More than $1,1 bln lost. What can you learn from it?
Hack attacks in the crypto industry have become so common that news about another exchange hacking does not surprise the crypto community that has already experienced a lot. According to the report “ Spam and phishing” in the second quarter of 2018 $ 2,3 bln was stolen. As for the global trend, scammers stole $ 1,2 bln in 2017 and $ 1,1 bln in the first half of 2018. It seems that the crypto community does not learn from its own mistakes.
Hackers are most likely to use phishing digital resources, fake ICOs, bogus accounts of famous personalities in social media (a chain of scam bots in Twitter), fake crypto wallets and exchanges. The topic of escaping the scammers’ tricks and modern technologies that digital asset exchanges are developing to provide their wallets security was covered by the Chief Marketing Officer of Cryptology Herbert Rafael SIM in his lecture on the blockchain conference CryptoBBQ held in Moscow last week.
He believes that every user should deal with two-factor authentication to secure his personal data; no clicking on the third party links, which may turn out to be malicious; being careful with cloud mining sites and avoiding pump-and-dump groups and HYIP&MLM projects.
Cloud mining can be an attractive alternative to purchasing mining farms and expensive high-capacity equipment. There are projects with working business models, which aim to generate profit in a long run. However, scam projects can be distinguished by promises of guaranteed income, lack of licenses and refusal to provide these documents, intrusive annoying advertising, etc. Moreover, cloud mining sites are prone to be scammed. In December 2017 a popular mining marketplace, NiceHash, lost more than 4700 bitcoins in a hack attack on its payment system. The losses amounted to more than $ 75 mln given the BitCoin exchange rate at that moment. The marketplace users found their e-wallets empty after a long website shutdown.
In order to avoid losses, Herbert SIM recommends not joining pump-and-dump trading groups and channels. The groups’ administration picks a certain cryptocurrency of low value and small perspectives and agitates other group members to buy it simultaneously to make its exchange rate rise. Right after the pump succeeds the dumping stage follows and group members sell the pumped currency on terms of an artificially inflated rate. Most of the times only channel administrators benefit from these fraudulent schemes.
In October 2017, Genesis Vision ran an ICO and issued an unsecured token under the name of “GVT”. In early 2018, the currency exchange rate began to fluctuate drastically. BuzzFeed reports that GVT rate increase was boosted by a Telegram-channel Big Pump Signal, which warned their members about an upcoming GVT pump and encouraged them to retweet and promote a post by allegedly John McAfee. It turned out that “Coin of the day” tweet, promoting GVT, was posted by an account with the additional "L" in the Twitter username and the missing verification check. When the fake tweet had been first broadcasted, GVT exchange rate jumped from $30 to $45, and trading volume doubled. However, it returned to its initial mark in 20 minutes.
Bogus pages and channels of famous media figures and influencers can fool gullible users making them lose thousands of dollars overnight. Herbert SIM urges customers to be careful and examine thoroughly the accounts of opinion leaders rather than sending them money or crypto assets in pursuit of fast profit. In December 2018, tweets by fake Elon Musk accounts gained exceptional popularity due to promised forwards of hundreds and thousands of ETHs as if celebrating Falcon Heavy rocket launch. The only thing needed to be done in order to participate in this fake campaign was to send a little amount of ETHs to bogus accounts first.
Fake accounts can be run on behalf of politicians as well. On the 27th of August Malta Independent reported that seemingly Chinese scammers impersonated online the Premier Minister of Malta and a crypto supporter Joseph Muscat, creating his bogus Instagram-account. On his behalf, they encouraged users to invest in their bitcoin scheme generating high income in a month. Potential investors had to contact mysterious Wang Wei to make an investment deal with him. There were mostly Maltese citizens and politicians among the followers of the bogus account.
Herbert SIM recommends not sharing HYIP&MLM links and not making money out of scamming others but learning how to trade in a fair way instead. "You will get banned from all groups if you are found participating in such projects", - he says. - "We spend a lot of resources on security. After all, hack victims expect exchanges to pay them. Thus, it is even more important for exchanges to make sure that their wallets are secure".
He points out that Cryptology stores 98% of all funds on multi-signature cold wallets. Besides that, they practice KYC procedures with all customers using real-time identification system and compare biometrically clients’ information and the documents submitted. Doing so, Cryptology strives to build a credible community.
The general trend shows that other crypto exchanges are also aspired to achieve the highest security. On the 31st of July Binance announced the purchase of a mobile wallet Trust Wallet. The wallet will be able to take advantage of the Binance client base and its decentralized exchange. The CEO of Binance Changpeng ZHAO noted that "security is the fundamental pillar for the industry to continue existing".
On the 14th of August Coinbase exchange submitted an application to the United States Patent and Trademark Office (USPTO) to register a new technology in securing digital wallet accounts. They plan to introduce a system of multi-stage key generation for each transaction, which will reduce risks of hacking. The keys will be encrypted by the key ceremony application during each payment execution. A user will have to enter a master key to complete a transaction. As soon as it is loaded an administrator freezes the system. To unfreeze it, a user will need to enter a private key generated by key ceremony. The user will not be able to make a payment until the system is unfrozen. After the payment is made, a master key is deleted and re-created to process a new transaction.
The security problem is still the major headache for every crypto community member. While Vitalik BUTERIN, the co-founder of Ethereum, is ready to invest in the project that is developing technologies for crypto wallets security, Herbert Rafael SIM asks users to take the issue of their wallets and assets security very seriously. "Security goes both ways. Not just exchanges but also users themselves should take care of it”, - he concluded.