When it comes to cryptocurrency-related crime, every year seems to have its own particular flavor. 2018 was the year of massive exchange hacks (remember Coincheck?); 2019 was seasoned with an air of massive ponzi schemes (PlusToken, OneCoin) with a few scandals thrown in the mix (QuadrigaCX, anyone?)
So far in 2020, however, the most memorable crypto-related criminal moments seem to be taking a new shape. As cryptocurrency exchanges have continued to beef up their security measures, and global regulators and law enforcement are learning how to curb crypto crime, criminals are increasingly attacking from a new angle: socially-engineered cyber attacks.
The Most Diverse Audience to Date at FMLS 2020 Where Finance Meets Innovation
Of course, these kinds of manipulative tactics have been a part of the cryptosphere since its inception: even outside of the cryptosphere, cyberattacks that exploit human trust are as old as time (or at least as old as the internet). Phishing, stolen identity scams, and many other kinds of exploitative scams are, unfortunately, very popular.
So far this year, socially-engineered attacks appear to be playing an outsized role in cryptos scam landscape. Is 2020 cryptos Year of the Phish?
After all, it certainly seems that the most memorable crypto-related cybercrime story of the year so far was based on multiple angles of trust exploitation.
On July 15th, the Twitter accounts of dozens of high-profile individuals across political and celebrity spheres tweeted out messages saying that they would double the amount of Bitcoin that was sent to their wallet addresses and send it back. This is called a Giveaway scam.
Dozens, or even hundreds, of unsuspecting users sent a total of more than $100,000 to the bitcoin addresses they believed to be associated with Barack Obama, Elon Musk, Joe Biden, and many others.
How did this happen?
Legend has it that a vampire cant enter your house unless they are invited inand, sure enough, when 17-year-old Graham Ivan Clark was able to access and post from the Twitter accounts in questoin, it was because an unsuspecting Twitter employee accidentally handed him the keys to the kingdom.
Indeed, Clarks attack was designed to manipulate and exploit human trust from beginning to end: he reportedly used phishing email tactics to convince a Twitter employee that he was a coworker in the companys IT department. He then got the employee to provide their credentials, allowing him to access Twitters God mode.
However, Graham Ivan Clarks attack on Twitterwhile it may be the most famous crypto-related cyberattack this yearis only one of many socially-engineered cyberattacks in the crypto space.
In fact, just this week, attacks that closely resembled Clarks attack on Twitter have rocked the world of Youtube.
Specifically, hackers appear to systematically be taking over prominent Youtube channels. They hackers then change the names of the channels, and then post videos urging viewers to send Bitcoin with the same promise that Clark offered victims on Twitter: that their coins would be doubled and sent back to them.
Business Insider reported that unlike the Twitter scams, the exploited Youtube accounts dont appear to have been compromised through a widespread security breach of Youtubes internal operations. Rather, hackers appear to have only gotten ahold of the credentials for the specific accounts theyre interested in hacking.
The hackers also appeared to take advantage of the SpaceX landing that occurred last week as a means of getting more clicks on their videos: the names of the compromised channels were changed to terms like SpaceX or Elon Musk to exploit the increased interest in SpaceXs collaboration with NASA.
Esports commentator Rod Breslau also pointed out that some of the channels livestreamed Bitcoin scam videos may have used viewbotsbots that artificially inflate the number of views that a channel hasto heighten their visibility.
Youtubes crypto hack problem isnt just limited to last weeks events.
In mid-July, Finance Magnates reported that a number of Youtube accounts were co-opting the identities of a number of prominent figures within the cryptosphere to make the same kinds of fraudulent promises: send us your crypto, and well double it and send it back.
On July 12th, Charles Hoskinson, the founder of the Cardano (ADA) cryptocurrency network, posted publicly on Twitter about the scams: it has come to my attention that a scam has been floating around using my conference keynote to promote a giveawaythis is a scam. Please report it to YouTube. We will take legal action if we can against those responsible.
Around the same time, however, CoinDesk reported that a number of other fake videos and accounts had sprung up under the identities of Ethereum founder Vitalik Buterin, Gemini founders Tyler and Cameron Winklevoss, and others.
Other than removing reported videos, its still unclear what Youtube is doing to try and curb these scams. A Twitter user alleged that the fraudsters behind the fake Youtube videos are also putting [their videos] in youtube ads which is insane, he asked. Is youtube ignoring this for revenue? How are they not vetting the ads?
Finance Magnates reached out to Youtube, but didnt immediately receive a response. Comments will be added as they are received.
In addition to co-opting the identities of individuals within the cryptocurrency sphere, however, hackers also seem to be increasingly taking on the identities of platforms.
Specifically, blockchain trading and analytics firm Whale Alert published a study in July with findings that crypto scammers are increasingly building fake cryptocurrency exchanges.
Some of these fake exchanges may take on the appearance of existing, legitimate crypto exchanges, while others may set up shop on their own before disappearing with users funds. The fake exchanges are also a convenient way for hackers to rack up large amounts of users personal data: identity records, credit card numbers, bank account information, and more.
In its report, Whale Alert commented that the change in method and the increase in quality and scale suggests that entire professional teams are now behind some of the most successful of these fake exchanges, and that it is just a matter of time before they start using deepfakes, a technique that will surely revolutionize the scam market.
And indeed, on the whole, Whale Alert noted a trend in cryptocurrency fraud after the mid-July Twitter attack: the scale and the boldness of the attack confirm our fears that the scammers are becoming more professional and dangerous.
Specifically, what started with mostly bulk sent sextortion emails and malware has now evolved into fake enterprises offering round-the-clock customer support with dozens of websites and thousands of fake social media accounts used for promotion.
This apparent increase in professionally built, socially-engineered cyberattacks appears to also have dramatically increased the amount of money that hackers have managed to abscond with.
Indeed, Whale Alerts report found that scammers BTC income appears to have surged throughout the first six months of this year.
So far we have been able to confirm 38 million US dollar in bitcoin alone stolen by scammers over the past 4 years (excluding Ponzi schemes, which are a billion-dollar industry on their own), the report said, $24 million of which [were stolen] during the first 6 months of 2020.
At the moment, Whale Alert seems to believe that this will only get worse: by the end of 2020, we predict [the crypto scam market] will have grown over twenty-fold since 2017 to an annual revenue of at least 50 million US dollars.
Can anything be done to stop the growth of the cryptocurrency scam market?
It seems that yes, falling victim to these kinds of scams is certainly preventable: the social media platforms that are being used to spread these scams are certainly taking action.
Twitter, for example, told users that were accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.
Other platformsincluding Youtubeappear to have taken an approach to quick response and removal of fraudulent cryptocurrency-related accounts and videos.
Additionally, regulators and law enforcement agencies around the world seem to be continuously learning and developing strategies for dealing with crypto-related fraud.
However, Whale Alert alleges that the primary responsibility of fraud prevention at the moment lies on the cryptocurrency community.
For example, while crypto giveaway scams may seem like they may only affect the most gullible among us, legitimate blockchain and cryptocurrency platforms often hold legitimate crypto giveaways.
Therefore, established blockchain companies play a big role in normalizing the idea of free money through giveaways and should be more thoughtful about what message they carry outwards and stop with these kinds of promotions altogether, Whale Alert argues.
Additionally, crypto companies should use their power and presence to effectively communicate the risks of the fraudulent crypto world to their users: as the gateway between fiat and cryptocurrencies, exchanges especially should be actively educating newcomers on the dangers in blockchain and prevent them from sending anything to known or suspected scam addresses.
More here:
Year of the Phish? Socially-Engineered Attacks Populate Crypto in 2020 - Finance Magnates
- Crypto()Currency - CryptoCurrency.org - April 26th, 2014 [April 26th, 2014]
- Cryptocurrency - Wikipedia, the free encyclopedia - April 26th, 2014 [April 26th, 2014]
- TNW - Stefan Molyneux - Money, Power and Politics The Cryptocurrency Revolution - Video - April 26th, 2014 [April 26th, 2014]
- How to Set Up a Ripple (CryptoCurrency) Generating System! - Video - April 26th, 2014 [April 26th, 2014]
- Bitcoin / Cryptocurrency - An Extensive FAQ - Video - April 26th, 2014 [April 26th, 2014]
- --- The Great Debate --- Bitcoin vs Altcoin @ The CryptoCurrency Convention 4/9/14 - - Video - April 26th, 2014 [April 26th, 2014]
- Bryce Weiner @ CryptoCurrency Convention 4/9/14 - - Video - April 26th, 2014 [April 26th, 2014]
- Popularcoin @ CryptoCurrency Convention 4/9/14 - Joshua Nold - Video - April 26th, 2014 [April 26th, 2014]
- TimeKoin @ CryptoCurrency Convention 4/9/14 - Michael Brown - Video - April 26th, 2014 [April 26th, 2014]
- Infinitecoin @ CryptoCurrency Convention 4/9/14 - Loring Small - Video - April 26th, 2014 [April 26th, 2014]
- Bitcoin Exchange CryptoRush Loses Millions of BlackCoin Cryptocurrency - Video - April 26th, 2014 [April 26th, 2014]
- Brock Pierce, Entrepreneur "FireSide Chat" @ CryptoCurrency Convention NYC - 4/9/14 - Video - April 26th, 2014 [April 26th, 2014]
- [OFFICIAL SPONSOR] Nick Spanos, Bitcoin Center NYC @ CryptoCurrency Convention 4/9/14 - Video - April 26th, 2014 [April 26th, 2014]
- AuroraCoin @ CryptoCurrency Convention NYC 4/9/14 - David Lio - Video - April 26th, 2014 [April 26th, 2014]
- Dogecoin Founder Speaks on the Future of Cryptocurrency - April 27th, 2014 [April 27th, 2014]
- As Bitcoin Soars in Value, Alternative Cryptocurrencies ... - April 27th, 2014 [April 27th, 2014]
- Florincoin @ CryptoCurrency Convention NYC 4/9/14 - Joe Fiscella - Video - April 27th, 2014 [April 27th, 2014]
- DigiByte @ CryptoCurrency Convention NYC 4/9/14 - Jared Tate - Video - April 27th, 2014 [April 27th, 2014]
- Digitalcoin @ CryptoCurrency Convention NYC 4/9/14 - Andrew Davidson - Video - April 27th, 2014 [April 27th, 2014]
- PotCoin @ CryptoCurrency Convention NYC 4/9/14 - Nick Iversen - Video - April 27th, 2014 [April 27th, 2014]
- ZenithCoin @ CryptoCurrency Convention NYC 4/9/14 - Eddie Corral - Video - April 27th, 2014 [April 27th, 2014]
- BitAngels Co-Founder, David Johnson @ CryptoCurrency Convention NYC 4/9/14 - Video - April 27th, 2014 [April 27th, 2014]
- Australian dogecoin founder speaks on the future of cryptocurrency - April 28th, 2014 [April 28th, 2014]
- Coinnext Cryptocurrency Exchange Coming Soon - Video - April 29th, 2014 [April 29th, 2014]
- Cryptocurrency News Round-Up: MtGox Hearing Begins as Bitcoin gets Bloomberg Endorsement - May 1st, 2014 [May 1st, 2014]
- mTrader.org - Cryptocurrency Mining System - Video - May 1st, 2014 [May 1st, 2014]
- CryptoCurrency - cryptobars commodity Launch! - Video - May 1st, 2014 [May 1st, 2014]
- The Mises View: "Taxing Cryptocurrency" | Jeff Deist - Video - May 2nd, 2014 [May 2nd, 2014]
- Coin Pursuit Launches SliceFeeds Interactive Cryptocurrency Network - May 3rd, 2014 [May 3rd, 2014]
- Cryptocurrency | Ground Zero with Clyde Lewis - May 3rd, 2014 [May 3rd, 2014]
- CS 171 Final Project: Cryptocurrency Visualizations - Video - May 3rd, 2014 [May 3rd, 2014]
- Cryptocurrency Explained The Tech Guy 1046 - Video - May 3rd, 2014 [May 3rd, 2014]
- Know How 74 Cryptocurrency - Video - May 4th, 2014 [May 4th, 2014]
- MIT undergrads will each receive $100 in bitcoin - May 5th, 2014 [May 5th, 2014]
- cryptocurrency - Fortune Finance: Hedge Funds, Markets ... - May 8th, 2014 [May 8th, 2014]
- Bitcoin wins US election panel's approval for political donations - May 9th, 2014 [May 9th, 2014]
- CryptoCurrency of the World Unite! - Video - May 9th, 2014 [May 9th, 2014]
- Major Dogecoin Wallet Hacked, Shut Down - May 13th, 2014 [May 13th, 2014]
- Such hack, much sad: Doge Vault reportedly loses $56,000 in heist - May 13th, 2014 [May 13th, 2014]
- BBT Presents: Ode to Cryptocurrency - Video - May 13th, 2014 [May 13th, 2014]
- Scryptify Cryptocurrency Video - Crypto Currency Exchanges - Video - May 13th, 2014 [May 13th, 2014]
- AMD cuts Radeon R9 280 price as inflation woes die down - May 15th, 2014 [May 15th, 2014]
- The Cryptocurrency Certification Consortium - Video - May 15th, 2014 [May 15th, 2014]
- Bitpagar Cryptocurrency - Video - May 16th, 2014 [May 16th, 2014]
- TagPro - Cryptocurrency Juke Session w/ LTB & Counterpary - Video - May 16th, 2014 [May 16th, 2014]
- How to Mine Cryptocurrency Safely - Video - May 16th, 2014 [May 16th, 2014]
- Bunnycoin - Innovative New Cryptocurrency - Video - May 16th, 2014 [May 16th, 2014]
- Jan Irvin on Learning, Statism, Culture, Cryptocurrency and Voluntarism -- Potent News Podcast #1 - Video - May 16th, 2014 [May 16th, 2014]
- Nxt cryptocurrency platform: Proof of Stake mining system - Video - May 18th, 2014 [May 18th, 2014]
- Cryptocurrency Round-Up: Darkcoin Rise Continues; Dogecoin Saved My Life & Bitcoin Explainer Videos - May 19th, 2014 [May 19th, 2014]
- Givecoin.info Announces Partnership with Do A Bit of Good: World's First Charitable Mining Screensaver - May 21st, 2014 [May 21st, 2014]
- Cryptocurrency: Get Mining! - Video - May 22nd, 2014 [May 22nd, 2014]
- Violincoin - The first cryptocurrency for musician - - Video - May 22nd, 2014 [May 22nd, 2014]
- Trollcoin - The Fun Cryptocurrency! - Video - May 22nd, 2014 [May 22nd, 2014]
- Cryptocurrency and Nonprofits with Eric Nakagawa - Video - May 23rd, 2014 [May 23rd, 2014]
- The Cryptocurrency Store - Video - May 23rd, 2014 [May 23rd, 2014]
- The Cryptocurrency Store (Spanish/Espagnol) - Video - May 23rd, 2014 [May 23rd, 2014]
- How To Trade CryptoCurrency: Sign up to a safe and reliable exchange for trading CryptoCurrency - Video - May 23rd, 2014 [May 23rd, 2014]
- UT students to launch cryptocurrency exchange - May 24th, 2014 [May 24th, 2014]
- Videoconferencia Cryptocurrency 201243946 - Video - May 27th, 2014 [May 27th, 2014]
- VideoCharla Jesus Ramos Cryptocurrency - Video - May 27th, 2014 [May 27th, 2014]
- Cryptocurrency Round-Up: Bitcoin Pioneer Dies and Digital Currency's Status in Australia - August 31st, 2014 [August 31st, 2014]
- Bitcoin enthusiasts discuss the cryptocurrency - Video - August 31st, 2014 [August 31st, 2014]
- Make Fast 1.0 up to 10.00 BTC or Any Cryptocurrency REAL CASH - Video - August 31st, 2014 [August 31st, 2014]
- Halcyon cryptocurrency - Video - August 31st, 2014 [August 31st, 2014]
- Selling products / services / fiat money for cryptocurrency - Coinkite PoS Terminal - Video - August 31st, 2014 [August 31st, 2014]
- Selling cryptocurrency to customers - Coinkite PoS Terminal - Video - August 31st, 2014 [August 31st, 2014]
- Cryptocurrency Made Simple - A Plain English Guide to Bitcoins - September 8th, 2014 [September 8th, 2014]
- PotatoCoin - The cryptocurrency for the third world - Video - September 8th, 2014 [September 8th, 2014]
- How To Trade One Kind Of Cryptocurrency For A Different Kind Of Cryptocurrency - Video - September 8th, 2014 [September 8th, 2014]
- How To Fund Your Bleutrade Cryptocurrency Trading Account - Video - September 8th, 2014 [September 8th, 2014]
- How To Open An Account At Bleutrade.com Cryptocurrency Exchange - Video - September 8th, 2014 [September 8th, 2014]
- Cryptocurrency Round-Up: Apple Pay Boosts Bitcoin, Nakamoto Negotiates With Hacker - September 11th, 2014 [September 11th, 2014]
- Qoinpro Cryptocurrency Faucet ok - Video - September 12th, 2014 [September 12th, 2014]
- Weekly Roundup - CEX.IO - Multi-Functional cryptocurrency exchange - Video - September 12th, 2014 [September 12th, 2014]
- TCR #27: Cryptocurrency growth, 9/11 Anniversary, CDC Scandal, Face Your Fears - Video - September 12th, 2014 [September 12th, 2014]
- VanosEnigmA 011 Bitcoin-Comedy BitcoinDog CryptoCurrency-Cat Naughty - Video - September 15th, 2014 [September 15th, 2014]
- WikiLeaks Avoided Bitcoin to Prevent Government 'Destroying' Cryptocurrency - September 16th, 2014 [September 16th, 2014]
- LXC Coin crowdfunds in challenge to Bitcoin - September 16th, 2014 [September 16th, 2014]
- Why Bitcoin Is Poised To Win Big In Las Vegas - September 19th, 2014 [September 19th, 2014]