Coinhive Attacks and Alleged Bitgrail Losses Highlight Cryptocurrency Security Issues

Two cryptocurrency-related security incidents occurred during the past couple of days, adding to the rising number of attacks that target digital currency. One of these incidents saw the Italian exchange Bitgrail reportedly fall victim to fraudulent transactions, while a second incident involves the Coinhive Miner (Detected by Trend Micro as Coinminer_MONERO.THBO-JS), which emerged as one of the most prevalent malware worldwide, being used to hijack thousands of websites.

Bitgrail vs. Nano

In a notice posted on their website, Bitgrail announced that the exchange lost up to $195 million worth of Nano cryptocurrency tokens to hackers pulling off fraudulent transactions. Apparent details of the attack were posted on the CryptoCurrency subreddit, noting that a bug was found on the exchange’s withdraw page, where users could run a manual java-script to send a request for a withdrawal amount greater than what was contained in their account.

The announcement itself was not without issues, as Nano published their own statement noting that the team did not detect any double spending in the ledger and that the loss itself was unlikely to have happened due to the Nano protocol. Instead, the group pointed out that the problem likely originated from Bitgrail’s software.

Further complicating the incident is the alleged issue of Bitgrail’s insolvency. Nano mentioned the issue in their statement, which they identified as the likely reason for the exchange’s announcement. In fact, the Nano team went so far as to say that Bitgrail operator and owner Francesco Firano has been misleading both the team and the Nano community.

 This highly controversial incident occurred just a couple of weeks after the cryptocurrency known as  Nano was rebranded from RaiBlocks.

Coinhive miner spreads via disability support plugin

A large number of sites, including the official webpages of US and UK organizations, were compromised and injected with the cryptocurrency miner known as Coinhive in order utilize the computer resources of website visitors for mining operations. All of these websites used a plugin known as Browsealoud, which assists blind users via voice reading. Attackers apparently managed to compromise the plugin and inject Coinhive, which will use computer resources of the compromised website's visitors to mine cryptocurrency.

Fortunately, the miner will stop working when the website is closed, thus disabling it. However, given the number of compromised websites — up to 4,200 according to some sources — a large number of users may unwittingly be victimized.

Another day, another cryptocurrency issue

It seems that new security issues involving cryptocurrency are being reported each day. From miners and fraudulent transactions to phishing and ransomware, cryptocurrency attacks are not limited to a single kind. While the Coinhive incident seems to be a straightforward miner attack, the issue with Bitgrail and Nano seems quite a bit more complicated, even going beyond security issues.

The key issue here is that cryptocurrencies deal with a large number of issues when it comes to security. While the recommended best practices to address these can help, users should also be aware of the possible security implications that may arise when dealing with cryptocurrencies.

Trend Micro Solutions

Deep Discovery Inspector protects customers via the following rule:

  • DDI Rule 20: Suspicious URL - HTTP (Request) - Variant 1

Users can also look into comprehensive security solutions that can protect them from cryptocurrency mining malware. Trend Micro™ Smart Protection Suites delivers several capabilities such as high-fidelity machine learning, web reputation services, behavior monitoring and application control, and vulnerability shielding that minimize the impact of threats that target cryptocurrency.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.