Chapter 2: Cryptocurrency and crime
The article "Cryptocurrency and Crime" provides many prominent incidents of cybercrime that are associated with the theft (or the otherwise unlawful acquisition) of cryptocurrency as well as some of the techniques or security weaknesses that are often exploited. It is a kind of cybercrime that is special to cryptocurrencies and has been used on websites to steal a victim's resources and use them for hashing and mining cryptocurrency. Cryptojacking may be thought of as a sort of resource theft.
Chainalysis, a company that specializes in the analysis of blockchain data, estimates that illegal activities such as cybercrime, money laundering, and the financing of terrorist organizations accounted for only 0.15 percent of all cryptocurrency transactions in 2021, which equaled a total of $14 billion.
Offline wallets, software wallets compatible with a variety of operating systems and browsers, and hardware wallets are the numerous forms of cryptocurrency wallets that are now available. These wallets provide varying degrees of protection.
There are brand new exploits that are specific to blockchain transactions that have the goal of producing unwanted results for the parties on the other end of a transaction. The transaction malleability problem is one of the most well-known Bitcoin flaws that opens the door to the potential of exploits being used against Bitcoin.
In 2018, scams, theft, and fraud were responsible for the loss of around US$1.7 billion worth of cryptocurrencies. The total amount of such losses reached $1.2 billion in the United States during the first quarter of 2019.
The following are notable instances of cryptocurrency exchanges being compromised, which resulted in the loss of cryptocurrencies:
Bitstamp was the victim of a theft in 2015 in which digital coins worth $5 million USD were taken.
Mt. Gox was the victim of a theft that totaled US$350 million worth of bitcoin between 2011 and 2014.
Users were compensated for the loss of US$72 million that occurred in 2016 as a result of an exploit using Bitfinex's exchange wallet.
Nicehash, a cryptocurrency exchange based in Slovenia, said on December 7 that cybercriminals had stolen almost $70 million from the business by taking control of one of its computers.
After experiencing two hacks throughout the course of 2017, the owner of the South Korean cryptocurrency exchange Youbit, Yapian, filed for bankruptcy on December 19th, 2017. Customers were still allowed access to 75% of their assets despite the disruption.
During the year 2018, cryptocurrency valued at around $400 million US dollars was stolen from Coincheck.
In May of 2018, unknown cybercriminals took control of Bitcoin Gold transactions and exploited them inappropriately. It is believed that exchanges lost $18 million, and Bittrex removed Bitcoin Gold from its platform when it failed to pay its proportionate part of the losses.
The cryptocurrency exchange Coinrail in South Korea was hacked in June of 2018, resulting in the loss of roughly $37 million worth of cryptocurrencies.
The cryptocurrency exchange Bancor, whose source code and fundraising efforts have previously been the topic of debate, had $23.5 million worth of bitcoin stolen on July 9, 2018.
In September of 2018, Zaif reported the theft of US$60 million worth of Bitcoin, Bitcoin Cash, and Monacoin.
Binance The year 2019 saw the theft of cryptocurrency valued a total of $40 million USD.
It is believed that the creators of Africrypt fled the country in June 2021 with Bitcoin valued around US$3.6 billion.
In August of 2021, PolyNetwork (DeFi) was the victim of a heist that caused a loss of $611 million USD.
A bitcoin exchange located in Japan In August of 2021, the security of Liquid was breached, culminating in the theft of digital currency worth a total of $97 million USD.
A theft in the amount of US$29 million occurred at Cream Finance in August of 2021, and another theft in the amount of $130 million occurred on October 28 of 2021.
On December 2, 2021, A front-end assault caused users of the BadgerDAO DeFi to lose a total of about $118,500,000 worth of bitcoin and $679,000 worth of ethereum tokens.
Injecting a malicious script into the web interface of the Cloudflare content delivery network was made possible since the API key for the account had been hijacked.
BadgerDAO "paused" all smart contracts due to user complaints.
The cryptocurrency exchange BitMart had a breach of two of its wallets on December 6, 2021, which resulted in the loss of around $135 million worth of Ethereum and an estimate of approximately $46 million worth of other cryptocurrencies.
Users of VulcanForge experienced a loss of around $135M worth of PYR on December 12, 2021 as a result of many wallets being compromised. Participating centralized exchanges have been informed of the attack, and they have committed to recovering any monies that were fraudulently deposited after the incident.
On January 27, 2022, Qubit Finance (DeFi) suffered a loss of about $80M worth of Binance Coin as a result of a defect in the smart contract that permitted withdrawal of the aforementioned amount in return for a deposit of 0 ETH. The incident occurred on January 27.
Two separate breaches of security have been discovered on the Parity Wallet, resulting in a total of 666,773 ETH being misplaced or stolen.
The following are examples of notable thefts of power committed in order to mine proof-of-work cryptocurrencies:
In February 2021, the police in Malaysia arrested six individuals for their involvement in a Bitcoin mining enterprise that was responsible for the theft of two million dollars' worth of power.
In July of 2021, officials in Ukraine raided an underground gaming and cryptocurrency farm, accusing its operators of stealing a monthly average of 259,300 dollars' worth of power.
In July of 2021, the authorities in Malaysia demolished 1,069 bitcoin mining devices on the suspicion that they were stealing power from the grid.
It was discovered in May of 2021 by Western Power Distribution that an unlawful connection had been made to the energy supply, which led to the closure of the alleged bitcoin mine by the UK authorities.
There have been a number of instances of theft with bitcoin. Bitstamp, which is situated in the United Kingdom and is the third busiest bitcoin exchange worldwide, was hacked in January of 2015, and the perpetrators made off with bitcoins worth $5 million USD.
An vulnerability in the initial smart contracts used by Ethereum led to several transactions in 2016, which resulted in an extra US$50 million being created. This occurrence is known as the DAO event. After that, the cryptocurrency split into two different versions: Ethereum Classic and Ethereum, with the latter continuing to use the updated blockchain that does not include the transactions that were abused.
Tether said on the 21st of November, 2017, that it had been the victim of a breach, which resulted in the theft of $31 million worth of USDT from its main treasury wallet. The corporation has "marked" the stolen money in the hopes of "locking" it away in the hacker's wallet (making them unspendable).
In the year 2022, cybercriminals constructed a signature account on a blockchain bridge known as "Wormhole" and used it to steal ether worth more than $300 million.
In 2014, Josh Garza launched the cryptocurrency enterprises GAW Miners and ZenMiner. In 2015, he pled guilty to wire fraud and confessed in a plea deal that the companies were involved in a pyramid scheme. Garza was subsequently compelled to pay a judgment of US$9.1 million plus US$700,000 in interest after being subjected to a separate civil enforcement action that was conducted against him by the United States Securities and Exchange Commission. According to the complaint filed by the SEC, Garza had engaged in fraudulent activity by selling "investment contracts representing shares in the profits they claimed would be created" from mining via the firms he controlled. The fraud made it seem as if it could guarantee a return on investment via the employment of a "crypto trading bot." In practice, however, there was no such process put into place; rather, a commission was given to a network of promoters in order to bring in new investors. Glenn Arcaro, the primary promoter, entered a guilty plea to the criminal counts.
OneCoin was a major global multi-level marketing Ponzi scam that was presented as (but did not include) a cryptocurrency. The fraud was responsible for losses of US$4 billion around the globe. In 2018 and 2019, authorities apprehended a number of individuals suspected of involvement in the operation.
Malware may be used to steal the private keys of bitcoin wallets, which then makes it possible to steal the bitcoins itself. The most prevalent form scans computers in search of cryptocurrency wallets, which are then uploaded to a remote server. Once there, the wallets are cracked, and the funds they contain are stolen. The majority of them also record passwords by logging keystrokes, which eliminates the need to hack the keys in many cases.
There are several varieties of ransomware, and many of them demand payment in bitcoin. One variation of ransomware would lock users out of their internet connection, ask for their credit card details in order to regain access, and mine bitcoins in the background.
In June of 2011, Symantec issued a warning regarding the potential for botnets to secretly mine for bitcoins.
A phishing website that was used to create private IOTA wallet seed passphrases was responsible for the collection of wallet keys, which...
