Kaspersky Labs Reveals Tactics Used by Criminals to Steal Cryptocurrencies
Cybersecurity software company Kaspersky Labs examined several instances of cryptocurrency-related crime to determine various tactics used by criminals when attempting to steal digital assets.
21,000 ETH Stolen in 2017
On July 10, 2018, local Russian news outlet Pravda reported the findings of Kaspersky Lab’s software solutions deployed to prevent nefarious characters from conducting cryptocurrency robberies and related crimes.
Over 100,000 criminal instances were successfully caught by Kaspersky’s security software. A majority of these attempts were for accessing cryptocurrency exchanges and switching addresses found on the victim’s computer. The data was collated since the start of 2018 until June 2018.
Interestingly, hackers did not demarcate between inexperienced and experienced users to launch attacks, as the latter would presumably take extra security precautions. However, the company noted that victims include both demographics, indicating the period of involvement in cryptocurrencies does not necessarily equal an increased sense of security.
As stated in the report, Kaspersky’s experts calculated their findings based on over a thousand Ethereum wallets flagged as “criminal,” which were used to trick a victim into transferring funds. The research concluded that over 21,000 ether was stolen in 2017 by such deception, equivalent to approximately $10 million at press time and possibly much more if criminals cashed out in December 2017.
ICO Investors Deemed Easy Targets
Kaspersky noted the use of ICOs in numerous criminal instances. In addition to stealing funds, the company concluded the controversial fundraising method was used to gain a victim’s sensitive data, such as postal address and passport information.
After gathering the data, criminals send official-looking letters to investors announcing the start of the token sale and a number of addresses to use while transferring cryptocurrency.
Another tactic is to create fake websites for a popular project, mimicking information, team members, and whitepapers, while sending fraudulent links via e-mail, instant messengers, social networks and even securing advertisement spots in major search engines.
Kaspersky singled out the example of the “OmiseGo ICO,” used by cybercriminals to steal more than $1.1 million.
The company noted the rise of Twitter frauds, a popular method used by criminals for offering several times the multiple of an amount after a victim sends funds to a wallet under the pretext of verification.
Nadezhda Demidova, Lead web content analyst, Kaspersky Lab, commented on research findings:
“The results of our research show that cyber-criminals are adept at keeping up to date and developing their resources to achieve the best possible results in cryptocurrency phishing.”
To conclude, Kaspersky attributed such crimes to “simple known methods of social engineering, which allow cybercriminals to earn millions of dollars,” presumably in reference to the use of a victim’s emotions to leverage crime.