While investors used to need to possess a certain level of tech-savviness to trade cryptocurrency, that is less and less the case these days. In recent years, many mainstream brokerage firms began to allow customers to buy and sell certain cryptocurrencies. Additionally, smaller and lesser-known apps have also surfaced, many of which offer fewer services and lower transaction costs. However, according to a recent warning by the U.S. government, hackers based in North Korea are employing targeted cyberattacks in hopes of tricking employees of these cryptocurrency apps into giving up information that can be used to empty investors’ wallets.
If you recently had hackers access your account and steal your cryptocurrency assets, additional information about crypto hacking can be found in a related blog post, here.
How Are Hackers Stealing Cryptocurrency?
The latest risk for crypto investors stems from what are known as social engineering attacks. When hackers use a social engineering attack, they attempt to trick employees of an organization into providing the hacker with sensitive information or downloading malicious software. In the case of the recent attacks carried out by North Korean hackers, the cybercriminals used social engineering attacks to trick employees of cryptocurrency trading apps into downloading malicious software. Once the software was downloaded onto the employee’s computer, it would reveal users’ private keys, which the hackers could then use to conduct fraudulent blockchain transactions and drain investors’ cryptocurrency wallets.
On April 18, 2022, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) issued a joint statement claiming that the Lazarus Group, APT38, BlueNoroff, and Stardust Chollima engaged in state-sponsored malicious cyber activity. According to the report, “As of April 2022, North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal cryptocurrency. These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.”
In the joint statement, the FBI, CISA and Treasury also provide a lengthy list of efforts that companies that develop and market these cryptotrading apps can take to mitigate the risk of an attack.
Do Aggrieved Cryptocurrency Investors Have Recourse?
Given that the hackers responsible for the recent wave of cryptocurrency hacks are based in North Korea, it raises the question about whether there investors who were victimized they these attacks have any legal recourse either against the hackers themselves or the cryptotrading apps.. Under U.S. law, companies who create crypto currency trading apps can be held liable for investors’ losses that stem from the company’s negligence.
Determining whether a company was negligent leading up to a cryptocurrency hack is a fact-intensive inquiry. However, the fact that an employee was duped into downloading malicious software may be evidence that a company was negligent. While cryptohacks are carried out by third-party hackers, the companies that maintain investor data (including their private keys) owe a legal duty to investors. Part of this legal duty requires the company to take the necessary steps to protect investors’ sensitive information.
Of course, the laws that cryptocurrency lawyers use to hold companies accountable were not necessarily written with 2022 technology in mind. Thus, these claims require a sophisticated and nuanced understanding of how these lawsuits fit within the existing law’s existing framework. Scheduling a free consultation with a cryptofraud lawyer is the first step toward understanding your rights and pursuing a claim against a negligent cryptocurrency trading app.
