Las Vegas is eagerly awaiting the world’s leading security companies and professionals for Black Hat USA 2018 (and, as you probably know, we’ll be there!). But that’s not nearly the end of it.
As has become a tradition, Black Hat USA is immediately followed by another gigantic conference — DEF CON, a meeting place for hackers from across the globe. DEF CON 26 will host several leading talks on security, and we’re thrilled that our CTO, Pedro Fortuna, will be doing a talk on protecting crypto exchanges.
If we take a look back at the last 12 months, we can spot a massive increase in the value of cryptocurrencies. This, coupled with the emergence of hundreds of new coins and ICOs, got millions of people into a true investment frenzy.
A significant portion of entrants in cryptocurrency trading were non-technical consumers that were hyped into creating accounts on the most popular crypto exchanges like Coinbase or Bitstamp. This resulted in exchanges experiencing meteoric growth like never before.
Crypto exchanges present an obvious appeal to attackers, who have had an eye on these platforms for a long time. Enter 2017 with the crypto frenzy and we start seeing them being targeted by Man-in-the-Browser (MITB) attacks. [Sidenote: we have a comprehensive guide on MITB here].
Known malware families, including Zeus Panda, Ramnit, and Trickbot are already aiming at websites such as Coinbase.com or Blockchain.info. This leads us to this talk: Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks.
Pedro Fortuna will detail how these attacks work, from account takeover to sending the coins out to attacker-controlled wallets. He will also discuss current defenses (e.g. multi-factor authentication or strong SSL encryption) and why they are failing to mitigate this type of attacks.
The talk will take place Friday, August 10th at 2 pm in the Packet Hacking Village.
Pedro Fortuna is Jscrambler’s CTO and Co-Founder. He leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D.
Pedro holds a degree in Computing Engineering and an MSc in Computer Networks and Services and has over a decade’s experience researching and working in the application security area.
He is a regular speaker at OWASP AppSec events and other cybersecurity conferences and contributes to web development events. His research interests lie in the fields of Application Security, Reverse Engineering and Malware and Software Engineering. Pedro has also authored several patents for application security.
Whether you’re going straight from Black Hat USA 2018 to DEF CON26 or just looking to attend the latter, Las Vegas is the place to be right now.
Curious for more? Say hi to Pedro while you’re there!
Update: Talk Recap
After an incredibly hot week in Las Vegas, we take the time to recap Pedro Fortuna's DEF CON talk.
The talk attracted quite a sizable crowd, which went through Pedro's explanation on how attacks on crypto exchanges are conducted and how attackers manage to withdrawing coins out to external wallets without users' knowledge.
Pedro was kind enough to provide his presentation's slides, so feel free to take a look.
Here are the slides from my yesterday's talk "Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks" at @wallofsheep #defcon #cryptocurrency #MITB #appsec https://t.co/kR4Qe8XWkz— Pedro Fortuna (@pedrofortuna) August 11, 2018
On November 14th, 2018, DEF CON officially released the video of the talk, which you can watch below: