Investing in cryptocurrency is a risky business but that risk isn’t limited to the dramatic rises and falls in the value of each currency; would-be investors also have to be extremely wary of the growing number of scams involving trading cryptocurrencies.
These scams are taking increasingly varied forms and are growing in their sophistication. Gone are the days when an investor could spot a potential sting from the email or promotional material they received as long as they kept their wits about them. Today investors face the threat of ‘back-end’ attacks which are almost impossible to spot.
Back-end attacks threaten the platforms and services supporting cryptocurrencies which are way beyond the control of an individual investor. As every currency is supported by a number of moving parts – parts that can often rely on hugely undeveloped coding – including the coins themselves, the exchanges that trade the coins, the digital wallets that keep the coins and the mechanisms that promote and deliver the coins. Criminals have been quick to spot that all of these points can be exploited and, given their complexity, it is hard to protect every part of every currency and every trade.
However we don’t just want to make you aware of the potential threat of back-end attacks, we also want to highlight some of the cryptocurrency frauds we have come across recently, these include:
The ‘1% attack’
One of the things that have put businesses off from adopting blockchain is the length of time it takes to make a transaction so a number of cryptocurrencies are working on new processes that don’t require confirmation and sign off from everyone involved. The only problem is this throws up a potential security threat; criminals may be able to carry off fraudulent transactions, double-spend attacks or take the entire network offline with as little as a 1% interest.
The ‘51% attack’
The 51% attack (or as it’s alternatively known a “majority” or “double-spending attack) occurs when a person (or group) controls the majority (the titular “51%”) of their blockchain’s mining power – especially if they are using crypto-mining botnets – and manipulate their majority to deny any other transactions while they double their own. And the 51% threat is already reality with a number of currencies including Monacoin, bitcoin Gold, ZenCash, Verge, and Litecoin Cash already suffering attacks this year.
The ‘routing attack’
Scammers have also worked out how to target Internet service providers to capture bitcoin mining pools and empty them. The first example of this type of attack was seen in 2014 when a hacker redirected traffic from 19 major ISPs -including Amazon – for no more than 30 seconds at a time so they could steal up to $9,000 per day from a large number of bitcoin users.
This type of attack works by tricking users into continuing to use their computers for cryptocurrency mining while the hacker re-routes their assets to their accounts. Redirection will go totally unnoticed unless the user has protocols in place to continually check their network setups or specific security measures in place to protect them.
The ‘burning bug’
‘Stealth addresses’ are increasingly being used to anonymise transactions, allowing traders to conceal who is paying, how much they’re paying and how many people are paying. The problem is they are also starting to make it very difficult to spot which payments are legitimate and which aren’t.
To increase the industry’s concern over stealth addresses further, we are no starting to see ‘burning bugs’ appear that allow fraudsters to send multiple transactions to the same stealth address without having to authenticate them. This means a criminal could use one legitimate trade to support many more leaving the recipient with fake and therefore worthless coins. More worryingly experts have warned that if the ‘burning bug’ is used widely, they could completely destroy the value and reputation of an entire currency.
The ‘re-entrancy attack’
Smart contracts are also vulnerable to attacks. Criminals are now targeting those vulnerabilities in what has been named the “re-entrancy attack.” In this type of attack the fraudster will repeatedly contact the payment component of the smart contract before the contract is able to process the other payment calls thus allowing the attacker to drain the victim’s account before they realise what’s going on.
In 2016 cyber criminals used re-entrancy attacks to steal approximately $815 million in ethereum from the DAO which put them out of business As recently as this October hackers used similar tactics to attack SpankChain making off with more than $40,000 in a single weekend.
These are just the examples we’ve seen but it could very well just be the start. Experts have already predicted that even more forms of back-end attacks will appear in the coming years. If you are planning to invest in crypto-currency we would always urge you to do your due diligence in conjunction, wherever possible, with experienced advisers who not only know the pitfalls but know how to spot them before you lose money you cannot afford to lose.
Contact Selachii Expert Fraud Litigation Solicitors
If you would like to discuss a potential investment or if you have been a victim of a digital fraud and want to find out what you can do to recoup your losses, please call us today on 0203 553 0100 or contact us using our online form.
We will help.
