$4.26 billion is an incredibly large sum. To put it into perspective, $4.26 million in 6 months means investors, traders, and regular Joes together have lost over $23.6 million USD every day for 6 months.
$23,600,000 every day.
According to the Cryptocurrency Anti-Money Laundering (AML) report by CipherTrace for Q2 2019, cryptocurrency thefts and frauds have already amounted to over $124 million from exchanges alone, with Bitcoin and Ethereum being the top targets of cyber theft. In total over $227 million have been stolen so far from exchanges with billions more “stolen” from investors and users.
Bitcoin on Top (of Dark Market Cybercrime)
According to the report, Bitcoin was the top choice of cybercriminals buying and selling illegal drugs, weapons, and cyber and banking credentials in dark markets. In fact, 76% of all dark market transactions are carried out using BTC while ETC is used for 7% percent of the transactions.
When it comes to cases of malware and ransomware, Bitcoin is even more dominant with BTC being used in 98% of all cases related to malware or ransomware. ETC, on the other hand, accounts for just 1% of the cases.
It’s a bit ironic, seeing Bitcoin was created to take power away from irresponsible banks and governments after the 2008 financial crises and give individuals more control over their finance and in turn creating a more secure and solid foundation for global finance. Perhaps, this is the cost of privacy coins.
“Year of the Exit Scam”
It’s important to understand that not all of the $4.3 billion lost in crypto assets was due to outright theft. In fact, up until now, exchange and infrastructure theft amounts to only $227 million. The actual losses were due to Ponzi schemes and fraudulent coins. Perhaps the biggest example of such a loss is the very recent PlusToken Wallet scam in which $2.9 billion worth of crypto assets were simply “lost” by company officials when government officials intervened and tried to shut down PlusToken, a South Korea-based crypto wallet and exchange. The affair is still under investigation and has affected over 2.4 million users.
However, this wasn’t a unique incident. In fact, exit scams where owners of relatively large crypto wallets and exchanges simply run off with their users’ money have been increasingly common. Coinroom, Bitsane, and QuadrigaCX are just some of the other exit scams this year.
What’s Causing All Of This
What’s puzzling about these extreme increase in thefts and frauds is that while more people are aware of exit scams, popular fraud techniques, and also the industry-standard best practices that can be used to protect themselves, still veteran investors and traders are still together losing millions of dollars every day. According to the report by CipherTrace, this is because while people may be more aware of risks, the techniques and procedures employed by cybercriminals are getting even more sophisticated. On top of that, the industry-standard “best practices” are not enough to fight off these increasingly sophisticated takeovers. For instance, most cryptocurrency thefts in 2019 have relied on one of the two following procedures:
1. Advanced Persistent Attacks and Blended Attacks
More and more attacks on exchanges have employed a mix of different techniques to get past the exchange’s IT infrastructure. These attacks are persistent, attack various targets at once, and use different techniques to get access to admin credentials. A popular technique is SIM swapping where the hacker is able to suppress any notifications going to the user’s mobile phone by routing all data to the hacker’s own SIM.
2. Coordinated Phishing
Most traders and investors know better than to open URLs from unknown users or to accept requests from fake IDs – and cybercriminals understand this too, which is why instead of just relying on phishing, criminals are using network of clones of popular sites that link to each other in order to lull in unsuspecting visitors into logging in these clones and compromising their credentials. By the time many of these victims realize what has happened, their accounts have already been emptied.