When bitcoin, the first crypto, was launched, its developers and earliest adopters were filled with optimism about blockchain technology as a way to counter the powerful distrust that they held for banks and middlemen. Designed with sophisticated encryption, irreversible transactions and a decentralized structure, cryptocurrency technology was supposed to be unhackable.

Unfortunately, the system upon which it is built has proven to be vulnerable to resourceful criminals and human error. The security gaps have become apparent over time.

The opportunity for cryptomining fraud lies in:

• Hackers stealing coin directly from legitimate cryptomining companies.
• Tricking current or potential cryptominers to buying nonexistent computer hardware (phishing attacks).
• Cloud mining companies renting their equipment to cryptocurrency miners at prices higher than what they will actually earn. They provide “profits” by taking the coin’s value from new investors (equipment renters). This is a classic Ponzi scheme.

Cryptocrime Tactics

If you keep track of cryptocurrency technology and business news, you know there’s a long list of crimes, spoofs and shady dealings that relate to cryptocurrency. Here’s a list of terms to help you stay informed. How many do you recognize?

• • Social engineering – This is a general term that describes a criminal entity fooling a target into doing something to the criminal’s advantage. Because social engineering is a means to an end, it is the prelude to other tactics such as ransomware or cryptojacking.
  • Phishing – This tactic occurs when a criminal presents a target with a false pretext that can be a person, company, government agency or organization. In cryptocurrency investments, phishing attacks can progress to ransomware or various types of digital wallet break-ins that involve stealing credentials or private keys.
  • Cryptojacking – This tactic involves diverting a target’s resources, without their permission. In cryptocurrency environments, cryptojacking usually involves diverting the computer CPU resources of coin holders to mine cryptocurrencies.
  • Breaking into online wallets and exchanges – This tactic involves using different means (false identities in phishing attacks for example), to get private key information.
  • Malvertising – The name tells the story. In this tactic, malicious ads are used to spread malware through criminally controlled online advertisements. The goal is to compromise web browsers and their plug-ins.                                                    
  • ICO exit scams – Establish a new cryptocurrency. Publicize it and persuade investors to buy some. Reward folks who refer new investors with cash and tokens. Then, disappear. That’s the recipe of a standard initial coin offering (ICO) scam. If it sounds like a Ponzi scheme, you’re right.  
  • Poisoned website – This term describes a website that delivers malware as an ad on a website.
  • Phone porting – This tactic is a wild mix of phishing, hacking and outright breaking and entering into wallets. Hackers snoop around social media, looking for cryptocurrency-related conversations, in which investors lost their phone and email information. Then, posing as the victim, scammers call up the target’s phone provider. The goal is to fool the customer service representative into transferring the phone number to a device that the hacker controls.

When the hackers take over the phone number, they can go into the victim’s cryptocurrency exchange account. They compromise the password and use the phone number for second-factor authentication. After that, it’s a matter of diverting investor funds to their wallets.

• Spear phishing – This is a focused phishing scam targeted at a specific person or organization. The phishing attack can precede data theft, or cybercriminals might use it to install malware on a target’s computer.