Cybercriminals have been observed exploiting cryptocurrency exchange API keys and using them to steal cryptocurrencies from victims. According to researchers, exposed API keys can result in catastrophic outcomes as this allows attackers to steal cryptocurrency without the need for withdrawal rights.
What has happened?
CyberNews researchers discovered more than $1,000,000 in cryptocurrency held in cryptocurrency exchanges with their API keys exposed on public code repositories.
- API keys are used to grant transaction access to third-party programs. If someone steals a secret API key, it cannot be used for exploitation purposes as API permissions are disabled by the exchange.
- However, researchers observed that multiple trade offers for stolen cryptocurrency exchange API keys appeared on hacker forums.
- The stolen API keys are being used by cybercriminals to steal or empty victims’ accounts on almost all popular exchanges.
- Attackers can easily bypass trade-only settings on the API keys and steal money from traders’ accounts even without having their account withdrawal rights or credentials.
Exploiting stolen API keys
To exploit stolen API keys, attackers are trading on their victims’ behalf and simply trading their balances via excessively unprofitable trades against bots deployed by themselves.
- The attackers are using two API key exploitation methods to steal funds from traders: sell wall buyouts (market manipulation) and price boosting (buying cheap coins).
- For the sell wall technique, they are using stolen API keys to compromise trading accounts and creating bulk sell orders at lower prices to reduce the price of the cryptocurrency.
- In the price boosting technique, attackers deposit unpopular, cheap coins having low trading volume to their own middleman account. It is then sold back to the victim at high rates.
Conclusion
Stolen API keys are being increasingly sold on hacker forums, which indicates a motive of financial gain. Researchers suggested a few simple steps for protecting API keys from being abused by experienced traders, such as whitelisting selected IP addresses and treating API keys as the private key of the cryptocurrency wallet.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/375d_shutterstock_542598784.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000045127416_Small.jpg)
