Overwhelming computing power used for $20m cryptocurrency heist

28 May 2018

Image: Yevhen Vitte/Shutterstock

The majority rules as nasty ‘51 per cent attacks’ see cryptojackers abscond with a lot of dosh.

An unidentified hacker has stolen close to $20m worth of cryptocurrency, with those affected including Bitcoin Gold, Verge and Monacoin.

‘Attackers could be co-opting your phone, computer or IoT device to use them for profit’

In the biggest attack yet, about 388,000 coins worth $17.5m were stolen from Bitcoin Gold when a hacker gained majority control of the network’s hash rate and used that control to reorganise the blockchain and reverse transactions.

Malicious miners undermine the coin

According to CCN, the attacker then made deposits at various cryptocurrencies, traded the coins for bitcoin or other currencies, and withdrew the funds.

To cover their tracks, the coin miners used overwhelming computer power to force the rest of the network to accept the falsified coins and cause funds to disappear from exchange-controlled wallets.

The method used by the malicious miners is known as a ‘51 per cent attack’ whereby the attacker gains control of the majority of the network’s total computing power.

With this power, the attacker then can reverse their own transactions, effectively spending the same coins twice and undermining the entire transparent nature of the blockchain.

The resulting attack strikes at the whole point of cryptocurrencies in terms of transparency and authenticity, making it hard to keep track of transactions.

A recent Symantec report pointed to the rise of cryptojacking and bitcoin mining by hackers who are stealing vital computer resources to mine for crypto gold.

The 23rd volume of the Symantec annual threat report revealed that in 2017 alone, detections of coin mining increased 44,000pc in the UK, the fifth-highest number of such detections worldwide.

With a low barrier of entry – only requiring a few lines of code to operate – cyber-criminals are harnessing stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency.

Coin miners can slow devices, overheat batteries and, in some cases, render devices unusable. For enterprise organisations, coin miners can put corporate networks at risk of shutdown as well as inflate cloud CPU usage, adding cost.

“Attackers could be co-opting your phone, computer or IoT device to use them for profit,” said Darren Thomson, CTO and EMEA VP at Symantec, at the time.

“People need to expand their defences or they will pay the price for someone else using their device.”

Updated, 1.55pm, 28 May 2018: This article was updated to clarify that $20m was stolen from various cryptocurrencies, not exchanges. The cryptocurrencies included Bitcoin Gold, Verge and Monacoin, not bitcoin itself.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years