Blockchain analytics firm CipherTrace released a report this morning showing that roughly $1.7 billion in cryptocurrency was stolen or scammed over the course of 2018. The amount stolen by hackers alone is staggering: over $950 million. The figure represents an increase of more than 300% from 2017.
The scams noted in the report don’t even include individual user scams. Instead, they focus on exchange exit scams, phony exchange hacks, and ICO scams. They account for an additional $725 million.
The Dark Downside of the Crypto Boom
If you adjust for the lower prices of cryptocurrencies in 2018, as much as 500% of actual crypto-tokens is more like it. The majority of coins stolen in 2018 were done through hacking exchanges and other services. CipherTrace believes the losses were probably much higher:
Join CCN for $9.99 per month and get an ad-free version of CCN including discounts for future events and services. Support our journalists today. Click here to sign up.
These numbers only represent the loot from crypto crimes that CipherTrace can validate; we have little doubt that the true number of crypto asset losses is much larger.
Millions of “noobs” entered the cryptocurrency space over the bull run of 2017. Many had dreams of striking it rich. Plenty did strike it rich. Plenty more missed the all-time-high due to greed or misunderstanding of the underlying market mechanics inflating the bubble.
As 2018 continually depressed the price of all cryptocurrencies, inexperienced users were charged – perhaps for the first time – with being their own bank. In many cases, remaining secure involves numerous security practices. There are those who disavow the use of MacOS or Windows, for instance, or even storing cryptocurrency on computers connected to the internet.
Rationality dictates new users have poor security practices. Additionally, newer users couldn’t be expected correctly delineate between trustworthy and non-trustworthy exchanges or even ICOs. Every aspect of crypto was new to them, and scammers go to great lengths to appear legitimate.
Inside Jobs Dominated Crypto Thefts in Q4 2018
According to the report, the amount stolen in the last quarter of 2018 was lower than the amount stolen in the third quarter. Cyber-criminals have reportedly turned to conducting inside jobs and victimizing noobs over “attacking hardened IT systems.”
The total dollar value of Q4 2018 thefts was lower than the number for Q3. This is partially due to the falling price of all cryptocurrency. In addition, rather than hacks on exchanges and wallets, inside jobs began to dominate the crypto crime landscape. It appears that a new breed of cybercriminals steeped in computer science and FinTech found it easier to commit fraud against unwitting investors and exchange users as opposed to attacking hardened IT systems.
SIM-Swapping On The Rise
SIM-swapping, a technique used to steal many different kinds of accounts, including exchange accounts, is on the rise. The method involves effectively reassigning the phone number associated with an account to an attacker’s phone. The attacker then uses SMS verification to reset the password on the account and drains the account. Many exchanges no longer allow for SMS verification. SIM-cloning is a similar technique.
According to CipherTrace, SIM-swapping was on the rise in 2018:
“SIM Swapping” represents a new and insidious threat to crypto businesses, users, and investors that became widespread in 2018. Once SIM Swapping attackers receive the compromised phone numbers, they use them to reset passwords and break into the victims’ accounts, including accounts on cryptocurrency exchanges.
The report also notes a new technique employed by a firm called BestMixer. BestMixer sent fractional amounts of BTC to as many addresses as possible in order to “taint” them all and confuse analytics companies like CipherTrace and Chainalysis.
But it wasn’t simply spam advertising: by sending Bitcoin to the top BTC addresses, BestMixer was effectively tainting these users by forcing them to transact with a mixer via these tiny transactions. By dusting every address with funds from a mixer, the campaign had the effect of soiling users’ reputations. The reason to dust so many addresses was an attempt to confuse blockchain analytics tools in order to circumvent AML, which was their stated objective.
Featured Image from Shutterstock