Cyber Incident Victim: Currency.com
Date:
Apr 2022
Location:
Ukraine
Summary
Currency.com experienced a distributed denial-of-service attack shortly after announcing its withdrawal from the Russian market, which the company successfully mitigated without compromising servers, systems, or client data. The exchange attributed the attack to actors potentially linked to Russia, citing geopolitical tensions following its public condemnation of the invasion of Ukraine and humanitarian donations exceeding $1 million. The firm emphasized its robust security protocols, including multi-factor authentication, activity logging, and PCI-DSS compliance, while confirming no historical breaches of its infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 12, 2022, cryptocurrency exchange Currency.com announced it would cease operations in Russia, halting new account registrations for Russian residents while maintaining services elsewhere. The decision, framed as a condemnation of Russia’s invasion of Ukraine, involved terminating contracts with Russian clients and returning funds to their originating bank accounts. Ukrainian officials, including Vice Prime Minister Mykhailo Fedorov, publicly acknowledged the move. Hours after this announcement, Currency.com experienced a distributed denial-of-service (DDoS) attack aimed at disrupting its online services. The company activated its incident response protocol, notifying relevant authorities and mobilizing internal IT staff alongside third-party cybersecurity experts to mitigate the attack. Backup servers and primary systems remained operational throughout the incident, with no compromise of client data or account integrity confirmed. While Currency.com initially withheld technical specifics, it later characterized the event as a "failed" DDoS attempt, emphasizing that no systems were breached. Founder Viktor Prokopenya suggested a potential link to the Russia exit, citing the attack’s unprecedented scale compared to previous incidents, though the exchange did not formally attribute the attack to any specific actor.
Currency.com’s response highlighted its existing security infrastructure, including mandatory two-factor authentication (2FA) for account logins, deposits, trading activities, and API key usage, supplemented by a "Master Key" 2FA option for account recovery. The platform enforced device/IP whitelisting, full activity logging, and PCI-DSS-compliant payment processing. Servers were housed in Equinix LD4, a high-security data center with armed guards and surveillance, shared with major financial exchanges. Post-incident, the company committed to further testing and reinforcing its defenses. Concurrently, Currency.com disclosed over $1 million in donations to Ukrainian humanitarian efforts, including contributions to medical services, evacuation groups, and social aid programs. The incident occurred amid heightened cyber hostilities targeting Ukrainian infrastructure, with government reports citing tens of thousands of attacks since the war began, including at least 50 large-scale DDoS attempts. Currency.com reiterated its operational continuity and unchanged security posture following the attack.