Contxto – It’s always an underlying question for crypto-currency watchers: Is user data safe in the hands of the decentralized web of cryptoexchanges? Well, this weekend we found that the fear of data leaks can be worse than the actual threat.
Last Sunday (24) cybersecurity outlets began reporting that a hacker was advertising customer databases for international big-name cryptoexchanges and wallets. The ads included users from Mexico’s very own Bitso.
The companies were warned by the hacker that the extremely sensitive information of over 80,000 users would be published unless they paid a hefty ransom.
Hacking your fears, not your servers
Here’s where the elusive nature of the cryptocurrency world worked against the exchanges. It was people’s paranoia surrounding these increasingly widespread but misunderstood technologies that took the driver’s seat next.
The alleged hacker only had to make the treat and do human nature to the rest.
Soon after the ransom note was published, cybercrime investigator, Under The Breach, speculated that the vulnerability may well have come from their common connection to Shopify:
Speculation went into overdrive.
And yet, slowly but surely, cooler heads prevailed and it turned out the whole thing was a scam.
A day after the alleged story broke, Mexican cryptoexchange, Bisto, conducted an investigation and concluded:
This is all rather amazing if you think about it. This scammer had effectively hacked, not into the cryptoexchanges themselves, but rather into people’s worries over cryptoexchanges, exploiting the subsequent panic to make a quick buck.
Fake hack and the real threat to user information
But wait, how did the fake hacker muster enough information to get the entire crypto-community’s knickers in such a collective twist?
Bitso’s postmortem of the scam concluded that the information the so-called “hacker” was touting dated to ancient data from June 10, 2016, and with a list of info that “made up less than one percent of current users.”
However, in less time than you could say “sigh of relief”, users were all over Bitso for this past leak and renewing their doubts over the security of the cryptoexchange system.
Bitso insisted that beyond the fact that their security protocols were state of the art, that the key piece of information—user passwords—were missing from the “hacker’s” haul. But, the damage, for this and other exchanges, was done.
The weakest link in the blockchain
Clearly, cryptoexchanges are still paying for their past sins. Yet, it is also clear that Bitso and the rest of the crypto-startup world have learned their lesson before virtually anybody else.
Security protocols have been put in place and even past, genuine and registered, attacks on exchanges have been stopped in their tracks. Yet, these exchanges seem to spend a good chunk of their time assuring folks that their systems and security protocols are trustworthy.
This is likely due to the revolutionary freedom that cryptocurrencies claim to give their users; the novel and decentralized nature of the whole system opens up space for worry. A bit in the same way that people fretted about paper, rather than metal, money back when that was new.
But, it does seem somewhat unfair to have the onus entirely on entities dealing in cryptocurrencies, given that cybersecurity is often a big problem for every single institution, financial or not, in the twenty-first century.
It was just three months ago that the Mexican government’s Secretariat of the Economy was virtually brought down (in every sense of the word) by a cyberattack.
So, in such an uncertain digital new world, who are the biggest liabilities? It turns out that it may not be the government and financial institutions after all, but rather, everyday users.
- Related article: Cybercrime is rising and Latam… doesn’t care?
-AG