The New Frontier: Forecasting Cryptocurrency Fraud
March 1, 2018
Not a week goes by without a new case of cryptocurrency fraud making headlines. The most recent example concerned the BitGrail exchange, which suffered an attack that resulted in the loss of 17 million Nano Tokens ($170 million). Although BitGrail responded by announcing new security measures – highlighting the need for better security practices by both companies and individuals handling cryptocurrencies – this incident has also been marred by a disagreement between Nano Token and BitGrail over liability. This has sharpened calls for strict regulation of cryptocurrencies and their methods of exchange.
Regulation could have a significant impact on the cryptocurrency space, but we need to remember that even with long-stablished regulatory and law enforcement measures, traditional currencies are still targeted by fraudsters, so we shouldn’t expect cryptocurrencies will be any different.
What we can be sure of is that cybercriminals will continue to find new ways of making money as long as there are enough suitable targets available and the financial reward justifies their time and effort. To better model the future of cryptocurrency fraud, it helps to outline the main drivers and assumptions behind this phenomenon, which we have achieved by using the Cone of Plausibility analytical technique (see Figure 1 below). Our recent paper, The New Gold Rush: Cryptocurrencies are the New Frontier of Fraud, provides an analysis of these drivers. These include:
- Accessibility – Advances in technology and the wide availability of tools facilitate this type of fraud. Products such as Crypto Jacker lower the barrier to entry, as explored in our previous blog.
- Anonymity – Cryptocurrencies and blockchain technology offer a level of anonymity that, while beneficial in many respects, also embolden fraudsters. Currencies like Monero have better privacy features relative to their older cryptocurrency counterparts, which has in part made it increasingly popular on criminal markets and in money laundering operations. The funds accrued during the June 2017 WannaCry attack, for example, were converted from Bitcoin to Monero, likely because this move would make it easier to anonymously convert into fiat currency.
- Popularity and hype – The boom in cryptocurrency investment and development in recent years is one of the strongest drivers for this type of fraud. Criminals will always follow the money, looking to take advantage of whatever is most popular and most lucrative. In the mid-nineteenth century, the promise of gold inspired hundreds of thousands of people to make the journey to California in the hope of striking it rich. The cryptocurrency boom can be seen as a new Gold Rush, with countless individuals rushing to get a piece of the action, heartened by the astronomical rise of Bitcoin, which reached $19,343 in mid-December 2017.
- Reputation – Once seen as an esoteric countercultural development favoured by libertarians or criminals, the integration of cryptocurrencies into existing payment systems has given them greater legitimacy. Although not widespread, the roll-out of cryptocurrency-backed prepaid cards and plans for private European banks to provide cryptocurrency services increases the reputation of cryptocurrencies – in turn making them a more attractive prospect to investors. If their reputation increases, they will become more popular, increasing the number of targets for fraudsters.
- Opportunity – The sheer number of new altcoins, exchanges and coin offerings means that fraudsters have a wealth of potential targets. With over 1,442 cryptocurrencies in circulation, and new alternative coins – “altcoins” – emerging every week, the opportunities for cybercriminals to defraud cryptocurrency enthusiasts only increases. Our previous blog focused on the ways criminals were exploiting the interest in Initial Coin Offerings (ICOs) – a way of crowdfunding cryptocurrencies and platforms – through exit scams, spoof ICOs and price manipulation.
- Regulation – The success of price manipulation and scam ICOs is aided by a lack of regulation and oversight. In a regulated market such fraud would be illegal, and the threat of law enforcement action would probably deter many, although not all, criminals. Moreover, exchanges and ICO projects would be under more pressure to improve their security practices as they would face serious consequences for facilitating a breach. The BitGrail case, discussed above, is a clear example where a lack of clarity over who bears responsibility for the attack has meant customers have been so far prevented from reclaiming the value of their tokens.
Despite more concerted efforts of late by U.S. authorities– the Security and Exchange Commission recently filed charges against PlexCorps, which was accused of defrauding investors through a scam ICO – the future of cryptocurrency regulation is also uncertain and should be seen as a panacea for fraud. Criminals will continue to take risks regardless of the potential legal ramifications of being caught. In addition, regulatory implementation will likely be uneven, with some countries such as China and South Korea choosing to ban ICOs completely. While stricter regulation could have a beneficial effect in reducing fraud, it may also deter would-be investors and drive down the value of cryptocurrencies.
- Security – As long as organizations and individuals fail to improve their security measures, opportunities for fraud will continue to exist. Weak password practices enable account takeovers, misconfiguring cloud services facilitates cryptojacking, and failure to patch and update effectively means attackers can continue to exploit known vulnerabilities to deliver cryptomining malware.
Figure 1: Cone of Plausibility used to forecast future of cryptocurrencies
One of the greatest benefits of this forecasting approach is that it allows us to clearly outline the drivers behind the rise in cryptocurrency fraud, which in turn then allows us to home in on the factors that we as organizations and individuals can influence. While some changes will be harder and time-consuming to implement, there are several measures that organizations, consumers and exchanges can immediately take to mitigate cryptocurrency fraud risks. These include:
- Authenticating cloud services like AWS to stop fraudsters from stealing your processing power to mine
- Replacing factory-default credentials with unique and strong passwords to prevent Internet of Things devices from being incorporated into botnets
- Enforcing strong password security rules across your organizations – this includes enabling multi-factor authentication (MFA)
- Patching known vulnerabilities being used to deliver crypto miners. Vulnerabilities in Apache Struts (CVE-2017-5638) and DotNetNuke (CVE-2017-9822) servers have been used to download Monero miners. These miners have also been delivered by exploiting patched vulnerabilities in the popular Apache CouchDB open source database (CVE-2017-12635 and CVE-2017-12636)
- Having a reputable adblocker in place: the NoCoin browser extension was also developed to block coin miners like Coinhive
- Checking phishing databases and more specialist cryptocurrency fraud sites such as the Ethereum Scam Database before using any sites that you are unfamiliar with
Despite their volatility, high valuations, looming regulation measures and the projected adoption of cryptocurrency in both online and physical transactions, cryptocurrency fraud will not go away any time soon. However, greater education about cryptocurrencies and the risks associated with them for consumers and organizations can go a long way to fighting this trend. Digital Shadows will continue to watch this evolving space, providing research and advice that can help users navigate the Wild West that is the cryptocurrency world.
To learn about other tactics, including account takeover and crypto jacking, download a copy of our research paper, The New Gold Rush: Cryptocurrencies are the New Frontier of Fraud.
Tags:Forecasting Credential Compromise Credential Stuffing Cryptocurrency Cone of Plausibility Exit Scam ICO cryptojacking coinhive
Connect with us
Get the Latest Threat Intelligence In Your Inbox
Stay connected with the latest from the Digital Shadows Intelligence TeamSubscribe Here