31 Dec Crypto Scams, Exchange Breaches Surge Into 2022
Hackers are following the money trail
Melbourne, Australia – Dec. 31, 2021
In another item straight from the told-you-so files, hundreds of residents of El Salvador are claiming that funds are disappearing from their government-provided Chivo Bitcoin wallets — hardly a vote of confidence in the Central American country’s three-month-old experiment in making the cryptocurrency a legal tender.
It’s not clear yet whether the missing funds are due to cybercriminal activity or poor programming — but in a time when cryptocurrencies continue to probe record highs and governments from the UK, France, Australia and others are overhauling their crypto regulations, it is clear that cryptocurrency will continue to ride the headlines through 2022.
Activate Consulting’s latest annual outlook and user survey has predicted a “massive runway ahead,” with the number of consumers trading crypto expected to double over the next 12 months. “Consumers will move from buying cryptocurrency for investment to using cryptocurrencies for payments and transfers,” the firm predicts.
Cybercrime Radio: Blockchain Gaming Company Hacked
96 digital wallets have their private keys stolen
Yet 42 percent of respondents to the survey said they would not acquire or use cryptocurrency in the coming 12 months because it is not safe — echoing the group’s warnings that “early current intermediaries in the space are hacked somewhat frequently, eroding trust…. Anonymity creates challenges with preventing money laundering and terrorist financing, and makes regulation compliance difficult.”
Going where the money is
Predictably, the increasing value and prominence of cryptocurrency ensures that cybercriminals will continue attacks on cryptocurrency exchanges and wallets, after a banner year in which new crypto scams were everywhere — from a scam selling fake Amazon Tokens, to a botnet called Twizt that has used “crypto clipping” techniques to steal $500,000 worth of cryptocurrency, to the $600m currency theft from Poly Network.
It can hardly be a surprise that, where increasingly serious money is involved, cybercriminals are getting engaged. And while the encryption underlying cryptocurrencies themselves remains largely airtight, vulnerabilities in the exchanges managing them have made for easy pickings as cybercriminals notch up one win after another — such as the August theft of over $97 million in cryptocurrency from Japanese exchange Liquid.
Cybercrime Magazine maintains a running tally of cryptocurrency’s security compromises — but with even individuals suffering massive losses, the list is growing daily and the stakes have never been higher.
Cybercriminals will continue to refine their attacks to target individual digital wallets during 2022, predicts Derek Manky, FortiGuard Labs chief of security insights and global threat alliances, who warns that “cybercriminals are evolving and becoming more like traditional APT groups: zero-day equipped, destructive, and able to expand their techniques as needed to achieve their goals.”
“The rise in rapid connectivity, everywhere and all of the time, presents an enormous attack opportunity for cybercriminals,” he said, warning that increasing business use of cryptocurrency and digital wallets will increasingly attract attention from money-hungry cybercriminals in a 2022 where crypto theft becomes a key attack vector.
Scams pose an equally large opportunity for cybercriminals, often relying not on malicious compromise but simply on manipulating hapless victims that have heard about the potential rewards from crypto and are proving all too ready to follow the guidance of supposedly well-meaning “experts” offering their services.
Overall losses from cryptocurrency investment scams exploded last year, according to one Federal Trade Commission (FTC) report that flagged reported losses of $80 million from almost 7,000 consumers between October 2020 to March 2021 — up from just 570 scams and $7.5 million in losses during the same period a year earlier.
Security researchers continue to trace increasingly elaborate crypto schemes, leveraging companion email campaigns and social-engineering techniques that have already been heavily refined to support new Advance Fee Fraud schemes designed to extract Bitcoin from victims.
The relative immaturity of cryptocurrency oversight also leaves the industry open during 2022, with governmental efforts to reduce the risk in the system likely to take months or years to gain traction — and controversial crackdowns, such as the Biden Administration’s efforts to impose order and reporting on cryptocurrency exchanges, ensuring that market adjustments continue for some time.
Exchanges will play an increasing role in reining in crypto crime, some have argued, although increasingly complex architectures — and central role in evolving decentralised-finance (DeFi) payment ecosystems that require potentially vulnerable new integrations and monitoring capabilities — means their fast-evolving code bases are likely to remain open targets for malicious attackers.
Closer monitoring of transactions and unrivalled visibility into payment details, however, may see exchanges become the heroes of 2022 as well as the victims — a point made by Chainalysis, which will soon release its 2022 Crypto Crime Report and warns that a surge in “rug pulls” will continue to threaten the cryptocurrency ecosystem by compromising trust.
“Scams represent a huge barrier to successful cryptocurrency adoption,” the firm notes, citing exemplary work by cryptocurrency platform Luno in blocking scammers in the act, “and fighting them can’t be left only to law enforcement and regulators.”
Luno’s efforts to block scammers’ wallet addresses proved fruitful as the company’s customers were increasingly protected from compromise.
“With this strategy, Luno took a courageous step towards establishing greater trust and safety in cryptocurrency,” Chainalysis said, “which we hope to continue to see grow in the industry.”
– David Braue is an award-winning technology writer based in Melbourne, Australia.
Go here to read all of David’s Cybercrime Magazine articles.