Crypto hacking shows no sign of abating in 2019. Many high-profile attacks have already occurred since the turn of the year.
Cryptocurrency hacks are problematic. The regularity of breaches and the endless number of crypto scams is damaging consumer confidence in the industry and is placing downward pressure of the price of tokens.
With that in mind, let’s look at what’s happened so far in 2019 and see if there are any lessons we can learn.
The first newsworthy crypto hack of 2019 occurred in mid-January when New Zealand-based crypto exchange Cryptopia was targeted.
The hack happened on 14 January; the exchange relayed the news to its users the following day after initially claiming the issues were due to “unscheduled maintenance.”
Amazingly, the attack lasted for two entire weeks until Cryptopia could fully regain control of its wallets.
By the end of the attack, more than $16 million of Ethereum and other ERC20 tokens had vanished. A month later, the hackers had liquidated almost $4 million of their stolen tokens.
Lessons Learned from Cryptopia Hack
“Governments take note; customer service still a weak point”
The attack was severe enough that the New Zealand police force opened an investigation, adding further fuel to the theory that governments are taking the crypto markets increasingly seriously and that regulation might not be too far away.
Furthermore, many experts accused Cryptopia of failing to keep users up-to-date regarding their account statuses and a reluctance disclose the full value of crypto stolen. It took until late-February until the company finally came clean. In a series of tweets, Cryptopia admitted that it had lost 9.4 percent of its holdings.
Once again, it shines a light on how far crypto companies’ customer service lags behind traditional banks and brokers.
We are continuing to work on assessing the impact incurred as a result of the hack in January. Currently, we have calculated that worst case 9.4% of our total holdings was stolen. Please keep an eye on our page for further updates today.
— Cryptopia Exchange (@Cryptopia_NZ) February 27, 2019
2. Michael Richo Goes to Prison
37-year-old American, Michael Richo, was handed a custodial prison sentence by the U.S. courts in April 2019 after stealing hundreds of thousands of dollars’ worth of Bitcoin in a phishing scam on the dark web. The ruling finally brought the two-year case to a close.
Crypto is a popular payment method on the dark web where people use legally-questionable online marketplaces to buy everything from guns and drugs to sex and porn. The anonymity of Bitcoin combined with the illicit nature of the goods offered makes the markets a prime target for phishers.
Richo was found guilty of stealing $365,000 in Bitcoin as well as more than 10,000 users’ passwords.
Lessons Learned from Michael Richo Case
“The number of Bitcoin-based prosecutions is growing”
No one should need reminding that using crypto affords you no consumer protections—if you fall victim to a scam, the chance that you’ll get your assets back are slim at best.
However, the more interesting lesson to take away from the Richo case is the trend for the growing number of court cases which involve fraudulent acquisition (or use) of crypto.
Even though crypto remains unregulated at its core, authorities are now prosecuting cases that arguably wouldn’t have even come to light back in 2014.
For example, the conclusion of Operation SaboTor (a joint operation between the FBI’s Joint Criminal Opioid and Darknet Enforcement (J-CODE) teams) in March 2019 saw more than $4.5 million in crypto seized from criminals, as well as 300 kilograms of drugs, 51 firearms, and $2.5 million in cash.
3. Lee and Bae Cheat 56,000 Investors
A crypto scam in South Korea made headlines into April when it emerged that two CEOs—known only as Lee and Bae—had scammed 56,000 investors out of $18.5 million in a Ponzi scheme.
The scheme operated via a membership-based shopping site. Existing members received cash bonuses for signing up new people, as well as denominations of M-Coin, a token issued by a crypto exchange under the same business’s umbrella of brands.
It is alleged that the two CEOs made $18.5 million from their Ponzi scheme and associated crypto token. All the company’s information was found hidden on a private server in Japan.
Lessons Learned From the Lee and Bae Scam
“The scale of scams know no bounds”
A busted Ponzi scheme is perhaps not all that noteworthy. However, it’s the scale of Lee and Bae’s operation which makes this case particularly interesting.
According to South Korean authorities, the business had more than 200 physical offices, each with its own manager and its own set of members. Each manager was paid in cash for every new member above a base threshold of 20.
The presence of 200 physical locations shows that crypto is increasingly becoming part of sophisticated scams that target regular people; it’s no longer solely the domain of shady corners of the web.
4. Bithumb Hack Costs $13 Million
Staying in South Korea, crypto exchange Bithumb had about $13 million of EOS and $6.2 million of Ripple stolen by hackers in on 29 March.
It was the second time in less than 12 months that the exchange was targeted. It lost $31 million, including 2,016 Bitcoin and 2,219 Ether, in June 2018.
In the latest hack, the 3.07 million lost EOS was first reported. It wasn’t until a couple of days later that the 20.2 million XRP was also reported.
Lessons Learned From the 2019 Bithumb Hack
“Too many hacks and the clients stay away”
Where to start? Firstly, two hacks in a year really isn’t a good look. Clients of Bithumb should seriously question whether they continue to use the exchange.
There are also question marks over Bithumb’s EOS wallet signatures. An EOS arbitrator on the case, Lee Sang Sun, claimed non-Korean exchanges used multi-sig wallets while Bithumb only used a single key.
And lastly, the difficulty of reclaiming lost funds once again goes under the microscope. Security firm SlowMist said that by 1 April, much of the stolen EOS and XRP had already been laundered through wallets not connected to exchanges, making it almost impossible to trace.