2024
A Russian entrepreneur who decided to make money on the BitFinex crypto exchange was stolen $1 million
In early April 2024, it became known that Moscow the Tverskoy District Court sentenced Rustam Rakhmetov, general director of Intrand LLC, and Artur Kudeli, deputy director of Assessment-Dako LLC. They stole $1 million from businessman Yan Shishkov, who decided to make money on. to the cryptoexchange BitFinex More. here
In Germany and Britain, cryptocurrency for $4 billion was confiscated at a time
On January 30, 2024, bitcoins worth approximately $4 billion were confiscated at a time in Germany and Britain. This is one of the largest such operations in the history of the cryptocurrency market.
In Germany, law enforcement agencies confiscated 50 thousand bitcoins worth approximately $2.17 billion (at the exchange rate as of the specified date). The case involves the work of a pirate site that violated the Copyright Act in 2013. The profit illegally received by this resource was converted into bitcoins. One of the two suspects voluntarily transferred the cryptocurrency to the Federal Criminal Police Administration (BKA). As of the end of January 2024, the investigation into money laundering is ongoing, no official charges have been brought against the men.
<source>В Германии и Британии единовременно конфисковали биткоины общей стоимостью приблизительно $4 млрд</source><source>Bitcoins with a total value of approximately $4 billion were confiscated in Germany and Britain at a time</source>
British police, in turn, confiscated bitcoins worth more than $1.77 billion, obtained as a result of investment fraud committed in China from 2014 to 2017. According to the Financial Times, the case includes 42-year-old Jian Wen, who helped launder money for others who organized the financial scam. Law enforcement officers seized devices with digital wallets that contained cryptocurrency.
It is noted that Wen herself did not directly participate in fraud and did not have access to all funds obtained illegally. At the same time, Wen does not dispute the use of bitcoin. The woman is accused of converting bitcoins into cash, jewelry and real estate. This is, in particular, a mansion with seven bedrooms and a pool, which was put up for sale for about $29.73 million, as well as a house worth $15.82 million with eight bedrooms, a cinema and a gym.[1][2]
Hackers hacked into US Securities Commission account and caused a stir in the crypto market
Since the beginning of 2024, there has[3] a whole wave of Hackers[4] of various verified accounts of the social network X, which are aimed at earning money using the crypto market. In particular, the credentials of Mandiant, NetGear, Canadian Senator Amina Gerba, the non-profit Green Network consortium and Brazilian politician Ubiratan Sanderson were intercepted. The main purpose of hacking these accounts was to publish ads for fraudulent crypto projects.
However, the most notable case of hacking happened on January 9, when the account of the American Securities Commission (SEC) was intercepted, on the page of which a message was published allegedly about the approval of spot Bitcoin funds for exchange trading (BTC-ETF). Moreover, the date of such a verbal intervention was chosen uniquely precisely - it was at that moment that the SEC, according to rumors, had to approve a whole list of such funds. Preparations for this point were underway throughout the fall of 2023, and the market was looking forward to this moment.
As a result, traders reacted very violently first to the fake message itself, and then to its refutation, which was made on their behalf in the same X by SEC Chairman Gary Gensler. A jump in the Bitcoin exchange rate was recorded more than a thousand dollars up, and then two - down. It is clear that people who staged such a fake could earn a lot of money from the situation. Most likely, from transactional activity at this time, it is quite possible to determine which addresses were associated with fraudsters and were involved in this scam.
An express investigation found that the SEC account did not have two-factor authentication enabled, and someone took possession of the phone number to which it was tied. It turned out that Mandiant had two-factor authentication temporarily disabled due to "changes in the two-factor authorization policy X"[5]. It seems that it was the change in the policy of two-factor authentication X, which led to the rollback of its use and led to a wave of hacks. Once enabled, users no longer checked whether two-factor authentication had dropped. Therefore, it is recommended to regularly check the operation of one-time passwords and two-factor authentication.
2023
In Russia, the number of cryptocurrency-related court cases has grown 5 times in 2 years
The number of cryptocurrency-related court cases in Russia has grown 5 times over the past 2 years. In 2023, the number of such cases in Russia amounted to 2653, while in 2021 there were 510 cryptocurrency court cases. This was announced on March 26, 2024 by RBC with reference to a study of the educational platform Moscow Digital School and the law firm EBR.
Experts interviewed by the publication expect a further increase in the number of cases related to cryptocurrency due to the development of new directions in the cryptosphere. 62% of the total number of proceedings in 2023 were related to bankruptcy disputes. This is 91% more than in 2022.
The number of civil cases increased by 60%, criminal cases - by 34%, the number of administrative cases also increased - by 19%. Experts associate such a trend with a rapidly growing interest in cryptocurrency from society and business, which in turn leads to the emergence of new schemes of cryptocurrency fraud.
There is an increase in the number of criminal cases related to the use of cryptocurrencies in the drug trade. In particular, attackers convert fiat currencies into cryptocurrency, then change or transfer to other persons. After that, there is a reverse exchange for rubles, and the attackers use the services of "drops" - people who get bank cards and hand them over to criminals to cash out.
The second most common group of criminal cryptocurrency cases are cases related to the theft of crypto assets. Criminals hack into crypto wallets, gain access to them by phishing, commit hacker attacks, blocking data and providing ransom opportunities in cryptocurrency. In addition, fake crypto platforms or financial cryptopyramids are often created.[6]
Over the year, $2.61 billion of cryptocurrency was stolen in the world. Returned - $674 million
In 2023, the cryptocurrency industry lost approximately $2.61 billion globally as a result of hacker attacks and various fraudulent schemes. At the same time, it was possible to return only about $674.9 million, that is, about a quarter of all stolen funds. Such data are given in a study by PeckShield, the results of which were published on January 29, 2024.
It is estimated that in 2023 there were more than 600 large hacks in the crypto space. Of the $2.61 billion stolen from crypto platforms, approximately $1.5 billion fell on hacker attacks, and the remaining amount fell on incidents related to fraud. The total losses were 27.78% less than in 2022, when about $3.6 billion of cryptocurrency was stolen in the world. The largest losses during 2023 were recorded in November ($364.4 million) and September ($339.2 million).
In
Attackers continued to focus on DeFi protocols: decentralized finance platforms accounted for approximately 67% of the total damage. Another 33% stolen from Centralized Exchange Sites (CEX). The five most unprofitable incidents included Mixin (losses of about $200 million), Euler Finance ($197 million), Poloniex ($125 million), HECO Bridge & HTX ($111 million) and Orbit Chain ($81.5 million). Approximately 40% of attacks in 2023 were carried out by attackers using instant loans.
The PeckShield study also said that in 2023, the volume of stolen and laundered cryptocurrency funds decreased by 25% compared to the previous year. It amounted to approximately $342 million, while in 2022 the figure was estimated at $460 million. This is due to the strengthening of security in the cryptocurrency sector, as well as to the development of regulation in this area. In addition, preventive protective measures are being taken.[7]
More than 40% of publications about investments in cryptocurrencies were fraudulent
Angara Security analysts analyzed using OSINT publishing tools on cryptocurrency in open Telegram channels. In total, about 22,000 cryptocurrency-related materials were identified, of which nearly 9,000 were flagged as suspicious and subsequently removed. In most deleted messages, the authors suggested that users invest in the crypto market, for example, "make 70,000 rubles out of 1000 rubles," while the transfer was offered to be made to a bank card. Angara Security announced this on January 19, 2024.
To attract users to their resources, fraudsters used the aggressive names of Telegram channels: "earnings now," "path to success," "financial independence," "smart investments," "crypto farm," "crypto babos," "official channel." The main types of content on such channels are courses on training earnings on cryptocurrencies, offers on deposits in crypto assets, advertising of groups and investor channels, hidden advertising of various platforms, advertising of crypto wallets, discounts and bonuses for registration.
 | Fraudsters understand and track the problems of not only ordinary users, but also companies. They are attracted by the phrases "your assets will not be able to freeze"..., offering legal entities not only to register offshore companies, but also to invest in cryptocurrency in order to avoid formalities when legalizing business in foreign jurisdictions, − said Victoria Varlamova, senior brand protection expert, Angara Security. |  |
For some schemes, scammers also develop mobile applications sites that are used as platforms for phishing attacks and scams. For example, in 2023, the ru-segment registered almost 1,500 domains related to investments, 50% of which were registered in the fourth quarter of 2023. At the same time, a number of registered domains used references to platforms and. Binance CommEX
| | The increase in the number of fraudulent sites at the end of 2023 may be associated with the departure of the Binance cryptocurrency exchange from Russia and the sale of its business to a Russian company. Cyber fraudsters began to mimic under the successor to Binance - the CommEX platform - and create similar projects with the aim of extortion, − Victoria Varlamova continued. | |
In addition to the risks associated with the loss of investments, at such sites there are higher risks of theft of personal data of investors, private keys from crypto wallets, which can be used for blackmail and other fraudulent actions in the interests of cybercriminals.
In order not to get on the tricks of criminals, Angara Security experts recommend choosing only well-known cryptocurrencies and checking a potential partner in the so-called "black list" of the Bank of Russia. Almost 2,000 crypto companies with signs of illegal activities and a "financial pyramid" are noted in this list. To work with cryptocurrency, you should use applications downloaded only from GooglePlay or Apple Store, and for sites check the registration date and domain owner.
Crypto companies fined a record $5.8 billion in a year
In 2023, cryptocurrency and fintech companies were fined a total of approximately $5.8 billion, a record high. This is stated in the study, the results of which were published on January 9, 2024.
According to the Financial Times newspaper, in 2023, the total amount of fines imposed on crypto companies for the first time exceeded the corresponding figure for the entire traditional financial system, which paid penalties in the amount of approximately $835 million. The observed situation is primarily due to increased control by regulators over illegal financial flows and fraud. The total amount of $5.8 billion collected from crypto companies includes a fine of $4.3 billion for the Binance cryptocurrency exchange, which the US Attorney's Office called a "warning shot."
The number of fines against cryptocurrency companies increased significantly in 2023. 11 penalties were determined against them, while during the previous five years an average of two fines per year were recorded. Experts believe that in the future there will be even more fines.
| | Widespread fraud and crime in the high-profile cryptocurrency arena have forced regulators and prosecutors to allocate additional resources to control the area, says Dennis Kelleher, chief executive of Washington-based Better Markets, which advocates for tougher regulation in the crypto market. | |
The published data indicate that in 2023 the total amount of fines for money laundering and other financial crimes (including fraud in the banking sector, in the field of payments, etc.) increased by more than 30% compared to 2022 - to $6.6 billion. However, this is significantly lower than the peak level of $11.3 billion, which was recorded in 2015.[8]
In Rostov-on-Don, 8 years in prison received a thief of 5 million rubles when selling cryptocurrency
In December 2023, the Kirovsky District Court of Rostov-on-Don sentenced Araik Mirzakhanyan to eight years in prison for stealing money when selling cryptocurrency. He was found guilty under paragraph "b" of Part 4 of Art. 162 of the Criminal Code of the Russian Federation (robbery, that is, an attack in order to steal someone else's property, committed with the threat of violence dangerous to life and health, by a group of persons by prior conspiracy, with the use of objects used as weapons, on an especially large scale). Read more here.
New York IT specialist admits to hacking crypto exchanges and stealing $12 million
On December 14, 2023, the US Department of Justice announced that Shakib Ahmed, a former security engineer at an international technology company, pleaded guilty to hacking two decentralized cryptocurrency exchanges. As a result of these hacker attacks, the man stole more than $12 million. Read more here.
Cryptocurrency thefts in the world have decreased by 50% over the year
In 2023, the damage from hacker attacks on various cryptocurrency platforms is estimated at about $1.7 billion. The fall compared to 2022, when losses reached almost $4 billion, is more than 50%. Such data are given in a study by TRM Labs, the results of which were published on December 7, 2023.
Analysts recorded about 160 cyber attacks on all kinds of cryptocurrency resources in 2023. This roughly corresponds to the level of the previous year. The largest amount of funds - 57.6% - was stolen during infrastructure attacks, involving, in particular, the theft of a private key. Another 10.8% of hacks in 2023 are related to protocols, 10.5% - to the use of exploits. In 17.6% of all incidents, combined methods were used. In 3.5% of cases, specialists failed to reliably identify the attack vector.
The top ten hacks in 2023 account for almost 70% of all stolen funds. Damage from some of them exceeded $100 million, including attacks on Euler Finance (March), Multichain (July), Mixin Network (September) and Poloniex (November).
TRM Labs experts attribute a significant reduction in the overall damage from attacks on cryptocurrency platforms to several factors. During 2023, the cryptocurrency industry significantly strengthened its security protocols. It is said about the introduction of real-time transaction monitoring tools and anomaly detection systems. These tools protect digital wallets and crypto platforms from intrusions, and allow you to identify and repel potential attacks early on. In addition, law enforcement agencies around the world have increased attention to cybercrime related to digital currencies. At the same time, participants in the cryptocurrency industry have established a more effective exchange of information about vulnerabilities and threats.[9]
"I was fooled." Actor Pavel Derevyanko created a cryptocurrency company and went on trial
On November 16, 2023, it became known that the Russian actor Pavel Derevyanko ("Unprincipled," "Salyut-7," "The Far Side of the Moon," "Hitler Kaput!," "Rzhevsky v. Napoleon") faces up to 10 years in prison in a fraud case. He is accused of fraud with cryptocurrencies, although Derevyanko himself claims that "he was fooled." Read more here.
In Russia, the number of attempts to steal cryptocurrency increased by 50%
In September 2023, the number of attempts to steal cryptocurrency increased sharply. This manifested itself in an increase in the transitions of Russians to phishing and fraudulent web pages on the topic of cryptocurrencies.
According to experts interviewed by Kommersant, this dynamics is primarily associated with a seasonal increase in activity after the summer, as well as with the departure of the Binance crypto exchange from Russia.
| | Many trading and arbitration bundles were lost, and not all traders were able to reorient to alternative trading platforms in time. The telegram is now a popular scheme for recruiting arbitration training, during which a "student" is thrown off a phishing link to an alleged exchanger, after which the victim loses money, said Nikita Vassev, co-founder of 0xprocessing, commenting on the impact of Binance's departure on the growth of cryptocurrency fraud. | |
According to Kaspersky Lab, in September, the growth of transitions to fraudulent cryptocurrency sites amounted to almost 50% - from 211 thousand to 317 thousand. The amount of cryptocurrencies lost by Russians, according to Kommersant experts, reaches hundreds of millions of dollars.
According to independent financial analyst Andrei Barkhota, over the year the number of cryptocurrency-themed scam pages increased by 300 thousand. In addition, Vitaly Kitaychuk, Deputy Head of Financial and Technological Company ONLY BANK, noted that September is the traditional month of exchange rate growth. bitcoin On October 15, 2023, his exchange rate was $26.8 thousand.
The main security recommendations for handling cryptocurrencies include: do not click on ad links, do not give anyone your personal data and secret keys; use only proven platforms for trading; install a reliable antivirus and update it regularly.[10]
The fraudster returned $7.8 million to the crypto exchange and received for this work
On October 7, 2023, the HTX cryptocurrency exchange (formerly Huobi) announced that the attacker who stole 5000 ETH (approximately $7.8 million at the exchange rate as of October 11, 2023) returned the stolen funds. In exchange, HTX gave the hacker a monetary reward and offered him a job. Read more here.
Hong Kong crypto company halted work after stealing $200 million from its customers
On September 25, 2023, the Hong Kong-based crypto company Mixin Network reported a hacker attack that stole approximately $200 million from customers. In connection with the incident, the platform stopped all operations, saying that it was taking measures to solve the problem. Read more here.
CoinEx crypto exchange confirms theft of $31 million as a result of cyber attack
On September 12, 2023, the professional international cryptocurrency exchange CoinEx reported a cyber attack that stole tens of millions of dollars. Read more here.
Hackers withdrew $40 million from the Stake cryptocurrency platform
In early September 2023, it became known that one of the largest cryptocurrency casino and sports betting platforms Stake was hacked. Network attackers managed to steal more than $40 million. Read more here.
In Turkey, the head of the Todex cryptocurrency exchange was sentenced to 11,196 years in prison
On September 7, 2023, a Turkish court in Istanbul sentenced former head cryptocurrency exchange Thodex Faruk Fatih Ozer. For fraud and other crimes, a man is sentenced to imprisonment for a term of 11 196 years. More. here
The founder of the cryptocurrency service Tornado Cash was arrested in the case of laundering $1 billion of hacker money
On September 6, 2023, Roman Storm, co-founder of the fully decentralized open-source cryptocurrency mixer Tornado Cash, pleaded not guilty to laundering approximately $1 billion in hacker money. Read more here.
The police took away bitcoins worth 26 million rubles from the Russian and caught by the FSB
On September 7, 2023, it became known about the detention To Moscow of two police officers who are accused of embezzling bitcoins 26 million rubles from a cryptocurrency investor. As told TASS in law enforcement agencies, the incident occurred in the metropolitan area of Vykhino-Zhulebino. Two police officers attacked a local crypto investor in their spare time. Threatening to initiate a criminal case, they forced him to transfer bitcoins to their crypto wallet.
According to the investigation, on July 19, 2023, the police stopped a crypto investor on Privolnaya Street, handcuffed, forcibly put him in a car and took the phone, the SHOT Telegram channel specifies. According to RBC, a cell phone was taken from the detainee and forced to transfer 9.6 bitcoins (26.2 million rubles) under the pretext of not being brought to justice. The money was transferred to wallets controlled by employees. The name of the man affected by the actions of the police was not disclosed in the interests of the investigation. He is an entrepreneur, the source of the publication noted. After the man was released, he turned to law enforcement agencies with a statement about the crime committed against him.
According to it, an inspection by operatives of the capital's own security Glavka MVD immediately began, the department said. The identities of two police officers involved in illegal activities were identified. When confirming the guilt of the employees, they will be fired and punished, the metropolitan police said.
Vedomosti reminds that on June 19, 2023, the Nikulinsky Court of Moscow recovered 1032 bitcoins (more than 1.6 billion rubles) from the ex-head of the investigation department for the Tverskoy District, Marat Tambiev. The Prosecutor General's Office insisted on recovering bribes from hackers in cryptocurrency from the state.[11]
Russian citizen and his girlfriend admitted to laundering $4.5 billion through stolen bitcoins
On August 3, 2023, Russian national Ilya Lichtenstein and his girlfriend Heather Morgan pleaded guilty to money laundering charges related to the theft of about 120,000 bitcoins in 2016 from Hong Kong's Bitfinex. The total amount of damage is approximately $4.5 billion. Read more here.
Hacker attack on Alphapo cryptocurrency platform, as a result of which $31 million was stolen
On July 23, 2023, it became known about a hacker attack on the Alphapo cryptocurrency platform. Tens of millions of dollars in digital assets have been stolen in the incident. Read more here.
Russian companies attack mailings with the PyCrypter ransomware under the guise of a crypto exchange with VPN
On July 11, 2023, the center cyber security F.A.C.C.T. recorded a mass mailing harmful of letters aimed at, and the Russian industrial- transport IT company. In letters intercepted on July 9, 2023 by the automated email Business Email Protection system from F.A.S.S.T., recipients are invited to use application CryptoBOSS to work with and. cryptocurrency VPN More. here
DoubleFinger loader hides styler in PNG files and replaces cryptocurrency wallet interface
Kaspersogo Lab experts have discovered a multi-stage DoubleFinger bootloader that delivers the GreetingGhoul styler to users' computers in Europe, the United States and Latin America. The attack begins with the victim opening a malicious PIF attachment in an email, launching the first stage of the DoubleFinger bootloader. This became known on June 13, 2023. Read more here.
With the help of a Trojan in pirated Windows assemblies, attackers stole $19,000 worth of cryptocurrency.
Dr.Web specialists have identified a Trojan styler program in a number of unofficial OCWindows 10 assemblies that attackers distributed through one of the torrent trackers. As representatives of Dr.Web told TAdviser on June 14, 2023, a malicious application named Trojan.Clipper.231 replaces the addresses of crypto wallets in the clipboard with addresses set by scammers. With the help of this Trojan, attackers have already managed to steal cryptocurrency in the amount equivalent to about $19 thousand. Read more here.
Hackers created more than 1000 fake sites and in 3 months stole $5 million of cryptocurrency from users from Russia and the CIS
On June 6, 2023 Japanese , the developer of solutions for cyber security Trend Micro published the results of an analysis of a large-scale fraudulent campaign, during which more than 1000 sites were involved. Attackers in about three months stole about $5 million in form from users from Russia and the CIS. cryptocurrencies
According to the results of the investigation, cybercriminals have been operating since at least 2021. They operate through the Impulse Project partner program, which is controlled by the Impulse Team. This program is advertised on a number of Russian-language criminal forums. After creating an account on a fraudulent platform, the user is invited to activate the account by making a small deposit in cryptocurrency: in return, fraudsters promise huge profits from subsequent operations. However, in reality, the victim does not receive any benefit, and the funds provided go to the criminals.
Attackers carefully work out the design of fake sites, imitating the filling of legal cryptocurrency platforms. In particular, a large amount of thematic content is displayed on the main page, and a special counter in real time demonstrates fluctuations in the cost of major cryptocurrencies.
Scammers find their victims through various social networks, including TikTok and Twitter. In addition, video ads are distributed on the Internet. Criminals optimize operations for their affiliates by providing hosting and infrastructure so they can run malicious websites on their own. Then partners can focus on other aspects of the work, such as conducting their own advertising campaigns. Only in the period from December 24, 2022 to March 8, 2023, the amount of all fraudulent transactions exceeded $5 million.[12]
Hackers stole $35 million when hacking into Atomic Wallet crypto service
On June 3, 2023, the Atomic Wallet cryptocurrency wallet reported a hacker attack that stole assets worth more than $35 million. Information security experts are investigating the incident. Read more here.
Deutsche Bank employee arrested in cryptocurrency fraud case
On April 11, 2023, the US Department of Justice announced the arrest of former Deutsche Bank employee Rashawn Russell. The man is suspected of cryptocurrency fraud. Read more here.
4.3 million crypto investors lost $46 billion in 5 months due to bankruptcies of large market players
According to a study by the Federal Reserve Bank of Chicago published in May 2023, 4.3 million crypto investors lost $46 billion in just five months due to bankruptcies of major market players - mainly FTX, Celsius, Voyager, BlockFi and Genesis customers.
Muscovite was beaten at "cryptocurrency earnings rates" and taken $53,000
Muscovite wanted to learn how to make money on cryptocurrency and in April 2023 came to courses with cash dollars. But instead of courses, he was beaten and robbed in the metropolitan area of the airport.
21-year-old Denis learned for several months to competently invest in cryptocurrency. At one of the lectures, Denis was asked to bring cash, writes Shot. He came with $53,000.
Two criminals broke into the office, beat him and took the money. The guy went to the police. So far, only one attacker has been detained and $1,600 has been found in his possession.
Bitcoins worth more than 10 million rubles were stolen from a 29-year-old Nizhny Novgorod resident
In March 2023, bitcoins worth more than 10 million rubles were stolen from a 29-year-old Nizhny Novgorod resident. He did not notice the substitution of the address when he was withdrawing coins from the online wallet through the application.
Russia passed the first verdict for p2p trading on a crypto exchange
In February 2023 Russia , the first verdict was passed for p2p trading on. to the cryptoexchange The Russian was sentenced to two years probation for "conspiracy with an unknown attacker," to whom the accused sold a ruble code on the Garantex cryptocurrency exchange. More. here
Revealed a group of cryptocurrency false investors who sat in Moscow City and stole billions
To Moscow In exposed a fraudulent group, which under the guise of providing financial services stole billions from customers. rubles He writes about this with reference to the victims and the data of the investigation in the Kommersant issue of March 6, 2023. More. here
US Department of Justice accuses four Russians of $340 million cryptocurrency fraud
On February 22, 2023, the US Department of Justice reported that the four founders of Forsage, a decentralized financial (DeFi) cryptocurrency investment platform, were charged with major fraud. Read more here.
Crypto-ransomware apps infiltrate official Google and Apple stores
On February 2, 2023, it became known that cyberbundites from Tinder lure gullible men into a cruel financial trap.
As reported, the creators of high-yield investment scams called "The Pig-Butchering Scum" have found a way to bypass the protection of Google Play and Apple App Stores.
Swine cutting fraud has been happening for several years. Attackers use fake websites, harmful advertizing and. And social engineering downloading fraudulent applications to official stores makes it even easier for them to gain the trust of the victim.
Researchers at the company say cyber security Sophos cybercriminals target victims on popular social media platforms. They convince them to download fraudulent apps and "put" large amounts of money into assets they say are real. Basically, fraudsters fool men using fake female profiles (Facebook recognized as an extremist and banned in the Russian Federation) and Tinder.
ShaZhuPan is a hacker group from China that is waging this fraudulent campaign. It demonstrates a high level of organization. Individual teams in it are engaged in interaction with victims, individual - finances, franchising and money laundering.
Profiles controlled by fraudsters are created taking into account a luxurious lifestyle, with photos of expensive restaurants, shops and exotic places. Apparently, this is how attackers attract wealthy men.
After winning the victim's trust, fraudsters say they have a relative working for a financial analysis firm. They convince that you can make good money on this, and invite the victim to trade cryptocurrency through the application from the Play Store or App Store.
Fraudsters instruct the victim how to create an account on the cryptocurrency exchange platform, Binance replenish the balance, and then transfer the invested amount to a fake application.
The malicious apps used in the campaign Sophos observed are called "Ace Pro" and "MBM_BitScan" in the Apple App Store, as well as "BitScan" in the Play Store.
At first, these applications allow the victim to display small amounts of cryptocurrency, but then block their accounts when the amounts become larger. Initial withdrawals tend to be enough for victims to trust the scheme and continue to invest.
The method used to bypass security checks in mobile app stores is fairly simple. To infiltrate the App Store, the ShaZhuPan gang sends an application signed with a valid certificate issued by Apple, which is the main requirement for any code that will be accepted into the iOS repository. At first, the application connects to a secure server, and its behavior is not suspicious. But after passing the check, the developer changes the domain, and the application connects to the malicious server.
After launching the application, the victim sees an interface for trading cryptocurrencies delivered from a malicious server. However, all displayed information is fake, with the exception of the user's account.
Sophos researchers found that BitScan's Android and iOS apps have different vendor names but interact with the same management server that appears to impersonate bitFlyer - a legitimate cryptocurrency exchange company in Japan.
Because these apps are only downloaded by a small number of target users, they are not reported as a massive scam, increasing the time it takes to identify and remove them from the store.
Swine-cutting fraud makes a high profit in a short time, so scammers are motivated to spend a lot of time and effort to gain the trust of their victims through long-term communication.
This long interaction, initial withdrawal and convincing interface of fake applications make it difficult to understand the very fact of fraud.
Sophos also notes that the emergence and popularization of the financial and technical industry has further strengthened people's confidence in such software tools. And when apps are downloaded from official Apple and Google stores, victims have little or no doubt about their legality and safety.
In order not to get into such a situation, before installing any application on your smartphone, it is recommended to familiarize yourself with the reviews of other users, privacy policy, information about the developer/publisher and search for information about the company on the Internet Crypto-fraudulent[13]
Canadian lost a house and $500 thousand due to crypto fraudsters
At the end of January 2023, a resident of Canada lost all his savings and even housing due to crypto fraudsters due to the desire for easy profit. The remaining funds will be enough for him for only two or three months. Read more here.
Hackers stole $64 million of cryptocurrency by hacking into popular blockchain system
In mid-January 2023, information appeared that cybercriminals tried to launder cryptocurrency assets worth approximately $64 million. Crypto exchange security teams Binance Huobi have joined forces to discourage fraudulent activities. More. here
Criminals detained who tortured a Russian to obtain a password from a wallet with bitcoins
Security officials detained intruders who tried to kidnap 250 bitcoins and tortured their owner with a blowtorch in December 2022 - then unknown persons in the form of FSB officers kidnapped the former director of the funeral company Andrei Lifanov from his Bentley.
The attackers handcuffed, put a bag on their heads, put them in a van, and took them towards the region. The businessman took the phone and tortured with a blowtorch, demanded to provide the password from the wallet, and after receiving it, they stopped the car and threw the prisoner out in the forest. On January 17, 2023, security officials detained two accused in southeastern Moscow: Roman Safonov and Roman Obrezkov - both of whom had previously been prosecuted.
American stole 712 confiscated bitcoins from police
Gary James Harmon embezzled the cryptocurrency, which was seized by the federal government as part of his brother's criminal case. This was announced on January 10, 2023 by the US Department of Justice. Read more here.
Investors lost $4.2 billion due to bankruptcy of crypto platform
On January 4, 2023, a U.S. bankruptcy court in the Southern District of New York ruled that the bankrupt Celsius Network crypto platform was not required to return the funds to its investors. Read more here
2022
$11.5 billion in cryptocurrency lost in the world due to hackers and scammers in a year
In 2022, on a global scale, approximately $11.5 billion in various cryptocurrencies was lost due to hackers and fraudsters. Such data are contained in the TRM Labs report, published at the end of June 2023.
It is said that, contrary to expectations, the fall in cryptocurrency prices from 2021 did not have a significant impact on financial losses (in dollar terms) as a result of all kinds of fraudulent schemes related to digital assets. So, in 2022, users around the world lost at least $7.8 billion due to financial pyramids. Another $3.7 billion was stolen through hacks and through the spread of exploits. Approximately $1.5 billion was spent on a platform on the darknet, which specialize in the sale of prohibited drugs.
The report says that in 2016, two-thirds of the volume of theft of cryptocurrencies was bitcoin. In 2022, this figure was less than 3%. At the same time, Ethereum (68%) and Binance Smart Chain (19%) dominated. Approximately $2 billion of the total stolen funds was stolen as a result of attacks on firewalls that allow cryptocurrencies to be transferred from one blockchain to another.
The authors of the study note that attackers use a variety of schemes to steal cryptocurrency assets. This is blackmail and extortion, market manipulation, malware distribution, phishing, etc. It is estimated that 2022 was a record year in terms of the number of hacks aimed at stealing funds in cryptocurrencies. The most common type of attack in 2022 was exploits (57 incidents), followed by attacks on infrastructure (52 cases) and attacks on protocols (45 incidents). On average, experts recorded about 15 attacks per month, that is, about one hack every two days.[14]
For 6 years, hackers stole $721 million worth of cryptocurrency from Japanese users. This is 30% of the damage in the world
Hacker groups associated with North Korea have stolen cryptocurrency assets totaling approximately $721 million from Japanese users since 2017. Such data are given in a study by the British company Elliptic, the results of which were released on May 15, 2023.
According to Elliptic, which specializes in analyzing blockchain platforms, between 2017 and 2022, cybercriminals related to North Korea stole about $2.3 billion in cryptocurrency globally. Approximately 30% of this amount fell on Japan. The report states that Pyongyang targeted other countries' crypto assets in order to obtain foreign currency, which is necessary for the implementation of the North Korean missile program.
According to the calculations of experts of the UN Security Council, in 2022 alone, North Korea stole cryptocurrencies worth from $600 million to $1 billion, which is twice as much as the previous year. Elliptic experts estimate the volume of theft at the end of 2022 at $640 million.
The study says North Korea uses two main types of cyberattacks: hacker intrusions and the proliferation of ransomware. Elliptic's analysis suggests that preference is given to the first of these types of cybercrimes. North Korean hackers have focused on hacking cryptocurrency exchanges, since this type of attack can be of great financial benefit, while the introduction of ransomware is far from always effective - many companies simply refuse to pay the ransom.
According to the Japanese Foreign Trade Organization, $721 million stolen by North Korean hackers is 8.8 times the volume of DPRK exports in 2021. The actions of cybercriminals from North Korea from 2017 to 2022 also seriously affected Vietnam ($540 million in stolen funds in cryptocurrencies), (USA $497 million) and (Hong Kong $281 million).[15]
The number of hacker attacks on crypto projects increased 6 times, losses due to them - up to $3.9 billion
In 2022, users of cryptocurrency services lost about $3.9 billion due to cyber attacks. Such data at the end of March 2023 were cited by the Russian service for analytics of cryptocurrency assets "SHARD."
According to analysts, in 2022 the number of hacker attacks on crypto projects increased sixfold compared to 2020 - to 300 from 50. So, in 2022, the platforms Maiar, Crypto.com, Derbit, Beanstalk, BSC Token Hub and Qbit were hacked. The study notes that the time intervals between hacks are reduced from time to time, and hackers are increasingly switching their attention to new attack objects, shifting their focus from centralized exchanges to DeFi services and blockchain bridges.
According to experts from the SHARD company, which most often hackers steal Ethereum tokens, which are subsequently exchanged for USDT. The study also notes that centralized exchanges (CEX), which accounted for 70% of all hacked services in 2020, have become much less likely to be attacked in three years. In 2022, CEX hacks account for only 10% of the total number of hacker attacks.
Analysts at Immunefi, a blockchain security company, agree that in 2022 the losses of the cryptocurrency industry in 2022 from the actions of hackers and fraudsters amounted to about $3.9 billion. This is 47.4% more than in 2021, when the total amount of losses was measured at $2.4 billion. According to the report, 95.6% of the lost funds (~ $3.7 billion) were stolen by hackers and only 4.4% of the assets (~ $171.6 million) were lured away from users by crypto fraudsters, including using Rug Pull schemes.
Analysts also stated that the DeFi sector remained the most vulnerable. The loss of projects in the field of decentralized financing reached ~ $3.1 billion, which is about 80% of all cryptopoters in 2022. At the same time, the CeFi sector accounted for only 19.5% of crypto losses (~ $760.5 million[16])
UN: North Korea hackers steal record amount of cryptocurrencies in a year
In 2022, North Korean attackers stole a record amount of cryptocurrency assets. This is stated in the report of the United Nations, which was released on February 6, 2023. Read more here.
Hackers stole a record $3.8 billion from crypto exchanges
In 2022, cybercriminals stole approximately $3.8 billion from cryptocurrency exchanges, a record amount in the history of the market. Such data in early February 2023 was published by the analytical company Chainalysis. Read more here.
Blockchain hackers steal $3.5 billion worth of cryptocurrencies
On January 11, 2023, Slowmist Hacked and Atlas VPN published the results of a study according to which the volume of cryptocurrency assets stolen by hackers from various blockchain platforms amounted to approximately $3.5 billion in 2022.
It is reported that the main goals of cybercriminals were blockchain bridges and the Binance Smart Chain (BSC) ecosystem. In total, they lost more than $2 billion as a result of 92 hacks and fraudulent schemes. These figures are calculated based on cryptocurrency conversion rates at the time of a specific attack. In particular, 16 attacks were carried out on blockchain bridges, as a result of which about $1.2 billion was stolen. The BSC ecosystem has lost more than $870 million in 76 attacks or fraudulent schemes.
Ethereum's infrastructure was also affected, with 49 incidents reported that resulted in the loss of more than $500 million in cryptocurrencies. Other cryptography-related projects and platforms have been targeted in 48 hacks, resulting in losses of about $370 million. In 2022, attackers hacked into the Solana ecosystem 12 times, allowing them to steal approximately $196 million. In addition, 57 attacks were recorded in the NFT space: losses amounted to almost $90 million.
In total, in 2022, blockchain hackers launched 301 attacks. This is 27% more than in 2021, when researchers recorded 237 similar incidents. Although in the second half of 2022, the activity of attackers decreased slightly, the number of attacks for the year as a whole turned out to be a record.
| | Despite the cryptocurrency market falling in 2022, cybercriminals still target networks and exchanges for financial gain. As blockchain technology becomes more common, the potential to profit from hacking such systems becomes even more significant, the researchers note.[17] | |
Hacker theft of $3 million from BTC.com
On December 26, 2022, a company BIT Mining Limited operating one of the world's largest mining pools cryptocurrencies BTC.com reported a hacker attack that resulted in attackers stealing approximately $3 million. More. here
Record number of cryptocurrency thefts
On December 29, 2022, the Finbold report was released, saying that the security situation in the cryptocurrency sector continues to deteriorate. In 2022, a record number of incidents aimed at stealing digital assets was recorded.
Experts note that anonymity and the lack of regulation in the cryptocurrency market play into the hands of attackers. To confuse the investigation, cybercriminals use several wallets and exchanges. During attacks, schemes such as phishing, keylogging and social engineering are actively used. On the other hand, centralized platforms have managed to improve security by implementing strict protocols and using anti-money laundering tools.
It is reported that as of December 9, 2022, 190 incidents related to the theft of cryptocurrencies were recorded. This is 43.93% more than the result for 2021, when 132 thefts were carried out. For comparison: in 2011 there were only four such cyber incidents, in 2017 - nine, in 2018 - 38.
The ten largest crypto maps in 2022 brought criminals $4.28 billion. In the first place in this anti-rating is the robbery of the Ronin Network (Axie Infinity) in March 2022, when attackers stole digital assets worth $620 million. This is followed by an attack on, Poly Network bringing in $610 million. The hack closes the top three Binance in October 2022: losses amounted to approximately $570 million. In fourth place is the incident with: Coincheck hackers were able to steal assets worth $532 million. The bankrupt FTX is on the fifth line: an attack on this exchange allowed cybercriminals to get rich by $477 million. The incident with MT Gox ranks sixth - losses amounted to $470 million. In addition, the top ten included attacks on Wormhole ($326 million), KuCoin ($281 million), PancakeBunny ($200 million) and BitMart ($196 million).[18]
Hackers hacked into BitKeep users' crypto wallets and stole $8 million in assets
On December 26, 2022, the BitKeep service announced the hacking of the eponymous crypto wallets: unknown attackers stole digital assets valued at millions of dollars. Read more here.
Fraudsters detained in Spain who lured half a million euros in bitcoin from a businessman from the Russian Federation
The National Police Spain in December 2022 detained eight people who fraudulently lured half a million euros from a Russian businessman. bitcoins This is stated in a distributed press release from the kingdom's law enforcement agencies.
According to them, law enforcement officers stopped the activities in Benidorm (autonomous community of Valencia) of a criminal group that was engaged in fraud. In particular, the suspects posed as members of the Spanish Civil Guard.
The investigation began in January 2022 after a complaint from a Russian entrepreneur. He assured that two people who claimed to be law enforcement officers stopped his car and assured that an arrest warrant was in effect against him at the request of the Russian Federation. Fraudulently, with the help of accomplices, the suspects allegedly lured half a million euros from him in bitcoin.
63 arrested in China in case of laundering 12 billion yuan using cryptocurrency
On December 10, 2022, it became known that law enforcement agencies in Inner Mongolia (an autonomous region in northern China) arrested more than 60 people for laundering 12 billion yuan (approximately $1.7 billion) using cryptocurrency technologies.
It is reported that starting in May 2021, the cybercriminal gang received funds from the organizers of online pyramids, gambling and other fraudulent programs. The money was subsequently converted into Tether, a cryptocurrency token issued by Tether Limite. According to documents published by the Public Security Bureau of the city of Tongliao in Inner Mongolia, the funds were distributed to several anonymous crypto accounts, and then converted into yuan.
A total of 63 people have been arrested. It is said that the attackers used the Telegram messenger to communicate and hire people to create crypto accounts. Each member of the group received a commission depending on the amount of cryptocurrency transactions processed by him. More than 200 police officers were involved in the case. The investigation was hampered by the use of cryptotechnologies by criminals.
It is said that the case was initiated in July 2022 due to the fact that more than 10 million yuan in cash was deposited into one of the accounts with a local bank every month. This raised suspicions of money laundering. Law enforcement agencies tracked down suspects in various countries, including Bangkok and Thailand. According to a police statement, profits of about 130 million yuan made as part of an illegal business were confiscated. Despite Beijing's ban on trading and mining cryptocurrencies, from June 2021 to July 2022, China recorded a total volume of transactions in this segment worth more than $220 billion.[19]
Using the service to identify critical currency fraudsters
In December 2022, it became known that Russian police use the digital service "Personal Account of a Law Enforcement Agency," which helps to identify cryptocurrency fraudsters. Read more here.
Deception of VIP customers through Telegram chats
On Microsoft December 6, 2022, the corporation revealed a information new type aimed cyber attacks at VIP customers. cryptocurrency exchanges Attackers carry out carefully planned attacks using the popular Telegram messenger for this. More. here
Abduction of a Muscovite demanding to provide a password from a crypto wallet
Unknown in masks and camouflage kidnapped an entrepreneur from Moscow. They demanded a password from a crypto wallet with 250 bitcoins (a quarter of a billion rubles), writes Baza.
30-year-old Andrei Lifanov was kidnapped on December 1, 2022 - a man was sitting in his Bentley, when suddenly a minivan drove up to the car and several people in camouflage jumped out of there. Lifanova was handcuffed, a bag on her head and put in a car, after which she was taken away in an unknown direction. According to the man, the kidnappers took out a blowtorch in the car and demanded that he provide the password for the crypto wallet.
Lifanov had 250 bitcoins on his account - at today's exchange rate this is 262 million rubles. The man was frightened for his life and gave the password, after which the kidnappers stopped the car and threw the prisoner out. Having removed the package from his head, Lifanov found himself in some kind of forest near the village of Saburovo in the Moscow region.
After his release, Lifanov caught a taxi and went straight to the police to write a statement. Interestingly, the criminals have not yet been able to take possession of the money - bitcoins are still on Lifanov's account. A criminal case on robbery was initiated.
Two fraudsters of Estonian cryptomaphy who stole $575 million arrested
In November 2022, it became known about the arrest in Tallinn of two Estonian citizens Sergei Potapenko and Ivan Turygin. They are accused of cryptocurrency fraud worth $575 million, as well as money laundering. Read more here.
A gang of false brokers deceived 17 thousand Spaniards for 2.4 billion euros on the topic of cryptocurrencies
A group of fraudsters have long deceived naive citizens in Spain who wanted "easy money" from buying cryptocurrency. The swindlers were uncovered by members of the Spanish Civil Guard.
As noted in a widespread press release from the kingdom's law enforcement agencies, a gang of false brokers earned about 400 euros per minute from the trust of their victims, whom they asked to simply invest in digital currency.
"The number of victims of the group in Spain has exceeded 17 thousand people," the message says in November 2022.
At the same time, according to the police, during their criminal activities, fraudsters managed to steal about 2.4 billion euros from the victims.
According to the Spanish Civil Guard, the deception scheme turned out to be extremely simple - false brokers pretended to be employees of call centers located in Albania, imitating the work of a large financial organization.
The investigation into the activities of the criminal group has been conducted for almost 4 years. At the same time, the first complaint about the fraudsters came back in 2018 from an elderly woman who "gave" the attackers more than 800 thousand euros.
She said that she was contacted by a "finance expert" who offered to make millions of investments in cryptocurrency. The result of such a "business," as is usually the case, turned out to be predictable - the "thieves" installed a special program on the victim's computer that allowed them to access all of her bank accounts.
US Department of Justice confiscated $3.3 billion from an American who robbed a trading platform for 50 thousand bitcoins
In early November 2022, the US Department of Justice confiscated bitcoins worth more than $3.3 billion from hacker James Zhong, in 2012 he stole 50 thousand bitcoins from the anonymous Internet trading platform Silk Road. Read more here.
Interpol created a unit to combat crypto crimes
On October 17, 2022, Jürgen Stock, Secretary General of the International Criminal Police Organization (Interpol), announced his intention to strengthen the fight against cryptocurrency-related crimes. To do this, a special unit based in Singapore was formed. Read more here.
SIM swap scam victim wins multimillion-dollar lawsuit against 15-year-old fraudster
A 15-year-old teenager conducted a scam with cryptocurrency for $24 million and bribery of a telecom operator. This became known on October 17, 2022.
The victim of a SIM card scam, which lost $24 million in cryptocurrency, won a multimillion-dollar lawsuit against a 15-year-old fraudster.
Ellis Pinsky is required to pay $22 million to fraud victim Michael Turpin, according to court documents. The fraud was the substitution of a SIM card and the theft of Turpin's cryptocurrency. Earlier, the criminal returned $2 million to his victim.
At the time of the crime in 2018, Pinsky was a student at a New York City high school. Pinsky, who is 20 for October 2022, also agreed to testify against AT & T.
The teenager was not charged with a crime because he was a minor at the time of the theft. Therefore, he immediately began to cooperate with the police.
Pinsky wrote a Python script with which he searched social networks for people working in the field of cellular communications, and offered them a small amount in bitcoin to replace a SIM card. This type of fraud is called SIM-Swapping (Port Out).
After an AT&T employee swapped the SIM card, Pinsky and his co-conspirator were found file in an account Outlook information with a crypto wallet, which was then used to withdraw money, according to Pinsky's testimony. Pinksy and his accomplice stole 3 million TRIG coins (at that time each cost more than $7), and transferred them to bitcoin. TRIG has since dropped to less than $0.2 per coin.
Also in 2018, Turpin sued AT&T for $240 million for failing to protect a client from a teenage fraudster. It has been a long case, full of legal manoeuvres on both sides, but the case is pending until October 2022.
In February 2020, a judge rejected AT&T's attempt to dismiss the case, noting that Turpin had presented sufficient evidence that American telecommunication the giant should defend its position before a jury.
Later in 2020, a judge dismissed a damages lawsuit Turpin filed against AT&T but allowed the case to proceed. The next hearing is scheduled in a Los Angeles federal court in May[20].
FBI details emerging cryptocurrency fraud FBI
The FBI has warned of a rise in cryptocurrency fraud called "Slaughtering Pigs," in which attackers steal cryptocurrency from FBI investors. This became known. The warning was published on October 5, 2022 to raise awareness of cryptocurrency investors, who are increasingly becoming victims of this kind of fraud.
Cutting pigs (The Pig-Butchering Scam) is a scam using social engineering, when scammers contact victims ("pigs") on social networks and enter into trust in the process of prolonged correspondence, offering friendship or romantic communication. Sometimes scammers impersonate the victim's real friends.
At some point in the correspondence, scammers offer the victim to invest in cryptocurrency on fake platforms. As a rule, such services show huge profits and promises of large interest. The main purpose of these fraudulent sites is to force the victim to invest ever-increasing amounts and not withdraw anything.
And when a victim tries to cash out their investments, the site requires the user to first pay income tax, additional processing fees, international transaction costs, etc.
As a result, the fraudster stops communicating and closes the fake crypto exchange, or the victim gives up, realizing that she was deceived. Fraud can last for months, when the victim already gives huge amounts of funds, from thousands to millions of dollars, to fraudsters.
Cryptocurrency ATMs can also be used in this scheme. Casualties in the scheme range from tens of thousands to millions of dollars.
.png)
The FBI described the main signs of The Pig-Butchering Scam attack:
- You are contacted by a stranger or person with whom you have not communicated for a long time;
- The investment platform URL does not match the official website of the popular exchange, but is very similar. A fake address differs only in subtle typos;
- The downloaded investment application is marked as potentially dangerous by the antivirus;
- The promised returns on investment are too large.
Victims of this attack are encouraged to report this to the Internet Crime Complaint Center (IC3), giving as many details as possible to help law enforcement agencies track down fraudsters[21].
Kim Kardashian paid a $1.3 million fine for advertising cryptocurrency
On October 3, 2022, Kim Kardashian decided to pay a fine of $1.26 million to the Securities and Exchange Commission (SEC) in order to settle civil charges after the reality star published information about the crypto asset EthereumMax on Instagram (owned by Meta, which in Russia is recognized as an extremist organization and banned). Read more here.
Erbium steals credit card and crypto wallet details
Erbium malware spreads under the guise of cheats for games and tries to intercept data from a large set of cryptocurrency wallets installed in web browsers as extensions. This became known on September 27, 2022. Read more here.
British crypto market Wintermute lost assets worth approximately $160 million as a result of a cyber attack
The British crypto market Wintermute lost assets worth approximately $160 million as a result of a cyber attack. This became known on September 21, 2022. Read more here.
Search for Terraform Labs co-founder Do Kwon, who destroyed $60 billion worth of cryptocurrencies
In September 2022, South Korea announced that Interpol had asked law enforcement agencies around the world to find and arrest Terraform Labs co-founder Do Kwon, who was charged with destroying $60 billion worth of cryptocurrencies he created.
Terraform Labs was behind the algorithmic stablecoin TerraUSD and its sister token Luna.
Interpol issued a "red notice" - this is "a request to law enforcement agencies around the world to find and temporarily arrest a person awaiting extradition, surrender or similar legal action."
Russian-speaking scammers massively attack crypto investors from Europe and the United States
On September 16, 2022, the company Group-IB announced that it had recorded in the first half of 2022 a fivefold increase in the number of domain names for crypto scams through fake streams on - YouTube channels on behalf of, and Elona Musk Vitalika Buterina the president - states Salvador Nayib Bukele. According to a study by Group-IB "Anatomy of Cryptoscam," 63% of fresh fraudulent domains were registered the Russian with registrars, but almost all resources are aimed at international crypto investors.
According to the company, for the first time a sharp increase in the number of fraudulent broadcasts on YouTube with the participation of star entrepreneurs Vitalik Buterin, Elon Musk, Michael Sailor and Catherine Wood, specialists from the Incident Response Center information security CERT-GIB (24/7) recorded in February 2022. This fraudulent scheme was called Fake Crypto Giveaway: famous people allegedly advertized crypto projects and suggested that investors go to a promo site to double the amounts invested - transfer crypto coins or tokens to the specified address, or report a seed phrase from a crypto wallet for even more favorable terms. The site, of course, was fraudulent, as a result of which the victims lost the sent cryptocurrency or all contents of crypto wallets.
Group-IB experts emphasize that the scheme has seriously scaled in six months: in the first six months of 2022, CERT-GIB specialists discovered the registration of more than 2,000 domain names for fake promotional sites. This is almost five times more than in the second half of 2021, and 53 times more when compared year to year. The rapid growth in the number of domain names is explained by the fact that in February 2022 there were automated tools for launching a fraudulent scheme that do not require special technical knowledge from cybercriminals. In July, Group-IB Digital Risk Protection experts recorded up to five fraudulent broadcasts a day.
Among the stars - "lures" turned out to be the President of El Salvador Nayib Bukele, and recently began advertising promotional sites with football player Cristiano Ronaldo. It is no coincidence that both advertising faces were chosen by scammers. In 2021, El Salvador became the first state in the world to declare bitcoin a legitimate means of payment - largely at the initiative of the country's president. Cristiano Ronaldo became the first footballer to receive a cryptocurrency award - the Juventus club awarded athlete tokens in the number of goals scored throughout his career. And in June 2022, the crypto exchange announced cooperation with the footballer. Binance
According to Group-IB, more than 60% of domain names of sites for crypto scaffolds were registered with Russian domain registrars, however, international domain zones were mainly used, since the purpose of such resources is coins owned by owners of crypto wallets from Europe and the United States. All descriptions for videos and promo sites are made in English. The top 5 most popular domain zones of cryptocurrency sites of swindlers included:.com (31.65%),.net (23.86%),.org (22.94%) and.us (5.89%).
Having studied domain names, Group-IB analysts have compiled a rating of cryptocurrencies and projects, the names of which fraudsters play most often, which means that they bring the most income. First of all, these are ETH (Ethereum, "ether"), Ark (ARK Invest), Elon Musk with defunct crypto projects from Tesla and SpaceX, as well as Shiba (Shiba Inu token ).
The main channel for attracting traffic to fraudsters' sites is YouTube, but there have been attempts to use Twitch for cryptostrims. On average, the number of viewers of fake broadcasts is 10,000 - 20,000, taking into account the "twisted " bots. To conduct fake streams, attackers themselves either "steal" YouTube channels using stillers, or buy/rent them on shadow forums at a percentage of theft, usually 10% - 50% of the streamer's earnings. The price of a lot on an account exchange largely depends on the number of subscribers. The more of them the channel has, the more complaints it can "sustain" before the platform blocks it. For example, among the channels recently hacked or captured by crypto fraudsters, you can find an account created in 2011 with 50,600 subscriptions, but older ones came across, including even a million subscribers.
After the account is in the hands of the cryptostrimer, it is renamed, all previous videos are removed from the playlist, the avatar is changed, other design elements are added and videos about investments or projects of business stars are uploaded. By launching a broadcast on the channel, scammers wind up views to bring the video to YouTube tops and recommendations for the target audience - "live" users who are interested in cryptocurrency investments. On shadow forums, such proposals are among the most frequent. For example, "wind up" a thousand viewers for the broadcast will cost about $100, five thousand viewers - $200.
Group-IB analysts have discovered a whole underground market on the scammers' forums, allowing even a beginner who is not immersed in technical details to sell the crypto scam. At the service of fraudsters, not only the exchange of hacked YouTube channels and services for cheating viewers, but also manuals for implementing the scheme, site designers, administrative panel developers, ready-made domain names, safe hosting, production of special videos for streaming. For their work, "mentors," "designers," "promotion specialists" and other contractors take an advance payment and a percentage of the stolen funds.
The most popular service is cryptostrim design. The average price for it varies from $100-300, depending on the set of services. Separately, a high-quality video for a cryptostrim with a deepfake of a famous person and voice acting, which are promised in advertising, will cost about $30.
Another popular service is the development of promotional sites to which victims are linked in the stream. As a rule, this is a one-page resource with all the information about the fake crypto project. The price of a ready-made landing for a scam can vary from $200 to $600, depending on the "freshness" of the design.
Prices for training materials start at $100 and are not limited to a fixed price. You can find ads 2-in-1: about the sale of "textbooks" and training at a percentage of the stolen.
There are proposals on the darknet for developing the entire fraudulent turnkey project. The most interesting proposals relate to the so-called toolkits - tools that allow you to implement all the stages of the scheme from a "single window" and automate most processes. Subscription to an advanced toolkit costs fraudsters from $500 to $1,500 per month.
| | Recently, there have been reviews on underground forums that cryptocurrency fraud has outlived its usefulness, but active domain name registration and ongoing daily streams suggest otherwise. The intensity of attacks on gullible crypto investors is growing and coverage is increasing. We see the reason in the simplicity of the implementation of the scheme due to the automation of processes and cooperation in the cybercriminal community. The emergence and development of such a market suggests that investments in crypto scams pay off and continue to bring large revenues to cybercriminals on the scale of Internet fraud. noted Yaroslav Kargalev, Deputy Head of the Incident Response Center (CERT-GIB, 24/7) | |
How not to become a victim of crypto fraudsters:
- Group-IB specialists advise you to be sure to check information about the conditions of investment, for example, on the official website of the crypto project. If the official resource does not contain information about "unique offers," promotions, distributions that users learned about from a third-party source, then this means deception and an attempt to seize funds and a wallet.
- Under no circumstances can you inform the seed phrase of the wallet to third parties. It is necessary to remember: who has a seed phrase - he has a wallet. Password managers are suitable for storing seed phrases. To minimize the risk of leakage, it is desirable that they are not cloud-based, but installed on a personal device.
- It is necessary to study the experience of other crypto investors - as a rule, someone has already encountered a similar situation and has already written a review. You need to be extremely careful about stocks and draws.
- If a user has already given his cryptocurrency to scammers and wants to return his funds, then he risks being deceived twice. Fraudsters often appear under the guise of a person who writes on the forum that he wants to help.
- Even if the user is far from crypto investments, but owns a YouTube channel, then he may be the target of attackers. All necessary measures must be taken to protect your account. Mail linked to an account must have two-factor authentication and a complex password, which is regularly changed using the password manager. The devices from which the account is accessed must have the latest operating systems installed, as well as antivirus protection tools. And, of course, all channel administrators must comply with these security rules.
The founder of the Turkish crypto exchange Todex, who deceived investors by $2 billion, was arrested
In August 2022, the founder of the Turkish crypto exchange Todex was arrested in Albania, who in April 2021 deceived investors for more than $2 billion - now he faces a term of 12,164 years to 40,564 years in prison (according to Turkish laws).
For 7 months, hackers stole $1.9 billion in cryptocurrencies around the world
On August 16, 2022, the analytical company Chainalysis published a report according to which, since the beginning of the year, hackers managed to steal $1.9 billion in various cryptocurrencies against $1.2 billion for the entire 2021.
The volumes of cryptocurrency transactions in 2022 for both illegal and legitimate organizations lag behind the 2021 figures for July. Overall, criminal activity is proving more resilient in the face of lower prices, with illegal transactions down just 15% over the year, compared to 36% for legal transactions. However, the cumulative data does not reflect all events. If you consider specific forms of cryptocurrency crimes, it turns out that some of them did rise in 2022, and others decreased more than the market as a whole.
Fraud revenues are often determined by large cases, such as PlusToken, which made more than $2 billion from victims in 2019, or Finiko, which earned more than $1.5 billion in 2021. So far in 2022, none of the identified scams is approaching the level of either.
The largest scam in the first half of 2022 brought cryptocurrency worth $273 million, which is only 24% of Finiko's revenue at the end of July 2021. However, there is a downside to this: Because total fraud income in 2022 is often determined by one or two major scams, it is possible that some special case may emerge or be identified before the end of the year that will reverse the downward trend in fraud income seen in 2022.
It seems that this trend will not change soon: in the first week of August 2022, a cross-chain bridge Nomad in the amount of $190 million has already been hacked and several wallets Solana in the amount of $5 million have been hacked, researchers say.[22]
Large-scale phishing campaign uses Microsoft Azure and Google Sites to steal cryptocurrencies
A large-scale phishing campaign uses Microsoft Azure and Google Sites to steal cryptocurrencies. This became known on August 11, 2022. Read more here.
$3.4 billion cryptocurrency fraud suspects detained in South Korea
On August 11, 2022, it became known that employees of the South Korean prosecutor's office made the first arrests during the investigation of foreign exchange transactions in the amount of $3.4 billion for potential links with illegal activities related to cryptocurrencies. Read more here.
Hackers cleaned more than 7,000 wallets via Solana protocol
In July 2022, hackers cleaned more than 7,000 cryptocurrency wallets through the Solana protocol. Stolen SOL and USDC.
Hackers stole almost $200 million in cryptocurrency from Nomad blockchain bridge
In July 2022, hackers stole almost $200 million in cryptocurrency from the Nomad blockchain bridge, writes CNBC.
"Hackers in another attack withdrew almost $200 million in cryptocurrency from Nomad, a tool that allows users to exchange tokens from one blockchain network to another," the channel said.
Developers of the meme cryptocurrency TeddyDoge robbed users of $4.5 million, stealing all the money
The developers of the TeddyDoge meme cryptocurrency robbed users of $4.5 million, stealing all the money. The TEDDY project token collapsed by 99% in July 2022.
US scam spree with fake apps
A cryptocurrency scam worth millions of dollars was carried out. This became known on July 19, 2022.
Phishing investment apps steal cryptocurrency from investors.
| | The FBI watched as cybercriminals contacted American investors offering cryptocurrency investing services and urged people to download fraudulent apps. Attackers used applications to lure investors out of their cryptocurrency, the FBI said in a statement. | |
According to the FBI, the campaign led to 244 victims, and losses are estimated at $42.7 million between October 4, 2021 and May 13, 2022. Attackers disguise themselves as names and logos of legitimate organizations to create phishing applications in order to lure investors.
The FBI noted 3 cases in which fraudsters posed as one American financial firm and two companies YiBit and Supayos (Supay) to deceive 34 victims worth about $10 million. Cybercriminals tricked investors into downloading fake cryptocurrency apps and stealing users' funds credited to the account.
| | Financial institutions should warn their customers about these activities and inform them about whether the company offers services related to cryptocurrency, the FBI warned, urging investors to monitor unwanted requests to download investment applications from unreliable sources[23] of[24]. | |
In the first half of 2022, hackers stole a $2 billion Kritovalyut
In the first half of 2022, hackers stole a $2 billion Kritovalyut. This became known on July 7, 2022.
Interest in cryptocurrencies is waning globally - the NFT market is shrinking and bitcoin is experiencing its worst drop in 11 years, but that's not stopping criminals from continuing to extract millions by preying on various projects in the space.
According to Kommersant, VPN Atlas and Slowmist Hacked, in the first half of 2022, during 175 attacks, hackers stole cryptocurrencies and other crypto assets around the world for a total of $1.97 billion. More than half of the losses occurred in various projects of the Ethereum ecosystem, the participants of which lost a total of $1.014 billion as a result of 32 attacks. The largest was the hacking of the Ronin sidechain involved in the NFT game Axie Infinity. The attackers withdrew approximately $625 million in assets from the project's crosschain bridge.
The second place in the list was taken by the Solana network with related projects. Hackers stole $383.9 million for just five attacks. The top three is closed by the BNB Chain ecosystem (formerly Binance Smart Chain) with losses of $141.4 million[25].
The FBI announced a reward of $100 thousand for information about the Bulgarian Kryptokoroleva
On June 30, 2022, the Federal Bureau of Investigation (FBI) officially included Bulgarian Ruzha Ignatova in the top ten most wanted criminals. The agency offers a reward of up to $100 thousand for information leading to the arrest of a criminal who is accused of fraud worth $4 billion. Read more here.
Hacker withdrew nearly $100 million in Ethereum cryptocurrency assets from Harmony
The attacker withdrew cryptocurrency assets Ethereum totaling just under $100 million from the blockchain company. Harmony This became known on June 28, 2022. More. here
100 thousand Indians lost $12.81 billion due to cryptocurrency fraud scheme
In mid-June 2022, it became known that due to the cryptocurrency piramiad, GainBitcoin more than 100 thousand Indians lost over 1 trillion rupees (about $12.81 billion). Such data are contained in the documents of the court case dedicated to this fraud. More. here
Hackers hacked Deus Finance and stole $13.4 million cryptocurrency
April 29, 2022 it became known that hackers hacked Deus Finance and stole cryptocurrency for $13.4 million
The decentralized finance project was hacked for the second time in 2 months.
According to the researchers, an unknown attacker used the exploit, taking advantage of an error in the flash credit. Instant loans are loans taken with the requirement that the borrowed amount be returned in the same block.
The hacker was able to artificially inflate the value of some assets, borrow funds within the protocol and make a profit after repayment of the loan. Thus, the cybercriminal managed to earn $13.4 million.
In March, an unknown attacker attacked the project in a similar way and stole $3 million[26].
Axie Infinity crypto game users stole $620 million
In mid-April 2022, the United States announced that the North Korean hacker group Lazarus was responsible for the multi-million dollar theft of cryptocurrency from the Axie Infinity game, where players can earn cryptocurrency. Read more here.
Large-scale fraudulent schemes with digital currencies and NFT revealed
On April 8, 2022, Group-IB announced the discovery of another wave of cryptocurrency and NFT fraud. On behalf of star entrepreneurs - Elon Musk, Brad Garlinghose, Vitalik Buterin - attackers launch fake streams on YouTube and, under the pretext of doubling investments, steal cryptocurrency or access to crypto wallets. About three hundred transactions from deceived crypto investors brought swindlers more than $1.6 million.
According to the company, in just three February days - from February 16 to February 18, 2022 - specialists Group-IB Digital Risk Protection (DRP) and the Incident Response Center information security CERT-GIB identified 36 fraudulent online broadcasts dedicated to profitable investments in cryptocurrencies.
Most often, attackers used the image of Ethereum creator Vitalik Buterin, Elon Musk, Brad Garlinghose, Michael J. Sailor, Changpeng Zhao and Catherine Wood. Naturally, none of them suspected broadcasts - their videos were cut from earlier legal videos and remounted into fraudulent streams.
The fake broadcast with Vitalik Buterin attracted more than 165,000 viewers. On average, one such stream has from 3,000 to 18,000 viewers. During broadcasts, star "cryptostrimers" talked about the advantages of investments and offered to increase their cryptocurrency capital by at least two times by transferring tokens to the specified address or QR code with reference to the crypto wallet.
Of course, the audience did not have any doubling of crypto capital, and in some cases the victim risked losing all his savings. 281 transactions worth more than $1,680,000 (at the February 2022 exchange rate) were transferred to all crypto wallets of cybercriminals that CERT-GIB specialists managed to analyze. Among all cryptocurrencies, Ethereum turned out to be the most popular among scammers - $933,963.
To get an additional bonus, the attackers suggested that the investor inform the seed phrase from his crypto wallet. If the victim agreed, control over her wallet passed into the hands of fraudsters, and they withdrew all funds.
When investigating a scheme with fake crypto translations, a scam was identified aimed at buyers and dealers of NFT pictures. The heroes of the broadcast - well-known characters in cryptomyr (for example, Gary Vaynerchuk, aka Gary Vee) discussed the purchase of promising NFT works, which can later be resold at least 10 times more expensive. The link in the video description led to a phishing site, where customers were promised one NFT in exchange for crypto wallet metadata: password and account access recovery key.
| | In the three months of 2022, more than 580 domain names related to fraudulent distributions were registered, which is 3 times more than in all of 2021. The bulk of the domains involved in the broadcasts have appeared since February 13, 2021 through the Russian registrar Reg.ru. Analysis of the domain infrastructure showed that several resources are connected and registered per person. noted deputy Yaroslav Kargalev, head of CERT-GIB | |
Group-IB experts recommend always checking information about investment conditions, for example, on the official website of the crypto project. If the user does not find information about the event currently taking place, then they are trying to deceive the user - regardless of what actions require.
Under no circumstances can you inform the seed phrase of the wallet to third parties. Password managers are suitable for storing seed phrases, and to minimize the risk of leakage, it is desirable that they are not cloud-based, but installed on a personal device. The main thing to remember: who has a seed phrase - he has a wallet.
It is necessary to study the experience of other crypto investors - as a rule, someone has already encountered a similar situation and has already written a review. It is necessary to treat stocks and draws with extreme caution.
Russian court first arrested stolen cryptocurrency
On April 5, 2022, a Russian court for the first time allowed the arrest of stolen cryptocurrency. A precedent in the judicial practice of the Russian Federation occurred in St. Petersburg.
The district court allowed the investigation to seize 24 of the accused's crypto wallet in the case of theft of Ethereum currency, TASS reports, citing the joint press service of the St. Petersburg courts (OPS).
According to investigators, in 2017, the plaintiff bought Ethereum in the amount of 7,000 (at that time about $56 thousand) and sent it to a crypto wallet for storage. The accused got illegal access to information about the wallet and blocked it for the plaintiff. Having gained control of the wallet, the attacker transferred Ethereum to his wallet.
After the victim appealed to law enforcement agencies, a criminal case was initiated under the article on unlawful access to computer information (part 2 of article 272 of the Criminal Code of the Russian Federation), as well as under the article on theft (part 4 of article 158 of the Criminal Code of the Russian Federation). Subsequently, investigators found that the cryptocurrency address cluster used by the kidnapper contained 24 crypto wallets from the victim's Ethereum, but already in the amount of 4,000 ETN. As a result, the prosecution asked to arrest these crypto wallets, and the demand was satisfied.
The court explained that the main difference between cryptocurrency and funds is only the way they arise, and since the concept of cryptocurrency is not enshrined in law, its designation as "other property" in the prosecution, as well as in the petition for arrest, is permissible.
| | Cryptocurrency is used as a means of payment, investment and accumulation of savings, that is, it has material value, respectively, is recognized by the court as other property and indicates the presence of the subject of the crime within the meaning of the note to Article 158 of the Criminal Code of the Russian Federation, which may be seized, the press service of the OPS noted. | |
This decision is precedent - earlier Russian courts did not impose interim measures on cryptocurrencies.[27]
Theft of cryptocurrency for a record $625 million
At the end of March 2022, cryptocurrency worth about $625 million was stolen from the Ronin blockchain project. This is the largest theft of crypto equipment in history. Read more here.
The first case of embezzlement of assets of a cryptocurrency exchange was opened in Russia
On March 22, 2022, it became known about the initiation in Russia of the first criminal case on the embezzlement of assets of the cryptocurrency exchange. Details told the official representative of the Ministry of Internal Affairs of Russia Irina Wolf.
According to the investigation, the suspect in the crime turned out to be one of the actual owners of the Internet trading platform, on which digital financial assets could be bought, sold or exchanged for real money. The attacker controlled the movement of large amounts in cryptocurrency and their transfer to electronic wallets. At the same time, taking advantage of his position, he withdrew part of the funds and appropriated them. The man was detained in a hotel at a private airfield near Serpukhov. According to investigators of the Ministry of Internal Affairs, the man controlled the movement of funds in cryptocurrency and their transfers to electronic wallets, and then withdrew part of the money and appropriated it.
The police found more than 190 million rubles in cash in two suitcases of the suspect. In this criminal case, 29 searches were carried out in the homes of the defendant and his alleged accomplices in Moscow, St. Petersburg, Novosibirsk and Yalta. Over 50 million rubles, $1 million, 70 thousand euros, expensive computer equipment and hardware crypto wallets were seized.
The detainee was taken into custody, after which he was charged under Part 4 of Article 160 of the Criminal Code of the Russian Federation "Appropriation or embezzlement." The man faces up to ten years in prison. In addition, the accounts of the person involved in the case were arrested, and a petition was sent to the court to seize the property of the accused, the cost of which exceeds 2 billion rubles.
By March 22, 2022, all episodes and other participants in illegal activities are established, Volk added. At the same time, the name of the detainee and the name of the cryptocurrency exchange, which he owns, were not disclosed.[28]
According to the deputy chairman of the Arbat MKA Sergei Shugaev, who is involved in helping victims of Wex's activities, we are talking about the arrest of the administrator, the owner of WEX Alexei Bilyuchenko.[29]
Trojans discovered to steal cryptocurrencies from mobile device owners
On March 22, 2022, the company Dr.Web"" announced the distribution Trojan of programs created to steal cryptocurrencies from owners. mobile devices Harmful applications steal secret seed phrases that are necessary to access crypto wallets. At the same time, users of both Android devices and are at risk. smartphones Apple More. here
As a result of hacking the service for cryptocurrency loans Qubit Finance, $80 million was stolen
At the end of January 2022, hackers hacked into the DeFi project Qubit Finance and withdrew $80 million worth of cryptocurrency from its pool. Read more here.
Over 8 thousand domains created by fraudsters for trading in shares and cryptocurrencies
On January 11, 2021, Group-IB announced that it had discovered more than 50 different schemes for fake investment projects and more than 8,000 domains related to fraudulent infrastructure. Those wishing to quickly get rich are offered to invest in cryptocurrencies, the purchase of shares in oil and gas companies, gold, pharmaceuticals and other "assets." In fact, everything turns into theft of money from freshly baked investors or their bank card data. Most of the cases investigated are technically updated "hybrid schemes" - along with traditional phishing, fake mobile terminal applications are used, as well as calls from "personal consultants."
According to the company, fraud with fake investment projects has been observed since at least 2016. It became widespread in 2018-2020 during the boom in private investment in Russia. And since the beginning of 2021, CERT-GIB specialists have recorded an increase in investment Internet scams - over the past 9 months, 163% more domains for investment projects have already been registered than in all previous years.
In general, from the moment the scheme was actively distributed - in 2018 - until the third quarter of 2021, thanks to the network infrastructure graph analysis system, Group-IB specialists discovered more than 8,000 domains involved in the implementation of fraudulent investment projects. It is noteworthy that only one attacker from one postal address from June to July 2021 registered 322 domains that he planned to use to deceive unfortunate investors. In turn, the CERT-GIB 24-hour Cyber Incident Response Center has identified over 50 landing page templates with various ready-made investment scenarios on how to invest money in order to "quickly get rich without much effort." For example, only one group of 150 people lost about 300 million rubles ($4.0 million) by buying bitcoins under the guise of investments on "brokerage exchanges" - deceived investors themselves reported this to Group-IB.
In the spring of 2021, CERT-GIB specialists noticed a massive advertising campaign on social networks, in which well-known entrepreneurs, politicians or ambassadors of brands "offered" private investors to participate in super-profitable investment projects. More often than others, the creator of Telegram, Pavel Durov, appeared in fake posts, who allegedly "contrary to the prohibitions" created the Gram Ton blockcane platform for Russians - a "stronghold of digital resistance." In their advertising posts, the scammers illegally used, including images of Mr. Durov and three overtly populist scams: "Alternative to banks" - about the emergence of a financial platform that allows investors to receive income; "Subsoil to the people!" - about "national projects" for the development of excess profits from oil and gas trade ; "Finance for People" - about admission to "closed" for most investment instruments of real financial organizations.
As a design of landings and advertising posts with calls to invest in dubious projects, attackers illegally used the style of news resources such as Russia-24, Russia Today or RBC. Naturally, these pages had nothing to do with real media companies.
As soon as a novice investor bites at the "bait," he is sent to a questionnaire website from a "well-known bank" or to colorful one-page landings of an investment project. As a rule, all of them are associated with the trade in "crypt," fiat currencies, precious metals, minerals, natural resources, pharmaceuticals. Almost each of the projects promises earnings - 300,000 to 10,000,000 rubles a month. The task of the fraudster is to make the victim believe in the investment project so that she leaves her contact details for communication with a "personal consultant."
After talking on the phone about a project where an allegedly special bot program helps to make money at the auction, the "consultant" invites the user to register in the system and make a deposit of $250. If the client doubts, he may be advised to book a place in the project, making an advance, for example, in the amount of 10,000 rubles through the cryptocurrency exchanger. When connected to the system in the "personal account," the future investor is shown successful results of trade, the growth of his savings, but behind the beautiful numbers there is a void - all these investment projects do not imply withdrawals, only enrollment.
In some cases, the manager asks for the bank card details (including secret codes) with which the potential "participant" plans to make investments, and allegedly sends a request to the bank for approval of the deposit. In fact, the money is simply debited from the account. As in popular vishing schemes with a call from a "bank employee," the operator constantly "leads" the victim through the script, encouraging or persuading him to fulfill all the necessary conditions.
In addition to the described scenario, CERT-GIB specialists have identified a fully automated scheme in which deception occurs without human participation. From an advertising post on the social network, the victim is sent straight to GooglePlay, where a novice investor needs to download a mobile application - a trading terminal. After a short training course, the investor makes a deposit of $250, $500 or $1000, which, of course, is not returned. If a novice player after some time still wants to withdraw his virtual money, the system offers him to pay a "payment gateway commission." Thus, with the help of a fraudulent trading terminal, the investor is deceived again.
| | Each legend offered its own unique approach and earning technique. Fraudsters developing these templates approached the task quite creatively, and such a wide variation in fraudulent scenarios within the framework of this scheme may indicate its success, which, in turn, will lead to the emergence of various scenarios of deception. remarks Yaroslav Kargalev, deputy head of CERT-GIB | |
Group-IB experts warn that the result of participation in such investment projects in most cases is the same - in pursuit of superannuation, people can lose all their savings and, moreover, end up in credit bondage.
2021
The number of cryptocurrency-related sentences in Russia for 4 years increased by 5,000%
The number of cryptocurrency-related sentences in Russia from 2017 to 2021. increased by 5,000%. Alexander Volevodz, head of the Department of Criminal Law, Criminal Process and Criminalistics of the MGIMO Ministry of Foreign Affairs of Russia, cited such data in mid-December 2023.
A total of 2,500 convictions were handed down in cryptocurrency-related cases from 2017 to 2021, he said. Such digital money was either used by criminals to commit crimes, or became the object of their encroachments. At the same time, the category of economic crimes related to cryptocurrency showed significant growth. These include types of crimes such as embezzlement, fraud, financial pyramids, cryptocurrency ICOs and bribery.
According to Alexander Volevodz, the real number of crimes using cryptocurrency can be much higher, and up to 70% of such crimes remain unsolved. He explains this by the lack of legal regulation of cryptocurrencies in Russia and the temporary difficulties faced by law enforcement agencies in conducting cross-border investigations.
Experts believe that the lack of legal regulation of cryptocurrencies in Russia is becoming a serious problem, since criminals can commit crimes related to cryptocurrency outside of punishment. This opens them up to new opportunities for financial fraud and illegal enrichment. Cryptocurrency is becoming more and more popular and in demand among the population, and in this area it is necessary to create a legal framework that will provide protection from criminal acts and will contribute to the development of the digital economy.[30]
The number of criminal cases related to cryptocurrency in Russia increased by 40%
The number of criminal cases related to cryptocurrency in Russia in 2021 increased by 40% compared to 2020 and amounted to 954. This is evidenced by the data of RTM Group analysts.
Criminal cases in 2021 accounted for 62% of the total number of cryptocurrency-related proceedings. Most of them were associated with drug trafficking, the study notes. The number of such cases reached 738.
Other criminal proceedings include the legalization and laundering of money (mainly received for the sale of drugs). Another major category of criminal proceedings is illegal organization and conduct of gambling.
Civil law disputes are most often (in 42 cases) related to the collection of unjust enrichment when purchasing cryptocurrency: for example, if an intermediary transfers a smaller amount to the final buyer than he hoped to receive. At the same time, in five out of six cases, the courts refuse to recover, citing the fact that operations with a "crypt" are risky.
According to Izvestia, citing data from RTM Group, the number of bankruptcy cases related to cryptocurrency ownership doubled in 2021. According to the study, in bankruptcy cases, the "crypt" is mentioned as property, therefore, to prove its ownership, documents must be provided, for example, certificates of its presence in the account. A civil offense is the unaccounted for non-contractual use of electricity for mining, which entails debt collection. Over the past year, Russians had to pay 61.5 million rubles in nine cases, the study says.
According to the manager of RTM Group Yevgeny Tsarev, operations with cryptocurrency in the Russian Federation are risky. At the same time, judicial protection of not all categories of cases is an effective way to restore violated rights due to the high percentage of refusals, he noted.[31]
Over the year, 11.2% of cryptocurrency threats fell on Russia
On February 14, 2022, the international developer of digital security solutions ESET presented a report on the landscape cyber threats in 2021. The largest activity viruses for theft and illegal cryptocurrency mining in the period from September to December was recorded in: Russia 12.3% of all detections in the world. In TOP-3 were (8.3% USA) and (5.5 Peru %). In general, in 2021, the most users suffered from threats cryptocurrency in the same: 11.2% countries accounted for Russia , 6.4% in Peru, attacks 5.8% in the United States.
The most common threat in 2021 was the Win/CoinMiner family of viruses, their share exceeds 50% of all detected. ESET telemetry has recorded the highest activity of this malware family in Russia and the United States.
| | If earlier the main sources of infection with crypto-jacking programs and theft of crypto wallets were torrent resources, free streaming services and sites with content for adults, then in 2021 the number of mobile applications with built-in malicious tools increased. Another upward trend is the distribution of threats through unique NFT tokens, which have become widespread in the computer game industry, commented on the results of the study, head of ESET Threat Intelligence, Alexander Pirozhkov. | |
ESET analysts note that the activity of cryptominers directly depends on digital currency rates. After the decline in the summer and in September 2021, the number of detections of cryptocurrency threats jumped along with the growth rates of the value of Bitcoin - about $68 thousand at its peak in November 2021.
Crypto fraud reaches record $14 billion
In 2021, fraudsters earned a total of $14 billion on all types of cryptocurrency-related crimes, which is 79% more than a year ago. The damage from crypto fraudsters turned out to be a record for all time mainly due to the spread of decentralized settlement systems (DeFi). This is evidenced by the data of the analytical company Chainalysis, released in early January 2022.
72% of thefts were made through DeFi. According to Chainalysis, the volume of transactions in decentralized systems at the end of 2021 compared to 2020 increased even more - by 912%. One of the growth drivers was the sharp popularity of "meme" cryptocurrencies (Dogecoin, shiba inu). A fifth of all successful cyber attacks on DeFi mechanisms exploited vulnerabilities in the protocols of new cryptocurrencies. Kim Grauer, head of research at Chainalysis, noted that many of the DeFi protocols being launched have vulnerabilities.
One of the largest DeFi hacks is related to the Badger DAO protocol. This is a decentralized organization to find solutions that speed up the use of bitcoin in DeFi and other projects. By the beginning of 2021, it was one of the ten largest DeFi with assets of $1.2 billion. The hack occurred in early December, as a result of which a tenth of this amount was lost - $120 million. Moreover, one of the users lost $50 million, and the price of the Badger token fell by half - from $28 to $14.
According to Chainalysis, the volume of fraud on DeFi platforms in 2021 increased by 82%, to $7.8 billion. The total volume of transactions with cryptocurrencies in 2021 is estimated at $15.8 trillion, which is 80% more than a year earlier.
| | The criminal abuse of cryptocurrency creates huge obstacles to its further implementation, increases the likelihood of restrictions by the authorities and, worst of all, damages innocent people around the world, the Chainalysis report says.[32] | |
Cryptocurrency thefts rise 81% to $7.7 billion
In December 2021, a study was published, according to which crypto fraudsters around the world received almost $7.7 billion in income in 2021 thanks to new tactics. Such data were provided by Chainalysis analysts. We are talking about direct theft of cryptocurrencies, in comparison with 2020 they increased by 81%.
| | As the largest form of cryptocurrency-related crime and uniquely targeted at new users, fraud poses one of the biggest threats to the continued adoption of cryptocurrencies, Chainalysis said. | |
Income growth in 2021 was partly facilitated by the emergence of "carpet holes" that leave investors in empty-handed crypto projects.
According to Chainalysis, they have encountered various forms of fraud in the decentralized financial services (DeFi) ecosystem. In these schemes, the developers of a cryptocurrency project - usually a new token - unexpectedly abandon it and take users' funds with them.
Crypto fraudsters in 2021 accounted for 37% of all revenues from cryptocurrency fraud, compared with 1% in 2020, and victims were left without their cryptocurrency worth $2.8 billion.
| | Fraud is common in DeFi because with the right technical know-how, it is cheap and easy to create new tokens on blockchain Ethereum or others and place them on decentralized exchanges (DEXes) without a code audit, Chainalysis said. | |
| | Despite the fact that code audits to identify these vulnerabilities are widespread in this area, they are not required to be listed on most DEXs, which is why we see so many troubles, he added. | |
However, the largest "carpet hole" in 2021 did not begin as a DeFi project. The report said Thodex was a major Turkish centralised exchange whose CEO disappeared shortly after the exchange stopped withdrawing funds by users. Users then lost cryptocurrencies worth more than $2 billion.
The second largest theft of funds in 2021 was AnubisDAO with stolen cryptocurrency worth more than $58 million.[33]
Teenager stole $36.5 million in cryptocurrency
Police in Hamilton, Ontario, Canada, on November 17, 2021, arrested a teenager in connection with the theft of cryptocurrency worth $36 million - this is the largest cryptocurrency theft by one person ever reported.
In March 2020, Hamilton City Police joined forces with the FBI and the U.S. Secret Service's E-Crime Task Force. The investigation centered around a US victim who had a large amount of cryptocurrency stolen from her.
Police allege the man, who has not been named, was the target of a replacement-card attack, a SIM type of fraud in which a fraudster manipulates mobile phone networks to assign another person's phone number and thus bypass any processes two-factor authentication tied to the victim's phone. As a result of this attack, about $36 million was stolen from the victim.
A joint investigation found that some of the stolen cryptocurrency was used to buy an online username that was considered rare in the gaming community. This transaction allowed investigators to disclose the account owner.
Police were able to trace a man who may have used some of the stolen cryptocurrency to buy a rare game tag. On November 17, a teenager from Hamilton was "arrested for theft of more than C $5,000 and possession of property or proceeds of crime," police said.
On November 18, police managed to seize several cryptocurrency blocks worth more than $5.5 million. It is "currently the largest cryptocurrency theft committed by one person," police said.
In particular, cryptocurrency exchanges often become objects of cryptocurrency robberies, since such exchanges, unlike ordinary banks, cannot simply cancel write-offs.[34]
Fraudsters began to deceive Russians by creating fake cryptocurrencies
In November 2021, it became known that fraudsters began to deceive Russians by creating fake cryptocurrencies. Stanislav Kuznetsov, deputy chairman of the board of Sberbank, told Izvestia about the schemes used by fraud with tokens.
According to him, the attackers began to use ICO. They make a newsletter with a proposal to invest in cryptocurrency of a new startup and send a link to payment, and after receiving the money they stop communicating, Kuznetsov explained.
Scammers, in order to get into trust, often send a personal message similar to the official channel, a "admin" can write to a potential victim. Periodically, a person is added to the "official channel ―" of course, fake.
Fraudsters often began to use the topic of cryptocurrencies when creating pyramids, the press service of the Central Bank confirmed to the publication. Often, such organizations operate from a foreign jurisdiction, which makes it difficult for investors to return money, because in this case they will have to decide the case in court at the place of "registration" of the company. For some time, the ICO was a popular tool for attracting money for a "hype" idea, which few understood, the press service of the regulator emphasized.
Kaspersky Lab confirmed to Izvestia the tendency to create fake initial placements of cryptocurrencies. So, recently a fake SquidToken appeared on the network about the motives of the series "Game of Squid." The company's expert reminded users that it is not recommended to follow dubious links from letters, messages in messengers and social networks.
Russians' interest in cryptocurrency is increasing amid market growth. In mid-November 2021, the capitalization of digital assets for the first time exceeded $3.1 trillion, and the value of bitcoin updated the historical maximum at around $69 thousand.[35]
Fraudsters stole $500,000 worth of cryptocurrency using Google Ads
On November 15, 2021, the Check Point Research (CPR) team at Check Point Software Technologies warned of scams using Google Ads to steal cryptocurrency wallets. Recently, the company's experts recorded a similar theft of cryptocurrency worth hundreds of thousands of dollars. Read more here.
Artificial intelligence learned to match a bank card PIN by video
At the end of October 2021, it became known that artificial intelligence learned to select the PIN-code of a bank card by video. According to the authors of the development, it is effective even if you close the ATM keyboard with your palm by 75%.
The technology of selecting PIN-codes by video was written Sheets"" with reference to an article by the University of Padua () Italy and Delft Technical University (), Holland which was published on the portal of Cornell University. USA
The created algorithm uses two neural networks:
- one is responsible for recognizing the position of the unclosed part of the brush in space for each frame;
- the second neural network relies on the obtained data to extract changing patterns.
The keystroke time is determined by synchronizing the hand movements with filling the sprockets on the ATM screen. Thus, it is possible to establish the exact location of the hands. To train the model, 5800 videos were recorded in which 58 right-handed volunteers entered a 5-digit PIN code.
It is stated that the accuracy of the determination was 41% for the 4-digit code and 30% for the five-digit code. According to the researchers, partial closure of the keyboard will not work, but it will increase the chances that the pin code cannot be stolen.
Attackers can already receive PIN codes by spying in line or using special overlays on keyboards, cameras, phishing sites and social engineering, as well as by installing malware, Alexei Pleshkov, deputy head of the information protection department at Gazprombank, explained to the publication.
According to Sergey Golovanov, chief expert at Kaspersky Lab, if there is a pin code, attackers will only need the card itself or a copy of it. You can copy the card using special equipment or programs that are installed on payment terminals. After receiving information from a magnetic tape or chip, attackers sell data on the dark web or can write it to a clean card and then withdraw money from an ATM.[36]
Russia became the leader in the number of fraudulent attacks with cryptocurrency
Russia has become the leader in the number of fraudulent attacks with cryptocurrency. This is evidenced by data from the antivirus manufacturer Eset, which was published on October 1, 2021.
According to experts, the company every tenth cryptocurrency scam occurs in the Russian Federation (corresponds to 10% of all detected incidents). In second place in this indicator is Peru (6.8%), in third - the United States (5.3%).
The most common method of deception involves counterfeiting the sites of investment sites, to which potential investors are cryptocurrency lured with aggressive advertising tools. Experts also found an increase in the popularity of the method by attracting the names of celebrities who allegedly invest in cryptocurrency and urge their fans to do the same.
Fraudsters ask investors to deposit or immediately spend a large amount on the purchase of cryptocurrency. The holders of existing crypto wallets are trying to persuade them to share the credentials of their accounts under the pretext of further growth in profitability "
Malicious programs with which scammers gain access to crypto wallets are more often posted on sites with adult content, free data streaming portals, torrent sites and thematic cryptocurrency forums.
Eset stressed that cybercriminals by the beginning of October 2021 still use the tactics phishing of creating and malicious sites with domains, the names of which differ by one sign from the addresses of well-known sites. Most often, fraudsters fake the pages of the service, blockchain.com cryptocurrency platform, Coinbase as well as the housing search service, Airbnb store AliExpress and "."Wikipedia
Moreover, most often malicious resources were disguised as pages of financial organizations (a third of the total number of blocked sites), social networks and instant messengers (including Facebook, WhatsApp and Instagram), as well as email and online document services.[37]
The United States imposed sanctions against the crypto exchanger Suex.io
On September 21, 2021, the US Treasury Department announced the inclusion of the Moscow-registered Suex.io exchange on the so-called "list of specially designated citizens" (SDN) for its alleged role in facilitating cryptocurrency transactions for cybercriminals using the ransomware virus. Read more here.
Ex-head of Russia's largest crypto exchange detained on charges of embezzling hundreds of millions of dollars
In mid-September 2021, it became known about the arrest of the former owner of the largest Russia cryptocurrency Wex exchange. Dmitry Vasiliev He was detained at the airport Warsaw on August 11, 2021, after which the court arrested the entrepreneur for 40 days. He was placed in jail. More. here
Poly Network was subjected to a hacker attack, as a result of which $600 million was stolen in cryptocurrency
In early August 2021, the provider of the cross-chain decentralized financial platform Poly Network was subjected to a hacker attack, as a result of which more than $600 million was stolen in cryptocurrency. Read more here.
American tax confiscated $1.2 billion worth of cryptocurrencies
In June 2021, the US government auctioned off several free litecoin, bitcoin and bitcoin cash. The cryptocurrency was confiscated as part of a case of non-compliance with tax laws. Over the years, the government has seized, stockpiled and sold cryptocurrencies along with conventional assets.
| | It can be 10 boats, 12 cars, and then one of the lots is auctioned X number of bitcoins. In fiscal 2019, we confiscated cryptocurrencies worth about $700 thousand. In 2020, this amount reached $137 million, and in 2021 - $1.2 billion, - explained Jarod Co-opman, director of the IRS cybercrime division. | |
It is expected that as cybercrime grows, and with it the turnover of digital tokens, the state cryptocurrency treasury will increase even more. Interviews with current and former federal agents and prosecutors show that the U.S. has no plans to step back from its side business as a crypto broker. Operations to seize and sell cryptocurrencies are moving so fast that the government has just brought in the private sector to manage the storage and sale of its holdings of cryptocurrency tokens. When the government began to liquidate Silk Road, federal agents had to decide what to do with all illegally acquired bitcoins.
Thus, these all actions led to the creation of a work cycle that is preserved and uses inherited methods of combating crime to track and seize cryptographically created tokens, which are inherently intended to elude law enforcement.
| | I just noticed that the government is usually more than a few steps behind criminals when it comes to innovation and technology. Keeping track of the money is not new. Withdrawal is not new. We're just trying to find a way to apply these tools and methods to a new model of facts, a new case of use, "said former federal cybercrime prosecutor Jad Velle. | |
There are three main stages in the passage of bitcoin and other cryptocurrencies through the criminal justice system in the United States.
The first stage is search and seizure. The second is the liquidation of seized cryptocurrencies. And the third is the placement of income from the sale of these cryptocurrencies.
In practice, according to Koopman, the first stage of the process is group work. He said his team often works on joint investigations alongside other government agencies with government entities such as the FBI, Homeland Security, the Secret Service, the Drug Enforcement Agency and the Bureau of Alcohol, Tobacco, Firearms and Explosives.
The department at the IRS typically handles cryptocurrency tracking and open source intelligence, which includes investigations into tax evasion, fake tax returns and money laundering. Other departments that have more money and resources focus on technical components.
Several agents are involved in the withdrawal process itself to ensure proper oversight. They include managers who create the necessary hardware wallets to protect seized cryptocurrencies.
After the case was closed, the US Marshals Service is the main agency responsible for selling government cryptocurrencies at auction. As of August 4, 2021, she confiscated and auctioned off more than 185 thousand bitcoins. As of August 5, 2021, the value of these coins is almost $7 billion, although many of them were sold in batches significantly below the maximum bitcoin exchange rate.
The U.S. General Services Administration, an agency that typically auctions off surplus federal property like tractors, added confiscated cryptocurrencies to the auction earlier this 2021.
According to CoOpman, the process of selling cryptocurrency at auction in the form of blocks at fair market value will most likely not change.
| | Basically, you queue up for auction. We never want to flood the market with huge numbers, which can affect the price component, "he said. | |
After closing the case and exchanging cryptocurrency for fiat currency, the feds share the loot. Proceeds from the sale typically go to one of two funds: the Treasury Forfeiture Fund or the Justice Department Asset Forfeiture Fund.
By entering one of these two funds, the liquidated cryptocurrency can be directed to various items of expenses. Congress, for example, can cancel this money and direct it to finance projects. The Justice Department hosts https://forfeiture.gov/ site where some details about ongoing confiscation operations can be found.[38][39]
2020
North Korean hackers launder cryptocurrency using best practices
On February 21, 2022, it became known that hackers used peeling chains in an attempt to minimize suspicions from exchange employees.
The North Korean cybercriminal the Lazarus Group uses advanced methods for thefts washings cryptocurrencies. Hackers have shown "remarkable adaptations to changing rules," according to analysts at the Center for a New American Security (CNAS).
In 2020, the group stole digital assets worth about $300 million (at the current exchange rate) from the Singapore KuCoin exchange.
| | "In the course of this cyber attack, a number of sophisticated hacking methods and money laundering methods were used, including a professional mixing service and the use of new DeFi platforms in an attempt to confuse traces," - noted experts. | |
Hackers used common obfuscation techniques, such as peeling chains (sending a large amount of cryptocurrency to wallets on various exchanges), in an attempt to minimize suspicion from exchange employees. Automation was evident due to the large number of transactions made at the same time, and then broken down into complex patterns. Still, North Korean hackers seem to have needed outside support in the operation because they enlisted the help of two Chinese nationals to cash in a stolen cryptocurrency into a fiat.
It is not known whether the two Chinese nationals knew their client was Lazarus Group, but given the criminal nature of these OTC brokers involved in the money laundering business, a connection to North Korea would hardly have prevented them from engaging in money laundering from hacking.
Although the hackers used different bitcoin addresses to move the stolen funds, they still combined them into several clusters, making it easier to investigate.[40]
Russia is the world leader in the share of shadow crypto operations (41.1%) - Clain Technologies
Russia leads the world in terms of the share of shadow cryptocurrency transactions with a share of 41.1% at the end of 2020. Such data are provided by Clain Technologies analysts. They explained the first place of the Russian Federation by the popularity of prohibited services such as Hydra.
Russia has become the main jurisdiction for exchange and trade sites cryptocurrencies with a low level of verification due to the simplicity of shadow crypto operations, making them attractive for drug trafficking and fraud, the study says.
The second place in the global market of shadow crypto operations is occupied by Ukraine (share - 6.54%). Next are Great Britain (2.8%) and Germany (1.87%). The share of "unknown countries" was 24.6%, "other" - 23.1%.
According to Clain estimates, by the end of 2020, the number of users of cryptocurrency exchanges in the world totaled up to 350 million people. The total volume of transactions increased by 30%, exceeding $19.7 billion. The volume of illegal transactions on these exchanges amounted to $4.2 billion, which is 16% more than a year earlier. The flow of operations between services of the shadow segment of the Internet and similar exchanges in 2020 amounted to almost $800 million.
As Kommersant writes with reference to the chairman of the commission on legal support of the digital economy of the Moscow branch of the Association of Lawyers of Russia Alexander Zhuravlev, shadow platforms for the exchange of cryptocurrencies are still in the gray zone from the point of view of Russian legislation, he says. But regulation in this area is tightening.
Experts believe that the number of shadow crypto operations will gradually decrease. This is due to the fact that large Western players - banks, investment funds and public companies - have become interested in this segment. Ultimately, this will lead to a significant reduction in the gray part of the cryptocurrency industry.[41][42]
A network of black call centers in Ukraine laundered tens of millions in cryptocurrency
A network of blacks call centers To Ukraine washed worth tens of millions in. to cryptocurrency This was reported on December 15, 2020 by the police of the Kharkiv region, where the criminals were detained.
According to law enforcement agencies, from June to December 2020, three "call centers" worked in Kharkov, to the activities of which more than 100 people were involved. Posing as bank managers, call center operators received personal data of citizens necessary to access their accounts.
In the future, fraudsters seized the funds of the victims available on card accounts, transferring them to accounts controlled by members of the group. In the future, the money was transferred to the territory of another state and already in the form of cryptocurrency returned to Ukraine, the police said.
The swindlers used office space, purchased computer equipment, communication equipment, worked on the selection of administrators, operators and software specialists, trained them. The monthly income of the illegal enterprise was more than UAH 7 million.
On December 14, 2020, law enforcement officers searched the premises of the organizers and active members of the group. The police seized computer equipment, documents, bank cards and 140 thousand UAH.
Investigative actions were carried out within the framework of criminal proceedings opened on September 29 under Part 3 of Art. 190 (fraud). After clarifying the role of each of the participants in the scheme, the issue of retraining the actions of offenders on the grounds of committing crimes as part of an organized group will be resolved, the police said.
Earlier in 2020, the Security Service of Ukraine (SBU) stopped the activities of a group of hackers. They exploited a vulnerability in the electronic payment document management system of banks, with the help of which they transferred customer money to third-party accounts and laundered through cryptocurrency. In this way, the attackers managed to steal about 30 million UAH per year.[43]
The Russian who founded the crypto exchange received 5 years in prison for money laundering through it
On December 7, 2020, the Paris court sentenced Alexander Vinnik to five years in prison and a fine of 100 thousand euros for extortion and money laundering through the BTC-e cryptocurrency exchange he founded. Prosecutors demanded 10 years in prison and payment of 750 thousand euros. The Russian himself pleaded not guilty. Read more here.
Muscovite lost cryptocurrency for 11 million rubles, going to a phishing site
On December 7, 2020, it became known that a Muscovite lost cryptocurrency worth 11 million rubles by going to a phishing site. This is not the first known case of cryptocurrency fraud in Russia in December.
According to TASS, the Russian Information Agency, citing a law enforcement source, in November a man went to the blockchain.com website through a QR code, which turned out to be a phishing clone. After visiting the clone of the site, all funds disappeared from the man's account. The victim had more than six bitcoins, as well as 70 Ethereum for a total amount of about 11.2 million rubles. A pre-investigation check has begun on this incident.
On December 6, 2020, law enforcement agencies reported another incident with the loss of cryptocurrency. A resident of Omsk lost 900 thousand rubles. when trying to buy bitcoins. She transferred funds to the Internet platform for several weeks to acquire digital assets, but did not receive cryptocurrency.
As noted in Kaspersky Lab, cryptocurrency phishing is gaining momentum in Russia and around the world, and both simple schemes and complex ones are used. The first include spam mailings of emails allegedly sent by a particular web service. In this case, letters are sent on behalf of cryptocurrency wallet sites or exchanges. Such fake messages look noticeably more detailed, neatly and cleverly written than phishing messages on average.
Some scammers find this or that critical language community and create a Facebook page with the same name as the official community page, as well as an identical design. The address of a fake page is very similar to the address of the real one - it differs by only one letter. It is not so easy to see, because on Facebook the names of organizations and the names of people (which can be made by anyone) are always displayed much larger and more noticeable than real addresses.[44]
US authorities confiscated $1 billion of cryptocurrency from a criminal online community
In early November 2020, the US Department of Justice announced the confiscation of 69.37 thousand bitcoins, the total value of which exceeds $1 billion. In addition, the US authorities seized the equivalent number of Bitcoin Cash, Bitcoin SV and Bitcoin Gold coins. We are talking about the largest confiscation of cryptocurrencies. Read more here.
FSB central staff accused of extortion of bitcoins worth 65 million rubles
At the end of October 2020, employees of the central office FSB of Sergei Belousov and Alexei Kolbov were accused of extortion bitcoins for 65 million. rubles More. here
SWIFT: How money is laundered through cryptocurrency
In early September 2020, SWIFT released a study in which it told how money is laundered through cryptocurrency. The report notes that there are few such crimes compared to traditional methods of money laundering.
However, this will change in the future, as more and more large digital coins appear with an emphasis on anonymity and the popularity of services that allow mixing and confusing transactions in cryptocurrency (the so-called mixers) for a small fee is growing.
One way to launder money through bitcoin is that transactions with huge fees are processed by certain miners. After that, miners withdraw the received commissions in any convenient way.
SWIFT mentioned the North Korean hacker group Lazarus, which uses cryptocurrencies to transfer money to its country. Also mentioned are groups of hackers in Europe who buy prepaid cryptocurrency cards with stolen funds.
The study talks about a group of hackers from Vostochny, Europe which created its own bitcoin farm in Vostochny. Asia The criminals used funds stolen from banks to manage the farm, mine, and bitcoins then spent bitcoins in Western Europe. When the members of the group were arrested, law enforcement officers seized 15,000 bitcoins worth $109 million, two sports cars and jewelry worth $557 thousand in the gang leader's house.
In addition, some cybercriminals attack ATMs to cash out money, then convert stolen cryptocurrency funds instead of using traditional money mules to buy and resell expensive goods with this money.
Cryptocurrencies, according to the association of financial institutions, are very popular in territories limited by tough sanctions.[45]
Organizers who raised $100 million ICO in the United States disappeared
In early August 2020, it became known about the disappearance of the founders of the Status Network blockchain startup, which raised $100 million within the ICO. Angry investors are seeking help from members of the judiciary. Read more here.
Deception of Russians through scam sites promising rewards for mining cryptocurrencies
At the end of July 2020, it became known about a new cyber fraud in Russia. Swindlers use citizens' interest in cryptocurrencies.
As Qrator Labs experts told Kommersant, users are promised up to 20 thousand rubles on scam sites for providing computing power allegedly for mining cryptocurrencies in a browser.
Victims are offered to pay for verification to get money. After that, attackers can write off all money from bank cards, since they received all personal data, including CVV/CVC codes.
As a rule, the minimum withdrawal amount on such resources is 10 thousand. rubles, that is, you can get what you earned in 30 minutes, which attracts those who want to earn quickly. The idea is based on "classic mechanisms for buying money from citizens": a virtual "carrot" looms before the victim's eyes, which can be obtained if you pay the organizers a little, said Andrei Arsentiev, head of analytics and special projects at InfoWatch Group of Companies.
In the first half of 2020, Kaspersky Lab discovered about 23 thousand computer resources, the company told the publication. The head of the information security department of "SearchInform" Aleksei Drozd noted that a similar scheme was used earlier, but before that, customers were offered to download a mining program. It could even be real, but the money went to someone else's wallet.
Qrator Labs CTO Artem Gavrichenkov recommends that users check whether the page has a link to a main site in the same domain or official documents such as a privacy policy and user agreement. So, according to the expert, it is possible to avoid financial losses on scam resources.
Trend Micro believes that payment systems can take action against this kind of crime, strictly establishing the recipients of funds in order to share data with law enforcement agencies in cases of fraud.[46]
Fraudsters offer computing power for mining cryptocurrency "for rent"
Qrator Labs experts have recorded another fraud scheme on sites where people are offered large earnings after paying a "commission." This became known on July 28, 2020. We are talking about providing computing power for mining cryptocurrency, for the lease of which money is asked from customers.
| | In the future, it is possible to write off money from users' accounts, since bank card data is in the hands of the attackers, "said Artem Gavrichenkov, technical director of Qrator Labs. | |
The head of the information security department of "SearchInform" Aleksei Drozd noted that a similar scheme was used earlier, but before that, customers were offered to download a mining program. It could even be real, but the money went to someone else's wallet.
To avoid financial losses on such sites, A. Gavrichenkov recommended that users check whether the page has a link to a main site in the same domain or official documents, such as privacy policy and user agreement[47].
Stephen Segal fined $314 thousand for advertising cryptocurrency
In late February 2020, 90s action star Steven Segal was fined by the US Securities and Exchange Commission (SEC) over the promotion of cryptocurrency on social media. Segal will pay $314,000 and is barred from promoting any currency - digital or otherwise - for three years. Read more here.
2019
Theft of $4.3 billion from cryptocurrency investors
In February 2020, it became known that $4.3 billion was stolen from cryptocurrency investors in 2019, that is, more than in the previous two years.
Japanese cryptocurrency exchange BITPoint is the victim of one of the biggest fraudulent transactions in 2019, losing $28 million, according to a new report by CipherTrace. Of the total, $19.3 was taken from customer funds, with the rest owned by BITPoint Japan. Among the stolen financial assets were bitcoins, XRP, Ether, Litecoin and bitcoins. As a result of the hack, the company had to suspend all operations with crypto assets. The president of BITPoint announced that he will reimburse all stolen funds to customers who have suffered from fraud.
Another of the largest cryptocurrency exchanges, Binance lost $40 million To cybercriminals , managed not only to steal 7,000, bitcoins but also codes two-factor authentications and tokens. API Despite the large sum stolen by hackers, Binance was not particularly affected - the criminals were able to seize only 2% of the total assets of the exchange. Binance said the hackers carefully considered the operation and conducted fraudulent transactions in such a way that they passed all existing security checks without interference. The exchange said it would use its SAFU self-insurance fund to cover user losses.
Although some hackers manage to leave with seized funds, law enforcement agencies are finding more and more criminals. According to CipherTrace, two brothers from Israel were arrested in mid-2019 on charges of a phishing attack that lasted three years. During this time, the brothers stole cryptocurrency worth more than $100 million. Six more people were arrested in the Netherlands and the UK for fraud worth $27 million - they created a fake website to gain access to users' bitcoin wallets.[48]
Central Bank: the launch of Facebook and Telegram cryptocurrencies will give rise to a wave of fraud and financial pyramids
In mid-September 2019, the Central Bank of the Russian Federation warned that the launch of cryptocurrencies Facebook and Telegram would give rise to a wave of fraud and financial pyramids. Read more here.
How Bill Gates' motivational quotes help scammers steal cryptocurrency
At the end of June 2019, the anti-terrorist unit of the Indian state of Rajasthan uncovered a fraudulent scheme that allowed attackers to earn about $2 million thanks to quotes from famous people.
According to The Times of India, several people filed statements with the police claiming that they were deceived - they agreed to invest cryptocurrency in some companies whose creators promised instant sky-high profits.
But the scammers simply appropriated the money. They promised to return investments with interest and asked users to invest in other projects, and they agreed.
One of the companies proposed to invest in is Monivo. Her website continued to work even after publications about fraud appeared in the media.
The first page of Monivo quotes Bill Gates, Richard Branson and Eric Schmidt, giving the impression that these famous businessmen support this project.
By the end of June 2019, four suspects in organizing this fraudulent scheme with cryptocurrency were arrested. Vishal Gupta was arrested in the Rajasthan state capital of Jaipur; Vikas Chaudhary (Vikas Chaudhary) and Mahesh Sharma (Mahesh Sharma) are popalists in New Delhi, and Shilpa Sharma (Shilpa Sharma) - in Dehradun.
Curiously, the investigation and detention is carried out by an anti-terrorist unit, and not by ordinary police or financial crime authorities. According to the investigation, fraudsters have nothing to do with terrorism, and they could deceive people in other cities of India and other countries.
As the portal The Next Web notes, the Indian central bank constantly warns the population about deception related to cryptocurrency, but fraudsters continue to make a lot of money on this.[49]
Fraudsters who stole cryptocurrency worth 24 million euros arrested
At the end of June 2019, five men and a woman were arrested in several cities in the UK, as well as in Amsterdam and Rotterdam for stealing cryptocurrency worth 24 million euros. It is known that criminals robbed at least 4,000 people in 12 countries, and the number of victims continues to grow. The attackers themselves were in the UK and the Netherlands.
Attackers used the technique of "typesquatting" ("citation error") - registered domain names similar to the names of cryptocurrency exchanges and companies. If there was an error or typo in the address bar, the user got to a fake site that looked like a real one and tried to enter his personal account. Thus, the criminals had user data.
The arrests were made in a joint operation involving the UK's Regional Cybercrime Unit, Dutch Police, Eurojust and the UK's National Crime Agency. Europol participated in the disclosure of the fraudulent scheme as an intermediary between departments of various countries in the exchange of information. Information about the delay of the attackers was published on the official website of Europol.
The investigation lasted 14 months, and its result was an operation, during which, according to police, a large number of devices, equipment and valuable assets were seized. All seized equipment is being examined by the UK Regional Cyber Crime Unit. At the moment, the names of the criminals are unknown. The Europol website reports that the case was referred to the European Cybersecurity Center and the Europol Joint Cybercrime Task Force, where after processing the information, it will be submitted to the court.[50]
Investor sued cryptocurrency fraudster for record $75.8 million
On May 10, 2019, the California Supreme Court ordered 21-year-old hacker Nicholas Truglia to pay $75.8 million to cryptocurrency investor Michael Terpin, from whom about $23.8 million in cryptocurrency was stolen as a result of fraudulent actions.
The scam was carried out using the so-called SIM-swoping. Its essence lies in the fact that the criminal turns to the representatives of the mobile operator of his victim and uses social engineering. Posing as the real owner of the number, the attacker claims to have lost or broken the SIM card and is seeking to transfer the number to a new SIM card. As a result, the attacker gains full control over the victim's number and all the services to which he is tied, as well as one-time passwords, codes two-factor authentications , etc.
Nicholas Trulia was arrested in November 2018 on charges of stealing $1 million worth of cryptocurrency, including by counterfeiting SIM cards. In December, Michael Turpin filed a lawsuit against the hacker. The investor managed to win this case and achieve the highest court-appointed compensation in the cryptocurrency market, the Reuters news agency notes.
In February 2019, a California court sentenced 20-year-old student Joel Ortiz to 10 years in prison, who used the SIM card substitution method to steal more than $5 million in cryptocurrency. Ortiz became the first fraudster convicted in the US of such a crime, a conviction that could set an important precedent for future proceedings.
As for Nicholas Trulia, his indictment consists of 21 points, including fraud, embezzlement, theft on an especially large scale, theft of personal data and their change for deceptive purposes. Part of his criminal case is classified as serious crimes. The young man faces a long prison term.[51]
2018
Cryptocurrency thefts rise 400% to $1.7 billion
In 2018, cybercriminals stole cryptocurrency in the world for a total of $1.7 billion, which is more than 400% higher than a year ago. Such data at the end of January 2019 was provided by the American company CipherTrace, specializing in information security.
Approximately $950 million in digital money was stolen from cryptocurrency exchanges, payment wallets and other infrastructure services. This is 260% more compared to 2017. The majority of such thefts - 58% - occurred in South Korea and Japan.
In addition, investors and users playing on the exchange lost $725 million in cryptocurrency due to fraudsters such as hacking, Ponzi schemes and deliberately deceptive ICOs. In 2017, such fraud led to the theft of digital money worth $56 million.
The growing theft of cryptocurrencies somewhat surprised analysts as the exchange rate of such money decreases. In January 2019, the total market capitalization of more than 1.6 thousand cryptocurrencies amounted to $112 billion, which is 80% less than a year earlier. In addition, CipherTrace notes that not all cryptocurrency thefts are known to the company's experts, so the real amount of losses is most likely more.
Speaking to Reuters, CipherTrace CEO Dave Jevans said that, apparently, most of the cryptocurrencies stolen and stolen through fraud have already been laundered. He also added that 97% of the criminal flow of bitcoins falls into the "gray" environment of cryptocurrency exchange.
Not only investors and financial organizations suffer from the actions of fraudsters who want to make money on cryptocurrency. According to Check Point Software Technologies, in 2018, about 37% of companies in the world were attacked by cryptominers. Moreover, 20% of organizations were subjected to such attacks every week.
Cryptocurrency investor lost $24 million via smartphone and blamed AT&T
On August 15, 2018, a California cryptocurrency investor filed a lawsuit against AT&T and is demanding $224 million from it. The entrepreneur accused the telecom operator of negligence, due to which he allegedly lost about $24 million.
In a 69-page lawsuit filed with the US District Court in Los Angeles, Michael Terpin said that due to AT&T's "cooperation with the hacker, criminal negligence and non-compliance with privacy obligations," he lost almost $24 million cryptocurrency.
Turpin, who used AT&T as a carrier, believes he lost money by hacking into a smartphone account. In seven months, Turpin was twice a victim of a hacker.
After the first hack, Turpin claimed that the hacker was able to get a phone number from an insider - an employee of the AT&T store. This number was later used to access Turpin's accounts, as stated in his lawsuit. As a result, Turpin believes, on January 7, 2018, 3 million tokens disappeared from his account, which at the time of the theft cost $23.8 million. In addition, the lawsuit says that due to similar incidents, law enforcement agencies have already contacted AT&T.
According to the plaintiff, the hacker was able to gain access to tokens thanks to the fraud with Turpin's SIM card. Having received a number that is used to authenticate subscribers, the attacker transferred it to his SIM card, used it to reset passwords and gained access to online accounts. An AT&T spokesman said the company would contest those claims.
In 2013, Turpin co-founded a group of informal cryptocurrency investors called BitAngels and a cryptocurrency fund, BitAngels/Dapps Fund. He hopes to sue the operator for $200 million in the form of a fine and $24 million in compensation.[52]
Notes
- ↑ [1] German Police Seize $2.1B Worth of Bitcoin in Piracy Sting UK police seized £1.4bn of bitcoin from China investment fraud, court told
- ↑ [2]
- ↑ [https://www.bleepingcomputer.com/news/security/hackers-hijack-govt-and-business-accounts-on-x-for-crypto-scams/ been
- ↑ hijack govt and business accounts on X for crypto scams]
- ↑ Mandiant's X Account Was Hacked Using Brute-Force Attack
- ↑ The number of "cryptocurrency cases" in the courts of Russia has grown fivefold in two years
- ↑ Stolen crypto worth $674M successfully recovered in 2023
- ↑ Crypto and fintech groups fined $5.8bn in global crackdown on illicit money
- ↑ Hack Hauls Halve From 2022
- ↑ Fraudsters are out of vacation
- ↑ In Moscow, detained two police officers who stole 26 million rubles from a crypto investor
- ↑ Impulse Team’s Massive Years-Long Mostly-Undetected Cryptocurrency Scam
- ↑ applications have penetrated the official stores of Google and Apple.
- ↑ Illicit Crypto Ecosystem Report
- ↑ North Korean crypto thefts target Japan, Vietnam, Hong Kong
- ↑ ). On the future regulation of cryptocurrencies in the EU (MiCA
- ↑ Blockchain hackers stole over $3.5 billion in 2022
- ↑ Crashing markets result in a record number of crypto heists in history – Statistics
- ↑ Chinese police arrest 63 people for laundering US$1.7 billion via cryptocurrency
- ↑ Malysh Al Capone will pay $22 million to a fraud victim
- ↑ The FBI has detailed a new cryptocurrency fraud scheme
- ↑ Mid-year Crypto Crime Update: Illicit Activity Falls With Rest of Market, With Some Notable Exceptions
- ↑ [https://www.securitylab.ru/news/532850.php. A cryptocurrency scam worth millions
- ↑ dollars was carried out]
- ↑ In the first half of 2022, hackers stole a $2 billion Cretan
- ↑ Hackers hacked Deus Finance and stole $13.4 million worth of cryptocurrency
- ↑ The government approved the rules for the import and export of pathogens and viruses to the Russian Federation
- ↑ The first case of embezzlement of assets of a cryptocurrency exchange was opened in Russia
- ↑ Telegram channel of Sergei Shugaev
- ↑ The number of cryptocurrency-related sentences in Russia increased by 5,000%
- ↑ Koinova seal: the number of criminal cases with crypt has sharply increased in the Russian Federation
- ↑ Crypto crime hit record $14 billion in 2021, research shows
- ↑ Crypto Scams Surge 81% This Year Compared to 2020, New Research Shows
- ↑ Arrest Made in $46 Million Dollar Cryptocurrency Theft
- ↑ Coin thief: Russians began to steal money when launching fake cryptocurrencies
- ↑ Artificial intelligence learned to match a bank card PIN by video
- ↑ Study: Russia became the leader in the number of blocking phishing and malicious sites
- ↑ [3] The IRS has seized $1.2 billion worth of cryptocurrency this fiscal year – here’s what happens to it Online vaccine scams: INTERPOL and Homeland Security Investigations issue public warning
- ↑ [4]
- ↑ North Korean hackers launder cryptocurrency using best practices
- ↑ Near $20B Passed Through High-Risk Exchanges in 2020
- ↑ Russians keep currency on the dark web. The country's share in the shadow crypto operations market reached 40%
- ↑ At Kharkovі polіtsіya vicar there was a group of zlovmisnikіv yakі pіd wiglyad pratsіvnikіv bankіvskikh gromadyans shook
- ↑ A resident of Moscow lost cryptocurrency for 11 million rubles, accidentally hitting a phishing site
- ↑ Follow the Money
- ↑ Citizens were remembered with easy money. Fraudsters have found a new path to those wishing to make money on cryptocurrency
- ↑ A new way of cryptocurrency mining fraud has appeared
- ↑ Top cryptocurrency scams of 2019 – and how most hackers got away with it
- ↑ Indian scammers stole $2M in cryptocurrency using inspirational Bill Gates quotes
- ↑ Six arrested over €24m cryptocurrency theft
- ↑ US Blockchain Investor Terpin Awarded Over $75 Million in SIM Swapping Case
- ↑ Cryptocurrency investor robbed via his cellphone account sues AT&T for $224 million over loss
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |