Remove ads
From Wikipedia, the free encyclopedia
Cryptocurrency and crime describe notable examples of cybercrime related to theft (or the otherwise illegal acquisition) of cryptocurrencies and some methods or security vulnerabilities commonly exploited. Cryptojacking is a form of cybercrime specific to cryptocurrencies used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrency.[1]
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
According to blockchain analysis company Chainalysis, around US$2.5 billion was laundered through Bitcoin between 2009 and 2018, and the fraction of cryptocurrency transactions linked to illicit activities has been on the rise since early 2019.[2] In 2021, 0.15% of known cryptocurrency transactions conducted were involved in illicit activities like cybercrime, money laundering and terrorism financing, representing a total of $14 billion.[3]
There are various types of cryptocurrency wallets available, with different layers of security, including devices, software for different operating systems or browsers, and offline wallets.
Novel exploits unique to blockchain transactions exist, and aim to generate unintended outcomes for those involved. One of the more well-known issues that open the possibility for exploits on Bitcoin is the transaction malleability problem.[4]
The Immunefi Crypto Losses 2022 Report lists industry losses from frauds and hacking as a combined total of US$3.9 billion for the year, and US$8 billion for 2021.[5]
In 2018, around US$1.7 billion in cryptocurrency was lost to scams, theft and fraud. In the first quarter of 2019, such losses rose to US$1.2 billion.[6] 2022 was a record year for cryptocurrency theft, according to Chainalysis, with US$3.8 billion[7] stolen worldwide during 125 system hacks,[8] including US$1.7 billion stolen by "North Korea-linked hackers".[7]
Notable cryptocurrency exchange compromises resulting in the loss of cryptocurrencies include:
The Parity Wallet has had two security incidents amounting to 666,773 ETH lost or stolen.[37] In July 2017, due to a bug in the multi-signature code, 153,037 ETH (approximately US$32 million at the time) were stolen.[38][39] In November 2017, a subsequent multisignature[clarification needed] flaw in Parity made 513,774 ETH (about US$150 million) unreachable;[40][41] as of March 2019, the funds were still frozen.[42]
Notable cases of electricity theft to mine proof-of-work cryptocurrencies include:
There have been many cases of bitcoin theft.[47] As of December 2017[update], around 980,000 bitcoins—over five percent of all bitcoin in circulation[a]—had been lost on cryptocurrency exchanges.[48]
One type of theft involves a third party accessing the private key to a victim's bitcoin address,[49] or an online wallet.[50] If the private key is stolen, all the bitcoins from the compromised address can be transferred. In that case, the network does not have any provisions to identify the thief, block further transactions of those stolen bitcoins, or return them to the legitimate owner.[51]
Theft also occurs at sites where bitcoins are used to purchase illicit goods. In late November 2013, an estimated US$100 million in bitcoins were allegedly stolen from the online illicit goods marketplace Sheep Marketplace, which immediately closed.[52] Users tracked the coins as they were processed and converted to cash, but no funds were recovered and no culprits were identified.[52] A different black market, Silk Road 2, stated that during a February 2014 hack, bitcoins valued at $2.7 million were taken from escrow accounts.[53]
Sites where users exchange bitcoins for cash or store them in "wallets" are also targets for theft. Inputs.io, an Australian wallet service, was hacked twice in October 2013 and lost more than $1 million in bitcoins.[54] GBL, a Chinese bitcoin trading platform, suddenly shut down on 26 October 2013; subscribers, unable to log in, lost up to $5 million worth of bitcoin.[55] In late February 2014 Mt. Gox, one of the largest virtual currency exchanges, filed for bankruptcy in Tokyo amid reports that bitcoins worth US$350 million had been stolen.[56] Flexcoin, a bitcoin storage specialist based in Alberta, Canada, shut down in March 2014 after saying it discovered a theft of about $650,000 in bitcoins.[57] Poloniex, a digital currency exchange, reported in March 2014 that it lost bitcoins valued at around $50,000.[58] In January 2015 UK-based bitstamp, the third busiest bitcoin exchange globally was hacked and US$5 million in bitcoins were stolen.[59] In February 2015, a Chinese exchange named BTER lost bitcoins worth nearly $2 million to hackers.[60]
A major bitcoin exchange, Bitfinex, was compromised by the 2016 Bitfinex hack, when nearly 120,000 bitcoins (around US$71 million) were stolen in 2016.[61] Bitfinex was forced to suspend its trading. The theft was the second-largest bitcoin heist ever, dwarfed only by the Mt. Gox theft in 2014. According to Forbes, "All of Bitfinex's customers... will stand to lose money. The company has announced a cut of 36.067% across the board."[62] Following the hack the company failed to refund customers, though efforts are continuing.[63] In 2022, the US government recovered 94,636 bitcoin (worth approximately $3.6 billion at the time of recovery) from the 2016 thefts of the Bitfinex exchange, reported as the "largest financial seizure" in U.S. history.[64] By February 2022, the amount of bitcoin stolen in 2016 had increased in value to $4.5 billion. Two people were arrested for the thefts[65] in 2022; married couple Ilya “Dutch” Lichtenstein and rapper Heather "Razzlekhan" Morgan were charged with conspiracy to commit money laundering and conspiracy to defraud the United States.[64]
On May 7, 2019, hackers stole over 7000 Bitcoins from the Binance Cryptocurrency Exchange, at a value of over 40 million US dollars. Binance CEO Zhao Changpeng stated: "The hackers used a variety of techniques, including phishing, viruses, and other attacks... The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time."[66]
Thefts have raised safety concerns. Charles Hayter, founder of the digital currency comparison website CryptoCompare said, "It's a reminder of the fragility of the infrastructure in such a nascent industry."[67] According to the hearing of the U.S. House of Representatives Committee on Small Business on April 2, 2014, "these vendors lack regulatory oversight, minimum capital standards and don't provide consumer protection against loss or theft."[68]
Japan and the United States have accused North Korean hackers of stealing cryptocurrency worth over $300 million from the Japan-based exchange DMM Bitcoin. The theft was attributed to the TraderTraitor group, believed to be part of the Lazarus Group, which is allegedly linked to North Korean authorities. The incident occurred in late May 2024, involving the theft of 4,502.9 Bitcoin. The theft involved the hackers using social engineering tactics to impersonate a recruiter on LinkedIn and send a malicious pre-employment test to an employee at a crypto wallet software company. This allowed them to compromise the employee's system and manipulate a legitimate transaction request from DMM, resulting in the loss of 4,502.9 Bitcoin. The FBI and Japan's National Police Agency are collaborating to combat North Korea's cybercrime activities, which date back to the mid-1990s and include a cyber-warfare unit known as Bureau 121. The Lazarus Group has previously gained notoriety for its involvement in high-profile hacks, including the attack on Sony Pictures in retaliation for the film "The Interview."
In June 2016, hackers exploited a vulnerability in The DAO to steal US$50 million. Subsequently, the currency was forked into Ethereum Classic, and Ethereum, with the latter continuing with the new blockchain without the exploited translations.[69][70]
On November 21, 2017, Tether announced that it had been hacked, losing $31 million in USDT from its core treasury wallet.[71] The company has 'tagged' the stolen currency, hoping to 'lock' them in the hacker's wallet (making them unspendable).[citation needed]
In 2022, hackers created a signature account on a blockchain bridge called "Wormhole" and stole more than $300 million worth of ether.[72]
Most exit scams (or rugpulls) as well as many ponzi schemes involving cryptocurrencies are performed through Initial Coin Offerings (ICOs).[73] As an example, according to a report by Satis Group, almost 80% of all projects launched through an ICO in 2017 were scams.[74] These scams usually involve attracting investments from mostly retail investors, inflating the price and the perpetrators subsequently abandoning the project in question after selling off their own shares.[75]
The novelty of ICOs accounts for the current lack of governmental regulation.[76] This lack of regulatory measures as well as the pseudonymity of cryptocurrency transactions and their international nature across countless jurisdictions in many different countries can make it much more difficult to identify and take legal action against perpetrators involved in these scams.[77][78] Since 2017 the SEC has been actively pursuing groups and individuals responsible for ICO-related scams.[79]
Ponzi schemes are another common form of utilizing blockchain-based technologies to commit fraud. Most schemes of this sort use multi-level marketing schemes to encourage investors to conduct risky investments.[94] Onecoin is one of the more notable examples of cryptocurrency-ponzi schemes: Founded in 2014 by Ruja Ignatova, OneCoin is estimated to have generated US$4 billion in income.[83] While at least in China some of the investors' funds have been recovered and several members of the organisation arrested in the U.S., Ignatova herself is still at large.[95]
Due to the inability of third parties to de-pseudonymize crypto transactions criminal entities have often resorted to using cryptocurrency to conduct money laundering.[96] Especially ICOs lacking KYC guidelines and anti-money laundering procedures are often used to launder illicit funds due to the pseudonymity they offer.[81] By using ICOs criminals launder these funds by buying tokens off of legitimate investors and selling them. This issue is intensified by the lack of measures against money laundering implemented by centralized cryptocurrency exchanges.[81]
A well-known early example of money laundering using cryptocurrencies is Silk Road. Shut down in 2013 with its founder Ross Ulbricht indicted for among other counts a money laundering conspiracy, the website was used for several illicit activities including money laundering solely using Bitcoin as a form of payment.[97]
Apart from traditional cryptocurrencies, Non-Fungible Tokens (NFTs) are also commonly used in connection with money laundering activities.[98] NFTs are often used to perform Wash Trading by creating several different wallets for one individual, generating several fictitious sales and consequently selling the respective NFT to a third party.[99] According to a report by Chainalysis, these types of wash trades are becoming increasingly popular among money launderers especially due to the largely anonymous nature of transactions on NFT marketplaces.[100][101] Auction platforms for NFT sales may face regulatory pressure to comply with anti-money laundering legislation.[102]
Canada is generally regarded as the first state actor implementing regulatory measures dealing with money laundering conducted by the usage of cryptocurrencies.[103] By 2013 the Financial Crimes Enforcement Network (FinCEN) — in direct reference to the centralized exchange Mt. Gox — issued regulations making it clear that all crypto-to-fiat exchangers had to apply KYC- as well as anti-money laundering methods.[104] Any suspicious transactions have therefore to be reported to the authorities.[105] Centralized exchanges have to register as money transmitters, with the exact definition of who and what constitutes a money transmitter in the crypto sphere being somewhat blurred and regulations differing between the different states of the U.S.[106] An important exemption from these regulations is decentralized exchanges due to the fact that they do not hold any fiat currency.[107]
As part of the Fourth Anti-Money Laundering Directive of 2015 and in an effort to combat money laundering and the financing of terrorism, the European Union has issued a directive making all member-states have to make sure that crypto exchanges are licensed and registered.[108] The EU is furthermore planning to take measures to ensure that all customers of cryptocurrency exchanges are to verify their identity as part of the registration process.[109]
Auction platforms for NFT sales may face regulatory pressure to comply with anti-money laundering legislation. A February 2022 study from the United States Treasury assessed that there was "some evidence of money laundering risk in the high-value art market," including through "the emerging digital art market, such as the use of non-fungible tokens (NFTs)."[110] The study considered how NFT transactions may be a simpler option for laundering money through art by avoiding transportation or insurance complications in trading physical art. Several NFT exchanges were labeled as virtual asset service providers that may be subject to Financial Crimes Enforcement Network regulations.[111]
The European Union has yet to establish specific regulations to combat money laundering through NFTs. The European Commission announced in July 2022 that it is planning to draw regulations regarding that issue by 2024.[112][109]
Cryptocurrency and crime | |||||||
---|---|---|---|---|---|---|---|
Simplified Chinese | 杀猪盘 | ||||||
Traditional Chinese | 殺豬盤 | ||||||
Literal meaning | Killing pig game[113] | ||||||
|
A pig butchering scam (in Chinese sha zhu pan[114] or shazhupan,[115] (Chinese: 杀猪盘), translated as killing pig game)[113] is a type of long-term scam and investment fraud in which the victim is gradually lured into making increasing contributions, usually in the form of cryptocurrency, to a fraudulent cryptocurrency scheme.[116]
Such scams are commonplace on social apps. In October 2023, 12% of Americans using dating apps experienced exposure to this type of fraud, up from 5% in 2018.[117] The scammer builds trust with the victim through online communication, subsequently persuading them to invest in a fraudulent cryptocurrency scheme. The "butchering" or "slaughtering" of the victim transpires when their assets or funds are stolen.[118]
The scam originated in the USA as an Equity Fraud on Real Estate.
Duping people or specific family members on verbal contracts in Real Estate. Using the term *" equity share/verbal contract"*. Later, in China,in around 2016 or possibly earlier,[119] and proliferated in Southeast Asia amid the COVID-19 pandemic. Perpetrators are typically victims of a fraud factory,[120] where they are lured to travel internationally under false pretenses, trafficked to another location, and forced to commit the fraud by organised crime gangs.[121]Josh Garza, who founded the cryptocurrency startups GAW Miners and ZenMiner in 2014, acknowledged in a plea agreement that the companies were part of a pyramid scheme, and pleaded guilty to wire fraud in 2015. The U.S. Securities and Exchange Commission separately brought a civil enforcement action against Garza, who was eventually ordered to pay a judgment of US$9.1 million plus $700,000 in interest. The SEC's complaint stated that Garza, through his companies, had fraudulently sold "investment contracts representing shares in the profits they claimed would be generated" from mining.[122] Garza was later found guilty of fraud and ordered to pay US$9 million and begin serving a 21-month sentence commencing January 2019 by the U.S. Attorney's Office District of Connecticut.[citation needed]
The cryptocurrency community refers to pre-mining, hidden launches, ICO or extreme rewards for the altcoin founders as deceptive practices.[123] This is at times an inherent part of the cryptocurrency's design.[124] Pre-mining refers to the practice of generating the currency before its released to the public.[125]
FTX and Alameda Research founder and CEO Sam Bankman-Fried was indicted by the U.S. District Court for the Southern District of New York in December 2022 and charged with commodities and wire fraud, securities fraud and money laundering, as well as with violating campaign finance laws.[126][127]
Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins are stolen. Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys.[128] A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[129] This method is effective because bitcoin transactions are irreversible.[130]: 57
One virus, spread through the Pony botnet, was reported in February 2014 to have stolen up to $220,000 in cryptocurrencies including bitcoins from 85 wallets.[131] Security company Trustwave, which tracked the malware, reports that its latest version was able to steal 30 types of digital currency.[132]
A type of Mac malware active in August 2013, Bitvanity posed as a vanity wallet address generator and stole addresses and private keys from other bitcoin client software.[133] A different trojan for macOS, called CoinThief was reported in February 2014 to be responsible for multiple bitcoin thefts.[133] The software was hidden in versions of some cryptocurrency apps on Download.com and MacUpdate.[133]
Many types of ransomware demand payment in bitcoin.[134][135] One program called CryptoLocker, typically spread through legitimate-looking email attachments, encrypts the hard drive of an infected computer, then displays a countdown timer and demands a ransom in bitcoin, to decrypt it.[136] Massachusetts police said they paid a 2 bitcoin ransom in November 2013, worth more than $1,300 at the time, to decrypt one of their hard drives.[137] Bitcoin was used as the ransom medium in the WannaCry ransomware.[138] One ransomware variant disables internet access and demands credit card information to restore it, while secretly mining bitcoins.[136]
As of June 2018[update], most ransomware attackers preferred to use currencies other than bitcoin, with 44% of attacks in the first half of 2018 demanding Monero, which is highly private and difficult to trace, compared to 10% for bitcoin and 11% for Ether.[139]
Cryptojacking is the act of exploiting a computer to mine cryptocurrencies, often through websites,[140][141][142] against the user's will or while the user is unaware.[143] One notable piece of software used for cryptojacking was Coinhive, which was used in over two-thirds of cryptojacks before its March 2019 shutdown.[144] The cryptocurrencies mined the most often are privacy coins—coins with hidden transaction histories—such as Monero and Zcash.[141][145]
Like most malicious attacks on the computing public, the motive is profit, but unlike other threats, it is designed to remain completely hidden from the user. Cryptojacking malware can lead to slowdowns and crashes due to straining of computational resources.[146]
Bitcoin mining by personal computers infected with malware is being challenged by dedicated hardware, such as FPGA and ASIC platforms, which are more efficient in terms of power consumption and thus may have lower costs than theft of computing resources.[147]A phishing website to generate private IOTA wallet seed passphrases, and collected wallet keys, with estimates of up to US$4 million worth of MIOTA tokens stolen. The malicious website operated for an unknown amount of time and was discovered in January 2018.[148]
Fraud factories in Asia traffic workers to scam Westerners into buying cryptocurrencies online.[149]
In 2015, two members of the Silk Road Task Force—a multi-agency federal task force that carried out the U.S. investigation of Silk Road—were convicted over charges pertaining to corruption.[150] Former DEA agent, Carl Mark Force, had attempted to extort Silk Road founder Ross Ulbricht ("Dread Pirate Roberts") by faking the murder of an informant. He pleaded guilty to money laundering, obstruction of justice, and extortion under color of official right, and was sentenced to 6.5 years in federal prison.[150] Former U.S. Secret Service agent, Shaun Bridges, pleaded guilty to crimes relating to his diversion of $800,000 worth of bitcoins to his personal account during the investigation, and also separately pleaded guilty to money laundering in connection to another cryptocurrency theft. Bridges was sentenced to almost eight years in federal prison.[151]
Gerald Cotten founded QuadrigaCX in 2013, after graduating from the Schulich School of Business in Toronto. Cotten was acting as the sole curator of the exchange. Quadriga had no official bank accounts since banks at the time had no method of managing cryptocurrency. In late 2018, Canada's largest crypto exchange QuadrigaCX lost US$190 million in cryptocurrency when the owner died; he was the only one with knowledge of the password to a storage wallet. The exchange filed for bankruptcy in 2019.[152]
In 2018, Ellis Pinsky, 15 years old, was accused of orchestrating a scheme to steal millions of dollars worth of cryptocurrencies from Michael Terpin, a prominent cryptocurrency investor. The scheme involved a social engineering technique known as the SIM swap scam. The case attracted significant attention due to Pinsky's young age and the substantial amount of money involved. It raised questions about the security of digital assets and the challenges in regulating and prosecuting crimes in the rapidly evolving world of cryptocurrencies. Pinsky later reached a settlement to return $22 million in cryptocurrency to Terpin.[153][154][155][156][157] In May 2020, Pinsky experienced a home invasion by intruders searching for remaining stolen assets.[158] Michael Terpin, the founder and chief executive officer of Transform Group, a San Juan, Puerto Rico-based company that advises blockchain businesses on public relations and communications, sued Ellis Pinsky in New York on May 7, 2020, for leading a "sophisticated cybercrime spree" that stole US$24 million in cryptocurrency by hacking into Terpin's phone in 2018.[159][160] Terpin also sued Nicholas Truglia and won a $75.8 million judgment against Truglia in 2019 in California state court.[160]
On July 15, 2020, Twitter accounts of prominent personalities and firms, including Joe Biden, Barack Obama, Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Michael Bloomberg and Uber were hacked. Twitter confirmed that it was a coordinated social engineering attack on their own employees. Twitter released its statement six hours after the attack took place. Hackers posted the message to transfer the Bitcoin to a Bitcoin wallet, which would double the amount. The wallet's balance was expected[according to whom?] to increase to more than $100,000 as the message spread among Twitter followers.[161]
In 2021, US Authorities carried out a raid on James Zhong's home in Gainesville, Georgia. Authorities found over 51,000 bitcoin that Zhong had stolen from Silk Road between 2012 and 2013. Through an error on Silk Road, Zhong was able to withdraw more bitcoin than what was initially deposited. He concealed his identity and was able to evade authorities for nearly a decade. Zhong ended up pleading guilty to wire fraud and was sentenced to 1 year and 1 day in prison along with a forfeiture of all bitcoin.[162]
In 2022, the Federal Trade Commission reported that $139 million in cryptocurrency was stolen by romance scammers in 2020.[163] Some scammers target dating apps with fake profiles.[164]
In early 2022, the Beanstalk cryptocurrency was stripped of its reserves, which were valued at more than US$180 million, after attackers had managed to use borrowed US$80 million in cryptocurrency to buy enough voting rights to transfer the reserves to their own accounts outside the system. It was initially unclear if such an exploit of governance procedures was illegal.[165]
Seamless Wikipedia browsing. On steroids.
Every time you click a link to Wikipedia, Wiktionary or Wikiquote in your browser's search results, it will show the modern Wikiwand interface.
Wikiwand extension is a five stars, simple, with minimum permission required to keep your browsing private, safe and transparent.