Cyber Attacks, Spillovers and Contagion in The Cryptocurrency Markets

This paper examines mean and volatility spillovers between three major cryptocurrencies (Bitcoin, Litecoin and Ethereum) and the role played by cyber attacks. Specifically, trivariate GARCH-BEKK models are estimated which include suitably defined dummies corresponding to different types, targets and number per day of cyber attacks. Significant dynamic linkages (interdependence) among the three cryptocurrencies under investigation are found in most cases when cyber attacks are taken into account, Bitcoin appearing to be the dominant one. Further, Wald tests for parameter shifts during episodes of turbulence resulting from cyber attacks provide evidence that the latter affect the transmission mechanism between cryptocurrency returns and volatilities (contagion). More precisely, cyber attacks appear to strengthen cross-market linkages, thereby reducing portfolio diversification opportunities for cryptocurrency investors. Finally, the conditional correlation analysis confirms the previous findings.

Understanding the linkages between cryptocurrencies is crucial for risk management, portfolio diversification, hedging and arbitrage purposes.In particular, investors need to understand the degree of contagion risk they are exposed to when trading cryptocurrencies (Koutmos, 2018) and to choose suitable ones to diversify their portfolios according to their risk preferences (Yi et al., 2018).Long-term investors focus on long-run market connectedness whilst speculators target volatile markets on the basis of short-run linkages and hedgers seek markets with the highest degree of correlation in the medium-to long-term.Some recent studies have investigated these issues.For instance, Fry and Cheah (2016) detect spillovers from Ripple to Bitcoin using an econophysics approach.Ciaian et al. (2018) estimate an ARDL model to examine the relationship between 17 virtual currencies and Altcoin and find stronger linkages between Bitcoin and Altcoin in the short as opposed to the long run.Bacao et al. (2018) find strong contemporaneous correlations between five major cryptocurrencies using unconditional returns; further, their results suggest that Bitcoin is the dominant currency in terms of informational flows.More recently, Borri (2019) analyses co-movement between returns on four cryptocurrencies (Bitcoin, Ether, Ripple and Litecoin) and other global assets such as US equities or gold, both unconditionally and conditionally.Specifically, he measures the conditional tail-risk using the CoVaR (conditional value-at-risk) method introduced by Adrian and Brunnermeier (2016).His results indicate that cryptocurrency returns are highly correlated among themselves but not with other assets, and that portfolios of cryptocurrencies are less exposed to idiosyncratic risk and can be useful for hedging purposes (though only to a limited extent once their degree of liquidity has been taken into account).
Another important issue is whether or not spillovers change over time.For instance, Boako et al. (2019) apply vine copula methods to analyse both the co-dependence and portfolio valueat-risk (VaR) of six cryptocurrencies and find evidence of strong dependencies and a changing dependency structure.By contrast, the findings in Borro (2019) concerning the conditional correlation between cryptocurrencies and other assets appear to be robust to the introduction of time variation into the empirical model.Ji et al. (2019) examine network connectedness in both the returns and volatility of six major cryptocurrencies (Bitcoin, Ethereum, Ripple, Litecoin, Stellar and Dash) using daily data over the period 7 August 2015 -22 February 2018 and computing a set of measures developed by Diebold andYilmaz (2012, 2016).They distinguish between positive-and negative-return spillovers and consider various market characteristics as possible determinants of spillovers.They also test the robustness of their full-sample results by redoing the analysis for two sub-samples, the first being more stable, the second starting at the beginning of 2017 and including the 2017 bull market.Their findings indicate that Bitcoin and Litecoin have the dominant transmitting role; the sub-sample results have both similarities and differences compared to the full-sample ones.2 Other studies examine volatility linkages and their changes over time.In particular, Yi et al. (2018) construct a spillover index with some variants for eight cryptocurrencies (i.e., Bitcoin, Ripple, Litecoin, Peercoin, Namecoin, Feathercoin, Novacoin and Terracoin) and conclude that volatility connectedness fluctuates cyclically, and increases when economic conditions are less stable; because this measure does not depend on the market share even cryptocurrencies with smaller trading volumes are found to contribute to the propagation of shocks.By contrast, Koutmos (2018) detects a dominant role for Bitcoin in terms of return and volatility spillovers among the 18 largest cryptocurrencies by market capitalization; he also finds that spillovers have been increasing over time and exhibit spikes corresponding to major news events concerning cryptocurrencies.Katsiampa (2019) estimates a GARCH-BEKK model and finds volatility co-movements between five cryptocurrencies; further, Litecoin and Bitcoin both exhibit a structural break in their conditional variance.Antonakakis et al. (2019) investigate network connectedness between nine cryptocurrencies using an approach which extends the framework of Diebold and Yilmaz (2014), specifically time-varying parameters principal component analysis (TVP-PCA); since connectedness appears to follow a decreasing trend, they then split the sample into pre-and post-August 2017 sub-samples on the basis of an increase in market capitalization at that time, and show that lower volatility is associated with weaker connectedness.Omane-Adjepong and Alagidede (2019) examine market connectedness between seven cryptocurrencies using wavelet methods and also investigate volatility linkages by estimating GARCH specifications; they find various non-homogenous spillovers and possible diversification benefits within intra-week to intra-monthly time horizons for specific pairs.
Most recently, Corbet et al. (2020) analyse the contagion effects between Chinese stock markets resulting from the COVID-2019 pandemic; the evidence based on high-frequency data suggests an increase in the dynamic correlations between Chinese stock indices, gold and Bitcoin, i.e. the latter do not act as hedges, or safe havens, but instead amplify contagion.
The present study investigates both "interdependence", namely the existence of dynamic linkages, and "contagion", defined as a shift in the return and volatility spillover parameters (see Forbes and Rigobon, 2002, and Caporale et al., 2005, 2006), among three major cryptocurrencies, namely Bitcoin, Ethereum and Litecoin, where the dates for the shifts are identified using cyber attack data.The framework employed for the empirical analysis is a trivariate GARCH-BEKK model which includes suitably defined dummies associated with different types, targets and number per day of cyber attacks as explained below.In brief, significant dynamic linkages (interdependence) among the three cryptocurrencies under investigation are found in most cases when cyber attacks are taken into account, Bitcoin appearing to be the dominant one.Further, Wald tests for parameter shifts during episodes of turbulence resulting from cyber attacks provide evidence that the latter affect the transmission mechanism between cryptocurrency returns and volatilities (contagion).More precisely, cyber attacks appear to strengthen cross-market linkages, thereby reducing portfolio diversification opportunities for cryptocurrency investors.
The layout of the paper is as follows.Section 2 outlines the methodology.Section 3 describes the data and Section 4 discusses the empirical results.Section 5 offers some concluding remarks.

Basic Model
We represent the first and second moments of cryptocurrency returns using a trivariate VAR-GARCH(1,1) process.In its most general specification the model takes the following form: where xt = (Bitcoint, Ethereumt, Litecoint), xt-1 is a corresponding vector of lagged returns, and e t = (e1,t, e2,t, e3,t) is a residual vector.Furthermore, zt-1 is the Chicago Board Options Exchange index of implied volatility from options on the US S&P 500 (VIX).This is a widely quoted indicator of market sentiment, and is used as a control variable to identify episodes of turbulence in conventional stock markets.The parameters of the mean return equations (1) comprise the constant terms α = (α1, α2, α3) and the parameters of the autoregressive terms β = (β11, β12, β13 | β21, β22, β23 | β31, β32, β33), which allow for cross-currency mean return spillovers.
The residual vector ut is trivariate and normally distributed ut | It-1 ~ (0, Ht) with its conditional variance-covariance matrix given by: Equation (3) models the dynamic process of Ht as a linear function of its own past values Ht-1 and past values of the innovations (e1,t-1, e2,t-1, e3,t-1), allowing for own-market and crossmarket influences in the conditional variances.The parameters of (3) are given by C0, which is restricted to be upper triangular, and two matrices A11 and G11.The off-diagonal parameters in the latter two matrices capture the volatility spillovers (causality-in-variance) among the three cryptocurrencies under investigation.
Given a sample of T observations, a vector of unknown parameters 3 θ, and a 3 x 1 vector of variables xt, the conditional density function for the model (1)-( 3) is: 3 Standard errors (SE) are calculated using the quasi-maximum likelihood method of Bollerslev and Wooldridge (1992), which is robust to the distribution of the underlying residuals.A residual vector et following the t-Student The log likelihood function is: (5)

Mean and Volatility Contagion
Applying the concept of shift contagion (Forbes and Rigobon, 2002) to the analysis of interdependencies in the first and second moments, we define mean and volatility contagion, respectively, as a shift in the transmission of returns and volatility among crypto currencies during episodes of cyber attacks.In order to test for such shifts, we include in equations ( 1) and (3) a dummy D that allows the parameters governing mean and volatility spillovers to change in days associated with these episodes.4For instance, the equations for the conditional mean and variance of Bitcoin returns become respectively: Mean spillovers from Ethereum and Litcoin to Bitcoin are measured by the parameters β12 and β13, whereas β12 * and β13 * capture shifts in these parameters during episodes of cyber attacks.
Similarly, volatility spillovers from Ethereum and Litcoin to Bitcoin are measured by the distribution has also been considered.These results are qualitatively similar and therefore are not reported.The complete set of results is available from the authors upon request.
parameters a12 and g12, and a13 and g13 respectively; a13 * and g13 * , and a13 * and g32d instead capture shifts in these parameters during episodes of cyber attacks.

Cryptocurrencies
The trivariate GARCH model outlined in the preceding section was estimated for three crypto currencies (Bitcoin, Ethereum and Litecoin).The series are daily and have been collected from the website www.CryptoDataDownload.com; this provides historical time series data for traded prices using the Application Programming Interface (API) service and is a reliable cryptocurrency data source as pointed out by Alexander and Dakos (2020).We choose five main exchanges (Bitfinex, Coinbase, Gemini, Kraken and Poloniex) that are common to the three cryptocurrencies under examination; the sample period goes from 1 March 2015 to 15 January 2020. 5We then compute market capital-weighted indices which are based on the five exchanges.The natural log returns are used for the estimation of the models.

Cyber Attacks
The source for the cyber-attack data is the website http://www.hackmageddon.com which shows the cyber-attack timeline with target industry, country and cyber-attack type at a daily frequency.Specifically, we collect 4693 daily cyber attacks from 12 August 2015 to 15 January 2020 including daily overlaps.We use the daily number of cyber attacks as an indicator of potential threats to the digital economy.Cyber attacks are classified by target (Government, Industry, Financial and Crypto) or nature (Cyber Crime, Cyber Espionage, Cyber Warfare and Hacktivism).We also collected data classified as attacks targeting the US.
Following Uma and Padmavathi (2013), Cyber Crime is defined as a criminal offence which involves a computer either as an object or a tool to commit a material component of the offence; Cyber Espionage is the cracking technique and malicious software (e.g., Trojan horses and spyware) used to obtain information without the permission of the holder from individuals, groups and governments for gaining benefits through illegal abuse methods; Cyber Warfare is the use of computer technology to penetrate a nation's computer network in order to cause damage or disruption.Hacktivism is instead "the act of gaining access to (and control over) third-party computer systems" (Bodford and Kwan, 2018).
Figure 1 and 2 show, respectively, the cyber-attack targets and types used for the analysis.It is apparent from Figure 1 that the Industry sector is the most frequent target of cyber attacks, which suggests that it is more vulnerable, compared to other sectors (e.g., Government, Financial and Crypto) that have stronger cyber security protections.In particular, the Crypto currency exchanges appear to be the least targeted, presumably because their blockchain technology works effectively against cyber attacks and this being a new sector hackers need time to learn how to attack it successfully.Figure 2 shows that Cyber Crime is the most frequent type of cyber attack, and Cyber Warfare the least frequent; this is not surprising, since the latter is an attack on a nation's computer network and thus on a larger scale relative to other types of cyber attacks.

Identification of Cyber Attacks as Potential Turbulent Episodes
Turbulent periods are identified as those corresponding to cyber attacks.We construct the following four indicators of cyber attacks: i) by target (given by the aggregate number of daily attacks targeting Government, Industry and Finance), named Target; ii) by type (given by the aggregate number of daily Cyber Crime, Cyber Espionage and Cyber Warfare attacks), named Type; (iii) one given by the sum of daily attacks targeting crypto currencies only, named Crypto; finally iv) one given by the sum of daily attacks targeting the US, named US.We do not include all other sectors in Target and Hacktivism in Type in order to avoid the dummy variable trap.The Chicago Board Options Exchange (CBOE) volatility index (VIX) is also included in the model as a control variable.
For each of the four indicators discussed above, dummy variables are created which aim to capture the impact of the number of daily attacks on the mean and volatility spillovers among cryptocurrencies.More specifically, a dummy is constructed for days where 1-2 cyber attacks were registered, another one for days where 3-4 occurred and finally one for days when more than 5 took place.These are included in the estimated model in turn.The aim is to establish whether there exists a threshold in terms of the number of attacks required for the parameter shifts to occur and be statistically significant.Using this model selection criterion we choose specifications including two dummies in the case of the Crypto indicator and three in all other cases.It should be noted that there is an inverse relationship between the number of attacks per day and the frequency of such an occurrence, namely days with a high number of attacks are less frequent.For example, our sample includes 93 days with a single attack but only 4 with 2 attacks.Further, the number of days with 1-2 attacks represents 40% of the total in the case of the Type indicator and around 50% in the case of the Target or US ones.The corresponding percentages for days with 3-4 attacks are less than half.
Table 1 provides a description of the crypto-attack indicators, whilst Table 2 reports some summary statistics.Most of the series follow a right-skewed distribution, the Industry cyberattacks target variable being the only exception.In other words, cyber attacks targeting Government, Financial and Crypto currency sectors are not very frequent, in contrast to the Industry sector.Most types of cyber attacks have a low frequency per day while Cyber Crime is highly volatile, with a maximum of 12 attacks per day.As for the three crypto currencies considered, Ethereum is the most volatile (with a standard deviation of 0.068).

Hypotheses Tested
We test for volatility spillovers and contagion by placing restrictions on the relevant parameters and computing the following Wald test: where R is the q´k matrix of restrictions, with q equal to the number of restrictions and k equal to the number of regressors; is a k´1 vector of the estimated parameters, and is the heteroscedasticity -robust consistent estimator for the covariance matrix of the parameter estimates.The tests involve joint hypotheses at two and four degrees of freedom (k).
Overall we test nine sets of null hypotheses, three for each cryptocurrency.Below we report three sets of null hypotheses where spillover or contagion originates from Bitcoin.
Tests of no volatility spillovers and/or contagion.This hypothesis complements H02.If we reject H03 and do not reject H02, there is no volatility contagion, only spillovers; if we do not reject H03 and reject H02, volatility is transmitted from Bitcoin to Litecoin only during days when attacks occurred, which implies "shift contagion." We test the same hypotheses for Litecoin as a conduit for volatility transmission to Bitcoin and Ethereum first and then Ethereum to Bitcoin and Litecoin.

Discussion of the Results
In order to test the adequacy of the models, Ljung-Box portmanteau tests were performed on the standardized and standardized squared residuals.Overall, the results indicate that the selected VAR-GARCH(1,1) specification captures satisfactorily the persistence in the volatility of cryptocurrencies in all estimated models.There is evidence of causality effects in the conditional mean and variance, where the latter are more marked.Note that the sign of the coefficients on cross-market volatilities cannot be determined.Point estimates of the VAR-GARCH(1,1) model parameters, as well as the associated robust p-values and likelihood function values, are presented in Tables 3-6.We select the optimal lag length of the mean equation using the Schwarz information criterion.Mean and volatility spillovers are tested by means of Wald test by placing restrictions on the relevant parameters as discussed in Section 4.1.
The following points are noteworthy.When cyber attacks are not taken into account there is little evidence of causality-in-mean at the standard 5% significance level, whereas causalityin-variance is detected, with volatility spillovers running from Bitcon to Litecoin (a31 = -0.401)and Ethereum (a21 = -0.195),and also from Ethereum to Litecoin (a32 = 0.145).Overall, the estimated parameters indicate that volatility spillovers run from Bitcoin (but not from Litecoin) to the other two cryptocurrencies.
Further, cyber attacks are found to affect the dynamic linkages between cryptocurrencies, as indicated by the statistical significance in various cases of the dummies discussed in Section 3.2.In particular, on days during which only one cyber attack targeting cryptocurrencies occurred (93 days over the whole sample), there is a downward shift (negative contagion) in the parameter measuring mean spillovers running from Bitcoin to Litecoin (β31 * = -0.145)and Ethereum (β21 * = -0.117),which suggests that cryptocurrency investors react to cyber attacks by diversifying and therefore prefer to hold Bitcoin and short the other two cryptocurrencies.
On days when two attacks occurred no shift could be detected, presumably because there are only four such days out of the 1316 included in our sample.When cyber attacks are considered by Type lower mean spillovers are found running from Bitcoin to Litecoin (β31 * = -0.122)and Ethereum (β21 * = -0.291) on days when 1-2 attacks were registered.The size of the shift is bigger, in absolute value, on days when 3-4 attacks occurred, and smaller on days with five or more attacks.When cyber attacks are classified instead by Target, again a shift is detected in the parameter measuring the mean spillovers from Bitcoin to the other two cryptocurrencies, its magnitude increasing (in absolute value) with the number of registered attacks per day.A similar pattern emerges when using the previously defined US indicator, though the size of the shift is now inversely related to the number of attacks per day.Finally, the estimated coefficients on the exogenous variable (VIX) are negative and significant, which suggests that a higher level of uncertainty in conventional stock markets has an impact on cryptocurrency returns.
To sum up, our results indicate that there are no significant causality-in-mean effects at the standard 5% significance level.In the case of Bitcoin mean spillovers emerge when cyber attacks are taken into account, although the size of the shift varies depending on the cyber attack indicator which is used.As for linkages between the second moments, there are significant volatility spillovers from Bitcoin to Litecoin and Ethereum, whose size is again magnified by the inclusion of cyber-attack indicators.The largest parameter shifts are detected when the Crypto indicator is included in the model, followed by Target and Type.Specifically, shifts are estimated in the parameters measuring volatility spillovers between Ethereum (a23 * =-0.177) and Litecoin (a32 * =-0.404); again, the largest shifts in the conditional variancecovariance matrix off-diagonal parameters are found when using the Crypto indicator.The implication of these findings is that cyber attacks play an important role in shaping the dynamic linkages between cryptocurrencies, especially between their volatilities.Bitcoin clearly stands out as the dominant cryptocurrency.
Finally, there is also evidence of co-movement between cryptocurrencies, as shown by the conditional correlations obtained from the VAR-GARCH(1,1) model (Figure 4).In particular, when attacks are not taken into account, the conditional correlations between the three cryptocurrencies are generally positive.On average their mean value is around 0.47, except in the case of Bitcoin-Litecoin, when it is substantially higher (0.66).It is also noteworthy that there has been an upward shift in pairwise correlations since 2018, the year when the cryptocurrency crash occurred (see Fry, 2018).Summary (mean and standard deviations) statistics for the conditional correlations, with and without cyber attacks, along with equal mean tests are reported in Table 7. Subsample conditional correlations including only days when attacks occurred have generally higher mean values compared to those without attacks.
The largest shifts occur in the case of cyber attacks targeting cryptocurrencies, though all categories of attacks have an impact on the dynamic correlations.

Conclusions
The objective of this study is to shed new light on the dynamic linkages (interdependence) between cryptocurrencies, and on whether shifts in their spillover parameters (contagion) are associated with the occurrence of cyber attacks (contagion), the latter topic not having been previously investigated in the rapidly growing literature on cryptocurrencies.Specifically, trivariate VAR-GARCH (1, 1) models for Bitcoin, Ethereum and Litecoin returns and their volatilities are estimated, and tests are carried out for the presence of spillovers (interdependence), as well as for possible shifts in the spillover parameters during days when cyber attacks occurred; in the latter case, the statistical significance of appropriately defined dummies taking into account their type and target (for which four indicators are constructed) as well as their number per day is tested.Conditional correlations are also calculated for the series of interest.
Our results provide a number of interesting insights.In particular, they suggest that cyber attacks influence the dynamics of conditional returns and variances, with the spillover parameters shifting during days when cyber attacks take place.Various previous studies had already highlighted changes over time in the linkages between cryptocurrencies (see Boako et al., 2019, Ji et al., 2019, Yi et al., 2018, Katsiampa, 2019, Antonakakis et al., 2019 etc.), but the present one is the first to provide evidence that they are related to the occurrence of cyber attacks.Despite some differences associated with the number of attacks per day, their type and target, in general cyber attacks appear to strengthen cross-market linkages, thereby reducing portfolio diversification opportunities for cryptocurrency investors.Further, Bitcoin seems to play a dominant role with the evidence reported by Koutmos, 2018, Ji et al., 2019 andothers).The conditional correlation analysis confirms these findings.Future research will aim to establish whether cyber attacks also affect the linkages between cryptocurrency markets and other asset markets, which has important implications for the suitability of cryptocurrencies for diversification purposes and/or as a safe haven or hedge.Cyber-attacks targeting the government sector.It shows 1 if it is a cyber-attack target and 0 otherwise, which may happen multiple times per day.We use the added-up figures of these per day which also shows the daily intensity.

Industry
Cyber-attacks targeting the industry sector.It shows 1 if it is a cyber-attack target and 0 otherwise, which may happen multiple times per day.We use the added-up figures of these per day which also shows the daily intensity.

Financial
Cyber-attacks targeting the financial sector.It shows 1 if it is a cyber-attack target and 0 otherwise, which may happen multiple times per day.We use the added-up figures of these per day which also shows the daily intensity.
Crypto Cyber-attacks targeting the cryptocurrency exchange sector.It shows 1 if it is a cyberattack target and 0 otherwise, which may happen multiple times per day.We use the added-up figures of these per day which also shows the daily intensity.

TARGET
The aggregate number of daily attacks targeting Government, Industry and Finance sectors, which may happen multiple times per day.To avoid the dummy variable trap, all other sectors are not included in the count.
Cyber Crime Cyber-attack type of cyber crime.It shows 1 if the attack type is cyber crime and 0 otherwise, which may happen multiple times per day.We use the added-up figures of these per day which also shows the daily intensity.

Cyber Espionage
Cyber-attack type of cyber espionage.It shows 1 if the attack type is cyber espionage and 0 otherwise, which may happen multiple times per day.We use the added-up figures of these per day which also shows the daily intensity.
Cyber Warfare Cyber-attack type of cyber warfare.It shows 1 if the attack type is cyber warfare and 0 otherwise, which may happen multiple times per day.We use the added-up figures of these per day which also shows the daily intensity.

Hacktivism
Cyber-attack type of hacktivism.It shows 1 if the attack type is hacktivism and 0 otherwise, which may happen multiple times per day.We use the added-up figures of these per day which also shows the daily intensity.

TYPE
The aggregate number of daily Cyber Crime, Cyber Espionage and Cyber Warfare attacks, which may happen multiple times per day.To avoid the dummy variable trap, Hacktivism is not included in the count.
USA Cyber-attack targeting the USA.It shows 1 if the cyber-attack targets US and 0 otherwise, which may happen multiple times per day.We use the added-up figures of these per day which also shows the daily intensity.Notes: S.D. refers to sample standard deviation.No. of attacks (% Attacks) is the number of days (percentage of days) where at least one attack occurred.The total number of attacks occurred over the sample period and % of days where at least one cyber-attack was registered are also reported.The cyber-attack indicator Target is the cumulative index of cyber-attacks targeting Government, Industry and Financial sector, whereas the cyber-attack indicator Type is the cumulative index of cyber-crime, cyber-espionage and cyberwarfare.Cyber-attacks to USA register attacks to companies who are fiscally registered in the USA.Notes: P-values are calculated using the quasi-maximum likelihood method of Bollerslev and Wooldridge (1992), which is robust to the distribution of the underlying residuals.***, **, * denote rejection at the 1%, 5%, and 10% levels.Point estimates reported in the second column, headed No attacks, refer to the restricted model where attacks were not taken into account and therefore shift dummies are not included.In the other columns only cross currencies shift parameters, with dummies associated to the number of attacks according to the Crypto indicator, are reported.LB10(.) and LB210(.) are the Ljung-Box test (1978) of significance of no autocorrelations of 10 lags in the standardized and standardized squared residuals, respectively.The parameter β21 measures the causality effect of Bitcoin returns on Ethereum returns, whereas a21 measures the causality-in-variance effect of Bitcoin returns volatility on Ethereum returns volatility.The effect of cyber-attacks on Ethereum returns is measured by (β21 + β21 * ) whereas (a21+a21 * ) captures the effects on conditional volatility.The covariance stationarity condition is satisfied by all the estimated models, all the eigenvalues of A11⊗A11 + G11⊗G11 being less than one in modulus.Note that in the conditional variance equation the sign of the parameters cannot be determined.Notes: see notes Table 3. Notes: see notes Table 3. Notes: see notes Table 3. Notes: Averages and standard deviations of pairwise conditional correlations (r12,t, r13,t, and r23,t) for sub-samples including days where cyber-attacks occurred are reported whereas averages and standard deviations of pairwise conditional correlations for sub-samples including days where cyber-attacks were not registered are reported in round brackets.The null hypothesis of equal correlation means among the latters and the former are tested.***, **, * denote rejection of the null hypothesis of an equal conditional correlation (H0: Corr.without Cyber Attacks = Corr.with Cyber Attacks) against the alternative (H1: Corr.without Cyber Attacks ≠ Corr.with Cyber Attacks) at the 1%, 5%, and 10% levels respectively.

H01:
No volatility spillovers and no contagion from Bitcoin to Litecoin: a31= a31 * = g31= g31 * = 0.The null hypothesis assumes that volatility in Litecoin is never influenced by volatility in Bitcoin, neither over the full sample period nor specifically during episodes of turbulence associated to cyber-attacks.H02: No contagion, that is, no shift in the transmission of volatility from Bitcoin to Litecoin during episodes of turbulence, in the former: a31 * = g31 * = 0. H03: No volatility spillovers from Bitcoin to Litecoin over the full sample period: a31 = g31 = 0.
Exchange (CBOE) volatility index Notes: Data covers the period from 1 March 2015 to 15 January 2020.

Table 1 .
Data description

Table 7 .
Tests of Changes in Conditional Correlations