Recent projects failure and crash in the cryptocurrency market, including the Terra/Luna debacle, have pushed crypto prices further down and triggered an increase in distributed denial-of-service (DDoS) attacks. As crypto markets continue to plunge and show no sign of recovery, DDoS attacks are set to continue to rise in number and intensity, a new report by Russian cybersecurity and anti-virus provider Kaspersky says.
Crypto markets have been falling since their peak in November 2021, but the demise of the Terra ecosystem, which saw its terraUSD (UST) and luna tokens lose nearly US$45 billion in value within 72 hours in May, has further accelerated the crash.
Data from Coinmarketcap.com show that crypto markets have dropped 45% since May 2022, and 68% since their last all-time high levels of November 2021. This is the strongest decline the market has ever witnessed, Kaspersky says, and all indications suggest that the trend will last.
At the same time, DDoS attacks reached a new level in Q2 2022 with steep increases of the share of smart attacks and average attack duration. Compared to Q2 2021, the average duration of a DDoS attack rose 100 times, reaching 3,000 minutes, while the share of smart attacks almost broke the four-year record, accounting for nearly 50% of the total.
Since the DDoS market is highly sensitive to crypto market fluctuations and inevitably grows when crypto declines, experts from Kaspersky expect an increase in overall DDoS activity for the months to come.
A DDoS attack is a brute-force attempt to slow down or completely crash a server or network resource by overwhelming it with requests. While a simple DoS attack involves one “attack” computer and one victim, DDoS attacks rely on armies of infected or “bot” computers that carry out these tasks simultaneously.
Depending on the severity of the attack, a DDoS can have resources offline for hours, days or even weeks due to a DDoS attack. Since no employees nor consumers can access the network resources, this leads to a loss in money, time, clients and reputation. Some estimate that it costs a company an average of US$22,000 for every minute of downtime during a DDoS attack.
According to Kaspersky, DDoS attacks on websites associated with crypto are frequent and often coincide with landmark events, such as new project launches and rate fluctuations. In June 2022, for example, a DDoS attack was launched on stablecoin issuer Tether after the rate of USDT dropped despite USD pegging.
Another example cited in the report is the DDoS attack that hit Stepn, a move-to-earn blockchain game, back in June. The attack, which occurred during an “anti-cheating” update, led to hours of server shutdowns, with some users misidentified as bots and kicked from the platform, according Forkast.news.
Cloudflare also reported two unprecedentedly powerful DDoS attacks in Q2 2022, including one involving a crypto-related website. The victim, a company operating a crypto launchpad, was bombarded with junk traffic at a staggering rate of 15 million requests per second.
A troubling year
Cryptocurrency prices have decreased drastically since Q4 2021, sparking the beginning of a new prolonged “crypto winter.” A series of issues occurring in the industry has further accelerated the market crash this year.
In May, Terra collapsed after UST lost its peg to the USD and after its sister token luna saw its value fell to virtually zero, down from an all-time high of US$119. At their height, luna and UST had a combined market value of almost US$60 billion.
Several crypto firms, including the now-bankrupt hedge fund Three Arrows Capital (3AC), had a large exposure to UST, leading to contagion across the broader crypto industry.
Crypto exchange Blockchain.com is reportedly now facing a US$270 million hit on loans to 3AC. Digital asset brokerage Voyager Digital filed for bankruptcy protection in July after 3AC defaulted on a US$670 million loan it owed to the company. Crypto exchanges FTX and BitMEX were also hit with losses.
Meanwhile, crypto lender Celsius Network filed for bankruptcy in July. The company, which rose to prominence during the COVID-19 pandemic, drew depositors with high interest rates and easy access to loans. It also participates in staking, a method for users to earn rewards by holding certain cryptocurrencies.
But Celsius generated its high returns by making risky investments. These quickly turned sour when the crypto market started crashing earlier this year. Celsius now owes customers around US$4.7 billion, according to its bankruptcy filing.
Singapore Virtual Asset Event
On September 22, 2022, financial market data and infrastructure specialist Refinitiv will be hosting an event at the Sands Expo and Convention Center in Singapore, exploring how businesses in the virtual assets and payments space can navigate the changing threat landscape while remaining fully compliant.
The event will bring together players from the payments, crypto and virtual assets community and will explore the latest regulatory developments, unpack the compliance requirements and discuss the best practices and solutions available to firms to help.
Scott Bradford, an International Computer Hacking and Intellectual Property (ICHIP) Attorney Advisor for Southeast Asia for cybercrime based in the US Embassy in Kuala Lumpur, will be among the speakers.