A total of $1.1 billion in cryptocurrency was stolen over the past six months, with criminals increasingly using the dark web to facilitate theft on a large scale, according to a new report.
Cybersecurity company Carbon Black said data from the FBI’s Internet Crime Center showed the volume of cryptocurrency theft was almost equal to the $1.3 billion in victim losses from internet crime reported for all of 2016.
The report suggests much of the theft is being perpetrated through dark web marketplaces that offer malware for cybercriminals to use. These malware offerings have an average listing price of $224 and are geared toward unsophisticated users.
“Our analysis of the marketplace suggests cryptocurrency-related malware listings are designed to cater to unskilled cyber actors, or those looking to make a quick buck from highly vulnerable victims,” the report said.
According to Carbon Black, there are now an estimated 12,000 marketplaces and 34,000 offerings related to cryptotheft for hackers to choose from, representing a $6.7 million illicit economy.
As CNBC reports, the price of bitcoin skyrocketed more than 1,300% last year as new buyers flooded the market. But unlike banks, CNBC noted, “cryptocurrency is typically not protected or insured by a third party, which first-time investors might not know.”
“People are using cloud wallets and not securing their money,” Carbon Black security strategist Rick McElroy told CNBC.
Cryptocurrency exchanges were the most vulnerable target for cybercriminals, accounting for just over 27% of attacks. “These exchanges represent prime targets for cryptocurrency theft, fraud, and harvesting of user information for follow-on targeting by these same criminals,” Carbon Black said.
Tokyo-based Mt. Gox, the largest bitcoin exchange at the time, was the victim of the first high-profile hack in cryptocurrency history in 2011. More recently, hackers stole $530 million worth of a cryptocurrency called NEM from Japanese exchange Coincheck, and South Korean exchange Youbit lost 17% of its digital assets in another hack.
Businesses were the second most vulnerable group, with criminals in many cases hacking into their computer systems and demanding cryptocurrency as ransom.