ALPS blog

Hacking the Crypto-Monetized Web


The web is several decades old. But it largely still relies on the same method of monetization as it always has: advertising. However, things are changing thanks to the power of cryptocurrency and blockchain. It’s what Trend Micro has coined the “crypto-monetized web” (CMW). But where there’s money to be made and users to be scammed, cybercrime is never far away. The key will be to head off cyber-threats before they have time to make a serious impact—and that will require action from users and the online organizations they interact with.

What is the CMW?

In the CMW era, every internet user has a cryptocurrency-related monetary value. Users can spend currency on other people, like content creators, driving up their reputation value. Effectively, a user’s online reputation becomes a tradeable good or investment opportunity, like company stock. There are already websites out there enabling this new paradigm.

Bitclout is a Twitter-like website that has implemented just such a reputation system. While users can read, like and reshare content just as they would on Twitter, they also have the option to buy the Bitclout coins (currently known as DESO) of creators they like or think will make a good investment. There are other CMW-like versions of popular platforms like Facebook (Privi), YouTube (Glass) and Spotify (Audius). Some leverage common cryptocurrencies like Ethereum, while others have their own dedicated zones. In time, we could see the big platforms start to acquire these companies or develop their own home-grown CMW capabilities.

Danger lurking

Yet, in the digital world, there are always individuals waiting to pounce. The Trend Micro report warns of several CMW attack scenarios, including:

  • Identity theft via hijacking user-profiles and stealing their cryptocurrency, or using popular accounts to spread malware and/or scams
  • Fake content creation via account hijacking could have a higher impact given that many creators in the CMW world would have a tremendously loyal following
  • Pump and dump schemes would also be possible via account hijacking of popular creators or by using “bots” made up of low-value stolen or hijacked accounts. By artificially inflating the value of a creator account the criminal has already invested in at a low price, they can cash out with a windfall
  • Data breaches have become even more monetizable in the CMW world, where hackers could get hold of account log-ins for popular creators. The potential financial gain could even incentivize threat actors to break password hashes often stolen as part of these breaches
  • Money laundering would also be an attractive option for cyber-criminals looking to invest dubiously obtained funds in online user reputations before cashing out and moving on
  • Ransom could be another popular tactic in the CMW world if threat actors manage to hijack popular enough accounts. They could even threaten to reduce the reputational value of a hijacked account—i.e., by posting offensive comments—if the ransom isn’t paid quickly enough

To be clear, the CMW era may never dawn. But as with anything cybersecurity-related, the sooner we anticipate the threats and bake in mitigations, the better. To find out more, read our fascinating new paper on the topic: The Crypto-monetized Web. A forward-looking thought experiment.


Featured News