Cyber attacks on crypto exchanges carried out by hackers are a growing threat to the security of users, businesses and the government. Tracking the origins of cyber attacks is indeed a challenging proposition. However, considering the increasing severity and frequency of the attacks makes it even more important than ever to understand the source of the attack.
The attackers of the Japanese cryptocurrency exchange Zaif may have been discovered, according to cybersecurity experts at Japan Digital Design. Zaif lost $60 million dollars during the recent hack that took place in September, this year.
In order to track the source of a hacking attack and to categorize it aptly, the attack needs to be analyzed from a number of aspects. These include the motivation of the attack, its technical origin, information included in scripts, data files and binary codes and analyzing the modus operandi of the hacker.
Once a potential incentive of a crypto exchange hacker is identified, it is significant to discern if the activity matches that particular incentive. This is important in order to validate the hypothesis. Identifying a potential incentive entails information such as any command and controls, the IP address, the location of the devices used during the attack, email address or other channels. The information included in scripts, data files and binary codes is applicable only in cases where a customized exploit or a specific malware is used.
Analyzing the modus operandi of hackers entails matching the active hours of the hacker with a particular location, malware tactics similar to the ones used by a known hacker or script comments, if available, as mentioned in the PWC whitepaper.
Japan Digital Design informed that in case of the Zaif exchange hack, it was able to identify the source of the hackers. However, there is no specification pertaining to the data collected or its accuracy. Apparently, the agency was able to obtain IP addresses and other useful information, as reported on Bitcoin Exchange Guide.
Considering the challenges involved in tracking the origins of crypto exchange cyber attacks, even if the attacker is identified by name, address and phone number, it is often very challenging to prosecute the person, as the latter may live in a jurisdiction that is not particularly in alignment with the victim’s country.[The views and opinions expressed in this article are those of the authors and do not necessarily reflect the views and/or the official policy of the website. ]