The emergence of cryptocurrencies, such as Bitcoin and Ethereum, has revolutionised digital finance but has also introduced new cybersecurity challenges. Due to their decentralised and pseudonymous nature, cryptocurrencies have become attractive targets for cybercriminals, leading to various types of cyberattacks.
A senior official at the National Cyber Crime Investigation Agency (NCCIA) recently revealed to Business Recorder that cybercrime in Pakistan, including incidents of WhatsApp hacking, surged by a staggering 35% so far in 2025.
Pakistan has faced a spike in the terrible happenings ahead of the legalisation of cryptocurrency, work on rolling out a central bank digital currency (CBDC), and digitisation of the domestic economy.
According to the Federal Investigation Agency (FIA) Annual Administration Report 2024, over 73,000 complaints were made to the agency but only 1,604 cases were registered. Moreover, nearly half of the complaints fell under the category of financial frauds.
Cyberattacks related to cryptocurrency are a global phenomenon, affecting individuals, exchanges, and institutions across every continent. As digital currencies operate on decentralised and largely unregulated networks, they present lucrative opportunities for hackers seeking financial gain.
Here are some key areas where cryptocurrency intersects with cyber threats:
1- Attacks on cryptocurrency exchanges
Cryptocurrency exchanges, which facilitate the buying, selling, and trading of digital
currencies, are prime targets for cybercriminals. High-profile breaches have resulted in the loss of billions of dollars, affecting millions of users globally.
For example:
• Mt. Gox Hack (2014): One of the most infamous cryptocurrency hacks, where
approximately 850,000 Bitcoins were stolen, valued at over $450 million at the time.
• Coincheck Hack (2018): Hackers stole $530 million worth of NEM tokens from the Japanese exchange.
These attacks highlight vulnerabilities in exchange security protocols and the importance of international collaboration to track stolen funds and prosecute attackers.
2- Ransomware attacks and cryptocurrency
Ransomware attacks have surged, with cybercriminals increasingly demanding payment in cryptocurrencies. This trend is fueled by the difficulty in tracing cryptocurrency transactions.
High-profile ransomware incidents include:
• WannaCry (2017): A global ransomware attack that demanded Bitcoin as payment for decrypting files.
• Colonial Pipeline Attack (2021): The attackers demanded a ransom in Bitcoin, disrupting critical infrastructure in the United States. Governments and international organisations are working to establish frameworks to trace and regulate cryptocurrency transactions to deter such crimes.
3- Cryptojacking
Cryptojacking involves unauthorised use of a victim’s computing resources to mine cryptocurrencies. Attackers exploit vulnerabilities in websites, servers, or devices to install mining scripts. Key examples include:
• The rise of browser-based cryptojacking through malicious JavaScript.
• Cryptojacking malware targeting cloud computing platforms like AWS and Azure.
4- Exploitation of decentralised finance (DeFi) protocols:
The growing DeFi ecosystem has introduced new risks. Attackers exploit vulnerabilities in smart contracts, leading to significant losses.
For instance:
• Poly Network Attack (2021): Hackers exploited a vulnerability in the network’s smart contract, stealing over $600 million in cryptocurrencies.
• Wormhole Hack (2022): A cross-chain bridge vulnerability resulted in the loss of
$325 million.
Regulatory challenges:
The pseudonymous and borderless nature of cryptocurrencies complicates regulatory enforcement.
Key challenges include:
-
Lack of standardised regulations: While some countries have strict cryptocurrency regulations, others lack comprehensive frameworks, creating gaps that cybercriminals
exploit. -
Tracing transactions: The use of mixing services and privacy coins (e.g., Monero) makes it challenging to trace illicit transactions.
-
Jurisdictional Issues: Cybercrimes involving cryptocurrencies often span multiple jurisdictions, making international cooperation essential.
International efforts to address cryptocurrency cybercrime:
-
The Financial Action Task Force (FATF) has issued recommendations for regulating virtual assets, including anti-money laundering (AML) and combating the financing of terrorism (CFT).
-
Companies like Chainalysis and CipherTrace are developing tools to trace cryptocurrency transactions and identify illicit activities.
-
The Budapest Convention on Cybercrime encourages cooperation among member states to address cryptocurrency-related crimes.
Future directions
To mitigate cryptocurrency-related cyber threats, international cyber laws must adapt to
emerging technologies. Potential measures include:
• Enhanced collaboration: Countries must work together to trace cryptocurrency transactions and prosecute offenders.
• Improved exchange security: Requiring exchanges to adopt robust security measures and comply with international standards.
• Education and awareness: Educating users about securing their digital wallets and avoiding phishing attacks.
