Hacken Token
$ -- --.--
Top 5 ways how criminals steal crypto in 2020

Top 5 ways how criminals steal crypto in 2020

Despite the significant growth of Bitcoin and other cryptocurrencies prices in 2020, the amount of stolen crypto as a result of hacks is actually less than in 2019. According to the Ciphertrace report, the total amount of stolen funds equals ~468 mln USD. 

Most of the attacks in 2020 were made on DeFi projects which speaks of the immaturity of this new fast-growing segment. Nevertheless, the number of stolen cryptocurrencies from centralized services are still much higher. For example, as a result of the Kucoin hack, cryptocurrency was stolen in the equivalent of $ 275 million. DeFi hacks make up roughly 21% of the 2020 cryptocurrency hack and theft volume. 

Nevertheless, hackers attack not only crypto platforms but also users themselves in particular. Every day, stories are published on the Internet about how hackers stole a user’s crypto by gaining access to his crypto wallet or crypto exchange account. Some cryptocurrency users have no idea how high the risk of hacking their account or wallet can be.

In this article, we describe the 5 most popular reasons how users may lose their crypto.

Popular ways to steal cryptocurrency

Fake phishing websites

Phishing is a type of social engineering attack often used to steal user data, including mnemonic phrases, private keys, and cryptocurrency platforms’ login credentials. Typically, phishing attacks make use of fraudulent emails that convince the user to enter sensitive information into a fraudulent website. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware or some phishing website.

The simplest example of a successful phishing attack was the MyEtherWallet case from 2017. The cyber-criminals sent an email to the potential customer base of the MyEtherWallet users and announced that they need to synchronize their wallet to comply with the Ethereum hard fork. After clicking on the link, the user was taken to a phishing site that looked like a real one but contained an additional barely noticeable character in the URL. Inattentive users entered their secret phrases, private keys, passwords from wallets, thereby providing this data to attackers, and then lost their cryptocurrency.

The latest example of a successful attack on Ledger wallet users. The scam used a phishing email that directed users to a fake version of the Ledger website that substituted a homoglyph in the URL as in the previous case with MyEtherWallet. On the fake site, victims were fooled into downloading malware posing as a security update which drained the balance from their Ledger wallet. From this, follows the conclusion that even hardware wallet users are not protected from phishing attacks.

The same type of attacks was performed on crypto exchanges users. That is, the user receives a letter with the link to the website that is identical to the original one, but with a slightly modified URL. Thus, attackers steal usernames/passwords and under certain conditions, they can steal cryptocurrency from an exchange wallet.  Nevertheless, users have the opportunity to defend themselves even in a successful attack case, since exchanges offer additional protection tools. 

API keys theft

Some traders use trade automation tools called trading bots. With this type of software, a user must create API keys and allow certain permissions so they bot can interact with their funds. 

Commonly when a user creates an API key the exchange asks for the following permissions:

  • View. Allows viewing any data related to user account such as trading history, order history, withdrawal history, balance, some user data, etc. 
  • Trading. Allows to place and cancel orders.
  • Withdrawal. Allows withdrawing funds.
  • IP whitelist. Allows performing any operations only from specified IP addresses.

For trading bot API keys, they must have the view, trading, and sometimes withdrawal permissions. 

There are different ways of how hackers can steal users’ API keys. For example, cybercriminals often create malicious “high-profit” trading free of charge trading bots to lure the user into entering his API keys. If the API key has the right to withdraw without IP restriction, then hackers may instantly withdraw all cryptocurrencies from the user’s balance.

According to the Binance official commentary, 7,000 BTC hack became possible because hackers gathered API keys, 2FA, and other data. 

Even without withdrawal permission hackers may steal users’ crypto with pump strategy a certain low liquidity cryptocurrency trading pair. The most common examples of such attacks are the Viacoin pump and the Syscoin pump. Hackers have accumulated these cryptocurrencies and sold them significantly overpriced during a pump using user funds.

Downloaded files exploits

There are a lot of 0-day and 1-day exploits for MS Word, Excel, and Adobe Product that guarantee antivirus products will not detect malware and grant malicious actors full access to victim workstations and internal infrastructure.

Zero-day is a flaw in the software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. The term zero-day may refer to the vulnerability itself, or an attack that has zero days between the time the vulnerability is discovered and the first attack. Once a zero-day vulnerability has been made public, it is known as an n-day or one-day vulnerability. After a vulnerability is detected in the software, the process of developing malicious code begins that uses the detected vulnerability to infect individual computers or computer networks. The most well-known malware that exploits the 0-day vulnerability in software is the WannaCry ransomware worm, a virus that extorted Bitcoins for decryption.

However, there are many other malware programs that may gain access to users’ cryptocurrency wallets, as well as crypto exchange applications using 0-day exploits. The most-known case of such an attack in recent years was WhatsApp exploit, as a result, attackers could collect data from users’ crypto-wallets.

Malicious platforms 

Due to the active growth of the market, DeFi scammers are constantly launching new projects which are almost exact clones of existing projects. After users invest in these projects, scammers simply withdraw their funds to their own wallets. The biggest exit scam of this kind to date is the YFDEX case when intruders stole 20 mln of users’ funds 2 days after the launch of the project. Such scams are сommon because in most cases project team members are anonymous and there are no legal obligations because platforms are not registered entities. Previously, such fraud was associated mainly with ICO projects.

Nevertheless, similar cases occurred with centralized platforms. For example, the QuadrigaCX case, when the founder of centralized exchange died leaving the platform unable to access its wallets and process withdrawal requests for over $ 171 million clients funds. As a result, only 30 mln of lost funds can be repaid.

Such cases arise all the time, so you need to carefully consider the platform before transferring your money there.

Fake applications

During the entire existence of cryptocurrencies, many fake applications of a particular platform or wallet have been created. Once you complete a deposit to such applications, you find the funds have just disappeared. Intruders may create a copy of an existing application with malicious code or a new application for a platform that does not have an application. For example, the Poloniex case from 2017. 

Since most crypto wallets are open source, everyone can create their own copy of the wallet and inject malicious code there. Topics about such wallets constantly appear on popular cryptocurrency forums, for example, Trust wallet fake apps. 

How to protect yourself from intruders?

As you can see from the above sections, criminals have many variants to steal user funds and data. So we recommend adhering to the following points to yourself protect against intruders: 

  1. Always check the domain from which you receive emails.
  2. Setup AntiPhising code if platforms that you use have such features.
  3. Only deposit to exchanges with good reputations. You may check the exchanges ratings on the following services: Coingecko, CER.live, Coinmarketcap, Cryptocompare, etc. 
  4. Setup login IP whitelist if platforms that you use have such features. 
  5. Always research a crypto wallet before deciding to install it on your phone, even if it on your app store list.
  6. Set IP restrictions for API keys.
  7. Do not invest in recently launched projects that do not have any information about the team, investors, etc. During the DeFi hype scammers launched dozens of scam projects in order to steal crypto from investors.
  8. Make sure you download documents and other files from a trusted source.
  9. Always do regular security updates of your operating system.
  10. Download applications and their updates only from the official websites.


Along with the growth of the cryptocurrency market, new schemes appear to steal user funds and data. Users should be very careful about the emails and other notifications they receive.

In this article, we have described 10 points about how users can protect themselves from intruders. If you follow these measures, then it will be very difficult for hackers to steal your data or funds.

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.