Such attacks rarely have a significant impact on cryptocurrency exchanges, as they are aimed at users, and not at the platform itself. Having intercepted this traffic, attackers can redirect traders to phishing resources or infect a device with malicious software.
The fifth part of the platform for Apple devices and half for Android do not encrypt the HTTP connection when switching to internal Internet resources. With the banal selection of PIN-code, the hacker is able to find the right combination and transfer the money of the victim to his account or carry out a phishing attack. The fifth part of the application allows you to set simple passwords, up to 8 characters without Latin letters. Two-thirds of the programs contain vulnerabilities that allow access to the credentials that are stored in the device or centralized database of the exchange. In the first case, you can simply steal money, in the second - to force a large number of people to buy or sell assets at the right time, thereby increasing or decreasing the demand for them.
In a third of cases, vulnerabilities allow attackers to carry out financial transactions or manipulate information on the screen of the user's device. Ways of hacking mobile applications of cryptocurrency exchanges: Most of the problems associated with storage and security keys. It turned out that all the applications involved in the study have security problems, while 70% of them contain at least one critical error that can be used to steal money or personal data.
This is the conclusion reached by Positive Technologies analysts, who tested five popular applications for iOS devices and six for Android. The easiest way to steal money from deposits of cryptocurrency exchanges is to hack mobile applications, for example, Bitfinex, EXMO, Cex.io, Bitstamp. Next, we look at how and how they succeeded. So, only in the first half of 2018, attackers managed to steal more than 1 billion dollars. According to Carbon Black survey, companies developing tools for protection against spam, viruses, DDoS, hacker attacks and other cyber threats, cryptocurrency exchanges account for 27% of all attacks related to cryptocurrency.