Vladimir Okhotnikov is an expert in cryptocurrencies and blockchain, an investor, developer of large-scale blockchain projects.
Perhaps every one of those who ever dealt with cryptocurrencies met with fraud attempts. Fortunately, most of them were unsuccessful, but even isolated cases of successful fraud greatly enriched the scammers. Almost every day we can see reports of the hacking of some crypto exchange or the disappearance of the startup with the funds of investors.
The fraud has gradually evolved from the indiscriminate attacks of individual pirates into the systemic actions of pirate empires, whose IT capabilities are no worse than ones of entire states.
«Crypto fraud is certainly becoming a serious problem. And the wider the penetration of cryptocurrencies into our lives, the more interest they arouse among fraudsters. The problem is that in most cases users do not pay enough attention to security. Although it is not always possible to protect against all IT threats, it is almost always possible to minimize risks and limit losses…»
Vladimir Okhotnikov
Fraud in crypto business has certain features related to the specifics of blockchain and cryptocurrencies. These features allow the scammers to arrange attacks with damage worth hundreds of millions of dollars.
Features of fraud in the crypto business
Cryptocurrencies are by their very nature a unique, unparalleled asset. When Bitcoin appeared, the question arose about its classification as a property. What is it: money, software code, securities, something else?
As long as Bitcoin had a minimal, almost symbolic cost, the relationship to it was quite frivolous — about as the object of some computer game. In case of theft, you could have contacted the police, but at the beginning of 2010s such an applicant would have been treated as a funny freak.
The relationship changed when the public discovered that Bitcoin had acquired real value. Gradually, the regulatory framework formed, and the state began to treat cryptocurrency as a real asset. It was then that scammers found it out interesting for their “business”.
The price of entering the «business»
Imagine that you suddenly decided to engage in financial fraud. For this you will need at least money and access to resources like exchanges. The price of entering this illegal business is quite high. Everything is much easier with cryptocurrency. To start a criminal career, you need just an Internet computer.
This availability has attracted to the «market» of fraud many neophytes with excellent IT-training. An additional «benefit» was that you didn’t have to date the victim. Sit in front of your display, type and earn!
Gradually the qualifications of fraudsters have grown, and their business became a full-fledged industry.
The anonymity
An additional advantage of crypto-fraudsters became limited opportunities to identify intruders. Many cryptocurrencies, and especially Bitcoin, were originally created based on the principle of anonymity. Theoretically, intelligence agencies have learned to identify the real owners of bitcoin wallets, but this process is complex, slow and difficult to reproduce.
Decentralized blockchains like Bitcoin cannot be negotiated about providing information or blocking wallets, they simply have no one to negotiate with, they have no operators. Therefore, the investigation of crypto-crimes is technically difficult and not always possible. Billions of dollars of hacks remain unsolved. It is known on which wallet the stolen bitcoins are, but the secret services have not yet managed to get access to them and determine who owns them.
Cross-border nature of cryptocurrencies
In terms of cryptocurrency technology, there are no borders. Some states try to ban cryptocurrency transactions or block access to crypto wallets, but this turns out to be insufficiently convincing. A perfect lock is possible when the Internet is completely shut down.
If you have been robbed of money from your bank account, then the transaction chain is theoretically traceable to the final recipient. This is particularly effective after the very notion of «bank secrecy» has virtually disappeared.
Bitcoin is not tied to a specific country, it exists outside of political geography, this creates fundamental difficulties in the investigation of «cryptocurrency» crimes.
Criminals and law enforcement personnel face unequal conditions: police are confined within national boundaries, meanwhile scammers operate around the world. If the scammers are in North Korea, for example, their pursuit becomes hopeless.
Taking into account the reality of our world, it would be difficult to expect that the situation would soon be remedied.
Fraud technologies
Hacker attacks
Cryptocurrency and blockchain are associated with security. They are attributed to almost absolute reliability. This is at least inaccurate. This attitude promotes frivolity towards personal safety and, consequently, loss of funds.
Indeed, the blockchain itself is a technology with the highest degree of protection. Bitcoin blockchain has been regularly attacked by hackers since its inception. Hackers fail every time, although billions are at stake.
However, cryptocurrency projects using Bitcoin blockchain have lost funds many times. Hackers have successfully attacked most crypto exchanges and trading crypto sites.
Is it a paradox?
Not at all.
Hackers don’t waste time breaking a blockchain. Why crack a safe when you can steal keys? The software of cryptocurrency exchanges is far from perfect, attackers used various vulnerabilities, decrypted secret keys and got access to wallets — hot and cold.
The same applies to private crypto wallets. No one will attempt to crack the source code of your wallet. But you can try to get into your computer, dig in it and find a seed phrase. The habit of keeping confidential information on your hard drive is, alas, indelible...
The hacker software allows you to determine which keys you press by typing a password, to listen and to watch you. If you try from an infected computer to enter your wallet, you are likely to lose money.
The recommendations are very simple:
- Keep your computer hygiene. Check your devices for viruses and Trojans, use a proven VPN, preferably, use a dedicated computer or smartphone to login to your wallet.
- Do not keep large funds in the accounts of the crypto exchange and in general on hot wallets. Remember: they, even with a small probability, are vulnerable.
«You trust crypto exchanges, and you believe that your crypto wallet funds are safe. And all of a sudden, you find your accounts empty... even though you’ve been observing every possible security measure. Unfortunately, the protection of many sites is far from perfect and the attacker manages to break through it. It is sad, and this must be remembered. The only recommendation is not to store the crypto in one place, especially on the stock exchange accounts. Diversify your storage locations, this reduces possible losses...»
Vladimir Okhotnikov
Social engineering
In order to get confidential information from you, it is not necessary to engage in «classic» hacking. Sometimes it is enough to have a short conversation on the phone, and you willingly give out everything they need to access your money. Social engineering technologies are not necessarily related to cryptocurrencies. The main goal of the intruders is to enter into trust and force the person to perform the necessary actions.
«Sometimes victims of social engineering are accused of excessive gullibility. How can one so trust a voice from a phone and follow its instructions? In fact, we’re dealing with professionals with psychic intervention technologies. This can be compared to susceptibility to hypnosis. Is it possible to resist such psychological pressure? Yes, it is possible. It is crucial to understand that you can become a potential victim and treat with suspicion all calls from strangers...»
Vladimir Okhotnikov
Such social engineering is not the work of one person, but of entire professional teams. Large-scale call centres are organized, and their operators work with specially designed scripts to negotiate with users.
And here comes another dimension of telephone fraud. Very often the callers know the person’s personal information, which certainly increases confidence. Unfortunately, leaks of personal data are our reality. Banks, mobile operators, and various services are regularly exposed by hackers and lose customer data, which goes to the black market.
So much for the synergy between hackers and phone scammers.
«Perspective Startup»
Imagine, you will learn about a very promising start-up that will bring high returns to investors in the future. Everything is organized very seriously and beautifully: advertising on respectable resources, the face of the project is a media person — athlete, artist, blogger. Presentations are held, business plans are demonstrated. You can see that serious people have already invested in the project. You make the decision and you invest in the project.
However, the project suddenly stops. The site is inaccessible, social networks are not updated, phones and messengers are silent. The accounts of the startup disappear and the managers disappear without a trace. The record was set by the brothers Amir and Race Cagey, the founders of the Africrypt platform. In 2021, they disappeared, taking home 69,000 bitcoins belonging to clients. At the current rate, this is about $3 billion.
However, startup closures can be less dramatic. The organizers admit that nothing worked out and... go to organize a new start-up. Clients will try to recover their investment, and maybe they will be able to return something. Now, one by one, there are claims to the «stars» who carelessly laminated failed projects.
«In fact, it is very difficult for a private investor to understand that he is dealing with a fraudulent project, especially if such a project is professionally organized. It is also impossible to rely unequivocally on the opinion of state authorities. The SEC, for example, in principle considers all cryptocurrency projects fraudulent. The only solution I see is a real uniting of the crypto community and the self-purification of the industry. Only professionals will be able to distinguish projects that have a natural business risk from fraudulent projects...»
Vladimir Okhotnikov
Pump and dump
“Pump and dump” is a classic type of fraud, well known for stock trading securities. The availability of cryptocurrency exchanges allowed fraudsters to massively apply this scheme.
The technology is simple: choose a cheap asset and start inflating it. Scammers on the stock exchange buy it themselves and immediately sell it to themselves, gradually increasing the price. Stock price of the asset grows. Traders see growth and start investing in assets. When it grows significantly, the organizers arrange a sale and exit with a profit. Traders caught on «Pump and dump» remain with an asset that is rapidly depreciating.
In the classic form, junk securities were chosen as an asset, and on crypto exchanges scammers «worked» with cryptocurrencies.
For a hundred years of stock trading tactics to counteract «Pump and dump» have been well developed, traders just need to comply with basic security rules.
«It’s important not to get carried away. Remember, if a newly released cryptocurrency suddenly starts to rise sharply, remember that at any moment it can fall just as sharply. Before investing, assess the risks!»
Vladimir Okhotnikov
Any business can face fraud, especially one so young as the crypto business. In many ways, it is a childhood development disease. Sooner or later, technologies will be developed to counter fraudulent schemes, and the situation will normalize. However, it is important that countermeasures come not from states and regulators, but from the crypto community itself. Otherwise, there is a risk of falling under the pressure of excessive regulation, which will dramatically affect the development of the crypto business.
