The crypto industry has experienced the full range of social engineering fraud, security hacks and vulnerability exploits.
Losses from crimes in the crypto industry
According to the CipherTrace report, cryptocurrency users, crypto-exchanges and crypto-investors suffered losses worth $4.5 billion in 2019.
The great part of them is associated with a staggering increase in ponzi schemes, exit fraud and theft. Their total climbed 533% year over year.
In addition, cryptoassets increasingly penetrate traditional banking. Extensive analysis of the blockchain showed that virtually all US banking has illegal cash services (MSB) businesses associated with cryptocurrency, including cryptocurrency exchanges.
Additional concern of banks is that 66% of sellers of the shadow market sector sell stolen financial products and hacked accounts for cryptocurrency. 97% of ransomware attacks prefer Bitcoin as a payment system.
“Our study identified some surprising trends in 2019”, said David Jevans, CEO of CipherTrace. “First, there has been a dramatic shift from direct theft and exchange hacks, towards Ponzi schemes, exit fraud and other fraudulent schemes.
Secondly, banks have far more virtual assets hidden in their accounts and payment networks than most industry representatives previously thought. Regulators need new opportunities to identify illegal MSBs, terrorist financing and other major sources of risk”.
The report also provides an overview of regulatory measures around the world. This includes an exhaustive chart of anti-money laundering regulations (AML) by country, an update on relevant blockchain-related law enforcement agencies, SEC, FinCEN and CFTC, as well as detailed reports on major regulatory and electronic crime developments in various countries.
Trends of theft, fraud, hacking and misappropriation
2019 was a significant year for cryptocurrency. The total number of crypt-related crimes increased by 160 percent, compared to 2018. However, as the report suggests, had there been a person of the year in 2019 – it would have been a malicious insider.
The culprits for most of the losses were scammers operating inside everything from seemingly legitimate blockchain projects, which were actually exit fraud, to Crypto-Ponzi and financial pyramids. Ultimately, all this $4.5 billion of illegal cryptocurrency needs to be laundered.
The report also described a years-long research project of darknet markets and other illegal suppliers:
- 40 percent sold hacked bank account or credit card details for just 1 percent of face value
- 24% offered hacked payment services accounts
- 2% sold stolen cryptocurrency private keys
These findings further highlighted the challenges faced by banks and financial institutions with regard to the risks of payment fraud and virtual asset laundering.
The study also found that Bitcoin is the preferred payment for cyber-ransomware. For the past year, they have been demanding BTC as payment in 97% of ransomware attacks. All this extorted crypto asset will need to be laundered before criminals can use the funds.
Results of the outgoing year 2020
The outgoing year has become a “roller coaster” for the cryptocurrency world as modern economies are still suffering from the collapse of markets caused by COVID-19 in March. However, uncertainty in the market made possible the prosperity of clandestine hacking activities, the main victim of which was the emerging sector of the crypto-economy.
However, there has been an obvious transformation in the crypto sector from speculative space, to a more stable financial structure. In addition, technology and payment giants such as PayPal, Google, Microsoft, as well as some major institutional players such as central banks in China, the European Union and Switzerland, all seek to explore and integrate the opportunities behind the crypto ecosystem.
And despite the collaborative efforts of regulators, project developers and the crypto community, the sector still remains the main target of exit fraud, theft and security breaches. In 2020 alone, there were more than 30 large-scale security breaches or scams, while there are still many still unreported ones.
In January, for example, Poloniex ran a massive password reset campaign after leaking users’ social media credentials disclosing login information.
February was the month that the owner of the Helix Bitcoin mixing service was arrested over suspected Bitcoin laundering of more than $300 million. Also in February, the IOTA fund stopped operating its entire network due to hackers exploiting a security gap in the IOTA wallet app. Altsbit joined IOTA on the casualty list as the exchange was hacked and most of users’ funds were stolen in a cyber attack.
In March, there was a security breach in Microsoft’s Windows SMB protocol, dubbed Prometei. The botnet exploit was used to intercept computer resources for the purpose of mining cryptocurrencies. YouTube was also hacked in March to promote a Ponzi scheme dedicated to Bill Gates.
In April, two exchange platforms were hacked: Lendf.me lost $25 million in cryptocurrencies, and the Bisq exchange lost the equivalent of more than $250,000 in Bitcoins.
In May, several supercomputers designed for mass computing were hacked, and were used to mine various cryptocurrencies.
There were three serious security breaches in June as New Zealand law enforcement agencies froze $90 million worth of BTC in connection with a money-laundering investigation. June also saw a massive organised crime group dubbed CryptoCore, which carried out malicious acts on several online exchanges. Coincheck also suffered a hack in June when hackers gained access to Coincheck’s domain registration system, causing the exchange to suspend all deposits and withdrawals for a short period.
Several of the most influential Twitter accounts were hacked in July as hackers stole login details, and used Twitter profiles of Joe Biden, Elon Musk and Bill Gates to promotion of crypto-fraud. In July, Coinbase managed to block an attempt to steal cryptocurrency worth $280,000, with Bitcoin being the most desirable cryptocurrency among hackers. Also in July, AT&T was involved in a $1.9 million SIM card hijacking case, while GPay operations were suspended by UK authorities for providing cryptocurrency scams through fake celebrity support.
August recorded the highest number of crypto-fraudsters in 2020, as the FritzFrog botnet hacked at least 500 government and enterprise servers. Meanwhile, Ukrainian law enforcement agencies detained an organized crime group that allegedly laundered cryptocurrency worth at least $42 million for various ransomware teams. August also saw one of the largest cryptocurrency related law enforcement operations as Chinese police arrested more than 100 people linked to fraud Plustoken. August was also the month that the hacking organization Lazarus launched a new campaign disguised as Linkedin job ads.
In September, KuCoin hot wallets fell victim to a $150 million hacking attack. The same situation happened with Eterbase as the exchange lost about 5.4 million user funds that were stored in hot wallets.
In October, Kik was fined $5 million by the SEC for unauthorized offering of securities. Meanwhile, with the DeFi sector boom, hackers stole nearly 24 million from Harvest Finance, but returned 10% of that amount soon after.
In November, there was an attack on instant lending protocol did not spare Akropolis as the company suffered a massive $2 million attack. Akropolis even announced a major reward in exchange for illegally obtained funds. International efforts have seen law enforcement agencies in the US and Brazil confiscate 24 million in cryptocurrencies from people allegedly linked to crypto-fraud.
But perhaps one of the most significant blows came from the U.S. Department of Justice, which seized $1 billion worth of Bitcoin. They were allegedly sourced from the Silk Road dark web market.
There’s still December ahead!
However, despite the list of cyber attacks, the crypto sector still remains an attractive destination for both retail and institutional investors in light of recent changes in Bitcoin prices, which pushed the crypto market leader to a record level in 2017.