News emerged overnight of the potential theft of more than US$326 million (A$457.7 million) of Ethereum tokens from a blockchain bridge (which connects two blockchains so cryptocurrency can be exchanged between them).
It’s no surprise. Crypto crime has been on the rise – especially since the pandemic began. How are these crimes committed? And what can you do to stay ahead of scammers?
Direct theft vs scams
There are two main ways criminals obtain cryptocurrency: stealing it directly, or using a scheme to trick people into handing it over.
In 2021, crypto criminals directly stole a record US$3.2 billion (A$4.48 billion) worth of cryptocurrency, according to Chainalysis. That’s a fivefold increase from 2020. But schemes continue to overshadow outright theft, enabling scammers to lure US$7.8 billion (A$10.95 billion) worth of cryptocurrency from unsuspecting victims.
Crypto crime is a fast-growing enterprise. The rise of the crypto economy and decentralised finance (or DeFi), coupled with record cryptocurrency prices in 2021, has provided criminals with lucrative opportunities.
Australian data confirm the global trends. The Australian Consumer and Competition Commission reported more than A$26 million was lost to scams involving cryptocurrency in 2020 from 1,985 reports. In December, federal police told the ABC crypto scam losses for 2021 exceeded A$100 million. That’s despite many incidents likely left unreported, often due to embarrassment by victims.
Theft from exchanges
Most consumers obtain cryptocurrency from an exchange. This involves opening an account and depositing currency, such as Australian dollars, before converting it to a chosen cryptocurrency.
Typically the cryptocurrency is held in a “custodial wallet”. That means it’s assigned to the consumer’s account, but the private keys that control the cryptocurrency are held by the exchange. In other words, the exchange stores the cryptocurrency on the consumer’s behalf.
But just as a bank doesn’t hold all of its deposits in cash, an exchange will only hold enough cryptocurrency in “hot” wallets (connected to the internet) to facilitate customer transactions. For security, the remainder is held in “cold” wallets (not connected to the internet).
Unlike a bank, however, the government does not have a financial claims scheme to guarantee cryptocurrency deposits if the exchange goes bust.
The recent BitMart hack is a cautionary tale. On December 4, the exchange announced it had “identified a large-scale security breach” resulting in the theft of about US$150 million (A$210.6 million) in crypto assets from hot wallets.
BitMart temporarily suspended withdrawals and later promised it would use its “own funding to cover the incident and compensate affected users”. It’s unclear when this will happen, with the CNBC reporting in January that customers were still unable to access their cryptocurrency. BitMart wasn’t the first exchange to be hacked, and it won’t be the last.
Similarly, consumers may be left with losses if an exchange fails for commercial reasons, rather than theft. Australians were left stranded in December when liquidators were appointed over Melbourne-based exchange myCryptoWallet.
One way consumers can protect themselves from exchange theft, or insolvency, is to transfer their cryptocurrency from the exchange to a software wallet (a secure application installed on a computer or smartphone) or a hardware wallet (a hardware device that can be disconnected from the computer and internet).
The cryptocurrency will then be under your direct control. But be warned, if you lose your private keys, you lose your cryptocurrency.
Read more: The metaverse is money and crypto is king – why you'll be on a blockchain when you're virtual-world hopping
Types of scams
Drawing on the ACCC’s latest edition of the Little Black Book of Scams, the following types of scam are commonly observed in the cryptocurrency space, where the scammer is not personally known to the target:
Email phishing
The scammer sends unsolicited emails asking for personal login details, which can be used to steal cryptocurrency. Alternatively, they may offer “prizes” or “rewards” in exchange for a deposit.
Investment scams
The scammer creates a website that resembles a legitimate investment trading platform. It may be a fraudulent copy of a real business, or a completely bogus one. They may even post fake advertisem*nts on social media platforms, with fake celebrity endorsem*nts. In the latest news, billionaire mining magnate Andrew “Twiggy” Forrest has launched criminal proceedings against Meta (previously Facebook) for allowing scam ads using his image.
More sophisticated operations will have multiple scammers emailing and calling victims to give the impression of being a legitimate organisation. After cryptocurrency deposits are made, victims may be able to “trade” on the fake platform but can’t withdraw their supposed earnings. Delay tactics include asking for further deposits to be made for fees or taxes.
Romance scams
The scammer creates a fake profile and matches with victims on a dating app or website. They may then ask for funds to help them with a personal crisis, such as needing a surgery. Or they may say they’re trading cryptocurrency and encourage the target to get involved, leading the victim into an investment scam, as described above.
If a victim doesn’t already have a cryptocurrency exchange account, scammers may also coach them on how to open one. Some will mislead victims into installing remote access software on their computer, granting the scammer direct access to their internet banking or exchange account.
Practical challenges
There are practical legal challenges in the crypto crime environment. While reporting scams can be helpful in providing data and intelligence for regulators and law enforcement, it’s unlikely to result in the recovery of funds.
Taking civil legal action may be possible, too, but identifying perpetrators is difficult. Since cryptocurrency is by its very nature global and decentralised, payments are often made to parties outside of Australia.
So prevention is easier than a cure. The main way to avoid being scammed is to ensure you know exactly who you’re dealing with, transact through a reputable exchange and ensure all the channels you go through are verified. If an offer sounds too good to be true, it almost certainly is.
Regulation on the horizon
In Australia, cryptocurrency exchanges must be registered with AUSTRAC, in compliance with anti-money laundering and counter-terror financing obligations. But there are currently no other licensing requirements (such as capital requirements or cybersecurity, for example).
Last year, the Senate Select Committee into Australia as a Technology and Financial Centre recommended a more comprehensive licensing framework. The Australian government agreed with the recommendation, and the federal treasury department is due to begin consulting on what this will look like.
Mandatory measures to curb cryptocurrency crime at the exchange level will likely be high on the agenda.
FAQs
Some people store private keys in digital repositories like cloud drives and exchanges. Unfortunately, this increases their hacking and theft vulnerability. Once thieves have acquired the private keys, they can use them to access and even transfer Bitcoin holdings.
How do you ensure safety of cryptocurrency? ›
Create strong passwords for your crypto exchange and wallet accounts. Consider using two-factor authentication (2FA) for even more security. Always keep your password and private crypto keys secure. Keep your finances private — do not brag about your crypto or investments.
Is crypto being used by criminals? ›
They are also widely used as a means of payment for illegal goods and services offered online and offline. Money laundering is the main criminal activity associated with the illicit use of cryptocurrencies.
What is crypto theft? ›
Cryptojacking is a form of cybercrime specific to cryptocurrencies that has been used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrencies.
Why are criminals using crypto? ›
The anonymity of cryptocurrency accounts has previously made them attractive to criminals on the dark web, the portion of the internet only accessible through special software and popular among cybercriminals.
How criminals get their hands on millions in crypto? ›
There are two main ways criminals obtain cryptocurrency: stealing it directly, or using a scheme to trick people into handing it over.
How much crypto gets stolen every day? ›
Shobhit Seth is a freelance writer and an expert on commodities, stocks, alternative investments, cryptocurrency, as well as market and company news.
How are people scamming with crypto? ›
There are several ways that thieves and scammers can get your cryptocurrency or trick you into giving it to them. Crypto scams often aim to gain private information such as security codes or trick an unsuspecting person into sending cryptocurrency to a compromised digital wallet.
Which security measure is most commonly used to protect users of cryptocurrency? ›
Enable two-factor authentication
Most crypto wallets feature two-factor authentication, a process used to verify user identities during the login process.
Can police do anything about stolen crypto? ›
Investigators can trace transactions to cryptocurrency exchange locations or other “choke points” that require the user to sign up using their true identification. From this point, the law enforcement officer can get a warrant to force the exchange to divulge the real identity of the account owner.
As of early 2022, illicit addresses hold at least $10 billion worth of cryptocurrency, with the vast majority of this held by wallets associated with cryptocurrency theft. Addresses associated with darknet markets and with scams also contribute significantly to this figure.
Who went to jail for crypto? ›
Sam Bankman-Fried, the founder of failed crypto exchange FTX, was arrested in the Bahamas on Monday after US prosecutors filed criminal charges against him, according to a statement from the government of the Bahamas.
Why is crypto so high risk? ›
Crypto is a high-risk investment. The value of crypto is very volatile, often fluctuating by huge amounts within a short period. More than with any other investment, you must be prepared to lose what you invest.
What happens if your crypto is stolen? ›
Experienced blockchain searchers will investigate the theft and see if they can recover the funds for a price. Sites like Bitcoin Bounty Hunter are a good place to start. However, these services can often be expensive and often don't provide any more information than what is already publicly available.
Why crypto is a risk? ›
A cryptocurrency's value can change constantly and dramatically. An investment that may be worth thousands of dollars today could be worth only hundreds tomorrow. If the value goes down, there's no guarantee that it will rise again. Nothing about cryptocurrencies makes them a foolproof investment.
Why governments are afraid of crypto? ›
In the end, some governments do not want to lose control over currencies because they cannot track down illegal activities that individuals will carry out with the cryptocurrency. Therefore, some economies fear this virtual currency.
Why are people scared of crypto? ›
-It's not safe, and it's a bad currency. There are millions of people in the US who would call Bitcoin not safe for investment. They fear that their investment might go wrong. Bitcoin is the oldest and the largest Cryptocurrency in market capitalization, yet people fear investing in Bitcoin.
Why do rich people invest in crypto? ›
The benefits of investing in digital currency are great, from swift transactions and increased privacy to year-round investment opportunities and protection from inflation. As such, the global cryptocurrency market has become the fastest-growing market seen in our lifetime.
Do rich people control crypto? ›
Those top players represent a mere 0.01% of all bitcoin holders and yet they control 27% of the digital currency, the Wall Street Journal reported. That compares to the old-fashion dollar, where the top 1% controlled 30% of total U.S. household wealth, according to Federal Reserve data.
How do crypto hackers cash out? ›
A major way criminals in the crypto world launder money is by sending digital assets across blockchains, bypassing a centralized service that can trace and freeze transactions. They use so-called cross-chain bridges to make it happen, and the dollar amounts are getting large.
Many people have become crypto millionaires because they've, well, bought low and sold high. But there are also various kinds of crypto millionaires, the crypto entrepreneurs who have the necessary business acumen to create world-changing solutions.
Can the government seize your crypto? ›
After meeting probable-cause and burden-of-proof requirements, law enforcement can get seizure warrants for any illicit funds that eventually land on compliant exchanges—and many funds eventually do.
Will Coinbase refund if scammed? ›
With an active Coinbase One subscription, you may be eligible to receive a one-time reimbursem*nt for up to $1,000,000 (U.S. Dollars) of actual losses (or the U.S. Dollar equivalent thereof, in the case such losses were in the form of Digital Currency) that you sustain due to a compromise of your Coinbase Account login ...
Can the government garnish cryptocurrency? ›
In the United States, the precise legal status of cryptocurrency is not settled, but since 2014, the IRS has considered cryptocurrency to be "property" for purposes of federal taxes. This suggests that, like other property, it can be seized by a judgment creditor.
Can you go to jail for crypto scamming? ›
Here's the good news: Only in the last few years, crypto scammers have faced 18 months in prison, 15 years, 115 years — and even 40,000 years. Yes, really, 40,000.
Can crypto steal your identity? ›
Cybercriminals may create fake websites and apps, complete with names that are nearly identical to well-known and trusted cryptocurrency services. If you mistake these websites for the real thing and enter your personal or account information, the scammers may be able to steal your identity or cryptocurrency.
Is crypto based on real money? ›
Instead of being physical money carried around and exchanged in the real world, cryptocurrency payments exist purely as digital entries to an online database describing specific transactions. When you transfer cryptocurrency funds, the transactions are recorded in a public ledger.
What are the 5 security measures? ›
5 Security Measures You Need to Protect Your IT Infrastructure
- 1) Ransomware Protection/DRaaS. ...
- 2) DDoS Protection. ...
- 3) Continuous Data Protection (CDP) ...
- 4) Firewall as a Service. ...
- 5) Monitoring Solution. ...
- A Smart Approach to Comprehensive Security.
Security of Cryptocurrency Accounts
Because cryptocurrency is not strictly controlled, there is no way to recover it if a private key is stolen. Crypto investing is riskier than regular investments since investors are the only ones responsible for keeping their private keys safe and out of the reach of hackers.
What are 3 security measures? ›
There are three primary areas or classifications of security controls. These include management security, operational security, and physical security controls.
Representatives from both the SIPC and the FDIC confirmed that neither currently insures crypto assets. That means there's no federal protection for your cryptocurrency.
Has anyone recovered stolen crypto? ›
While individuals have come to trust several crypto wallets and exchanges in order to carry out transactions securely, if your crypto assets are lost, hacked or stolen, there is usually no way to recover your funds.
Who is behind cryptocurrency? ›
Satoshi Nakamoto is a pseudonym for the person or people who helped develop the first bitcoin software and introduced the concept of cryptocurrency to the world in a 2008 paper. Nakamoto remained active in the creation of bitcoin and the blockchain until about 2010 but has not been heard from since.
How did the FBI get Bitcoin back? ›
Officials said Colonial Pipeline having immediately alerted the bureau to its May 9 payment to DarkSide - and the precise bitcoin address to which it transferred cryptocurrency - helped the FBI recover some of the proceeds.
What are the main use cases for crypto? ›
Here are what we believe to be the most pertinent blockchain use cases for enterprises, institutions, and governments.
- Capital Markets. ...
- Central Bank Digital Currencies CBDC. ...
- Decentralized Finance (DeFi) ...
- Digital Identity. ...
- Energy and Sustainability. ...
- Finance. ...
- Global Trade and Commerce. ...
- Government and the Public Sector.
The cryptocurrency market isn't sustainable—it's driving climate change with its reliance on dirty energy. Ever since the creation of Bitcoin in 2009, the cryptocurrency market has staked its claim as the 21st century gold rush.
Who is the king of Cryptocurrency? ›
Sam Bankman-Fried became an official billionaire in 2021, thanks to his secondary and more high-profile business, FTX. The crypto exchange grew to be the second largest in the world and a titan of the industry, seeing $10-$15bn traded a day.
Did the creator of Bitcoin go to jail? ›
Charlie Shrem was sentenced to two years in prison and three years of supervised release for his involvement with the black-market trading of Bitcoin. He served one year of his sentence before being released in 2016.
Can you go to jail for Bitcoin? ›
Criminal Liability With Bitcoin
In one case, an entrepreneur who ran a service facilitating Bitcoin transactions pled guilty and served time in federal prison for facilitating the purchase of illegal drugs on Silk Road using Bitcoin.
Can someone steal my crypto with my wallet address? ›
Your crypto addresses are safe to display anywhere you would like to accept tips, payments, or donations. It is not possible to steal digital currency with a public address alone.
Hackers have already stolen nearly $2 billion worth of cryptocurrency in 2022 — and the year is only half over. As of July, $1.9 billion in crypto has been stolen by cybercriminal hacks, according to Chainalysis' “Mid-year Crypto Crime Update.”
Can I claim stolen crypto as a loss? ›
Unfortunately, if you no longer retain ownership of the crypto, there is no clear method for claiming theft losses. In 2018 the IRS clarified that the only losses allowed to be written off with Form 4686 (Casualties and Thefts) were those assets lost as a result of a federally declared disaster.
How do people get scammed crypto back? ›
Report The Scam To The Law Enforcement Authorities
Typically, when you report a scam, the government will track down the criminals and get your funds back for you. Hence, don't hesitate to work with your government.
Can police track a crypto wallet? ›
Does the government know who owns Bitcoin? At the basis of cryptocurrencies like Bitcoin (BTC) stands blockchain technology. A fundamental characteristic of blockchain technology is transparency, meaning that anyone, including the government, can observe all cryptocurrency transactions conducted via that blockchain.
Can the government track my crypto wallet? ›
Yes, the government (and anyone else) can track Bitcoin and Bitcoin transactions. All transactions are stored permanently on a public ledger, available to anyone. All the government needs to do is link you to your wallet or transaction.
Can government seize your crypto wallet? ›
Collection – Law enforcement must have its own bitcoin wallet to store seized bitcoins. If the bitcoin wallet is not encrypted, law enforcement has complete access (provided proper warrants have been obtained for the seizure of the device).
What is the biggest hack in crypto? ›
Here are the five biggest breaches that we know about from 2022.
- Ronin Network — $625 million.
- Wormhole Bridge — $325 million.
- Nomad Bridge — $190 Million.
- Beanstalk Farms — $182 million.
- Wintermute — $162 million.
As a digital currency, there is no way to track or identify who is sending or receiving Bitcoin. This is a perfect way for a scammer to receive a lot of money with no way of tracing it back to them.
What happens to Bitcoin if the Internet goes down? ›
The bitcoin blockchain will stop synchronizing in the event of an internet shutdown. The ledgers will immediately stop recording bitcoin transactions, leading to a temporary break in transaction processing. The network will resume if the transactions are consistent.
Who can recover stolen crypto? ›
Hire a bounty hunter - If you are willing to pay a decent amount for the return of your funds there are websites where you can post a bounty. Experienced blockchain searchers will investigate the theft and see if they can recover the funds for a price. Sites like Bitcoin Bounty Hunter are a good place to start.
CipherBlade specializes in blockchain forensics and tracking Bitcoin, Ethereum and other cryptocurrencies in investigations.
Can I get my bitcoin back if I was scammed? ›
The advice and offers to help you invest in cryptocurrency are nothing but scams. If you send them crypto, or money of any kind, it'll be gone, and you typically won't get it back.
Can scammed money be recovered? ›
The Financial Conduct Authority has rules on how this must be handled by the bank. You should get your money back if the payment was within the last 13 months, the bank can't prove that you authorised the payment and that the bank does not believe that you acted with gross negligence.
