Cryptocurrency and crime
Cryptocurrency and crime describes attempts to obtain digital currencies by illegal means, for instance through phishing, scamming, a supply chain attack or hacking, or the measures to prevent unauthorized cryptocurrency transactions, and storage technologies. In extreme cases even a computer which is not connected to any network can be hacked.
Cryptocurrency security technologies
There are various types of cryptocurrency wallets available, with different layers of security, including devices, software for different operating systems or browsers, and offline wallets.
In 2018, around US$1.7 billion in cryptocurrency was lost due to scams theft and fraud. In the first quarter 2019, the amount of such losses was US$1.2 billion.
Notable cryptrocurrency exchange hacks, resulting in the theft of cryptocurrencies include:
- Bitstamp In 2015 cryptocurrencies worth $5 million were stolen
- Mt. Gox Between 2011 and 2014, $350 million worth of bitcoin were stolen
- Bitfinex In 2016, $72 million were stolen through exploiting the exchange wallet, users were refunded.
- NiceHash In 2017 more than $60 million worth of cryptocurrency was stolen.
- Coincheck NEM tokens worth $400 million were stolen in 2018
- Zaif $60 million in Bitcoin, Bitcoin Cash and Monacoin stolen in September 2018
- Binance In 2019 cryptocurrencies worth $40 million were stolen.
In 2016, known as the DAO event, an exploit in the original Ethereum smart contracts resulted in multiple transactions, creating additional $50 million. Subsequently, the currency was forked into Ethereum Classic, and Ethereum, with the latter continuing with the new blockchain without the exploited transactions.
In 2017, Tether announced they were hacked, losing $31 million in USTD from their primary wallet. The company has 'tagged' the stolen currency, hoping to 'lock' them in the hacker's wallet (making them unspendable).
One type of theft involves a third party accessing the private key to a victim's bitcoin address, or of an online wallet. If the private key is stolen, all the bitcoins from the compromised address can be transferred. In that case, the network does not have any provisions to identify the thief, block further transactions of those stolen bitcoins, or return them to the legitimate owner.
Theft also occurs at sites where bitcoins are used to purchase illicit goods. In late November 2013, an estimated $100 million in bitcoins were allegedly stolen from the online illicit goods marketplace Sheep Marketplace, which immediately closed. Users tracked the coins as they were processed and converted to cash, but no funds were recovered and no culprits identified. A different black market, Silk Road 2, stated that during a February 2014 hack, bitcoins valued at $2.7 million were taken from escrow accounts.
Sites where users exchange bitcoins for cash or store them in "wallets" are also targets for theft. Inputs.io, an Australian wallet service, was hacked twice in October 2013 and lost more than $1 million in bitcoins. GBL, a Chinese bitcoin trading platform, suddenly shut down on 26 October 2013; subscribers, unable to log in, lost up to $5 million worth of bitcoin. In late February 2014 Mt. Gox, one of the largest virtual currency exchanges, filed for bankruptcy in Tokyo amid reports that bitcoins worth $350 million had been stolen. Flexcoin, a bitcoin storage specialist based in Alberta, Canada, shut down in March 2014 after saying it discovered a theft of about $650,000 in bitcoins. Poloniex, a digital currency exchange, reported in March 2014 that it lost bitcoins valued at around $50,000. In January 2015 UK-based bitstamp, the third busiest bitcoin exchange globally, was hacked and $5 million in bitcoins were stolen. February 2015 saw a Chinese exchange named BTER lose bitcoins worth nearly $2 million to hackers.
A major bitcoin exchange, Bitfinex, was hacked and nearly 120,000 bitcoins (around $60M) was stolen in 2016. Bitfinex was forced to suspend its trading. The theft is the second largest bitcoin heist ever, dwarfed only by Mt. Gox theft in 2014. According to Forbes, "All of Bitfinex's customers,... will stand to lose money. The company has announced a cut of 36.067% across the board." Following the hack the company refunded customers. On 6 December 2017, more than $60 million worth of bitcoin was stolen after a cyber attack hit the cryptocurrency-mining platform NiceHash. According to the CEO Marko Kobal and co-founder Sasa Coh, bitcoins worth US$64 million were stolen, although users have pointed to a bitcoin wallet which held 4,736.42 bitcoins, equivalent to $67 million.
On May 7, 2019, hackers stole over 7000 Bitcoins from the Binance Cryptocurrency Exchange, at a value of over 40 million US dollars. Binance CEO Zhao Changpeng stated: "The hackers used a variety of techniques, including phishing, viruses and other attacks.... The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time."
Thefts have raised safety concerns. Charles Hayter, founder of digital currency comparison website CryptoCompare said, "It's a reminder of the fragility of the infrastructure in such a nascent industry." According to the hearing of U.S. House of Representatives Committee on Small Business on April 2, 2014, "these vendors lack regulatory oversight, minimum capital standards and don't provide consumer protection against loss or theft."
The Parity Wallet has had two security incidents amounting to 666,773 ETH lost or stolen. In July 2017, due to a bug in the multisignature code, 153,037 ETH (approximately US$32 million at the time) were stolen. In November 2017, a subsequent multisignature flaw in Parity caused 513,774 (about US$150 million at the time) to be frozen. As of March 2019, the funds were still blocked.
Josh Garza, who founded the cryptocurrency startups GAW Miners and ZenMiner in 2014, acknowledged in a plea agreement that the companies were part of a pyramid scheme, and pleaded guilty to wire fraud in 2015. The U.S. Securities and Exchange Commission separately brought a civil enforcement action against Garza, who was eventually ordered to pay a judgment of $9.1 million plus $700,000 in interest. The SEC's complaint stated that Garza, through his companies, had fraudulently sold "investment contracts representing shares in the profits they claimed would be generated" from mining.
Following its shut-down, in 2018 a class action lawsuit for $771,000 was filed against the cryptocurrency platform known as BitConnect, including the platform promoting YouTube channels. Prior fraud warnings in regards to BitConnect, and cease-and-desist orders by the Texas State Securities Board cited the promise of massive monthly returns.
OneCoin was a massive world-wide multi-level marketing Ponzi scheme promoted as (but not involving) a cryptocurrency, causing losses of $4 billion worldwide. Several people behind the scheme were arrested in 2018 and 2019.
Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins stolen. Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys. A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address. This method is effective because bitcoin transactions are irreversible.:57
One virus, spread through the Pony botnet, was reported in February 2014 to have stolen up to $220,000 in cryptocurrencies including bitcoins from 85 wallets. Security company Trustwave, which tracked the malware, reports that its latest version was able to steal 30 types of digital currency.
A type of Mac malware active in August 2013, Bitvanity posed as a vanity wallet address generator and stole addresses and private keys from other bitcoin client software. A different trojan for macOS, called CoinThief was reported in February 2014 to be responsible for multiple bitcoin thefts. The software was hidden in versions of some cryptocurrency apps on Download.com and MacUpdate.
Many types of ransomware demand payment in bitcoin. One program called CryptoLocker, typically spread through legitimate-looking email attachments, encrypts the hard drive of an infected computer, then displays a countdown timer and demands a ransom in bitcoin, to decrypt it. Massachusetts police said they paid a 2 bitcoin ransom in November 2013, worth more than $1,300 at the time, to decrypt one of their hard drives. Bitcoin was used as the ransom medium in the WannaCry ransomware. One ransomware variant disables internet access and demands credit card information to restore it, while secretly mining bitcoins.
As of June 2018[update], most ransomware attackers preferred to use currencies other than bitcoin, with 44% of attacks in the first half of 2018 demanding Monero, which is highly private and difficult to trace, compared to 10% for bitcoin and 11% for Ethereum.
In June 2011, Symantec warned about the possibility that botnets could mine covertly for bitcoins. Malware used the parallel processing capabilities of GPUs built into many modern video cards. Although the average PC with an integrated graphics processor is virtually useless for bitcoin mining, tens of thousands of PCs laden with mining malware could produce some results.
German police arrested two people in December 2013 who customized existing botnet software to perform bitcoin mining, which police said had been used to mine at least $950,000 worth of bitcoins.
For four days in December 2013 and January 2014, Yahoo! Europe hosted an ad containing bitcoin mining malware that infected an estimated two million computers. The software, called Sefnit, was first detected in mid-2013 and has been bundled with many software packages. Microsoft has been removing the malware through its Microsoft Security Essentials and other security software.
Several reports of employees or students using university or research computers to mine bitcoins have been published.
On February 20, 2014, a member of the Harvard community was stripped of his or her access to the University's research computing facilities after setting up a Dogecoin mining operation using a Harvard research network, according to an internal email circulated by Faculty of Arts and Sciences Research Computing officials.
A phishing website to generate private IOTA wallet seed passphrases, collected wallet keys, with estimates of up to $4 million worth of MIOTA tokens stolen. The malicious website operated for an unknown amount of time, and was discovered in January 2018.
In late 2018, Canada's largest crypto exchange QuadrigaCX lost $190 million in cryptocurrency when the owner allegedly died; he was the only one with knowledge of the password to a storage wallet. The exchange filed for bankruptcy in 2019.
Michael Terpin, the founder and chief executive officer of Transform Group, a San Juan, Puerto Rico-based company that advises blockchain businesses on public relations and communications, sued Ellis Pinsky in New York on May 7, 2020, for leading a "sophisticated cybercrime spree" that stole $24 million in cryptocurrency by hacking into Terpin's phone in 2018. Terpin also sued Nicholas Truglia and won a $75.8 million judgment against Truglia in 2019 in California state court.
On July 15, 2020, Twitter accounts of prominent personalities and firms, including Joe Biden, Barack Obama, Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Michael Bloomberg and Uber were hacked. Twitter confirmed that it was a coordinated social engineering attack on their own employees. Twitter released its statement six hours after the attack took place. Hackers posted the message to transfer the Bitcoin in a Bitcoin wallet, which would double the amount. The wallet's balance was expected to increase to more than $100,000 as the message spread among the Twitter followers.
- Air-gap jumpers on cyber.bgu.ac.il
- Chavez-Dreyfuss, Gertrude (30 April 2019). "Cryptocurrency thefts, fraud hit $1.2 billion in first quarter: report". Reuters. Retrieved 8 June 2019. Original reports: Schlabach, Adam (2019-01-29). "Cryptocurrency Anti-Money Laundering Report – Q4 2018". CipherTrace. Retrieved 2019-06-08., Schlabach, Adam (2019-05-01). "Q1 2019 Cryptocurrency Anti-Money Laundering Report". CipherTrace. Retrieved 2019-06-08.
- "More than $60 million worth of bitcoin potentially stolen after hack on cryptocurrency site". Archived from the original on 2017-12-12.
- "Coincheck Says It Lost Crypto Coins Valued at $400 Million". Bloomberg L.P. January 26, 2018.
- Reidy, Gearoid (2018-09-19). "Hackers Steal $60 Million From Japanese Crypto Exchange Zaif". www.bloomberg.com. Retrieved 2018-09-20.
- "Hackers Stole $40 Million from Binance Crypto Exchange". Wired.
- Russell, Jon. "Tether, a startup that works with bitcoin exchanges, claims a hacker stole $31M". TechCrunch. Archived from the original on 2017-11-21. Retrieved 2017-11-22.
- "Bitcoin: Bitcoin under pressure". The Economist. 30 November 2013. Retrieved 30 November 2013.
- Harney, Alexandra; Stecklow, Steve (2017-11-16). "Twice burned - How Mt. Gox's bitcoin customers could lose again". Reuters. Retrieved 2018-09-06.
- Jeffries, Adrianne (19 December 2013). "How to steal Bitcoin in three easy steps". The Verge. Retrieved 17 January 2014.
- Everett, David (April 2012). "So how can you steal Bitcoins". Smartcard & Identity News. Retrieved 17 January 2014.
- Grocer, Stephen (2 July 2013). "Beware the Risks of the Bitcoin: Winklevii Outline the Downside". The Wall Street Journal (Moneybeat). Retrieved 21 October 2013.
- Hern, Alex (9 December 2013). "Recovering stolen bitcoin: a digital wild goose chase". The Guardian. Retrieved 6 March 2014.
- "Silk Road 2 loses $2.7m in bitcoins in alleged hack". BBC News. 14 February 2014. Retrieved 15 February 2014.
- Hern, Alex (8 November 2013). "Bitcoin site Inputs.io loses £1m after hackers strike twice". The Guardian. Retrieved 18 September 2015.
- "When bitcoins go bad: 4 stories of fraud, hacking, and digital currencies". The Washington Post. Archived from the original on 1 January 2015. Retrieved 6 March 2015.
- "MtGox bitcoin exchange files for bankruptcy". bbc.com. BBC. 28 February 2014. Retrieved 18 April 2014.
- Ligaya, Armina (5 March 2014). "After Alberta's Flexcoin, Mt. Gox hacked, Bitcoin businesses face sting of free-wheeling ways". Financial Post. Retrieved 7 March 2014.
- Truong, Alice (6 March 2014). "Another Bitcoin exchange, another heist". Fast Company. Retrieved 7 March 2014.
- Whittaker, Zack (5 January 2015). "Bitstamp exchange hacked, $5M worth of bitcoin stolen". Zdnet. CBS Interactive. Retrieved 6 January 2015.
- Millward, Steven (16 February 2015). "Nearly $2M in bitcoins feared lost after Chinese cryptocurrency exchange hack". techinasia.com. Tech In Asia. Retrieved 18 February 2015.
- Coppola, Frances (6 August 2016). "Theft And Mayhem In The Bitcoin World". Forbes. Retrieved 15 August 2016.
- "Founders of hacked crypto-mining site apologize over Facebook livestream". Dec 2017. Archived from the original on 12 December 2017.
- "More than $60 million worth of bitcoin potentially stolen after hack on cryptocurrency site". Archived from the original on 12 December 2017.
- Barrett, Brian (2019-05-08). "Hack Brief: Hackers Stole $40 Million from Binance Cryptocurrency Exchange". Wired.
- Heller, Matthew (4 August 2016). "Bitfinex Hack Fuels Bitcoin Security Concerns -". CFO. Retrieved 11 January 2017.
- "Testimony of Mark T. Williams Bitcoin: Examining the Benefits and Risks for Small Business" (PDF). U.S. House of Representatives Committee on Small Business Hearing. 2 April 2014. Archived from the original (PDF) on 23 September 2018. Retrieved 10 January 2017.
- "Major issues resulting in lost or stuck funds". Ethereum Wiki.
- Hern, Alex (8 November 2017). "'$300m in cryptocurrency' accidentally lost forever due to bug". The Guardian.
- "The Multi-sig Hack: A Postmortem". Parity. 20 July 2017. Archived from the original on 7 March 2021.
- Destefanis, Giuseppe; Marchesi, M.; Ortu, Marco; Tonelli, R.; Bracciali, A.; Hierons, R. (2018). "Smart contracts vulnerabilities: a call for blockchain software engineering?". 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE): 19–25. doi:10.1109/IWBOSE.2018.8327567. hdl:1893/27135. ISBN 978-1-5386-5986-1. S2CID 4569204.
- "A Postmortem on the Parity Multi-Sig Library Self-Destruct". Blockchain Infrastructure for the Decentralised Web. 15 November 2017. Archived from the original on 6 March 2021.
- Wieczner, Jen (4 March 2019). "Ethereum Fork Could Restore Frozen Parity Cryptocurrency". Fortune.
- Farivar, Cyris (October 5, 2017). GW Miners founder owes nearly $10 million to SEC over Bitcoin fraud]. Ars Technica. Archived from the original on 2017-12-29.
- "Class Action Lawsuit Filed Against BitConnect". January 26, 2018.
- "5 reasons to tread carefully in cryptocurrencies". CBS. January 5, 2018.
- Bartlett, Jamie (December 15, 2019). "The £4bn OneCoin scam: how crypto-queen Dr Ruja Ignatova duped ordinary people out of billions — then went missing". The Times.
- "Cryptolocker Virus Definition". Kaspersky. Retrieved 17 Feb 2020.
- Keizer, Gregg (28 February 2014). "Bitcoin malware count soars as cryptocurrency value climbs". Computerworld. Retrieved 8 January 2015.
- Barski, Conrad; Wilmer, Chris (14 November 2014). Bitcoin for the Befuddled. No Starch Press. ISBN 978-1-59327-573-0.
- Zach Miners (24 February 2014). "Bitcoins, other digital currencies stolen in massive 'Pony' botnet attack". Retrieved 8 January 2015.
- Finkle, Jim (24 February 2014). "'Pony' botnet steals bitcoins, digital currencies: Trustwave". Reuters. Retrieved 7 March 2014.
- "Watch out! Mac malware spread disguised as cracked versions of Angry Birds, Pixelmator and other top apps". ESET. 26 February 2014. Retrieved 20 November 2015.
- "You're infected—if you want to see your data again, pay us $300 in Bitcoins". Ars Technica. 17 October 2013. Retrieved 23 October 2013.
- "Criminals continue to defraud and extort funds from victims using cryptowall ransomware schemes". FBI. Retrieved 13 November 2017.
- "How Ransomware turns your computer into a bitcoin miner". The Guardian. 10 February 2014. Retrieved 7 March 2014.
- Gibbs, Samuel (21 November 2013). "US police force pay bitcoin ransom in Cryptolocker malware scam". The Guardian. Retrieved 7 March 2014.
- Usborne, Simon (15 May 2017). "Digital gold: why hackers love Bitcoin" – via The Guardian.
- Rooney, Kate (2018-06-07). "$1.1 billion in cryptocurrency has been stolen this year, and it was apparently easy to do". CNBC. Retrieved 2018-09-06.
- Peter Coogan (17 June 2011). "Bitcoin Botnet Mining". Symantec.com. Retrieved 24 January 2012.
- Goodin, Dan (16 August 2011). "Malware mints virtual currency using victim's GPU". The Register. Retrieved 31 October 2014.
- Ryder, Greg (9 June 2013). "All Bitcoin Mining: Road To Riches Or Fool's Gold?". Tom's hardware. Retrieved 18 September 2015.
- "Infosecurity - Researcher discovers distributed bitcoin cracking trojan malware". Infosecurity-magazine.com. 19 August 2011. Retrieved 24 January 2012.
- Lucian Constantin (1 November 2011). "Mac OS X Trojan steals processing power to produce Bitcoins: Security researchers warn that DevilRobber malware could slow down infected Mac computers". TechWorld. IDG communications. Retrieved 24 January 2012.
- "E-Sports Entertainment settles Bitcoin botnet allegations". BBC News. 20 November 2013. Retrieved 24 November 2013.
- Mohit Kumar (9 December 2013). "The Hacker News The Hacker News +1,440,833 ThAlleged Skynet Botnet creator arrested in Germany". Retrieved 8 January 2015.
- McGlaun, Shane (9 January 2014). "Yahoo malware turned Euro PCs into bitcoin miners". SlashGear. Retrieved 8 January 2015.
- Liat Clark (20 January 2014). "Microsoft stopped Tor running automatically on botnet-infected systems". Retrieved 8 January 2015.
- Hornyack, Tim (6 June 2014). "US researcher banned for mining Bitcoin using university supercomputers". PC world.com. IDG Consumer & SMB. Retrieved 13 June 2014.
- "Now even YouTube serves ads with CPU-draining cryptocurrency miners". ArsTechnica. January 26, 2018.
- "IOTA Founder On Stolen Funds: Lots of People Will "Screw You Over"". Finance Magnates. January 25, 2018.
- Rich, Nathaniel (22 November 2019). "Ponzi Schemes, Private Yachts, and a Missing $250 Million in Crypto: The Strange Tale of Quadriga". Vanity Fair.
- Kaplan, Michael (2019-04-13). "Hackers are stealing millions in Bitcoin — and living like big shots". New York Post. Retrieved 2020-05-08.
- "Teen Hacker and Crew of 'Evil Geniuses' Accused of $24 Million Crypto Theft". www.msn.com. Retrieved 2020-05-08.
- "Twitter hack: accounts of prominent figures, including Biden, Musk, Obama, Gates and Kanye compromised". The Guardian. Retrieved 16 July 2020.