With a single Bitcoin (BTC) now trading above $50,000, cryptocurrencies such as Bitcoin and Ethereum (ETH) are becoming increasingly attractive targets for cybercriminals. From sophisticated spear-phishing scams to targeted ransomware attacks, such cybercrime can take many forms. Here’s how to protect yourself.
According to Beenu Arora, Founder and CEO of Cyble, a global threat intelligence Software-as-a-Service (SaaS) provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb, the growing interest in digital currencies will not only pave the way for an uptick in cryptocurrency investments, but it will also expand the threat landscape of cryptocurrency frauds. “It is difficult to monitor cryptocurrency transactions,” said Arora, “as they are not governed by a central authority and have low regulation levels. This makes cryptocurrency an easy target for criminal activity across the world.”
Even cryptocurrency exchanges have been targeted. In September 2020, Singapore-based digital asset exchange KuCoin confirmed the large, anomalous withdrawals of Bitcoin and Ethereum tokens from the KuCoin exchange. More than $150 million worth of Ethereum ERC20 tokens were siphoned.
Another instance of sophisticated cryptocurrency fraud occurred in July 2020, when 130 high-profile Twitter accounts – including accounts Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple – were compromised through Twitter’s own administrative tools to promote a Bitcoin scam. The scammers gained unauthorized access to high-profile accounts and released tweets urging users to send money to a specified Bitcoin wallet address with a promise of receiving double the amount of Bitcoins. This points to a hallmark of cryptocurrency scams: While the scams may involve tremendous technical sophistication, their ultimate success often depends on credulous users to fall for the scam.
Fake cryptocurrency investment platforms, counterfeit crypto wallet scams, and advanced cryptojacking malware have enabled cybercriminals to earn millions from unsuspecting individuals. Here are some of the common scams used by tricksters to target cryptocurrency users:
- Imposter websites: One of the most popular avenues of cryptocurrency fraud is through fake websites designed to resemble legitimate ones. A surprising number of cryptocurrency investing websites havealready spawned fake counterparts intended to mislead investors into making investments and, in turn, losing digital currency. A great way to avoid such websites is to verify if the website has a small lock icon indicating security near the URL bar. It’s also necessary to exercise caution when it comes to accessing websites that do not have “https” in the site address.
- Counterfeit mobile applications: Similar to fake websites, hackers and fraudsters have developed countless fake look-alike apps that are available for download through the Google Play Store and Apple App Store. To identify a fake app from the original, look out for misspelled words and tweaked logos that differ slightly from the original. Research the app and check if the developer’s name is correct, and go through the user reviews and see if there are negative comments about the app’s authenticity. Go to the organization’s legitimate website and look for a link that points to their approved mobile app. Another great way to identify if an app is counterfeit is through the permissions it seeks for performing its functions on your mobile device. Beware of apps that ask for authorization that they don’t necessarily require.
- Social media manipulation: Fraudulent social media scams involving cryptocurrencies are a type of financial fraud that has actively spread across social networks. It’s quite easy for fraudsters to create fake social media accounts impersonating high-profile individuals and globally recognized celebrities and post misleading content that makes it seem that celebrities are endorsing the investment/content. Through carefully engineered tweets and posts, often from fake accounts, crypto fraudsters lure unsuspecting users into clicking through legitimate-looking URLs hiding malware downloads. Avoid URLs advertising too-good-to-be-true Bitcoin offers and refrain from engaging in financial transactions involving Bitcoin or otherwise through social networks.
- Cryptojacking: Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers employ two primary methods to secretly mine cryptocurrencies from the victim’s system. The first method involves tricking victims into loading cryptomining code (sent through phishing campaigns) onto their computers. For instance, victims may receive a legitimate-looking phishing email that encourages them to click on a link. Upon clicking the URL, it runs the code that places the cryptomining script on the computer. The other method involves a malicious script injected by cybercriminals on a website or an advertisement. Once a victim accesses the website, the script automatically executes. Once successfully loaded, the cryptomining code runs complex mathematical problems on the victim’s system and sends the results to a server that the hacker controls. The cryptomining code runs discreetly and can go undetected for a considerable period of time, making cryptojacking a popular choice for fraudsters.
“Cryptocurrency frauds are expected to accelerate in 2021,” concludes Richard Sands, Cyble’s General Manager for the North America region. “As cryptocurrency becomes more mainstream, fraudsters look to exploit its popularity and take advantage of investors. Crypto scams include Ponzi schemes, cryptojacking malware, and fake alternative cryptocurrency scams. Individuals should be cautious when it comes to digital currencies and perform due diligence and understand the risks.”
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com.