Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Crime The Almighty Buck

2021 Had Six Different Cryptocurrency Heists Over $100 Million (nbcnews.com) 55

More than 20 different times in the last 12 months, at least $10 million was stolen from a cryptocurrency exchange or project, reports NBC News.

"In at least six cases, hackers stole more than $100 million..." By comparison, bank robberies netted perpetrators an average of less than $5,000 per heist last year, according to the FBI's annual crime statistics... "If you hack a Fortune 500 company today, you might steal some usernames and passwords," said Esteban Castaño, the CEO and co-founder of TRM Labs, a company that builds tools for companies to track digital assets. "If you hack a cryptocurrency exchange, you may have millions of dollars in cryptocurrency...."

[W]hile a handful of countries have strict regulations in place, it's relatively easy for tech entrepreneurs to set up an exchange nearly anywhere in the world and run it however they like. Cryptocurrencies generally offer a certain amount of security — taking their name, in part, from "encryption." But the exchanges that manage them, especially new ones building their businesses from scratch, often start with a tiny staff, which means few if any full-time cybersecurity professionals. Their developers may work frantically to make the code work, sometimes accidentally leaving flaws that give hackers a foothold. Combined with the fact that a volatile market often leaves them suddenly holding a fortune, exchanges are a particularly ripe target for criminal hackers....

The problem is exacerbated because many cryptocurrency projects, intent on avoiding government regulations, set up in countries whose law enforcement agencies don't have much power to go after transnational hackers. Or if they are hacked, they tend to be less likely to call for government help on ideological grounds, said Beth Bisbee, head of U.S. investigations at Chainalysis, a company that tracks cryptocurrency transactions for both private companies and government agencies. Some developers "want to be anti-bank and anti-oversight," Bisbee said. "So when something like that happens, they're not necessarily wanting to work with law enforcement, even though they'd be considered to be a victim and it'd be valuable for them to."

Ultimately the article points out that "Most exchange hackers are not caught." (Although in at least one case part of the stolen money was voluntarily returned.)

But what happens after the breach, NBC News asked Dave Jevans, the founder of CipherTrace, a company that tracks theft and fraud in cryptocurrencies. If an exchange is wealthy enough and plans ahead to have an emergency fund, it can compensate its customers if its operation is hacked, Jevans said. If not, they often goes out of business. "Not every exchange is so wealthy or has so much foresight. It just goes, pop, 'We're out of business. Sorry, you're all screwed,'" he said.
This discussion has been archived. No new comments can be posted.

2021 Had Six Different Cryptocurrency Heists Over $100 Million

Comments Filter:
  • by LibreHome ( 6202364 ) on Sunday December 19, 2021 @06:53PM (#62098189)
    What a wonderful world?
  • by enriquevagu ( 1026480 ) on Sunday December 19, 2021 @06:56PM (#62098199)

    working as expected.

  • "hacked" (Score:5, Informative)

    by Powercntrl ( 458442 ) on Sunday December 19, 2021 @07:04PM (#62098207) Homepage

    Or the exchange's owners decided it was more lucrative to make off with their users' holdings and claim to have gotten hacked. How's that deregulated and uninsured finance working out for ya?
     

    • It's both.
      In some cases, the owner is a scammer who disappears.

      In other cases, it's because they treat security as though it were as unimportant as at any startup. Hint: when you are dealing with money, security is more important than when you are showing GIFs to people and getting comments.

    • Re:"hacked" (Score:5, Insightful)

      by ctilsie242 ( 4841247 ) on Sunday December 19, 2021 @07:55PM (#62098311)

      The ironic thing, this has been an issue discussed on antediluvian things like the Cypherpunks mailing list 20+ years ago. A "trusted" third party, and trusting them more than the value of their reputation is a foolish thing. For example, if Charlie is a third party that just came out of nowhere and is offering to do exchange services, the value of their reputation is essentially zero. If another party has some type of escrow or surety where if something is lost, it can be replaced, their name's value is that of what backs them. Once there is more money with them than their reputation is valued, it is in Charlie's best interest to get "hacked", close up shop, do a tumble or two, do a NFT transaction to ensure the money is now taxed and legit, and laugh all the way to the bank.

    • *signed, the money launderers.
    • by AmiMoJo ( 196126 )

      Doesn't really work with crypto because everyone can see where the money went. It's a public ledger. It needs to be laundered at the very least, but in many cases the money just sits there and doesn't move. What tends to happen with these new shitcoins is that as soon as they get hacked the bubble bursts, and even if they were "worth" $30m on paper yesterday, today they are worth nothing.

      So the heist doesn't really yield any reward, it just destroys another hyped up coin.

  • by HuskyDog ( 143220 ) on Sunday December 19, 2021 @07:15PM (#62098237) Homepage
    In my ignorance (which I freely admit) I had gained the impression that cryptocurrencies were stored in some sort of huge internet wide "cloud" and that one accessed one's coins by running some sort of cryptocurrency software and entering a secret access key. One reads of people who mined huge numbers of BitCoins back when it was easy and they were worthless, threw away the relevant hard drive and now can't access huge amounts of money. I had always presumed that what they lost with the drive was the secret key.

    If this is the case then how do people lose money through heists where the criminals break into "exchanges"? Are people really taking large amounts of money which they can keep secure by just keeping their own key secret (by for example locking the relevant hard drive in their basement) and handing them over to dubious poorly regulated companies to look after? Why would this be a good thing?
    • by Powercntrl ( 458442 ) on Sunday December 19, 2021 @07:36PM (#62098271) Homepage

      The coins themselves are stored on a blockchain, which basically operates like a modified version of BitTorrent (hence the "bit" in Bitcoin) hardcoded to download and share the financial ledger database file. Database entries on the blockchain are made using public key encryption. A wallet address is just an algorithmically valid public and private key pair. The public key allows you to receive funds, and its associated private key allows you to instruct the Bitcoin network to transfer funds from that wallet to a different wallet.

      While it's entirely possible to run an exchange where the participants merely agree to a transaction and have to facilitate it themselves after the fact, most crypto exchanges operate like an escrow service. They hold their customers' fiat money in their bank accounts, and their users' cryptocurrency is stored in wallets that the exchange controls. This is why they've become tempting targets for criminals.

      • by ctilsie242 ( 4841247 ) on Sunday December 19, 2021 @09:02PM (#62098443)

        This is the ironic point about cryptocurrencies. They are designed to be distributed, where everyone has their own wallet app that is separate, independent, and not attached to any central point. Then, we get exchanges where people store their coinage, because people are used to thinking of banks and giving money to people who appear rich. Exchanges are not regulated, so the result is that the exchange gets "hacked", money slurped off, and the exchange shuts down. Since there is no regulation, in theory, an exchange owner can then put up some NFTs up for sale, someone anonymous out of the blue buys them, the taxes are paid, and they laugh all the way to the bank.

        Ideally, an exchange should only be used for the purpose of moving one currency to another, be it BTC to DOGE, XMR to USD, or similar. One shouldn't use an exchange like a bank, because that is pretty much asking for the money to disappear. At least if it gets swiped, that transaction is lost, and not one's entire crypto holdings.

        Even more annoying is the difficulty in finding trustworthy apps on iOS and Android which are not tied to exchanges, and are reputable (not done by a third party just looking to slurp off wallet private keys). It seems with almost all wallet apps... want to create a wallet? Time to enter in your name, address, phone, social security number, and other PII, and have an account done, with pages and pages of financial and legal disclaimers. The days of a simple wallet app that is secure, not beholden to any exchange, and private seem to be gone. If you want something not beholden to an exchange, you are going to have to bite the bullet and buy a hardware wallet [1].

        [1]: Of course, hardware wallets have their own caveats. I like making sure to hard reset the wallet once or twice, to ensure the private key has been generated while the device is in my possession, then I make a backup, hard reset the device again, and restore the backup... just to make sure the restore process works.

        • They are designed to be distributed, where everyone has their own wallet app that is separate, independent, and not attached to any central point.

          While a great idea in theory the reality of the execution is what ultimately caused the problem. Carrying a wallet around is no good to me if it takes me the best part of a quarter of an hour to reach into my pocket, pull the money out and hand it to a cashier. It would be in my best interest to engage an escrow service to smooth this process lest the people behind me in the checkout line beat me to death for holding up their important daily routine.

          The same applies to basically any slow transfer of money.

        • by ceoyoyo ( 59147 )

          Then, we get exchanges where people store their coinage, because people are used to thinking of banks and giving money to people who appear rich.

          That's a pretty big assumption. A much simpler idea is that people make transactions via exchanges because the exchange can execute them *much* more efficiently than the bitcoin network can.

          Yes, it's ironic. Bitcoin was touted as a currency with very low friction. Instead, its proof of work distributed trust model has produced transaction fees and processing time

      • I think "stored on the blockchain" is a misnomer. The blockchain is constantly updating, with new transactions and to mint coins.. but everyone's wallet or public/priv key is simply their own cipher to extract via an algorithm what balance is shown on the system according to their string of alpha numeric characters.
    • The exchange holds the keys for their customers.

      • Re: (Score:2, Flamebait)

        by Xylantiel ( 177496 )

        And, seems to me, that means every such exchange is a scam. This practice is exactly the opposite of how cryptocurrencies are supposed to work.

        Actually I think the justification is that this avoids transaction fees by grouping transactions. But that's worse - it means that cryptocurrencies are a fundamental failure at their design purpose of enabling low-cost transactions.

    • by Anonymous Coward

      Are people really taking large amounts of money which they can keep secure by just keeping their own key secret (by for example locking the relevant hard drive in their basement) and handing them over to dubious poorly regulated companies to look after?

      yes that is exactly what they are doing. Reasons for it vary from ignorance, poor research or because they are engaged in active trading (gambling) which is pretty hard to do efficiently without an exchange.

    • by Luthair ( 847766 )
      Two reasons: (1) most of the audience of cryptocurrencies is technically illiterate and can't manage a wallet (2) cryptocurrency transactions are too slow and too expensive to actually use so an exchange holds a pot of it while they circle jerk about how cryptocurrencies are decentralized and don't have a single point of failure.
    • by AmiMoJo ( 196126 )

      There are two kinds of exploits.

      1. Exploit the exchange website.
      2. Exploit the blockchain.

      Exploiting the website is the preferred option because it's generally easier and there is little chance of the damage being undone. Exploiting the blockchain is likely to result in a fork from the moment just before the money was stolen, undoing the heist.

  • I'll bet 0.00000000001 bitcoin that someone pulls a major heist during the holiday seasons when all devops are enjoying their Christmas turkey.

  • by cloud.pt ( 3412475 ) on Sunday December 19, 2021 @07:35PM (#62098269)

    Stealing from most people who own crypto in exchanges is just a modern way of asset redistribution. They're not taking from poor people most of the time.

    • by Powercntrl ( 458442 ) on Sunday December 19, 2021 @07:44PM (#62098287) Homepage

      They're generally not Robin Hood, either. Most of these hackers are probably members of organized crime, so the money is helping fund whatever other awful things organized criminals do.

      I totally wouldn't feel bad if the money actually was going towards putting food on the tables of starving families, but instead it's probably helping some drug lord buy some shiny new guns for his minions. That's not really the kind of wealth redistribution I want to see.

      • Additionally I doubt any of the truly rich people have their money tied up in an exchange. You're not stealing from the Winklevoss twins, you're stealing from Joe Average who was stupid enough to buy into the bitcoin craze and likely didn't have the sense to see he was the subject of an elaborate scam.

      • by ebvwfbw ( 864834 )

        Of course they're not robin hood. He stole from the tax collector - aka the Government. Not from rich people.

  • he got caught, identified and knew he was in serious trouble. he cut a deal by returning the assets

  • How many of these "heists" had an associated insurance policy?
  • I may have posted this in the past but given these transactions are public and traceable, how come parts of the block chains treated as stolen goods? If an identifiable entity (e.g. CoinBase) ended up holding tokens originally derived from stolen tokens, couldn't they be seized?

    Heck, given they can easily identified shouldn't these business have a legal obligation not to transact them at all?

    • by ceoyoyo ( 59147 )

      Because there aren't any tokens. A bitcoin is just an entry that says 0x3849EDF83 has one bitcoin.

      You *could* make a law that makes it illegal to accept transfers from wallets that have accepted transfers resulting from theft. Imposing that kind of regulation, plus some other sensible ones, would give you a modern electronic transaction system, except way, way less efficient.

  • by The Evil Atheist ( 2484676 ) on Sunday December 19, 2021 @10:52PM (#62098613)
    Say the crypto-bros, because "they" can't "control it".

    Turns out "control" also means things like FUCKING LAWS and REGULATIONS to make sure no one CHEATS or STEALS.

    Congratulations on creating something, and morally supporting something, that's literally worse than stock markets.
  • crypto offers all kinds of opportunities, whether you want to create your own blockchain, create a token, mine, staking, buy, trade, hodl, or scam.

  • As the subject says, my account was hacked via a SIM swap. I'm looking for others who have also had their accounts stolen SIM swap or not. If you know any lawyers who have working on this type of case, please reply here with contact info. Morgan and Morgan is working on a class action lawsuit, but that's mostly going to benefit them and not those who need the help.

No spitting on the Bus! Thank you, The Mgt.

Working...