While the security of blockchain networks has often been praised, the broader cryptocurrency ecosystem continues to face significant challenges related to cryptocurrency security. Exchanges, wallets, and other access points remain attractive targets for cybercriminals, creating risks that extend beyond the blockchain itself. Recent incidents involving crypto wallets, cryptocurrency exchanges, data breaches, and social engineering attacks demonstrate that protecting digital assets requires more than securing the underlying network. As cryptocurrency adoption grows, both providers and users must remain vigilant against threats that can compromise sensitive information and expose investors to financial losses.
Mercator research has documented the security of the Bitcoin network but we also identified that all operations outside of that Bitcoin network are by nature very insecure – especially wallets, exchanges and ATM implementations. Put another way the Bitcoin network is in essence the bank and everything else is a mattress stuffed with money.
Ledger, a secure hardware wallet provider, was hacked in July and lost 272,000 customer records. So while the crypto remains safe in a protected thumb drive, the individual customers are now the targets for a large amount of criminal activity. All of the stolen customer records were dumped onto RaidForum this month and the customers now face a tidal wave of social engineering hacks which have already begun.
In a more recent hack, this month the U.K.-based cryptocurrency exchange Exmo “detected suspicious withdrawal activity”. Oops, there goes crypto valued at more than $10 million. But to calm everyone it released this statement:
“The affected hot wallets comprise near 5% of the total assets. Let us stress that all the assets in the cold wallets are safe,” Exmo wrote in the security incident report.”
The Exchange added:
“Most importantly, we want to assure you that if any user fund is affected by this incident, it will be covered completely by Exmo.”
The recent security incidents underscore an important distinction in the digital asset market: strong blockchain security does not automatically translate into comprehensive cryptocurrency security. As cybercriminals increasingly target crypto wallets, cryptocurrency exchanges, and customer databases, the risks associated with data breaches and social engineering attacks continue to grow. The long-term success of the cryptocurrency industry will depend not only on securing blockchain networks but also on strengthening the infrastructure, processes, and customer protections that surround them.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
