Does your company hold cryptocurrency?
This guide answers this question and discusses the cryptocurrency attacks that make insurance necessary.
Is cryptocurrency fraud a cybercrime?
In the UK, cryptocurrency is not considered legal tender, even though some businesses may accept it as payment. This problem creates confusion over whether your crypto assets can be protected.
According to the UK government, crypto assets are classified as a store of value, which means your insurance policy could protect your assets. The definition of cybercrime doesn’t pertain exclusively to fiat currency losses but to any attacks made via a computer, network or even the Internet itself.
This is why people have been successfully prosecuted for data breaches, even if there were no records of transfers leading to significant financial gain for the attacker. In short, cryptocurrency fraud is a form of cybercrime if performed online.
What are the different types of cryptocurrency attacks?
Cryptocurrencies’ anonymous and decentralised nature is attractive to many, but this also makes them a juicy target.
If your business holds or is involved in cryptocurrency, here are just some of the attacks you could fall victim to:
- 51% Attack – Also known as a Double Spending Attack, a malicious actor will gain control of at least 50% of a business’s mining power. With this control, they can alter transaction histories and create their own.
- Sybil Attack – Sybil attacks involve creating numerous fake identities to gain control over the consensus process. This can be used to destroy a business’s decision-making mechanisms.
- Phishing – By far the most common type of social engineering attack, phishing accounts for 83% of all detected UK cyberattacks. To access sensitive information, phishing scams can often be used to obtain wallet keys.
- Cryptojacking – This attack involves installing malware on computer or mobile devices to hijack their processing power for mining purposes.
- Dusting – Got a random crypto transfer? This could be a dusting attack, where an attacker sends small amounts of cryptocurrency to multiple wallets to link them and de-anonymise users.
Countless other attacks exist, such as the Man-in-the-Middle Attack, that could separate you from your cryptocurrency. These attacks – when successful – are often highly lucrative for cybercriminals.
For example, the cryptocurrency exchange platform KuCoin was targeted in September 2020, resulting in the theft of crypto funds from wallets connected to the Internet, known as hot wallets. The attackers exploited security loopholes to obtain hot wallet private keys.
It was estimated that the KuCoin Hack resulted in 281 million dollars being stolen by North Korean hackers.
What are the biggest cryptocurrency risks for businesses?
Holding cryptocurrency automatically makes your organisation a target because of the rampant crime within this sector. Successful attacks could result in loss of funds, a drop in consumer confidence, and even lawsuits.
Some of the most significant risks to businesses include:
- Ransomware – Cryptocurrency attacks often begin with social engineering fraud and end with ransomware. Ransomware is special software that infects computers and encrypts everything. To decrypt it, you must pay a ransom, usually in crypto.
- Social Engineering Fraud – Social engineering attacks may target high-ranking individuals in your company or take advantage of insiders that may be willing to cooperate with them.
- Smart Contract Vulnerabilities – Firms using smart contracts can face risks if the contracts have security vulnerabilities or coding errors.
- Supply Chain Attacks – Any third-party service provider or vendor could also compromise your ecosystem through an attack on them. Unfortunately, to work with crypto, you will nearly always need to work with someone outside of your orbit.
In short, cryptocurrency security is a separate sub-niche from cybersecurity. The risks are similar to other attacks, but working with cryptocurrency means setting up a new security system to protect yourself.
For this reason, many businesses avoid using cryptocurrency entirely. If you require cryptocurrency for your operations however, the answer is to protect yourself with a cyber insurance policy you can rely on.
Can cryptocurrency hacks or losses be covered by cyber insurance?
Cyber insurance may or may not cover your losses. It depends entirely on the policy you have. Many insurers have specific policy exclusions for crypto, whereas others offer it as an optional add-on.
Recently, this was tested with the collapse of FTX. Although the exchange recovered five billion dollars for its clients, this is still considered a drop in the ocean. Businesses that hold cyber insurance have found themselves disappointed in many cases.
For example, Joe Ziolkowski, co-founder of Relm Insurance in Bermuda, said that if crypto or regulatory exclusions are required within their policies, they will not offer coverage. It chimes with other insurers creating specific exclusions for crypto losses to prevent contagion.
This doesn’t mean no insurer is offering any type of coverage. Some bundle it with their cyber insurance, whereas others may require an optional add-on or a separate policy.
The message is to double-check your existing coverage and speak to your insurer about what they will/won’t cover. It’s better to establish your policy’s boundaries early than wait for an attack.
The impact of crypto attacks for businesses
Crypto attacks can have a massive impact on businesses that deal in cryptocurrencies. It could result in a severe loss of revenue, reputation and consumer confidence.
Possessing cyber insurance that covers crypto is the best possible protection. Let’s run through your experience with and without insurance:
· Loss of cash flow.
· Loss of revenue.
· Potential business disruption.
· File your claim for crypto (and other associated) losses.
· Get reimbursed for your losses under the terms of your policy.
· Return to normal business operations.
How to protect your business against crypto fraud
Even with cyber insurance, all cryptocurrency fraud will lead to significant business disruption. The best course of action is prevention.
Follow these simple tips to protect your business against crypto fraud:
Educate Your Employees
The first step is to provide comprehensive cybersecurity training to all employees. Emphasise the most common risks, including phishing, fraud, social engineering and the importance of keeping private keys safe.
Use Strong Authentication
Implement Multi-Factor Authentication (MFA) for all systems, including those non-crypto-related.
Choose Reputable Wallets/Exchanges
Ensure you only work with well-established exchanges and wallet providers. Most of your crypto should be put into cold storage even after finding one, not in hot wallets connected to the Internet.
Limit access to all cryptocurrency activities. The fewer people that can access your crypto assets, the more secure your business is.
Maintain an ongoing monitoring system for all cryptocurrency transactions. This should be implemented in conjunction with a robust reporting system.
Avoid Unverified Investments
Businesses often use crypto investments to make money. This is also one of the most common avenues for scams. Always ensure that any investment receives appropriate due diligence, regardless of the amount.
Above all, ensure you hold a cyber insurance policy that you can rely on. At Stanmore Insurance, we specialise in supporting businesses that require robust anti-cyber attack coverage to give them peace of mind.
To learn more about our various policy options, or to get a quote, contact Stanmore Insurance today.