2019 is shaping up as the year of the “exit scam” according to a new study from CipherTrace, a cryptocurrency intelligence firm based in Silicon Valley.
According to the company’s latest Q2 2019 Cryptocurrency Anti-Money Laundering (AML) report, which provides an overview of the major cryptocurrency thefts, scams, and fraud worldwide, criminals and fraudsters netted approximately $4.26 billion for the first six months of the year.
To put this in perspective, cryptocurrency thefts reached $1.2 billion in the first three months of 2019 and $1.7 billion for the entire 2018.
Although exchanges, wallets, and other cryptocurrency custody services are strengthening their defenses, hackers continue to innovate and outpace even the current state of the art in cybersecurity, the CipherTrace report notes.
For example, many breaches involve blended attacks in which hackers employ multiple techniques— including SIM swapping, phishing, URL hijacking, etc.—against multiple targets to take over user and administrator accounts, which increasingly are pulled off with the assistance of a compromised insider. In the case of SIM Swapping, users cannot receive alerts because once their phone numbers are switched to the hacker’s SIM they suddenly have no voice, email, or SMS service on their phones. As a result, both end-users and the exchange IT staff are unaware of these highly unusual transfers until the thieves have made off with their loot.
Take Binance for instance, the world’s largest cryptocurrency exchange, headquartered in Malta, lost last May more than $40 million in crypto assets from a cyberattack perpetrated by sophisticated hackers using a lethal cocktail of phishing, viruses and other attack vectors.
In total, cybercriminals looted $125 million in Bitcoin, Ethereum and other digital assets from exchanges last quarter, and insider thefts were by far the largest offenders, inflicting massive losses on investors and exchange users.
In addition, following the spectacular collapse earlier this year of QuadrigaCX, Canada’s largest cryptocurrency exchange, where investors lost an estimated $195 million, CipherTrace included in its Q2 report another massive disaster for crypto investors: the Plus Token app.
The cryptocurrency wallet and alleged Ponzi scheme based in South Korea appears to have defrauded millions of investors of $2.9 billion in crypto assets when it went offline last month in what is often referred as an “exit scam.”
2019 Shaping up as the year of the “Exit Scam”
While thefts due to cyberattacks have netted criminals $287 million during the first half of 2019, several alleged exit scams under investigation have resulted in fraudsters stealing more than $3.1 billion dollars.
To put it simply, an exit scam is when scammers launch a new cryptocurrency based on a promising concept. typically detailed on a “white paper”, then raise money from investors through an initial coin offering (ICO) before disappearing with the investors’ funds.
In aggregate, hacks, exit scams and misappropriation of funds fraud, cost cryptocurrency exchanges, investors and users $4.26 billion in the first half.
Bitcoin is still the king of the Dark Web and Cybercrimes
CipherTrace research shows that Bitcoin (BTC) is primarily used to buy and sell illegal drugs, weapons, and cyber and banking credentials and that the cryptocurrency is used in 76% of dark market transactions versus 7% for Ethereum Classic (ETC).
In the case of malware and ransomware, the dominance of Bitcoin is even more striking with Ethereum (ETH) used in only 1% of instances and BTC used in 98% of all the cases.
More regulations are coming
With the increase of crypto-related hacks and frauds, often related to money laundering, regulatory bodies have increased their oversight of virtual assets. In late June, the Financial Action Task Force (FATF), an intergovernmental organization based in Paris, France, rocked the crypto economy with a new “travel rule”—for which the G20 announced its full support at its latest Osaka Summit—that requires transactions between exchanges to include personal information about the sender and the receiver of funds similar to international bank wire and SWIFT transfers of fiat funds.
Atherton Research Insights
As we’ve seen so many times again—most recently with the latest massive data breaches (Equifax, Capital One…), and the new exploits revealed at the Black Hat and DefCon hacking conferences— the Cloud is far from being the most secure place to store your data, even less your hard-earned money, especially in digital form.