Cybercriminals have abused API keys to steal millions in crypto

Cryptocurrencies
(Image credit: Shutterstock / Wit Olszewksi)

API keys are being abused by cybercriminals to steal millions in cryptocurrency from unsuspecting traders according to new research from CyberNews.

As Bitcoin and other cryptocurrencies have become increasingly popular over the past few years, companies have begun to offer apps and other services to make trading easier. In order to uses these services though, traders need to grant third-party programs access to their cryptocurrency exchange accounts via API keys that allow these programs to perform actions on their behalf such as opening and executing automatic trade orders.

These API keys include both a public key and a private key which is often referred to as a secret key. This secret key is what is used by third-party apps to execute trade orders on a user's behalf. However, if a cybercriminal is able to obtain a users' secret key, they can then steal their cryptocurrency.

Cryptocurrency exchanges usually provide traders with three types of API permissions in the form of data permissions, trade permissions and withdrawal permissions. Data permissions allow APIs to read a user's exchange account data, trade permissions allow them to execute trades, place open orders and close orders and withdrawal permissions allow them to take cryptocurrency from a user's exchange account and transfer it to another location.

For security reasons, cryptocurrency exchanges disable withdrawal permissions by default. This is why cybercriminals have been leveraging trade permissions to empty the cryptocurrency wallets of their victims.

API key abuse

During its investigation, CyberNews discovered that cybercriminals employ 'sell wall' buyouts and price boosting to steal funds from traders.

Sell walls are a common market manipulation technique used in both the stock and cryptocurrency markets. When it comes to cryptocurrency, sell walls are massive market sell orders that are artificially created by market manipulators to lower the price of a cryptocurrency or keep them below the maximum threshold in order to buy up a lot of coins on the cheap. 

According to CyberNews' latest report, cybercriminals have been using trading bots to open many small sell orders to create sell walls in order to force victims to sell their cryptocurrencies. Price boosting is another technique commonly used to exploit stolen API keys which involves buying cheap coins and then selling them back to a victim at extortionary rates. 

Cybercriminals don't even need to install malware or spyware on a user's device to obtain their API keys as instead, they scan publicly accessible web application environment files and public code repositories for leaked private keys.

In order to protect your cryptocurrencies, CyberNews recommends that traders whitelist IP addresses for API key usage and avoid storing their API keys on a hard drive or disclosing them to anyone. Another step you could take is to store your cryptocurrency offline instead using a hardware wallet like the Ledger Nano X or the Trezor Model T.

Via CyberNews

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
cryptocurrency
It's been a huge year for criminals stealing cryptocurrency - and North Korea was largely to blame
Ethereum
Hackers steal over $1bn in one of the biggest crypto thefts ever
API
Businesses are being plagued by API security risks - with nearly 99% affected
Shadowed hands on a digital background reaching for a login prompt.
Private API keys and passwords found in AI training dataset - nearly 12,000 details leaked
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough