Despite running on public ledgers with secure consensus protocols, cryptocurrency projects are full of hacks, thefts, and fraud. Here’s why it’s so hard to stop.
We recently read a comment on one of our articles. It said:
…if all these transactions get logged and every transaction is traceable if anyone comes along and takes someone else’s money it should get invalidated but that doesn’t seem to happen. Why?
It’s an interesting problem, but one that doesn’t have a simple answer. Cryptocurrency theft can happen in many different ways, so here are three common deceptions, and our thoughts on why bad transactions don’t get undone.
Phishing is not new to crypto, but it’s gained a new lease of life with Bitcoin and so many other altcoin projects building up significant value.
If you don’t know, phishing often happens over emails. A scammer sends an email pretending to be your bank, PayPal account, or in this case, crypto exchange. They may worry you with talks of unauthorized transactions, or a sudden and significant withdrawal.
By clicking the link in said email, you’ll arrive at a fraudulent website, often made to imitate the exchange or other service discussed in the email.
If you log in to this website thinking it’s your exchange, then you’ve given your account details to a criminal. Once in (using your details), anything can happen. The most likely outcome is all your assets get transferred out to the criminal’s account.
This scam preys on your fears. If someone says all your Bitcoin is gone, you’re going to want to check. The way to avoid this happening is simple. If you want to log in to any crypto exchange or any account where you store crypto assets, then always access the service through your normal means. Don’t click a link in an email, even if it looks legitimate.
If you do fall foul of this scam, then immediately change your passwords and account access details.
Once transferred, there’s no way to get your cryptos back. Yes, public blockchains store a record of the transaction, but there’s no way the blockchain knows this is fraud. Because the scammer used your account details, this transaction looks legitimate. Cryptocurrencies have no way to mark a transaction as fraudulent—such a mechanism is easy to abuse.
This scam is less likely to happen if you store your own cryptocurrency. If you hold your own private keys and don’t rely on an exchange, then you will never get emails from exchanges—or if you do, you know they aren’t real.
2. Exchange Hacks
As explained by Dan in the worst crypto hacks in history, cryptocurrency projects have a history of hacking. Hacks happen in many different ways, from vulnerabilities in the blockchain to careless exchange owners. And this is where things get interesting. In some instances, blockchains have rolled back dozens of transactions, to reverse the impact of a hack.
When exchanges get hacked, it may have nothing to do with the security of a cryptocurrency itself. The exchange could share their private keys online, a malicious employee could access the funds, or a bug in the exchange software could expose crypto assets.
In all these cases, the exchange is at fault. If a hack happens, and all the stolen funds filtered off to other accounts, you don’t have many options. Once again, these transactions appear legitimate to the blockchain.
After investigation of the theft, exchanges will often blacklist certain wallet addresses—this could be the wallet owners themselves or known accomplices. This prevents the addresses from trading with the exchange again, and in some instances, the entire blockchain refuses to process that wallet. It becomes tainted, and while there may be thousands or millions of crypto assets stored in it, they are not transferred or spent, because nobody wants to associate with that address, and miners may refuse to process transactions for it.
The impact to you of an exchange hack can vary. If severe enough, the exchange could close, and you’ll be lucky to even get an acknowledgment (see Mt. Gox). If the exchange manages to resume normal service, most reputable places will often reimburse customers out of their own pocket. Some are even insured against such attacks.
If a hack happens due to a bug in the blockchain, the response can vary. Some networks may carry on business as usual, leaving you down and out. Others may reverse the transaction as if the hack never happened. This sounds great in theory, but it has big implications. What about any transactions processed since the hack? Any goods or services purchased means there will always be someone out of pocket by a reversal. See the DAO and resulting soft fork of Ethereum for evidence of this.
As with Phishing if you don’t store your assets on an exchange, you’re far less likely to lose out to these kinds of hacks.
Ransomware is becoming more common, with cryptocurrencies such as Bitcoin used as the leading ransom settlement coin.
Malicious software may attempt to copy, delete, or encrypt your files. A ransom is set, and the only way to get access to your data (or prevent your darkest secrets from being revealed) is to pay.
Like the other two examples, if you send funds from your wallet to any other address, this is a valid transaction. Cryptocurrency blockchains can’t undo the transaction because you didn’t want to send it. You used your account details and private keys to verify and sign the transaction. Once again, this looks like (because it is) a legitimate transaction. Blockchain technology cannot reverse a transaction (even if for illegal uses).
Sometimes an email is enough to attempt this scam. By blackmailing you with pretend evidence, the scammer hopes to intimidate you into paying the ransom, even if your files are safe.
The easiest way to avoid this scam is by following Internet best practices. Always maintain regular backups of your files (and if that involves any private keys, make sure you keep it safe). Don’t use software of websites from questionable sources, and maintain an active firewall and anti-virus package.
Should you become entangled in such a scam, consider how important your data is, and if you have a backup, restore the data from that instead.
As these examples show, many hacks and scams are a result of greediness or social engineering. In almost all cases, storing your crypto assets on something such as a Ledger Nano S is a cheap and easy way to avoid many of these issues.
If you’ve fallen victim to a cryptocurrency hack, or you’ve got some tips and tricks to share with others, then make sure you leave a comment down below, we’d love to discuss it!
Now go read Dan’s article on common cryptocurrency scams, where he discusses some of the scarier and noteworthy cryptocurrency scams that you need to know about.