Владимир Охотников — эксперт в области криптовалют и блокчейна, инвестор, разработчик масштабных блокчейн-проектов.
Пожалуй, каждый из тех, кто когда-либо имел дело с криптовалютами, сталкивался с попытками мошенничества. К счастью, большинство из них были неудачными, но даже единичные случаи успешного мошенничества существенно обогащали мошенников. Практически каждый день мы можем видеть сообщения о взломе какой-нибудь криптобиржи или исчезновении стартапа со средствами инвесторов.
Мошенничество постепенно переросло из неизбирательных нападений отдельных пиратов в системные действия пиратских империй, чьи ИТ-возможности не уступают возможностям целых государств.
«Криптовалютное мошенничество, безусловно, становится серьезной проблемой. И чем шире проникают криптовалюты в нашу жизнь, тем больший интерес они вызывают у мошенников. Проблема в том, что в большинстве случаев пользователи не уделяют должного внимания безопасности. Хотя защититься от всех IT-угроз не всегда возможно, минимизировать риски и ограничить потери можно практически всегда…»
Владимир Охотников
Мошенничество в криптобизнесе имеет определенные особенности, связанные со спецификой блокчейна и криптовалют . Эти особенности позволяют мошенникам устраивать атаки с ущербом в сотни миллионов долларов.
Особенности мошенничества в криптобизнесе
Криптовалюты по своей природе являются уникальным, не имеющим аналогов активом. Когда появился биткоин, встал вопрос о его классификации как имущества. Что это: деньги, программный код, ценные бумаги, что-то еще?
Пока биткоин имел минимальную, почти символическую стоимость, отношение к нему было довольно легкомысленным — примерно как к объекту какой-нибудь компьютерной игры. В случае кражи можно было обратиться в полицию, но в начале 2010-х к такому заявителю отнеслись бы как к забавному чудаку.
The relationship changed when the public discovered that Bitcoin had acquired real value. Gradually, the regulatory framework formed, and the state began to treat cryptocurrency as a real asset. It was then that scammers found it out interesting for their “business”.
The price of entering the «business»
Imagine that you suddenly decided to engage in financial fraud. For this you will need at least money and access to resources like exchanges. The price of entering this illegal business is quite high. Everything is much easier with cryptocurrency. To start a criminal career, you need just an Internet computer.
This availability has attracted to the «market» of fraud many neophytes with excellent IT-training. An additional «benefit» was that you didn’t have to date the victim. Sit in front of your display, type and earn!
Gradually the qualifications of fraudsters have grown, and their business became a full-fledged industry.
The anonymity
An additional advantage of crypto-fraudsters became limited opportunities to identify intruders. Many cryptocurrencies, and especially Bitcoin, were originally created based on the principle of anonymity. Theoretically, intelligence agencies have learned to identify the real owners of bitcoin wallets, but this process is complex, slow and difficult to reproduce.
Decentralized blockchains like Bitcoin cannot be negotiated about providing information or blocking wallets, they simply have no one to negotiate with, they have no operators. Therefore, the investigation of crypto-crimes is technically difficult and not always possible. Billions of dollars of hacks remain unsolved. It is known on which wallet the stolen bitcoins are, but the secret services have not yet managed to get access to them and determine who owns them.
Cross-border nature of cryptocurrencies
In terms of cryptocurrency technology, there are no borders. Some states try to ban cryptocurrency transactions or block access to crypto wallets, but this turns out to be insufficiently convincing. A perfect lock is possible when the Internet is completely shut down.
If you have been robbed of money from your bank account, then the transaction chain is theoretically traceable to the final recipient. This is particularly effective after the very notion of «bank secrecy» has virtually disappeared.
Bitcoin is not tied to a specific country, it exists outside of political geography, this creates fundamental difficulties in the investigation of «cryptocurrency» crimes.
Criminals and law enforcement personnel face unequal conditions: police are confined within national boundaries, meanwhile scammers operate around the world. If the scammers are in North Korea, for example, their pursuit becomes hopeless.
Taking into account the reality of our world, it would be difficult to expect that the situation would soon be remedied.
Fraud technologies
Hacker attacks
Cryptocurrency and blockchain are associated with security. They are attributed to almost absolute reliability. This is at least inaccurate. This attitude promotes frivolity towards personal safety and, consequently, loss of funds.
Indeed, the blockchain itself is a technology with the highest degree of protection. Bitcoin blockchain has been regularly attacked by hackers since its inception. Hackers fail every time, although billions are at stake.
However, cryptocurrency projects using Bitcoin blockchain have lost funds many times. Hackers have successfully attacked most crypto exchanges and trading crypto sites.
Is it a paradox?
Not at all.
Hackers don’t waste time breaking a blockchain. Why crack a safe when you can steal keys? The software of cryptocurrency exchanges is far from perfect, attackers used various vulnerabilities, decrypted secret keys and got access to wallets — hot and cold.
The same applies to private crypto wallets. No one will attempt to crack the source code of your wallet. But you can try to get into your computer, dig in it and find a seed phrase. The habit of keeping confidential information on your hard drive is, alas, indelible…
The hacker software allows you to determine which keys you press by typing a password, to listen and to watch you. If you try from an infected computer to enter your wallet, you are likely to lose money.
The recommendations are very simple:
- Keep your computer hygiene. Check your devices for viruses and Trojans, use a proven VPN, preferably, use a dedicated computer or smartphone to login to your wallet.
- Do not keep large funds in the accounts of the crypto exchange and in general on hot wallets. Remember: they, even with a small probability, are vulnerable.
«You trust crypto exchanges, and you believe that your crypto wallet funds are safe. And all of a sudden, you find your accounts empty… even though you’ve been observing every possible security measure. Unfortunately, the protection of many sites is far from perfect and the attacker manages to break through it. It is sad, and this must be remembered. The only recommendation is not to store the crypto in one place, especially on the stock exchange accounts. Diversify your storage locations, this reduces possible losses…»
Vladimir Okhotnikov
Social engineering
In order to get confidential information from you, it is not necessary to engage in «classic» hacking. Sometimes it is enough to have a short conversation on the phone, and you willingly give out everything they need to access your money. Social engineering technologies are not necessarily related to cryptocurrencies. The main goal of the intruders is to enter into trust and force the person to perform the necessary actions.
«Sometimes victims of social engineering are accused of excessive gullibility. How can one so trust a voice from a phone and follow its instructions? In fact, we’re dealing with professionals with psychic intervention technologies. This can be compared to susceptibility to hypnosis. Is it possible to resist such psychological pressure? Yes, it is possible. It is crucial to understand that you can become a potential victim and treat with suspicion all calls from strangers…»
Vladimir Okhotnikov
Such social engineering is not the work of one person, but of entire professional teams. Large-scale call centres are organized, and their operators work with specially designed scripts to negotiate with users.
And here comes another dimension of telephone fraud. Very often the callers know the person’s personal information, which certainly increases confidence. Unfortunately, leaks of personal data are our reality. Banks, mobile operators, and various services are regularly exposed by hackers and lose customer data, which goes to the black market.
So much for the synergy between hackers and phone scammers.
«Perspective Startup»
Imagine, you will learn about a very promising start-up that will bring high returns to investors in the future. Everything is organized very seriously and beautifully: advertising on respectable resources, the face of the project is a media person — athlete, artist, blogger. Presentations are held, business plans are demonstrated. You can see that serious people have already invested in the project. You make the decision and you invest in the project.
However, the project suddenly stops. The site is inaccessible, social networks are not updated, phones and messengers are silent. The accounts of the startup disappear and the managers disappear without a trace. The record was set by the brothers Amir and Race Cagey, the founders of the Africrypt platform. In 2021, they disappeared, taking home 69,000 bitcoins belonging to clients. At the current rate, this is about $3 billion.
However, startup closures can be less dramatic. The organizers admit that nothing worked out and… go to organize a new start-up. Clients will try to recover their investment, and maybe they will be able to return something. Now, one by one, there are claims to the «stars» who carelessly laminated failed projects.
«In fact, it is very difficult for a private investor to understand that he is dealing with a fraudulent project, especially if such a project is professionally organized. It is also impossible to rely unequivocally on the opinion of state authorities. The SEC, for example, in principle considers all cryptocurrency projects fraudulent. The only solution I see is a real uniting of the crypto community and the self-purification of the industry. Only professionals will be able to distinguish projects that have a natural business risk from fraudulent projects…»
Vladimir Okhotnikov
Pump and dump
«Pump and dump» — классический вид мошенничества, хорошо известный по биржевой торговле ценными бумагами. Наличие криптовалютных бирж позволило мошенникам массово применять эту схему.
Технология проста: выбираем дешевый актив и начинаем его раздувать. Мошенники на бирже сами его покупают и тут же продают сами себе, постепенно увеличивая цену. Биржевая стоимость актива растет. Трейдеры видят рост и начинают вкладываться в активы. Когда он значительно вырастает, организаторы устраивают распродажу и выходят с прибылью. Трейдеры, пойманные на «Pump and dump», остаются с активом, который стремительно обесценивается.
В классическом виде в качестве актива выбирались мусорные ценные бумаги, а на криптобиржах мошенники «работали» с криптовалютами.
За сто лет биржевой торговли тактика противодействия «Pump and dump» была хорошо отработана, трейдерам просто нужно соблюдать элементарные правила безопасности.
«Важно не увлекаться. Помните, если недавно выпущенная криптовалюта вдруг резко начнет расти, помните, что в любой момент она может так же резко упасть. Прежде чем инвестировать, оцените риски!»
Владимир Охотников
С мошенничеством может столкнуться любой бизнес, особенно такой молодой, как криптобизнес. Во многом это болезнь детского развития. Рано или поздно будут разработаны технологии противодействия мошенническим схемам, и ситуация нормализуется. Однако важно, чтобы контрмеры исходили не от государств и регуляторов, а от самого криптосообщества. В противном случае есть риск попасть под пресс избыточного регулирования, что кардинально скажется на развитии криптобизнеса.
