2021 Had Six Different Cryptocurrency Heists Over $100 Million (nbcnews.com) 55
More than 20 different times in the last 12 months, at least $10 million was stolen from a cryptocurrency exchange or project, reports NBC News.
"In at least six cases, hackers stole more than $100 million..." By comparison, bank robberies netted perpetrators an average of less than $5,000 per heist last year, according to the FBI's annual crime statistics... "If you hack a Fortune 500 company today, you might steal some usernames and passwords," said Esteban Castaño, the CEO and co-founder of TRM Labs, a company that builds tools for companies to track digital assets. "If you hack a cryptocurrency exchange, you may have millions of dollars in cryptocurrency...."
[W]hile a handful of countries have strict regulations in place, it's relatively easy for tech entrepreneurs to set up an exchange nearly anywhere in the world and run it however they like. Cryptocurrencies generally offer a certain amount of security — taking their name, in part, from "encryption." But the exchanges that manage them, especially new ones building their businesses from scratch, often start with a tiny staff, which means few if any full-time cybersecurity professionals. Their developers may work frantically to make the code work, sometimes accidentally leaving flaws that give hackers a foothold. Combined with the fact that a volatile market often leaves them suddenly holding a fortune, exchanges are a particularly ripe target for criminal hackers....
The problem is exacerbated because many cryptocurrency projects, intent on avoiding government regulations, set up in countries whose law enforcement agencies don't have much power to go after transnational hackers. Or if they are hacked, they tend to be less likely to call for government help on ideological grounds, said Beth Bisbee, head of U.S. investigations at Chainalysis, a company that tracks cryptocurrency transactions for both private companies and government agencies. Some developers "want to be anti-bank and anti-oversight," Bisbee said. "So when something like that happens, they're not necessarily wanting to work with law enforcement, even though they'd be considered to be a victim and it'd be valuable for them to."
Ultimately the article points out that "Most exchange hackers are not caught." (Although in at least one case part of the stolen money was voluntarily returned.)
But what happens after the breach, NBC News asked Dave Jevans, the founder of CipherTrace, a company that tracks theft and fraud in cryptocurrencies. If an exchange is wealthy enough and plans ahead to have an emergency fund, it can compensate its customers if its operation is hacked, Jevans said. If not, they often goes out of business. "Not every exchange is so wealthy or has so much foresight. It just goes, pop, 'We're out of business. Sorry, you're all screwed,'" he said.
"In at least six cases, hackers stole more than $100 million..." By comparison, bank robberies netted perpetrators an average of less than $5,000 per heist last year, according to the FBI's annual crime statistics... "If you hack a Fortune 500 company today, you might steal some usernames and passwords," said Esteban Castaño, the CEO and co-founder of TRM Labs, a company that builds tools for companies to track digital assets. "If you hack a cryptocurrency exchange, you may have millions of dollars in cryptocurrency...."
[W]hile a handful of countries have strict regulations in place, it's relatively easy for tech entrepreneurs to set up an exchange nearly anywhere in the world and run it however they like. Cryptocurrencies generally offer a certain amount of security — taking their name, in part, from "encryption." But the exchanges that manage them, especially new ones building their businesses from scratch, often start with a tiny staff, which means few if any full-time cybersecurity professionals. Their developers may work frantically to make the code work, sometimes accidentally leaving flaws that give hackers a foothold. Combined with the fact that a volatile market often leaves them suddenly holding a fortune, exchanges are a particularly ripe target for criminal hackers....
The problem is exacerbated because many cryptocurrency projects, intent on avoiding government regulations, set up in countries whose law enforcement agencies don't have much power to go after transnational hackers. Or if they are hacked, they tend to be less likely to call for government help on ideological grounds, said Beth Bisbee, head of U.S. investigations at Chainalysis, a company that tracks cryptocurrency transactions for both private companies and government agencies. Some developers "want to be anti-bank and anti-oversight," Bisbee said. "So when something like that happens, they're not necessarily wanting to work with law enforcement, even though they'd be considered to be a victim and it'd be valuable for them to."
Ultimately the article points out that "Most exchange hackers are not caught." (Although in at least one case part of the stolen money was voluntarily returned.)
But what happens after the breach, NBC News asked Dave Jevans, the founder of CipherTrace, a company that tracks theft and fraud in cryptocurrencies. If an exchange is wealthy enough and plans ahead to have an emergency fund, it can compensate its customers if its operation is hacked, Jevans said. If not, they often goes out of business. "Not every exchange is so wealthy or has so much foresight. It just goes, pop, 'We're out of business. Sorry, you're all screwed,'" he said.
scam hits ponzi scheme (Score:4, Funny)
Re: scam hits ponzi scheme (Score:2)
Re: (Score:2, Insightful)
Yeah thats not a thing thats gonna happen.
Its a Ponzi because it requires a constant injection of new capital to stay afloat. The only difference is this ones a distributed Ponzi.
And no the US dollar is not going to go to Zero. Thats economically illiterate gibberish. Unlike Bitcoin, the dollar is backed by the most powerful income generator in history, the US goverhnment.
And yes scams have always existed, but unlike a bitcoin exchange, the banks are backed by the federal reserve. You *cant* lose your money
Re: (Score:3)
The design of Bitcoin is such that there is a hard limit on the total number of coins that can ever exist. Eventually it won't be possible to mine new ones. In fact as some get lots or stuck in abandoned wallets, the number of coins in circulation will decrease.
So long term it doesn't look great. If that makes it a ponzi scheme isn't entirely clear. Even without mining, money can be made processing transactions. That doesn't depend on a supply of new investors, only continued use of Bitcoin for trading.
It's
Re: (Score:2)
I'll be honest I dont know how the US system works. I'm an aussie. But the general rule here is if guys in balaclavas boost the vault of a safe, the bank is guaranteed that it will have access to the funds to pay out customers if the vault heist ends up commercially fatal to the bank. Not that many banks are small enough that a single heist can kill it. Also insurance.
Re: (Score:3)
Bernie Madoff's ran for between 15 and 40 years, depending on whom you believe.
Re: (Score:2)
Cryptocurrencies may go up and down in value, but in general, they go up and stay up.
If that's the case then why have thousands that were released over the past several years now sunk to $0, 23767 crypto currencies have completely failed to date: https://www.coinopsy.com/dead-... [coinopsy.com]
Cryptocurrency (Score:3, Funny)
working as expected.
"hacked" (Score:5, Informative)
Or the exchange's owners decided it was more lucrative to make off with their users' holdings and claim to have gotten hacked. How's that deregulated and uninsured finance working out for ya?
Re: (Score:2)
It's both.
In some cases, the owner is a scammer who disappears.
In other cases, it's because they treat security as though it were as unimportant as at any startup. Hint: when you are dealing with money, security is more important than when you are showing GIFs to people and getting comments.
Re:"hacked" (Score:5, Insightful)
The ironic thing, this has been an issue discussed on antediluvian things like the Cypherpunks mailing list 20+ years ago. A "trusted" third party, and trusting them more than the value of their reputation is a foolish thing. For example, if Charlie is a third party that just came out of nowhere and is offering to do exchange services, the value of their reputation is essentially zero. If another party has some type of escrow or surety where if something is lost, it can be replaced, their name's value is that of what backs them. Once there is more money with them than their reputation is valued, it is in Charlie's best interest to get "hacked", close up shop, do a tumble or two, do a NFT transaction to ensure the money is now taxed and legit, and laugh all the way to the bank.
Re:"hacked" (Score:4, Interesting)
Also worth mentioning that this has been an issue at least back to the ancient Greeks.
Pretty good actually (Score:2)
Re: (Score:2)
Doesn't really work with crypto because everyone can see where the money went. It's a public ledger. It needs to be laundered at the very least, but in many cases the money just sits there and doesn't move. What tends to happen with these new shitcoins is that as soon as they get hacked the bubble bursts, and even if they were "worth" $30m on paper yesterday, today they are worth nothing.
So the heist doesn't really yield any reward, it just destroys another hyped up coin.
I clearly don't understand cryptocurrencies (Score:4, Insightful)
If this is the case then how do people lose money through heists where the criminals break into "exchanges"? Are people really taking large amounts of money which they can keep secure by just keeping their own key secret (by for example locking the relevant hard drive in their basement) and handing them over to dubious poorly regulated companies to look after? Why would this be a good thing?
Re:I clearly don't understand cryptocurrencies (Score:5, Informative)
The coins themselves are stored on a blockchain, which basically operates like a modified version of BitTorrent (hence the "bit" in Bitcoin) hardcoded to download and share the financial ledger database file. Database entries on the blockchain are made using public key encryption. A wallet address is just an algorithmically valid public and private key pair. The public key allows you to receive funds, and its associated private key allows you to instruct the Bitcoin network to transfer funds from that wallet to a different wallet.
While it's entirely possible to run an exchange where the participants merely agree to a transaction and have to facilitate it themselves after the fact, most crypto exchanges operate like an escrow service. They hold their customers' fiat money in their bank accounts, and their users' cryptocurrency is stored in wallets that the exchange controls. This is why they've become tempting targets for criminals.
Re:I clearly don't understand cryptocurrencies (Score:5, Informative)
This is the ironic point about cryptocurrencies. They are designed to be distributed, where everyone has their own wallet app that is separate, independent, and not attached to any central point. Then, we get exchanges where people store their coinage, because people are used to thinking of banks and giving money to people who appear rich. Exchanges are not regulated, so the result is that the exchange gets "hacked", money slurped off, and the exchange shuts down. Since there is no regulation, in theory, an exchange owner can then put up some NFTs up for sale, someone anonymous out of the blue buys them, the taxes are paid, and they laugh all the way to the bank.
Ideally, an exchange should only be used for the purpose of moving one currency to another, be it BTC to DOGE, XMR to USD, or similar. One shouldn't use an exchange like a bank, because that is pretty much asking for the money to disappear. At least if it gets swiped, that transaction is lost, and not one's entire crypto holdings.
Even more annoying is the difficulty in finding trustworthy apps on iOS and Android which are not tied to exchanges, and are reputable (not done by a third party just looking to slurp off wallet private keys). It seems with almost all wallet apps... want to create a wallet? Time to enter in your name, address, phone, social security number, and other PII, and have an account done, with pages and pages of financial and legal disclaimers. The days of a simple wallet app that is secure, not beholden to any exchange, and private seem to be gone. If you want something not beholden to an exchange, you are going to have to bite the bullet and buy a hardware wallet [1].
[1]: Of course, hardware wallets have their own caveats. I like making sure to hard reset the wallet once or twice, to ensure the private key has been generated while the device is in my possession, then I make a backup, hard reset the device again, and restore the backup... just to make sure the restore process works.
Re: (Score:2)
They are designed to be distributed, where everyone has their own wallet app that is separate, independent, and not attached to any central point.
While a great idea in theory the reality of the execution is what ultimately caused the problem. Carrying a wallet around is no good to me if it takes me the best part of a quarter of an hour to reach into my pocket, pull the money out and hand it to a cashier. It would be in my best interest to engage an escrow service to smooth this process lest the people behind me in the checkout line beat me to death for holding up their important daily routine.
The same applies to basically any slow transfer of money.
Re: (Score:2)
That's a pretty big assumption. A much simpler idea is that people make transactions via exchanges because the exchange can execute them *much* more efficiently than the bitcoin network can.
Yes, it's ironic. Bitcoin was touted as a currency with very low friction. Instead, its proof of work distributed trust model has produced transaction fees and processing time
Re: I clearly don't understand cryptocurrencies (Score:1)
Re: (Score:2)
The exchange holds the keys for their customers.
Re: (Score:2, Flamebait)
And, seems to me, that means every such exchange is a scam. This practice is exactly the opposite of how cryptocurrencies are supposed to work.
Actually I think the justification is that this avoids transaction fees by grouping transactions. But that's worse - it means that cryptocurrencies are a fundamental failure at their design purpose of enabling low-cost transactions.
Re: (Score:1)
Are people really taking large amounts of money which they can keep secure by just keeping their own key secret (by for example locking the relevant hard drive in their basement) and handing them over to dubious poorly regulated companies to look after?
yes that is exactly what they are doing. Reasons for it vary from ignorance, poor research or because they are engaged in active trading (gambling) which is pretty hard to do efficiently without an exchange.
Re: (Score:2)
Re: (Score:2)
There are two kinds of exploits.
1. Exploit the exchange website.
2. Exploit the blockchain.
Exploiting the website is the preferred option because it's generally easier and there is little chance of the damage being undone. Exploiting the blockchain is likely to result in a fork from the moment just before the money was stolen, undoing the heist.
We're not there yet! (Score:2)
I'll bet 0.00000000001 bitcoin that someone pulls a major heist during the holiday seasons when all devops are enjoying their Christmas turkey.
Personally I have no quarell with this (Score:3)
Stealing from most people who own crypto in exchanges is just a modern way of asset redistribution. They're not taking from poor people most of the time.
Re:Personally I have no quarell with this (Score:5, Insightful)
They're generally not Robin Hood, either. Most of these hackers are probably members of organized crime, so the money is helping fund whatever other awful things organized criminals do.
I totally wouldn't feel bad if the money actually was going towards putting food on the tables of starving families, but instead it's probably helping some drug lord buy some shiny new guns for his minions. That's not really the kind of wealth redistribution I want to see.
Re: (Score:2)
Additionally I doubt any of the truly rich people have their money tied up in an exchange. You're not stealing from the Winklevoss twins, you're stealing from Joe Average who was stupid enough to buy into the bitcoin craze and likely didn't have the sense to see he was the subject of an elaborate scam.
Re: (Score:1)
Of course they're not robin hood. He stole from the tax collector - aka the Government. Not from rich people.
about the one that returned the assets... (Score:2)
he got caught, identified and knew he was in serious trouble. he cut a deal by returning the assets
Taking bets (Score:2)
Stolen Goods (Score:2)
I may have posted this in the past but given these transactions are public and traceable, how come parts of the block chains treated as stolen goods? If an identifiable entity (e.g. CoinBase) ended up holding tokens originally derived from stolen tokens, couldn't they be seized?
Heck, given they can easily identified shouldn't these business have a legal obligation not to transact them at all?
Re: (Score:2)
Because there aren't any tokens. A bitcoin is just an entry that says 0x3849EDF83 has one bitcoin.
You *could* make a law that makes it illegal to accept transfers from wallets that have accepted transfers resulting from theft. Imposing that kind of regulation, plus some other sensible ones, would give you a modern electronic transaction system, except way, way less efficient.
Governments are scared of crypto (Score:4, Insightful)
Turns out "control" also means things like FUCKING LAWS and REGULATIONS to make sure no one CHEATS or STEALS.
Congratulations on creating something, and morally supporting something, that's literally worse than stock markets.
opportunities (Score:2)
crypto offers all kinds of opportunities, whether you want to create your own blockchain, create a token, mine, staking, buy, trade, hodl, or scam.
My account was hacked and lost due to sim swap (Score:2)
Re: (Score:1)