negative impact on cryptocurrency market participants.

The trends of the ongoing series of hacks show, first of all, the inability or unwillingness of crypto services to ensure the proper level of security of the platforms being developed, which is necessary for stable functioning. Thus, the losses of services are mostly associated with the loss of clients’ funds, which only large and wealthy players can afford to return. In other cases, the victims, whose money was stolen by hackers, are left with nothing and try to recover funds from the bankrupt service, sometimes these processes last for years.

Speaking about the classification, it is necessary to note that by hacker attacks we mean exactly hacking, unauthorized penetration into the infrastructure of a crypto service, using various vulnerabilities in its contracts and code, as well as obtaining private keys of the service. More details about the types of hacker attacks can be read in our material  Types of hacker attacks on crypto services .

In our research, we only consider hacker attacks on services, and not on wallets or accounts of individuals, because, firstly, these are relatively small volumes, secondly, this information is not always open, and thirdly, the impact of hacking services is significantly higher than that of individuals.

For the 3rd quarter of 2023 under review, according to our research, the number of the largest hacker attacks amounted to 25 attacks ( here and below we provide figures for the largest hacker attacks, as a result of which losses amounted to $300,000 at the time of the hack, without taking into account that the funds were fully or partially returned ) with a total damage of  $0.64 billion .

The most well-known cases of major hacks of crypto services during the period under review:

Exchanges:

• CoinEx ($70 million in damages);
• HTX (Huobi) ($8 million damage);
• Remitano ($2.7 million in damages).

DeFi services:

• Mixin ($200 million in damages);
• Multichain ($126 million in damages);
• Curve Finance, including AlchemixFi, JPEGd_69, MetronomeDAO, Debridge Finance, Ellipsisfi and Conic Finance ($62 million in losses);
• Exactly Protocol ($7.2 million in damages);
• Era Land ($3.4 million in damages);
• Balancer ($2.3 million in damages);
• Rodeo Finance ($1.5 million in damages);
• Cypher ($1 million damage);
• Palmswap ($0.9 million in damages);
• RocketSwap ($0.8 million in damages);
• Libertify ($0.45 million in damages);
• Arcadia Finance ($0.45 million in damages).

Bridges:

• Poly Network ($5.5 million in damages).

Payment providers:

• Alphapo ($60 million in damages);
• CoinsPaid ($37.3 million in losses);
• Fortress Trust ($15 million in damages).

Cryptocasino:

• Stake ($41.3 million in damages).

General trends

Assessing the trends of hacker attacks for the period under review, the following main conclusions about trends can be made:

• if we compare the obtained results with the data on hacker attacks for the 1st and 2nd quarters of 2023, we can note that the number of attacks has decreased, and the volume of stolen funds has almost doubled. So, if in the 1st and 2nd quarters there were 120 attacks, then in the 3rd of the large ones there were about 25, while if the damage from hacker attacks in the first half of the year was $ 0.6 billion, then in the 3rd quarter alone it was $ 0.64 billion. The increase in hacker activity, especially in September, is clearly visible, which can generally be associated with the general growth of business activity in the crypto market.
• According to our estimates, if the trend of hacker attacks continues and there are no significant obstacles to this, then the total damage from them in 2023 could amount to $1.8 – 1.9 billion.
• The trend of attacks on decentralized services remains predominant in Q3 2023, their share in percentage terms is 62.9%, in second place are payment services – 17.45%, in third place are crypto exchanges – 12.5%, followed by casinos 6.3% and bridges 0.85%. It should be noted that the trend of hacking has significantly shifted towards payment services, bridges have practically ceased to be objects of hacker attacks with the exception of Poly Network. For the first time, a new type of crypto service – Stake casino – was significantly hacked. Based on the data obtained, it can be stated that decentralized projects do not take measures to ensure the proper level of security of their platforms, exchanges ensure their security to a greater extent, but still not at the proper level. The breach in payment systems shows that attackers are using the principle of “where it’s thinnest, there it breaks” and are targeting payment systems rather than the cryptocurrency exchange and storage services themselves.
• Based on the types of hacker attacks on crypto services, it can be estimated that in Q3 2023, attacks were primarily aimed at compromising the private keys of services: (CoinEx, Alphapo, Stake, CoinsPaid), the cloud infrastructure of the service (Mixin) and vulnerabilities in smart contracts.
• Analysis of coins in which funds are stolen and withdrawn shows that attackers most often steal funds in various tokens in the Ethereum and BNB networks, use swap bridge functions to transfer them to popular currencies BNB, ETH and USDT, which are withdrawn to mixers Tornado Cash, Sinbad, and sometimes directly to decentralized exchanges.
• Assessing hacker attacks depending on the blockchain network they were aimed at, we note that more than 70% of hacks were in the Ethereum network, 10% in the BNB network, 4% each in the Bitcoin, TRON, Optimism, Polygon networks. The remaining 4% are in other networks.
• Since the beginning of the year, the trend of hackers returning stolen funds has continued. Often, the victim crypto service posts a test transaction on its official page on social networks or sends it to hackers with an offer to return the stolen funds in exchange for a small reward and for the fact that the victims will not transfer data about the thief to law enforcement agencies. This practice is largely associated not with “white hat hackers”, but with the ability to track the withdrawal of funds and the reluctance of the attackers to fall into the sights of law enforcement agencies. During the quarter under review, funds were returned to the Curve Finance protocol ($ 52 million) and the HTX exchange ($ 8.1 million) using this mechanism. Of course, the topic of returning funds is not discussed when the cryptocurrency is stolen by a well-known hacker group, for example, the North Korean group Lazarus, which claimed responsibility for hacking the Coinex exchange, Stake casino, payment providers Alphapo and CoinsPaid.

SECURITY PROBLEMS OF CRYPTOCURRENCY
SERVICES
Currently, the popularity of using
Blockchain technology and related cryptocurrencies is growing.
Blockchain-related services, including cryptocurrency exchanges and ICO platforms, are gaining more and more popularity on the Internet. With the growth of investments in crypto assets, hackers’ attention to these technologies is also growing, and
the number of specialized attacks aimed specifically at new
Blockchain services is increasing. Growing attention to new technologies is observed in all countries of the world. This trend has not bypassed the Russian
Federation, and not only at the national level, but also at
the level of the constituent entities of the Russian Federation. However, the integration of distributed
ledger technologies into the practice of financial and other regulation is not accompanied by due attention from experts in the field of cybersecurity. Meanwhile, an analysis of the current situation proves
that ensuring the economic and political security of the country
and its regions requires the closest attention to this issue.
The article provides examples of possible attacks on cryptocurrency
services, as well as options for protecting against such attacks.
Key words: cryptocurrency, cryptocurrency exchange, cryptocurrency mixers, cryptocurrency platform, smart contract, tokens,
subjects of the Russian Federation, fiat accounts
JEL: C88, G28
Growing interest in cryptocurrencies has led to an increasing growth of cryptocurrency services providing services to users. The most
popular services of this type are cryptocurrency
exchanges and platforms for Initial Coin Offering (hereinafter referred to as ICO). Cryptocurrency mixers and other platforms are also gaining popularity. Nevertheless,
it is exchanges and ICO platforms that are the most
visited resources today.
A cryptocurrency exchange (hereinafter referred to as a cryptoexchange) as an information product consists of computer hardware and software. The software shell registers the user
and creates an account where he replenishes his digital and fiat accounts,
or withdraws money, places buy and sell orders. Many
exchanges provide additional functions – chat, news feed,
rate analytics, etc.

Cryptocurrency exchanges are one
of the key elements of the infrastructure of monetary transactions in the
Blockchain system. Like any infrastructure with a weak degree of protection,
but with a solid turnover of funds, the exchange system becomes
a favorite point of attack for intruders. In this article, we will analyze
the types of attacks on cryptocurrency exchanges and how to protect them.
ICO is a cryptocurrency analogue of IPO1
and crowdfunding2, implemented on the basis of Blockchain technology.
Investments in projects using cryptocurrencies allow
startups around the world to receive large funds. Any startup can start collecting money from Internet users
using a fairly simple procedure of public announcement on
the Internet.
Different countries are beginning to regulate the procedure for regulating this kind of fundraising.
Unfortunately, not all startups implement
their projects with the money they collect. Some simply disappear with the money,
but this is not the subject of our study. Other statistics are interesting.
According to the Chainalysis report (2017), a significant part of investments in ICOs goes to scammers, and technological scammers,
whose victims are Internet investors. According to the Coindesk service, $2 billion
was raised during ICOs in 2017. Bloomber estimated the damage to ICO investors at $225 million, and 30,000 investors lost their funds. Of course, these are rough estimates, since not all the statistics of the poorly regulated world of ICOs can be collected, plus fluctuations in the cryptocurrency exchange rate make their own adjustments. One of the largest attacks on ICOs occurred in 2016, when hackers managed to hack the DAO project. The amount of damage was almost half of all funds raised – $74 million. Hacking of cryptocurrency exchanges Hacking of exchanges began already at the opening of the first platforms, and the first victims of cybercriminals were the largest exchanges at that time Bitcoinica and Tradehill. Bitcoin was not so popular yet, and these events were practically not covered. The hack of the Japanese exchange MtGox in mid-2011 changed everything. It was one of the first cases that was well covered by the media and affected the Bitcoin (hereinafter referred to as BTC) rate. But even with such a negative experience, the management of the MtGox exchange did not draw conclusions in the field of cybersecurity, and in early 2014, 650,000 BTC (as of February 2014, about $ 480 million) disappeared from the exchange’s accounts. Although the trial of MtGox President Mark Karpeles was an important precedent in legal regulation, a verdict on embezzlement and data manipulation was not issued, since there was not enough evidence.

Attacks on exchanges are becoming more and more common: the
Bitstamp exchange was left without 20,000 BTC (which was more than $5 million).
The large Chinese exchange Bter lost money twice – first
$1.65 million, and then a year later it closed down, distributing
the remaining assets to clients as compensation.
In 2016, the Bitfinex exchange in the United States was hacked, which led to a collapse
of the Bitcoin rate. This was probably the second case after the MtGox hack
of an exchange that had such a significant impact on the cryptocurrency rate. According to the Bitfinex exchange, it owned almost half of the trading volumes in the BTC/USD pair. The US FBI has joined
the investigation into the circumstances of the Bitfinex hack. Hacked exchanges often ask hackers to return the stolen goods for a reward , but this is not always successful. The hacker returned the stolen funds to the Bter exchange for the first time, and no one responded to the Bitfinex exchange, which publicly contacted the hacker through its website . To restore its name, Bitfinex offered compensation to its clients, thereby giving rise to a new trend in the world of Blockchain cybersecurity. Now hacked exchanges are increasingly offering clients the issue of special tokens to pay off the debt, which will later be bought back at par. Since such tokens begin to be freely traded, users are likely to sell them at a reduced price, not believing in the recovery of the exchange. As a result, Bitfinex bought back all BFX tokens at the stated price. The Korean Yapizon exchange lost about 40% immediately after the Bitfinex hack due to a hacker attack. Having Korean jurisdiction, the exchange filed a complaint with the cybercrime investigation department in Seoul. Thus, Bitfinex decided to compensate its clients for their losses, but in addition to this, it provided them with the opportunity to exchange Fei for Yapizon shares on the Yahoo Japan exchange. DDoS (distributed denial-of-service ) is one of the most common computer attacks. Its algorithm of operation is extremely simple: an attacker, through many different approaches, creates a huge traffic of requests to the attacked resource, the resource cannot cope with such a number of requests, and as a result, ordinary users who were unable to access the resource (website, service on the Internet ) suffer. With the advent of Blockchain, hackers are trying to use existing developments and paradigms and shift them to a new way in order to use the capabilities of Blockchain, as a rule, in terms of access to money. Trojans have already been redesigned for Blockchain



programs, ransomware viruses, principles of website forgery. With a DDoS attack, everything is not so clear-cut, and the essence of this ambiguity lies in
the very nature of Blockchain.
So, a DDoS attack in Blockchain has its own classification according to the criterion of the object of attack. In fact, a DDoS attack can be directed
either at the distributed computing system itself or at online services that are built on the basis of this distributed system.

Let’s say right away that DDoS attacks on the distributed computing system itself are difficult, if not impossible, while attacks
on online services that are built on the basis of this distributed
system happen quite often.
The contradiction and confusion in assessing the security of Blockchain from
DDoS attacks arise precisely because of the difference in understanding what
is the object of a DDoS attack.
Let’s look at attacks on online services that are built on the basis of this
distributed system. As a rule, in the case of Blockchain,
cryptocurrency exchanges become the object of an attack, since they are currently poorly
protected, are often in a field unregulated by the state and
at the same time process a huge number of monetary transactions. Often
the goal of a DDoS attack is extortion. The attacker asks
to pay compensation in order to stop the attack. Sometimes DDoS attacks
are made to discredit the service. All these goals of traditional DDoS attacks are perfect for cryptocurrency services: exchanges
where cryptocurrencies are traded do not like customer outflow and are often
ready to pay a ransom.
It should be said that DDoS attacks can lead to jumps in the price of
cryptocurrencies. Even news about the success of DDoS attacks can shake
the rate.
For example, on April 10, 2013, the Bitcoin cryptocurrency fell by $ 60 –
the price for 1 BTC fluctuated and fell to $ 122. This happened after
a message about a DDoS attack on the network appeared.
In February 2014, the Bitcoin price fell by $ 100 after several large exchanges were subjected to DDoS attacks.
But scammers may have more than just financial interests. The
cryptocurrency market is just forming, in particular, new currencies are emerging and old ones are often “split”.
Thus, in 2015, due to disputes over the development of the Bitcoin cryptocurrency (on
what technical principles to develop it), a real
war broke out among the evangelists of the system. At the same time,
a massive DDoS attack began on Bitcoin resources. The forum (https://forum.
bitcoin.com), the site itself, the mining pool were attacked, and it is unlikely that
the attackers were motivated by financial interest. It must be understood that
the motivation of the evangelists of the new world order in the digital world
is often close to the motivation of fanatics, which, of course, complicates
not only the investigation of incidents, but also adds potential
sources of attack.
It is impossible to protect against such attacks today.
Another type of attack on cryptocurrency exchanges is theft of funds from
such resources.
Information about thefts from cryptocurrency exchanges is often received,
but in reality it is very difficult to verify whether this is really the result of hacker attacks. Perhaps the unscrupulous creators of the exchanges
themselves conceived the scam and implemented it, “consoling” investors
by saying that a hack had occurred. Or maybe some of the news about hacks is just an attempt to denigrate competitors and a way to attract attention? However, the fact remains. Money from cryptocurrency
exchanges disappears from time to time, and their clients need to be
careful.
During the crowdsale3 of
the cryptocurrency platform for
traders Coindash, the Coindash.io project website was allegedly
hacked, and the ICO contract address was changed to the hacker’s address. At the time
of writing, 43,438.45 ETH were sent to the fake address, which
is $7 million 420 thousand at the current rate.
An announcement about the end of the crowdsale was posted on the main page of the site. The project organizers promise compensation in CDT tokens (the token of the Coindash platform)
to all those who send ETH to a fake address. Numerous comments note that the project organizers are entirely to blame for the hack for several reasons. First. The ICO smart contract was not published in advance, but appeared on the website on the day the ICO started. The organizers ignored numerous requests to publish the smart contract and address in advance. Second. The project website is hosted on the WordPress platform, the security of which leaves much to be desired. Third. The CoinDash project team has previously been suspected of fraud during the vote counting during the Ether.camp competition, in which it took first place . It is surprising that funds continued to arrive at the fake address even three hours after the hack was announced. Such disregard for security raises suspicions that the alleged hack is the work of insiders or even the project organizers, whose reputation leaves much to be desired. Even before the scandalous story with the first place on Ether.camp, the project founders were involved in the fraudulent project GETGEMZ, which was warned by Bitcointalk users on May 7. An interesting coincidence is that the hack occurred three days before the anniversary of the Ethereum hard fork caused by the TheDAO robbery. Hacking ICO projects The most common attack on ICOs is phishing, when criminals collect money for their wallets, doing this on behalf of the project. Fraudsters create websites or social media accounts with names similar to popular resources that attract funds for ICOs. If, say, the project is called WOWMirror, then the scammers


may use the inscription WOWMiror. Just one letter is not so noticeable
to inattentive users. The scheme is especially often used
with the psychological technique of early premium purchase of tokens. Fraudsters, tracking ICOs that are gaining popularity, send users letters where they write about a unique exclusive
opportunity to buy tokens (invest money) before the official start,
and at a very low price. The letters indicate several types of
links:

In their reviews, the SHARD team constantly talks about hacker attacks by intruders who, using vulnerabilities in the code of smart contracts of various blockchain projects, gain access to them and withdraw users’ funds. Read more about the largest hacker attacks over the past 3 years in our  material . In this article, we will examine in more detail the most common types of hacker attacks in blockchain networks and cryptocurrency services and projects built on their basis, we will figure out what modern hackers are targeting, and give recommendations on how to protect yourself from intruders.

It should be noted that despite the fact that the blockchain technology itself provides means of cryptographic protection of transmitted data, distributed computing networks are also subject to hacker attacks and break-ins. The human factor also plays a major role, which is fully exploited by criminals.

Depending on a person’s participation in hacker attack schemes using cryptocurrency, hacks can be conditionally divided into 3 types.

• A remote attack or exploit  is one of the most common methods of hacker attack, which involves the introduction of malicious code into the victim’s infrastructure. An example of such an attack are various ransomware viruses, such as Deadbolt, which encrypt information on the victim’s computer and demand a ransom in cryptocurrency for its decryption. An exploit  is also a hack of smart contracts of individual coins, a search for vulnerabilities in its code and, using this, control of the smart contract and, accordingly, the price of the coin in their interests. Examples of such attacks: almost all hacks of DeFi protocols. The unifying factor for these types of attacks is that during the hacking process, the attackers interact with the cryptocurrency infrastructure of the victims, bypassing possible protection systems, without direct contact with the “victims of the attack”.
• Client-side attack  – this type of attack involves active interaction with the victim of the attack, prompting them to follow a phishing link or the desired resource associated with the scam. When communicating with the victim, the attackers use the achievements of social engineering, create fictional characters, get to know the victim and conduct systematic processing of the “client”, as a result of which the latter himself transmits the information necessary to the attackers, for example, to transfer funds from his wallet.
• “Man in the middle”  is a type of attack that involves intercepting and replacing messages between unsuspecting “victims” so that the attacker can obtain the information needed to withdraw funds from the victim’s wallet.

Cryptocurrency hacks are typically 70% vulnerability exploits, 29% client-side attacks, and 1% Man-in-the-Middle attacks. Of course, it is possible to combine several types in one hack.

Types of hacker attacks by types of crypto services:

The development of cryptocurrencies, the improvement of consensus mechanisms (the mechanism for confirming transactions in the blockchain), for example, in the Ethereum network (read more in our  article ), influenced the types of hacker attacks that were popular several years ago. The general trend is a change in attacks from those related to gaining access to the consensus mechanism to attacks on smart contracts of DeFi protocols, as well as on blockchain bridges that allow users to interact with different blockchains.

Attacks on DeFi Protocols

Asset Price Manipulation Attack  – There are 3 types of such attacks:

Frontrun  is the act of tracking a target transaction on a decentralized exchange in the mempool and attempting to send a transaction that will be confirmed before it.  Backscreen  is the act of using an existing transaction rather than a future transaction to generate income.  A sandwich  is a combination of frontrun and backscreen, where the target transaction is surrounded by its own transactions on both sides. An example of an attack with asset price manipulation is the hacker attack that occurred in October 2022 on the DeFi platform Mango Markets, when an attacker, using manipulation of the price of the native MNGO token, received and subsequently withdrew cryptocurrency worth about $116 million.

Oracle manipulation  is the most common attack in the DeFi space. In this case, attackers manipulate asset price data on decentralized exchanges (DEXs) such as Uniswap. If a manipulated exchange is used as the sole source of prices by a DeFi platform, attackers can buy or sell a certain asset on that platform for less or more than the fair market price. However, such manipulation of coin prices requires some investment, so hackers often use flash loans.

Flashloans are a type of attack that involves an attacker taking a loan from a DeFi protocol, spending the received coins, and returning them in a single smart contract transaction. Since the entire loan is done in a single transaction, the attacker does not even need to post collateral for the transaction and does not incur any costs. In other words, anyone can get a flash loan without collateral by simply covering the corresponding fees. This is the most common way to attack a DeFi protocol. One of the most recent examples of this type of attack is the DeFi protocol Platypus, which lost $8.5 million worth of cryptocurrency in February 2023.

Technical attacks  are hacks of smart contracts using vulnerabilities in the code. That is, in fact, attackers take advantage of errors in the smart contract of the DeFi protocol. An example of such an attack is, for example, the hacking of the MonoX Finance protocol in December 2021, when hackers took advantage of an error in the project’s smart contract and withdrew cryptocurrency worth $31 million.

Reentrancy attack  – the essence of this attack is that a hacker intercepts transaction data and uses it to make payments in their favor, changing the recipient data and the transfer amount. The attack allows a hacker to work with the protocol as if he had a huge collateral and withdraw more coins from the contract than he can actually receive. Smart contracts are not supposed to send more money than they contain. However, by taking advantage of the “reentrancy”, hackers can effectively turn a smart contract into a poorly programmed ATM. An example of such an attack is the Grim Finance protocol, which was attacked in December 2021, the attacker used the protocol contract through five reentrancy cycles, which allowed him to fake five additional deposits into the vault while the platform was processing the first deposit, and withdraw cryptocurrency worth almost $ 30 million.

Attacks on Blockchain Bridges

Blockchain bridges  are protocols that connect multiple blockchains. While the blockchains themselves are encrypted, connecting them creates a very fragile system that is extremely difficult to protect. This makes bridges a hotbed for hackers, and the trends in their hacks over the past year only confirm this.

Most attacks on blockchain bridges are technical attacks related to imperfections in the bridge code and protocols. For example, exploiting a vulnerability in the token freezing confirmation system on one blockchain with the subsequent release of tokens on another. This type of hack was used in February 2022 by attackers in an attack on the Wormhole bridge, which resulted in the withdrawal of cryptocurrencies worth almost $323 million.

Attacks on blockchain networks

One of the current problems of cryptocurrency projects is double spending. The essence of double spending is the implementation of repeated transactions of the same digital asset. This becomes possible if there is a discrepancy between the available amount of digital money and the recording of its expenses in the blockchain. Due to the fact that transactions in the blockchain network take a certain amount of time, fraudsters have a chance to spend the same amount in different directions.

There are several types of attacks that can result in double spending of assets:

51% attack  — the attack consists of an attacker obtaining more than 50% of the hashrate in blockchains using Proof-of-Work (the Bitcoin and Monero networks operate on it), or 50% of the coins in blockchains using Proof-of-Stake (Ethereum and all its tokens operate on it). The greater the percentage of control the attacker manages to obtain, the faster and more successful the attack will be. Having an advantage over other miners or validators, the attacker can create an alternative chain of blocks and rewrite some of the latest blocks with the transactions he needs.

An example of such an attack was the hack of the Bitcoin SV cryptocurrency network in August 2021. An eclipse attack is when a victim connects to a pre-prepared group of nodes to broadcast a false state of the blockchain. In blockchain, an eclipse attack can be used to create the illusion of a transaction confirmation and slip the recipient a transfer with a “double spend”.

Finney attack  – this type of attack is only feasible if the merchant accepts unverified transactions or performs verification with a delay of at least a few seconds. This attack can happen if the attacker is mining and controls the contents of the blocks.

Race Attack  – This type of attack is only possible when unconfirmed transactions are received. Using two different devices, a hacker sends the same coin to two different recipients. If one of the recipients accepts it without waiting for a block confirmation, it will be rejected later in the mining process. In order for a “race attack” to not be possible, the recipient must wait for at least one confirmation.

A single confirmation attack  is sometimes called Vector76. The essence of the attack is that even a transaction that has been confirmed once can be cancelled. This attack can be protected against by disabling incoming connections and connecting only to well-connected nodes.

A brute force attack  is when the party to the transaction only makes transactions after several confirmations, while having a high-powered device, the attacker can carry out a brute force attack. He sends a payment without stopping to check the blocks that will include the transfer. While the receiving party checks the transfer, the hacker forks the chain. The more confirmations the attacker finds, the more likely he will be able to get his coins back. For example, in the case of P2P trading, the attacker will thus take possession of the victim’s funds by simply simulating a transaction on his part. However, this is a fairly rare type of attack.

Thus, the most common method of double spending is to create the effect of no transactions in the block chain. This possibility often arises as a result of a deliberate disruption of the blockchain network or an error in the project code. The current development of blockchain technologies and anti-hacking systems minimizes the risk of double spending, but does not eliminate it completely, especially in small projects.

Security recommendations for users and owners of crypto services to reduce the likelihood of hacker attacks:

It is clear that it is impossible to completely protect yourself from all hacking threats, but it is necessary to pay attention to the security of the project. For crypto projects, it is good practice to create a project information security system and hire an experienced team that will maintain the required level of protection, audit the smart contract code, pentest the system and promptly respond to emerging threats. Another issue is that keeping such a team on staff is an expensive pleasure, and not every project, especially at the initial stage, is ready to pay for it. In case of limited security costs, we would recommend undergoing an independent audit of the smart contract in well-known organizations in the field of information security (Certik, Blaize, Hacken, SlowMist, Chainsulting) and, possibly, resort to the help of the community or white hackers, such as pentesters, who will receive a reward for identifying a vulnerability in your project.

Individuals and cryptocurrency holders should diversify risks, do not keep all funds in one project, especially DeFi, if possible, study the documentation of the projects where you plan to invest funds, try to choose larger projects, since the chances of recouping losses when a small crypto project is hacked are practically zero. And the general rule is to be extremely careful and attentive when working with cryptocurrency instruments and check the risks of addresses through the SHARD digital asset security platform.

You can report all cases related to specific cryptocurrency addresses and the risks under consideration on the website in the “Report a suspicious address” section to protect other users from the risks of interacting with such addresses and their owners.

In 2025, only the lazy do not discuss neural networks. This is justified by the amazing abilities of artificial intelligence, which has learned to create paintings, write articles and posts for social networks on given topics. The most developed AI was ChatGPT, with which you can conduct full-fledged dialogues. Chat can be given tasks, which it copes with no worse than experts.

Neural networks are smarter than we think. It turns out that ChatGPT can make predictions that concern even such a complex and multifaceted phenomenon as the Bitcoin rate.

ChatGPT Predicts the Future

The unique capabilities of artificial intelligence have also been taken advantage of by public figures from the cryptocurrency world. MicroStrategy founder Michael Saylor asked AI: “Why does the world need Bitcoin?” When asked about the cost of cryptocurrencies based on the price of Bitcoin in January over the past 13 years, ChatGPT returned the figure of $142,514. We decided to conduct our own investigation into the BTC rate and try to get answers to other questions.

Why does the world need Bitcoin?

We also used ChatGPT to get answers to questions. Our first question was the same as Michael Saylor’s: “Why does the world need Bitcoin?”

In response to the question entered, ChatGPT first listed the advantages of this cryptocurrency:

• decentralization;
• safety;
• global access;
• limited quantity.

Then the AI ​​mentioned some disadvantages, such as volatility and the possibility of illegal transactions. ChatGPT believes that despite the disadvantages, Bitcoin can become the main means of payment in the future. Do cryptocurrencies have a future?

Then we asked if cryptocurrencies even have a future. The answer was:

“I think cryptocurrencies have the potential to become an important element of the financial system in the future. Although cryptocurrencies are in their early stages and have their own problems, such as high volatility and low liquidity, they also have several advantages over traditional currencies and financial systems.

Cryptocurrencies can be faster, more secure, and cheaper to use than traditional financial instruments. They also provide a decentralized system, meaning they are not controlled by a centralized organization or government, which can be especially important for people in countries with unstable financial systems.

However, for cryptocurrencies to become truly widespread, a number of technical and regulatory issues need to be addressed, such as scalability, security, and regulation. In addition, cryptocurrencies also need to be more accessible and easier to use for ordinary users.

Overall, I think cryptocurrencies have the potential to become an important part of the future financial system, but their future depends on how quickly and effectively the existing technical and regulatory issues are resolved.” How to get the most out of your mining investment?

At the end of the survey, we couldn’t help but ask questions about mining. Based on the fact that Chat GPT “doesn’t like” to give specifics, and its database is not updated in real time, we asked a general question: “How to get the most out of your mining investment?” To this question, we received a rather detailed answer:

“Earnings from cryptocurrency mining depend on many factors, such as mining difficulty, electricity cost, cryptocurrency price, hardware and software, etc.

To maximize your earnings from cryptocurrency mining, you need to consider the following factors:

1. Choose the right cryptocurrency to mine. Some cryptocurrencies may be more profitable to mine than others. Pay attention to the mining difficulty and the market price of the cryptocurrency.
2. Use powerful equipment. Cryptocurrency mining requires a lot of computing power. The more powerful equipment you use, the more chances you have to earn money.
3. Optimize your energy costs. Cryptocurrency mining consumes a lot of electricity, so it is important to optimize your energy costs. Consider using solar panels or other alternative energy sources.
4. Join a pool. Joining a mining pool can help you earn more stable income and reduce the risk of finding a block by accident.
5. Use the right software. Choosing the right mining software can also increase your earnings.
6. Consider tax obligations. Some countries may impose taxes on cryptocurrency income. Make sure you consider your tax obligations and report according to your country’s laws.

Overall, cryptocurrency mining can be a fairly complex and unstable way to make money, so I recommend doing a thorough research of the market, the risks, and your options before investing large amounts of money in mining.”

---

Useful information for enthusiasts:

• [1]YouTube Channel CryptoDeepTech
• [2]Telegram Channel CryptoDeepTech
• [3]GitHub Repositories CryptoDeepTools
• [4]Telegram: ExploitDarlenePRO
• [5]YouTube Channel ExploitDarlenePRO
• [6]GitHub Repositories Keyhunters
• [7]Telegram: Bitcoin ChatGPT
• [8]YouTube Channel BitcoinChatGPT
• [9] Bitcoin Core Wallet Vulnerability
• [10] BTC PAYS DOCKEYHUNT
• [11] DOCKEYHUNT
• [12]Telegram: DocKeyHunt
• [13]ExploitDarlenePRO.com
• [14]DUST ATTACK
• [15]Vulnerable Bitcoin Wallets
• [16] ATTACKSAFE SOFTWARE
• [17] LATTICE ATTACK
• [18] RangeNonce
• [19] BitcoinWhosWho
• [20] Bitcoin Wallet by Coinbin
• [21] POLYNONCE ATTACK
• [22] Cold Wallet Vulnerability
• [23] Trezor Hardware Wallet Vulnerability
• [24] Exodus Wallet Vulnerability
• [25] BITCOIN DOCKEYHUNT

Contact me via Telegram: @ExploitDarlenePRO