A blockchain bridge (which connects two blockchains so that cryptocurrencies can exchange between them) is suspected of stealing more than US$326 million (A$457.7 million) of Ethereum tokens.
Since the pandemic started, crypto crime has been on the rise. What are these crimes and how can you prevent them?
Scams vs. direct theft
Criminals obtain cryptocurrency in two ways: by stealing it directly or tricking people into giving it to them. But you can save your Bitcoins using a reliable Bitcoin wallet.
Chainalysis reports crypto criminals stole A$4.48 billion (US$3.2 billion) in cryptocurrencies in 2021, up five-fold from 2020. Although schemes continue to take the spotlight from outright theft, scammers have managed to scam US$7.8 billion (A$10.95 billion) from unsuspecting victims.
In 2021, cryptocurrency prices have reached record levels, making crypto crime a lucrative enterprise. With the rise of the crypto economy and decentralized finance (or DeFi), criminals have had access to lucrative opportunities
In 2020, more than A$26 million was lost to cryptocurrency scams in Australia. The Australian Consumer and Competition Commission reported 1,985 reports of cryptocurrency scams in 2020. Despite many incidents likely left unreported, often due to embarrassment by victims, federal police said ABC crypto scam losses for 2021 exceeded A$100 million in December.
Exchange theft
A popular way to acquire cryptocurrency is to open an account and deposit currency, such as Australian dollars, before converting it to the desired cryptocurrency.
Most consumers hold their cryptocurrency in a “custodial wallet.” That means they have an account assigned to their cryptocurrency, but their private keys are held by the exchange. In other words, the exchange holds the consumer’s cryptocurrency for them.
For security reasons, an exchange will not keep all of its cryptocurrency in “hot” wallets (connected to the Internet) as many banks do. For example, as an institution doesn’t keep all of its deposits in cash, an exchange will store just enough cryptocurrency in “cold” wallets (not connected to the Internet) to facilitate customer transactions.
The government, however, does not offer a financial claim scheme for cryptocurrency deposits if an exchange goes under.
A recent BitMart hack should serve as a warning. The exchange reported on December 4 that it had detected a large-scale security breach that resulted in the theft of about US$150 million (A$210.6 million) in crypto assets from hot wallets.
In January, CNBC reported that BitMart customers were still unable to access their cryptocurrency, with the company temporarily suspending withdrawals and saying it would “use its own funding to make up for the loss and compensate the affected users”. It is unclear when this will happen, since BitMart is still unable to make withdrawals. In addition to BitMart, there have been other exchanges hacked in the past.
In similar circumstances, consumers may be left with losses if an exchange ceases operations for commercial reasons, rather than theft: My crypto wallet, a Melbourne-based exchange, went under liquidation in December.
You can protect your cryptocurrency against exchange theft, or insolvency, by transferring it out of the exchange. If you have a hardware wallet (a physical device that can be disconnected from the internet and computer), it may be made into a software wallet (installed on a computer or smartphone).
Once you have the private keys, you will be able to manage your cryptocurrency directly on your own. But remember, if you lose the keys, you lose the cryptocurrency.
Scams of different types
A number of scams are common in the cryptocurrency space that do not involve a person who is known to the target, as detailed in the ACCC’s latest edition of the Little Black Book of Scams:
· Phishing through email:
In an unsolicited email, the scammer requests your personal login information, which is used to steal cryptocurrency. Additionally, the scammer offers “prizes” or “rewards” for making a deposit.
· Investing scams:
In these scams, scammers create websites that look like legitimate investment trading platforms. The website may be a fraudulent copy of a real one or a completely fake one. As of October, a fraudulent ad post was posted on Meta (previously Facebook) for using mining magnate Andrew “Twiggy” Forrest’s image in a scam ad. According to the most recent news, Twiggy has taken legal action against Meta (previously Facebook). Scammers are more likely to initiate contact with multiple victims via email and phone in order to give the impression that the organization is legitimate. After victims deposit cryptocurrency, they can trade on the fake platform, but they can’t withdraw the earnings. They may be asked to deposit more cryptocurrency for taxes or fees.
· Romance scams:
Using a dating app or website, the scammer creates a fake profile and matches with a victim. He or she may then ask for money to help with a personal crisis, such as needing surgery. Alternatively, they may claim to be trading cryptocurrency and attempt to entice the target into investing, which is what is described above.
Scammers may also instruct victims how to open cryptocurrency exchange accounts if they do not have any already. In some cases, scammers will trick their victims into installing remote access software on their computers, giving the scammer direct access to their internet banking or exchange account.
Challenges of the practical world
In the crypto-crime environment, there are practical legal challenges. While reporting scams can be beneficial for regulators and prosecutors, it’s unlikely that funds will be recovered.
It may also be possible to take civil legal action, but identifying the perpetrators is challenging. Since cryptocurrencies are global and decentralized, payments are often made to individuals and organizations outside of Australia.
Therefore, prevention is easier than curing. The best way to avoid becoming a victim of a scam is to ensure you know who you’re dealing with, transact through a reputable exchange, and verify each channel you use. You can almost always tell if an offer is too good to be true when it sounds too good to be true.
An upcoming regulation
Cryptocurrency exchanges in Australia must be registered with AUSTRAC in order to meet anti-money laundering and counter-terror financing obligations, but there are currently no other licensing requirements (for example, cybersecurity or capital requirements).
As part of its inquiry into Australia as a technology and financial hub, the Senate Select Committee last year recommended a more comprehensive licensing framework. The Treasury has begun consulting on how this will work after the Australian government agreed with the recommendation.
There will likely be a high priority on the agenda for reducing cryptocurrency crime at the exchange level.
