Tracking Cryptocurrency Scams

Tracking Cryptocurrency Scams

Scammers are demanding payment in cryprocurrency but the nature of Blockchains means these transcations can be traced.

Bitcoin and other cryptocurrency solutions are taking their place amongst traditional financial transactions.  Bitcoin has become a legal tender in El Salvador (alongside the US $) and more recently the Central African Republic (alongside the Euro-linked CFA).  Cryptocurrency is also rising into prominence as the finance powering other Blockchain platforms such as the digital art solution of Non-Fungible Tokens (NFTs).

To the scammer cryptocurrency sits in the perfect target position.  The public are becoming aware of its existence but are less knowledgeable about exactly how it works.  People have made large profits from cryptocurrency investments and also from buying and selling NFTs.  If you have funds invested in Blockchain solutions they are secure provided that you control access to your digital wallet.

The core of the current scams is not that an investment has been made and that investment has lost money.  Rather the mark believes that they are investing but that the funds go straight to the scammer.  It is relatively easy to deposit or withdraw funds but there is no intermediary such as a bank governing the process. In the USA the Federal Trade Commission reported that over 46,000 people had in total lost over $1 Billion (USD) in cryptocurrency in scams between 2021 and June 2022.  The median individual loss reported was $2,600.   Investment scams made up $575 million of the reported losses.  Romance scams covered another $185 million of the total; the ‘date’ urgently requiring a loan of funds.

In November 2021 the FBI published a warning of fraudulent use of cryptocurrency ATMs.  These machines are intended to allow cryptocurrency to be easily bought.  The scam will lead up to a deposit of cash into the ATM.  Perhaps the ‘bank’ has reported a security incident and funds need to be immediately withdrawn and paid into a secure cryptocurrency account.  The mark will have been sent a QR code by the scammer to input the address field in the transaction.  This is read by the camera on the ATM and sends the cash to the scammer’s wallet.

Transactions are a public record  that can be followed along the chain from deposit to withdrawal.  In 2020 a Twitter hacker sent out tweets allegedly from famous people such as Jeff Bezos.  People were invited to send funds to a Bitcoin address (the hacker’s) with the promise of the investment being doubled and returned.  Coinpath technology was used to identify transactions related to that address on the Blockchain and showed that funds were withdrawn to a Binance Exchange Wallet.  This in turn can be linked to a specific hacker.   Hackers pass funds through multiple wallets to hide their money trail.  They split their gains and mix funds with other ‘legitimate’ investments to reduce traceability but the chain and related transactions are still there.  This watering down of the trail is designed to slow down the process of tracing funds improving the chance of successfully laundering their gains.  There is an on-going race between the complexity in hiding a path through the Blockchain and the sophistication of tools such as Coinfirm’s ability to trace that path.

There are many cryptocurrencies and wallet systems in use; some more dependable than others.  Famously OneCoin had all the appearance of a cryptocurrency but no real-life connections with Blockchain; the funds and director vanished in 2017.  A hacker needs to choose between a reliable cryptocurrency whose wallet system may be favourable to legislative investigation and a shady alternative where their funds are less secure.  The mark is more likely to trust Bitcoin or Ethereum than an alternative they have never heard of.  A criminal will want to withdraw their ill-gotten gains as soon as possible; although their investment could accrue while on the Blockchain this will make it easier for the funds to be seized or frozen by an investigation.

Kindus do not see the use of cryptocurrency as inherently insecure although there is a risk involved as with any investment.  It is best to research into any scheme before making a substantial payment.  Beware of short term incentives as these may be designed to cut back on the time available to look into where any money is going.  If there is any suspicion or doubt you need to act fast while the money is still on the Blockchain.  Kindus can provide advice if you suspect fraud; you should also contact your bank and the police.

 

More from Security

04/12/2024

Sitting Duck Attacks

The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …

Read post

25/11/2024

Developers Hit By Compromised Software Packages

A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset.  It is well …

Read post

04/11/2024

UK Data (Use and Access) Bill

The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024.  This step is merely a formal introduction …

Read post

28/10/2024

Zero-Day Attacks

In October 2024 Google Mandiant reported on 138 exploited vulnerabilities since 2023.  They concluded there had been an increase in the number and speed …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories