Cryptocurrency theft

What Is Cryptocurrency Theft and How Does Crypto Theft Work

Last updated on June 22, 2021

With the promise of potential profits and anonymous transactions, cryptocurrency is one of the most popular ways to invest money these days. The volatile market with its fast-paced and fragmented characteristics has lured people in despite experiencing huge drops in value. The reason for financial interest in the cryptocurrency world is the astonishing return on investment which has also made this financial sector a target for cybercriminals who have recognized the potential for cryptocurrency theft.

In 2017 Bitcoin increased by approximately 1,500% whilst Ethereum has shot up over 10,000%. This year the value of Bitcoin rose to over $13,000 which is enticing for those individuals who want financial freedom and wish to dodge government control.

With over 36 million crypto wallets created so far, malicious cybercriminals are constantly on the hunt for digital coins due to the fact that their attacks are often untraceable and anonymous.

A senior security researcher at SecureWorks Counter Threat Unit, Mike McLellan explains,

“Criminals act like a business. They’ll have a business model for making as much money as they can with as little risk as possible — and cryptocurrency mining represents a good return on investment and a low-risk way of doing it.”

How does crypto theft work? You can get your hands on digital currency either by buying it or mining it, and for cyber hackers, there’s not much to think about as they prefer the latter option.

It leaves the vulnerable party with a malware injected device and can also be continued over a long period of time.

Ryan Olson, intelligence director at Unit 42 of Palo Alto Networks clarifies,

“With a ransomware infection you might get a big pay off, but if you infect a computer in Africa, it’s very unlikely you’re actually going to get a payout from that. In areas of the world where people are less likely to pay ransoms, you might have just ignored those even though they’re ripe for infection.

But with cryptocurrency mining, it’s completely egalitarian: different systems perform differently at how they mine cryptocurrency, but they can all do it, so they’re all equal targets. That’s an important element of why we’re seeing this transition.”

So whilst initial profits aren’t as large as those that come from ransomware, there have been instances where millions of dollars have been made. The malware that infiltrates devices is pretty simple and can come in various forms such as software downloads, phishing campaigns, malvertising or compromised websites. As soon as they’re in, the aim of the game is to stay there without getting discovered.

“It’s a numbers game: infect as many computers as you can, then keep them infected. You might think just make it 100 percent all of the time and that’s what a lot of attackers do, because they think they’ll earn the most money that way,” said Olson.

“But if you use 100 percent of the CPU, the user is more likely to notice it’s slow and make choices which lose you the mining device. There’s choices attackers need to make the most money over time — they’ve got to think about the most bang for their buck.”

Forms of Cryptocurrency Theft

Malicious Cryptomining

Cybercriminals usually take advantage of advanced technique and various vulnerabilities found in your devices which open the door for them to insert malicious and hard to detect mining malware into your PC and even mobile devices. So, how can you tell if your machine has been compromised?

“Cryptocurrency mining and cryptojacking are associated with extremely high processor activity that has noticeable side-effects such as a reduced performance of their device, overheating, increased fan activity which increases noise from the fan.

On Android devices, the computational load can even lead to “bloating” of the battery and in some cases physical damage to, or destruction of, the device.

Similar problems may be caused by a variety of issues in hardware or software, however, in the case of cryptojacking, they become apparent after the victim accesses a specific website – probably one that incorporates the crypto mining JavaScript code.”


Cracking the sources that houses all the money is the number one goal for any cybercriminal. In the past this meant targeting banks themselves, but now hackers are making cryptocurrency exchanges, digital wallet providers and crypto-mining marketplaces their target to get ahold of larger sums. This is exactly what happened recently in Japan, with hackers seating $530 million from users.

“The hacking at Coincheck, which bills itself on its website as the leading bitcoin and cryptocurrency exchange in Asia, came to light over the weekend. If confirmed, it’s expected to rank as the biggest such theft on record, eclipsing the estimated $400 million in bitcoin stolen from Mt Gox in 2014.

Coincheck said the hackers stole customer deposits of NEM, a less well known digital currency.”

SEO Poisoning

When you hear the term SEO you might think of a clever marketing skill, but Search Engine Optimization has now been dubbed the new spam. Cybercriminals use SEO tools to make malicious sites seem more trustworthy and near the top of the search results. This way unsuspecting users are lured to download malware or even divulge information on a data-stealing website.

“Users who browse pages hosted on compromised servers kick-start a multi-stage malware infection. The same redirection and infrastructure has been seen in other attacks; for example, fake antivirus and tech support scams in which users are asked to call a phone number.

Ultimately, targets are redirected to a site hosting a malicious Word document. The doc contains malicious macros that execute when users download and click Enable Content.”


By slightly changing the name of a well-known company, hackers can dupe users into taking some sort of action that will see them vulnerable and exposed. Using platforms like LinkedIn, criminals find out the names and positions of wealthy professionals and create tailor-made attacks in an attempt to access their funds with Binance, one of the largest cryptocurrency exchanges being targeted as well.

“What will be interesting will be to see at what point it becomes no longer economically viable for criminals to use cryptocurrency mining as a way of making money. A lot depends on how the market performs and if the bubble bursts — maybe that will cause a drop off,” said McLellan. “But for now it’s becoming the new normal.”

Mobile Applications

We are all guilty of downloading apps onto our phones without reading in detail the privacy regulations. From seeding various apps to include crypto-mining codes to actually creating fake Bitcoin wallet apps and uploading them to Google Play. This happened only a few years ago,

“Instead of providing a Bitcoin address for an end user, the wallets siphoned any cryptocurrency received by the wallet to the attacker’s own Bitcoin address. According to Lookout’s research, the three fake Bitcoin wallet apps collectively had approximately 20,000 downloads prior to being removed by Google.

The three fake Wallet apps are part of a mobile malware family that Lookout has dubbed PickBitPocket. It’s not clear how many Bitcoins were stolen with the fake wallets, though Hebeisen said Lookout can confirm that the attacker was successful in rerouting some Bitcoins to his or her account.”

As you can see, cryptocurrency mining malware is a threat that is alive and well, so the best way to protect yourself and stay on top of things is knowing how to avoid malware in general. The best way to protect your digital wallet is by investing in a reliable antivirus program. Keep reading to find out more about the best antivirus software that is available on the market right now.

Antivirus Can Protect Your Crypto Wallet

Having a reliable and strong antivirus installed on your computer is an excellent way to keep yourself safe from many forms of Cryptotheft. To learn more about which Antivirus software is the best for your needs (and your wallet), check out our in-depth guide on choosing the best Antivirus for cryptocurrency here.

We recommend McAfee as the top Antivirus for protecting your crypto wallet from being attacked and hacked.


Wanting to protect your cryptocurrency is understandable, particularly with the rising trend of hackers targeting people with malware. The best way to remain on top of things is to invest in reliable antivirus software that will keep you protected at all times.

Article comments