News

DEF CON 26 Talk — Protecting Crypto Exchanges

August 3rd, 2018 | By Jscrambler | 3 min read

Las Vegas is eagerly awaiting the world’s leading security companies and professionals for Black Hat USA 2018 (and, as you probably know, we’ll be there!). But that’s not nearly the end of it.

As has become a tradition, Black Hat USA is immediately followed by another gigantic conference — DEF CON, a meeting place for hackers from across the globe.

DEF CON 26 will host several leading talks on security, and we’re thrilled that our CTO, Pedro Fortuna, will be doing a talk on protecting crypto exchanges.

The Talk

If we take a look back at the last 12 months, we can spot a massive increase in the value of cryptocurrencies. This, coupled with the emergence of hundreds of new coins and ICOs, got millions of people into a true investment frenzy.

A significant portion of entrants in cryptocurrency trading were non-technical consumers who were hyped into creating accounts on the most popular crypto exchanges like Coinbase or Bitstamp. This resulted in exchanges experiencing meteoric growth like never before.

Coinbase User Numbers - 2017Crypto exchanges present an obvious appeal to attackers, who have had an eye on these platforms for a long time. Enter 2017 with the crypto frenzy and we start seeing them being targeted by Man-in-the-Browser (MITB) attacks.

Known malware families, including Zeus Panda, Ramnit, and Trickbot are already aiming at websites such as Coinbase.com or Blockchain.info. This leads us to this talk: Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks.

Pedro Fortuna will detail how these attacks work, from account takeover to sending the coins out to attacker-controlled wallets. He will also discuss current defenses (e.g. multi-factor authentication or strong SSL encryption) and why they are failing to mitigate this type of attack.

The talk will take place Friday, August 10th at 2 p.m. in the Packet Hacking Village.

The Speaker

Pedro Fortuna is Jscrambler’s CTO and Co-Founder. He leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D.

Pedro holds a degree in Computing Engineering and an MSc in Computer Networks and Services and has over a decade’s experience researching and working in the application security area.

He is a regular speaker at OWASP AppSec events and other cybersecurity conferences and contributes to web development events. His research interests lie in the fields of Application Security, Reverse Engineering, and Malware and Software Engineering. Pedro has also authored several patents for application security.

Final Thoughts

Whether you’re going straight from Black Hat USA 2018 to DEF CON26 or just looking to attend the latter, Las Vegas is the place to be right now.

We’re bringing our mission to keep JavaScript applications safe to the cryptocurrency space, and it’s the right time to understand how to keep crypto exchanges safe from attackers. By attending Pedro Fortuna’s talk, you’ll get a practical view of security in Fintech and learn how the industry’s players can seek to overcome emergent threats.

Curious for more? Say hi to Pedro while you’re there!

Update: Talk Recap

After an incredibly hot week in Las Vegas, we take the time to recap Pedro Fortuna's DEF CON talk.

The talk attracted quite a sizable crowd, which went through Pedro's explanation of how attacks on crypto exchanges are conducted and how attackers manage to withdraw coins out to external wallets without users' knowledge.

DEF CON 26 - Pedro Fortuna's Talk

Pedro Fortuna's presentation was about "Protecting Crypto Exchanges From a New Wave of Man-in-the-Browser Attacks".

Jscrambler

The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Must read next

Jscrambler

Black Hat USA 2018: Know Before You Go

August brings us yet another Black Hat USA, the world's leading information security event. Here are some facts to know before you go (and meet us there!).

July 30, 2018 | By Jscrambler | 3 min read

Cybersecurity

Defcon Skimming: A new batch of Web Skimming attacks

Jscrambler's team explores new findings about a new modus operandi in three threat groups.

December 5, 2022 | By Jscrambler | 11 min read

Section Divider