API keys are being abused by cybercriminals to steal millions in cryptocurrency from unsuspecting traders according to new research from CyberNews (opens in new tab).
As Bitcoin (opens in new tab) and other cryptocurrencies (opens in new tab) have become increasingly popular over the past few years, companies have begun to offer apps and other services to make trading easier. In order to uses these services though, traders need to grant third-party programs access to their cryptocurrency exchange (opens in new tab) accounts via API keys that allow these programs to perform actions on their behalf such as opening and executing automatic trade orders.
These API keys include both a public key and a private key which is often referred to as a secret key. This secret key is what is used by third-party apps to execute trade orders on a user's behalf. However, if a cybercriminal is able to obtain a users' secret key, they can then steal their cryptocurrency.
- We've compiled a list of the best endpoint protection software (opens in new tab) solutions
- These are the best bitcoin wallets (opens in new tab) for storing your cryptocurrency
- Also check out our roundup of the best bitcoin exchanges (opens in new tab)
Cryptocurrency exchanges usually provide traders with three types of API permissions in the form of data permissions, trade permissions and withdrawal permissions. Data permissions allow APIs to read a user's exchange account data, trade permissions allow them to execute trades, place open orders and close orders and withdrawal permissions allow them to take cryptocurrency from a user's exchange account and transfer it to another location.
For security reasons, cryptocurrency exchanges disable withdrawal permissions by default. This is why cybercriminals have been leveraging trade permissions to empty the cryptocurrency wallets (opens in new tab) of their victims.
API key abuse
During its investigation, CyberNews discovered that cybercriminals employ 'sell wall' buyouts and price boosting to steal funds from traders.
Sell walls are a common market manipulation technique used in both the stock and cryptocurrency markets. When it comes to cryptocurrency, sell walls are massive market sell orders that are artificially created by market manipulators to lower the price of a cryptocurrency or keep them below the maximum threshold in order to buy up a lot of coins on the cheap.
According to CyberNews' latest report (opens in new tab), cybercriminals have been using trading bots to open many small sell orders to create sell walls in order to force victims to sell their cryptocurrencies. Price boosting is another technique commonly used to exploit stolen API keys which involves buying cheap coins and then selling them back to a victim at extortionary rates.
Cybercriminals don't even need to install malware (opens in new tab) or spyware (opens in new tab) on a user's device to obtain their API keys as instead, they scan publicly accessible web application environment files and public code repositories for leaked private keys.
In order to protect your cryptocurrencies, CyberNews recommends that traders whitelist IP addresses for API key usage and avoid storing their API keys on a hard drive (opens in new tab) or disclosing them to anyone. Another step you could take is to store your cryptocurrency offline instead using a hardware wallet like the Ledger Nano X (opens in new tab) or the Trezor Model T (opens in new tab).
- We've also highlighted the best antivirus (opens in new tab)
Via CyberNews (opens in new tab)