Virtual currencies such as Bitcoin are a popular target for hackers since the trail goes cold easily and cybersecurity criminals can digitally erase their footprint.
Since Bitcoin and other cryptocurrencies are merely digital tokens and are not backed by the government or a physical commodity, victims rarely have any recourse legally or criminally. The largest flaw is that none of the transactions can be reversed, since the criminals are anonymous and can rob owners easily as their heists are not tracked like hacking into a savings or checking account. The FBI's Internet Crime Complaint Center in 2016 received reports of $28 million in losses from individuals as crimes stemming from the virtual currencies increased threefold from the year before.
While the number of initial coin offerings (ICOs) has risen exponentially over the past year as millions of dollars have been raised rapidly and the value of Bitcoin has skyrocketed, cybersecurity experts said hacking into the exchanges of these virtual currencies such as Coinbase or the personal wallets will only expand.
Bitcoin hacking remains a popular criminal enterprise because the owners of the currency must maintaining confidentiality of a bitcoin address's private key, said Andrew McDonnell, president at AsTech, a San Francisco-based security consulting company.
Once the key is compromised, the attackers can send the victim's bitcoin to themselves or an intermediary or even worse, simply delete the key and digitally eliminate the bitcoin.
"Without the private key, there is no way to claim ownership of a set of bitcoin since there is no central Bitcoin authority by design," he said. "Bitcoin exchanges have been tempting targets for these attackers as their bitcoin wallets manage vast sums of the cryptocurrency. Exchanges facilitate some degree of anonymity which is otherwise not provided by Bitcoin and are not likely to go anywhere so long as the cryptocurrency ecosystem persists in its current form."
One of the most infamous hacks occurred in 2014 when the Mt. Gox exchange reported a loss of approximately $450 million worth of bitcoin and the cause was at least partially through the compromise of their wallets and keys, McDonnell said. Three years ago the industry estimated that Mt. Gox was processing 70% of all bitcoin transactions, which occurs when one person sends another user the currency electronically.
Both consumers and businesses need to ensure they protect and securely back up their private bitcoin keys and establish the "integrity of any exchange involved in their transactions," he said. "For a peer-to-peer transaction as designed in the original bitcoin platform, the protocol guarantees the transactions."
While the popularity of bitcoin and other virtual currencies has surged with the endorsements of celebrities such as boxer Floyd Mayweather Jr. and record producer DJ Khaled, many of the newer tokens do not have any financial history, making this method of raising capital an easy target since no financial authorities are involved.
While too many people mistakenly assume that bitcoins are more secure than today's standard financial transactions such as online banking or using PayPal or Venmo, cryptocurrencies are actually riskier since the transactions are not overseen by regulatory organizations, said Jack Miller, chief information security officer at SlashNext, a Pleasanton, Calif.-based provider of Internet access protection systems.
"Unfortunately, this false sense of security is a problem because it lulls human beings into taking the wrong actions that play directly into the hackers' plans," he said.
- Inside Bitcoin mania
As cryptocurrencies are adopted and purchased by more consumers, the hackers will utilize social engineering attacks more often to to successfully steal cryptocurrencies.
"While some of these attacks actually harvest bitcoins from a victim's account, others simply con the victim into giving their Bitcoins to the thief," said Miller.
Technical solutions are the only way users can prevent more hacking from occurring since social engineering attacks are difficult to thwart.
"No amount of user training and awareness will ever solve this problem," he said. "As they say, a chain is only as strong as its weakest link and with cryptocurrencies such as Bitcoin, the human element is clearly the weakest link."
The rise of larger state-sponsored hacks of cryptocurrencies will easily cause widespread market chaos, which will disrupt the Bitcoin ecosystem and increase the economic instability and risk globally, Miller said.
Hackers are focusing on attacking vulnerable implementations of these algorithms such as the ones found in SSLStrip, Heartbleed and Padding Oracle, said Jared Nishikawa, director of immersive programs at SecureSet, a Denver-based immersive, accelerated cybersecurity academy.
"As with nearly every major cryptographic attack in recent history, 99% of the time hackers are not attacking the underlying cryptographic algorithms," he said.
Some of the blame can be attributed to the people who wrote the code to implement the standards, Nishikawa said.
"Heartbleed was an especially bad vulnerability that did not expose a vulnerability in the mathematical underpinnings of RSA, but it did expose a vulnerability with regard to proper 'bounds-checking,' a well-established best practice for secure coding," he said.
The fraudsters were able to hack Mt. Gox by simply exploiting a bug in the wallet software to gain access to private keys, which is sensitive data that users need to spend their Bitcoins.
"This almost certainly involved a rogue employee or physical theft of some kind," Nishikawa said.
Bitcoin is not the only target of hackers who have expanded their list of quarries.
Hackers recently exploited vulnerable code in Ethereum's smart contracts to "reset" other users' wallets and bypassing the need for stealing private keys and essentially reassigned the ownership of the wallet to themselves, he said.
Secure coding practices must be tightened up as more people purchase and trade cryptocurrencies. The businesses must take a more proactive approach by hiring software developers with strong cybersecurity skills along with competent security engineers, consultants or auditors.
"If these people are hard to find, businesses should pay to train their current employees," Nishikawa said. "The public should know the current dangers of buying and spending in cryptocurrencies and everyone needs to learn a bit more about cybersecurity,and hold themselves to higher standards of secure practices."
While hacking into Bitcoin, a distributed ledger based on blockchain, remains difficult since the footprint of the fraudster is visible and transparent, owners must keep their Bitcoin wallet secure, said Joseph Carson, chief security scientist at Thycotic, a Washington D.C.-based provider of privileged account management (PAM) solutions.
"The security risk for any cryptocurrency is with how secure the owner keeps it and any systems they use to make transactions," he said. "This is on the top of hackers list because why rob a bank or an ATM when you can steal digital money across the world and take it out without being detected?"
Consumers who own cryptocurrencies must adhere to extra security measures by keeping their wallet secret, by adding multi-factor authentication and using encryption.
"The only confirmation of hacking cases has been with Bitcoin wallets which is when an owner of the system has been compromised giving a cybercriminal access to the wallet and allows the cybercriminal to steal the bitcoins and with bitcoin exchanges," Carson said. "When using Bitcoins, you need to take extra care with your bitcoin wallet and also choose your bitcoin exchange carefully."
Hackers will continue to focus on both methods to steal bitcoins in the future as a means to create further disruption. Bitcoin stability and its value is tied to Metcalfe's law, which states that the value of a telecommunications network is proportional to the square of the number of connected users of the system, he said.
The more people who have bitcoin wallets will cause the value of bitcoin to increase, making it one of the causes for instability. Cyber attacks such as the recent one caused by WannaCry resulted in many people opening their Bitcoin wallets.
The looting from criminals will increase because unsuspecting victims can be wiped clean of their accounts easily as hackers can merely take it over without any fear of being found.
"Bitcoin's value is very unstable, although it can be influenced using Metcalfe's law," Carson said. "I believe the recent instability was a result of a crime of currency manipulation. Bitcoin will continue to increase in value and the value is derived from both how many wallets are connected and cybercrimes."
More of What's Trending on TheStreet: