Bitcoin and other cryptocurrencies traditionally attract increased attention from scammers of various calibers, who not only use them in their illegal activities, but also actively steal them not only from exchanges, but also from ordinary users.
Using advanced technologies, hackers are finding new ways to steal funds, but the basic and time-tested methods remain the same, since new people enter the cryptocurrency space every day, who often do not have an adequate level of knowledge and awareness to counter such attacks.
Below are the main tricks and tricks of hackers, knowing about which users can at least secure their coins.
Hack of the Mt. Gox
The first episode can be considered the largest Bitcoin theft in history.
It involved a group of professional hackers who exploited complex vulnerabilities and gained access to the computer of one of the auditors, and then to the exchange servers.
After that, they changed the price of BTC to 1 cent per coin and withdrew about 2,000 bitcoins. Later, hackers made it so that BTC could be bought at any price.
In 2014, hackers broke into the Mt. Gox and stole $473 million in bitcoins from user accounts. Later, these events led to numerous lawsuits and bankruptcy of the exchange at the end of the year.
Read: Bitcoin theft: TOP 50 largest thefts on exchanges [2011-2020]
Investment schemes
Bitcoin investing is another common type of cryptocurrency scam. These schemes are somewhat similar to cloud mining, since they also promise profitability and make small payments every day until suddenly all payments stop and the scammer disappears with the invested funds. This also works on the pyramid principle.
At first this “investment” seems very profitable as there are daily payouts. Many users re-invest there, expecting greater profits. However, when a user tries to withdraw their earnings, a problem occurs and before you know it, the company stops paying and users lose their investment.
If you decide to invest in any fund, make sure that the company is managed by industry professionals. Also, make sure that the proposed investment strategy is fully described and makes common sense, and that risks and exits are provided. First of all, it is worth remembering that anyone who guarantees high returns in investments is lying, since there is never 100% certainty in the world of investments.
Hacking the Bitstamp exchange
The first licensed cryptocurrency exchange in Europe, Bitstamp, which is regulated by the Luxembourg Financial Supervisory Authority (CSSF), was hacked in January 2015. Hackers sent a malicious file to employees' internal email.
One of the Bitstamp employees ignored security rule No. 1 - do not open files from strangers and followed the link on a device that has access to the exchange’s BTC wallet.
As a result, 19,000 BTC were stolen, or about $5,100,000 on the day of the theft. But thanks to the company's reserves, the damage to customers was compensated.
Keyloggers
Malicious programs that accidentally got onto your computer can be different. One of the most popular among scammers is the so-called keyloggers. This is a virus program that, when it gets onto your computer, remembers any data that you enter on any sites as a login and password.
Remember that you can pick up malware (of any type we looked at today) in different ways:
- Via email messages;
- By connecting a USB device to your computer;
- On dubious sites on the Internet;
- Via public Wi-Fi.
Always be aware of these methods and be wary of unfamiliar flash drives and strange emails. And check your computer with an antivirus more often.
Attack on TheDAO
June 2016
The vulnerability was used to attack the first decentralized autonomous organization and the first massive ICO project on Ethereum.
One summer day, GitHub users and project contributors raised the alarm about a “terrible attack on wallet contracts.”
Stefan Tual himself also got involved in solving this problem, and the very next day he published a link to the fix and announced a series of software upgrades.
Tual called this vulnerability a “recursive challenge” and it was this vulnerability that led to the collapse of The DAO project. The hacker obtained 3.5 million ETH (~$45 million).
Bitfinex exchange hack
August 2016.
As a result of the hack, the Hong Kong exchange lost 119 thousand bitcoins (~$60 million).
The main leak of funds most likely occurred through the BitGo processing service, which Bitfinex collaborated with. All funds were stolen from online exchange wallets with multi-level protection.
Later it became known that the transfer of funds was made possible by a multiple signature vulnerability. Here's how it works: Bitfinex has 2 keys, and another blockchain company, BitGo, has a third key, and together these keys allow you to transfer bitcoins (or other cryptocurrency).
There was speculation at the time that an attacker had likely captured BitGo's key and used it to sign transactions, but BitGo announced on social media that none of its servers had been hacked.
But the good thing is that Bitfinex issued BFX tokens to the victims which could be exchanged for dollars and hence most of their investors got their money back slowly and steadily according to the given schedule.
Slack bots
There are quite a large number of Slack bots that hackers successfully use. As a rule, such bots send a notification to the user that there are problems with his wallet. The ultimate goal is to get the user to click on the notification and enter the private key.
The largest successful hacker attack involving Slack bots was the Enigma incident in August 2022. Then the project was forced to suspend the pre-sale of ECAT tokens after unknown attackers hacked the project website and, having indicated a false ETH address, deprived it of more than $400,000.
In addition, Enigma representatives confirmed that the project’s Slack chat was also compromised:
Recommendations: ignore such messages, send complaints to the bots distributing them, install protection on the Slack channel (for example, Metacert or Webroot security bots).
Hacking Parity Wallet
July 2022.
The hacker group White Hat Group stole 153 thousand ether (~$31 million) from this wallet thanks to a vulnerability in its software.
Crypto hackers gained access to funds raised through ICOs of several blockchain projects (Edgeless, Swarm City and Aeternity blockchain).
And a week before that, other hackers stole ~$7 million worth of ether from the Israeli startup CoinDash during its ICO. They managed to change the wallet address for receiving cryptocurrency.
Fake Twitter accounts
An extremely simple, but quite effective method, aimed at holders of small amounts of cryptocurrency. Cybercriminals create many fake accounts or pages on social networks (usually Twitter). Next, thematic disguise of accounts is used, for example, famous personalities from the cryptocurrency world, developers of blockchain platforms, official altcoin groups and others.
After the fake accounts accumulate interested visitors, readers, active participants, etc., scammers periodically begin to organize cheap competitions for them with a real payment of a hundred or two satoshi or ethers. People gain trust because they pay real coins, publish useful information, and give meaningful recommendations.
The apotheosis of such promotion and gradual intoxication is, as a rule, a lottery, a gift draw, a big jackpot, a sale of subscriptions to insider secrets, and many others. etc. Fraudsters have plenty of fantasies to lure inattentive, gullible users. Usually, for access to all of the above, scammers ask to transfer a moderate amount in coins to a cryptocurrency wallet.
The result is clear - naturally, the scammers, having collected a certain amount of digital coins, disappear. It seems that the criminals' winnings are small, however, a cool disguise, skillful brain fog, as well as the mass nature of the action bring an impressive amount.
Hacking the payment system of the mining marketplace NiceHash
December 2022.
NiceHash is a Slovenian company that helps cryptocurrency miners buy and sell hashing power. Transactions are carried out in Bitcoin. Miners pay gradually, without upfront payments, so they do not have big risks. Merchants are also paid in Bitcoin.
On December 6, the company's servers became the target of an attack. Initially, Reddit users reported that they were unable to access their funds and make transactions - when they tried to log in, they were shown a message about a service downtime.
Hackers stole 4,700 bitcoins (~$63 million) and transferred them to a wallet that is now monitored by all NiceHash users. Thus, the public wants to help solve the crime. Unfortunately, it was not possible to return the stolen funds to their owner.
How to block a scammer
If you notice suspicious activity on the part of a certain user of the system and believe that this is fraud, immediately begin to act according to the instructions given below, and you will be able to save your funds.
Instructions:
- open the main page of the QIWI Wallet.ru website and find the “Help” section, subsection “Contacting support”;
Contact support - then select the recipient of the message, in the subject indicate “Transfer money to the scammer”;
Letter to security service - describe in detail in the lines of the proposed form everything that happened to you;
- do not contact the suspicious client of the system anymore; in the meantime, the security service will suspend its activities and conduct an inspection.
If you have already suffered from illegal actions of scammers, take the saved receipt with the transaction details and contact the police. There, fill out the application in detail and at the same time notify the Qiwi system support service about your appeal to law enforcement agencies.
Binance exchange hack
May 2022.
But most of all, professional traders and other specialists whose activities are related to digital money were excited by the hack of the legendary exchange.
It’s hard to even imagine how attackers managed to figure out the most modern methods of protecting BTC wallets without attracting the attention of the service’s technical staff.
The exchange announced that they will cover all lost funds from their funds and no users will be affected by this hack. They also noted that other information was compromised that could potentially relate to customer identity theft.
In this case, one cannot fail to note the professionalism of the hackers (it’s a pity that it is directed against the laws).
In total, the criminals stole 7 thousand BTC (at the time of the hack - $40 million), which is more than 2% of all Binance Bitcoin assets.
Trojan viruses
These numerous viruses are a type of malware that enters a computer under the guise of legitimate software.
This category includes programs that perform various actions unconfirmed by the user:
- collecting information about bank cards,
- computer malfunction,
- use of computer resources for mining purposes,
- use of IP for illegal trade, etc.
But the ingenuity of hackers does not stand still. Thus, in 2022, a new version of the notorious Win32.Rakhni Trojan was discovered. This virus has been known since 2013, but if at first it focused exclusively on encrypting devices and demanding a ransom for unlocking, the new version has gone much further.
First, it checks for folders associated with Bitcoin wallets, and if any are found, it encrypts the computer and demands a ransom. However, if no such folders were found, Win32.Rakhni installs malware that steals the computer’s computing power for the purpose of secretly mining cryptocurrencies, and also tries to spread to other devices on the network.
At the same time, as can be seen in the image above, more than 95% of all cases of computer infection with this Trojan were in Russia, with second and third places going to Kazakhstan and Ukraine.
According to Kaspersky Labs, Win32.Rakhni is most often distributed through emails that ask users to open an attached pdf file, but instead launch malware instead of the expected content.
As with phishing attacks, preventing devices from becoming infected requires basic computer hygiene and being extremely careful about the attachments you open.
Morality
All the stories described prove that funds stored in crypto exchange accounts or online wallets are always at high risk, and the safest way to store cryptocurrencies is still hardware wallets.
It is important to note that cryptocurrency thefts are quite complex and occur when the management of platforms and exchanges does not pay the necessary attention to security.
To prevent your money from falling into the hands of criminals, you should give preference only to large resources whose management is constantly improving the level of security and is ready to compensate for the losses of users.
Bypass 2FA
Two-factor authentication (or 2FA) is an additional security method that almost all exchanges and crypto sites offer. 2FA makes it possible to generate a digital code that changes every 30 seconds. It is usually used when logging into your account, as an additional measure of protection and confirmation that it is really you. I talked more about 2FA in one of the previous articles about the security of crypto wallets.
However, even this type of protection has flaws, and there have been precedents for scammers hacking 2FA. This method is extremely uncommon, however, I think it is important to mention 2FA, that even this can happen. Be careful and follow all notifications that come to you from email or phone!