credit
Recently , countless people across the world were attacked by a malware program that locked their computers and demanded money to unlock, in an attack dubbed WannaCry. The attackers received thousands of dollars in the form of Bitcoin. Bitcoin is anonymous and easy, which means its a favorite among criminals. Just how is Bitcoin used by criminals, how can you protect yourself from some Bitcoin scammers, and should Bitcoin face higher regulation to prevent criminals from being able to use the cryptocurrency?
This very attack sparked renewed media interest in Bitcoin, arguably which helped spark the massive increase in price as I outline in a previous blogs....and if you are still new on the subject matter bitcoins,please kindly click on this link {https://steemit.com/bitcoins/@chuxlouis/vital-questions-about-bitcoins-that-u-were-too-embarrassed-to-ask-all-answered-with-lots-of-life-changing-tips-for-all-hardcore} but it also caused many to question whether Bitcoin is too easy for criminals to use to receive their ill-gotten gains. An example of this is a strongly worded letter in Financial Times. The author argues that states work hard to limit illegal activity with state backed money, such as the EU outlawing 500 Euro bills, but do nothing to stop Bitcoin. She argues that Bitcoin and other cryptocurrencies have only allowed crime to grow, and have produced nothing else productive.
Now of course we all know that of course is nonsense. Bitcoin shouldn’t be made illegal by nations just because it is used by criminals, just as cars or dollar bills shouldn’t be made illegal because they are used by criminals. Nevertheless, there is a point to be made that the anonymity of Bitcoin makes it a favorite among criminals. In fact, there has been an increase in ransomware attacks in recent years, as outlined in the graph below for year 2016 {last year}
credit
Ransomware attacks are on the rise, and the US is hit hard.
This article shall delve into the dark side of Bitcoin, and look at some of the negative aspects that present themselves.
Bitcoin has a dark side, just how dark?
credit
As we speak, bitcoin market capitalization
credit
is hovering above 73,515,555,061 USD
billion dollars. That’s a lot of money, and you better believe scammers know this and want a slice of that digital pie,today bitcoin is very attractive to scammers for the same reason it’s attractive to you: it’s fast, it’s international, and it’s irreversible, So as Bitcoin usage has grown, we have seen more and more Bitcoin scammers disappear with user funds.
Fraud / Scam Detection in the World of Bitcoin
The Bitcoin protocol is strong cryptographically (to the best knowledge so far), and we wish the world encompassing its network and users were as secure. In this article, we will review several classes of attacks, how a feature of the Bitcoin protocol in conjunction with online wallets will help prevent them and we’ll end with an overview of why fraud detection is a difficult endeavor.
To avoid any confusion, in the context of this article,
“fraud”
refers to a transfer of funds to a destination not authorized by their legitimate owner. while
" Scam"
can be defined as a fraudulent scheme performed by a dishonest individual, group, or company in an attempt obtain money or something else of value. Scams traditionally resided in confidence tricks, where an individual would misrepresent themselves as someone with skill or authority, i.e. a doctor, lawyer, investor. After the internet ,Online transactions and Bitcoins became widely used, new forms of scams emerged such as lottery scams, scam baiting, email spoofing, phishing, or request for helps etc
Pretty much everyone reading this article will know Bitcoin transactions are technically irreversible and this makes them very attractive for merchants because the received funds are immediately spendable. In some jurisdictions it might be possible that the merchant is forced, through a court order, to refund a transfer, but this case is a legal matter, completely unrelated to the method of payment (nonetheless, for consumers it is a good resort to have in the rare case of rogue merchants).
Bitcoin’s use of digital signatures ensures transactional integrity and non-repudiation. The network, which verifies the transaction, cannot check however whether the private keys were provided by the legitimate user or another party. That step is outside of the protocol’s boundaries and is the wallet’s responsibility to authenticate the user and unlock access to the private key. The wallets or the users are therefore the targets of malicious attacks.
Attacks Against Wallets
The level of security provided by wallets varies with the implementation, in terms of both features and quality. Naive implementations will simply store the wallet unprotected or weakly protected (once the file is stolen, a short PIN can be trivially brute-forced) and this is why wallet-stealing malware is one of the easiest attack paths. In fact it is so obvious (reminiscent of Willie Sutton’s famous yet apocryphal answer: “because that’s where the money is”) that two researchers, Pat Litke and Joe Stewart, have recently catalogued 146 distinct Bitcoin-stealing malware, out of which only half were detected by anti-virus scanners (read a good summary or, better, the original paper). Even if the wallet is coded diligently, given that run on a software stack, the underlying layers can have vulnerabilities which, however difficult, will be found given time (the money to be stolen is a great motivator).
Several approaches exist to mitigate this risk. A common one is using two-factor authentication (requiring a telephone with a registered phone number which will receive a one-time code via SMS or a voice call. Google Authenticator is a popular choice).
It is a good complement for computer-based wallets, but less so for mobile wallets residing on the same phone which can be stolen. By the time its owner removes the authorization for the phone, the funds might be gone. How can a thief know the wallet password? The same techniques as for stealing the PINs of physical cards: “shoulder surfing” or cameras filming the user while performing a legitimate transaction (a club’s bar is a high-risk location, for instance). Keylogger malware is another popular approach.
Other approaches consist of “brain wallets” which do not store the keys but generate them from a (hopefully long) passphrase memorized by the user.
This is harder in practice, not only because occasional users may rightfully be wary of forgetting it (carrying a paper with it in the physical wallet would negate the security but it will happen nonetheless) but also because a good passphrase would be about50 wordslong and this would make frequent use cumbersome.
Lastly, paper wallets and hardware wallets are more secure, but they are more suitable for the cold storage of funds, rather than daily use. Diligent users will employ them, but do not expect this to be the norm.
In fact, the wallet does not have to be stolen to be used as a source of money. Ransomware, malware that encrypts user files and demands a payment for unlocking them – CryptoLocker being the most (in)famous — can provide a steady source of income through ransoms, regardless of whether the private keys are obtained. It is unlikely that such malware will be written for Bitcoin wallets specifically (why limit the attack?), but wallets will be taken with all other personal files. This is where cold storage of most funds, Bitcoin’s equivalent of “don’t keep all your money as cash with you”) as well as backups are absolutely essential.
So far we’ve talked about user wallets. On the other end of the wire, any online site storing bitcoins, be them wallets, merchants or exchanges, should be prepared for advanced persistent threats and followers of the excellent Krebs on Security blog will be familiar with how indirect attacks can be, going through third-party suppliers of the target (overused pun not intended). Indeed, attacked have they been. Most high-value attacks today are profit-motivated and supported by organized crime (let me point out here that someone tried to impersonate Gavin Andresen on the PGP key servers). Although PCI-DSS is not perfect, its recommendations are mostly applicable to Bitcoin businesses.
Attacks Against Users
Why hack the user’s computer when you can persuade him to pay you? Unfortunately, scammers know how to leverage your emotions, whether they target greed by offering “high investment returns” or, as in the case of donation scams, people’s compassion for others.
There have been instances where scammers have created fake donation pages where they ask people to donate in bitcoin. After the Orlando terror attack, for example, a fake donation page was set up that urged users to send the cryptocurrency to help the attack’s survivors.
Even when donating, it is imperative to conduct thorough research into the cause and the charity or person behind it before sending any bitcoins to avoid getting scammed.
While there are many ways you can earn bitcoin, make sure you avoid Ponzi schemes that promise you a high return on investment. Also, avoid using any exchange or wallet provider that is not reputable or professionally run. Cybercrime is on the rise globally and the Bitcoin economy is also affected by this trend. Hence, it is wise to always conduct your research about a product or service, as well as who is behind it, before parting with your cryptocurrency.Scamming is as old as the world. A Bitcoin address does not have any identification about its owner so simple persuasion to send money to the scammer’s address can work well (side note: what at times is a feature is, at others, a usability shortcoming. However, the idea of a resolution mechanism to associate a computer-friendly wallet address with the human-friendly social networks identities or a directory has faced considerable critique for fear it would create a two-tier system that will eventually destroy Bitcoin. A good decentralized solution is still in the future).
Every event involving a loss of bitcoins or even a service outage has the potential to be used by scammers for phishing (or fake Twitter or any other social media accounts soliciting donations) and as Bitcoin becomes more popular, we can expect the wave of donation requests to fraudulent addresses following earthquakes or other disasters.
To be clear: this is not a vulnerability in the Bitcoin protocol. After all, the legitimate owner of the funds decided to make a transfer. It’s a plain scam, not a hack. Nonetheless, if the ecosystem will have features reducing the incidence of such scams the trust in the system and the adoption will be higher.
A different type of attack is one in which a Bitcoin-accepting website is hacked and the destination address modified to be the attacker’s. The attack cannot last long for merchants, whose checkout process will notice the funds have not arrived to their address but sites accepting donations may be exploited for longer times.
#Transaction Screening
credit
The conceptual answer is to have the transaction screened for fraud outside of the device originating the payment which can be under the control of an attacker or malware. This is similar in principle to how a credit card transaction initiated by the consumer is vetted and, to implement it, Bitcoin has an elegant mechanism: multi-signature transactions, requiring more than one party to sign a transfer. While they serve multiple purposes (escrowbeing a typical example), in this case a second party would be a service that screens transactions for fraud and only if the transaction is okayed by it, then it is broadcast to the network. Vitalik wrote an excellent primerearlier recently and I’ll invite you to read it rather than pasting the same topic here. Thetutorialsby James D’Angelo’s on YouTube are also highly recommended.
Who can be that other party screening the transaction? The web wallet is the first choice and, in fact, this feature is already implemented and promoted byCryptoCorpright on the front page, a proof that fraud prevention can have marketing value and not just make the finance department happy. Notably, the use of a web wallet provides more data points since the IP address and device information can be used as inputs and detect, for instance, if the network location of the user’s wallet has jumped across an ocean within minutes.Security-conscious users will prefer not to use online wallets, yet I think it is a safe bet to say that the convenience will keep them popular, as with cloud-based email or file storage. The wonderful thing is that multi-signatures, by requiring both the user and the exchange to cooperate, make this option arguably more secure than single-signature local storage given the permanent threat of having the hot storage hacked.
After an initial period in which online wallets implement their own solutions, if at all, I do expect some consolidation to follow in time, with fewer third party fraud detection services being used by more wallets. It’s part economics (pay-for-service is often cheaper than build-your-own, particularly a build-your-own-complicated-system), part efficiency. Collaborative fraud detection is already used by the payment industry, with merchants and financial institutions sharing fraud data with a number of vendors or among themselves with the goal of reducing it for everybody (disclosure: I’ve been involved in building such systems, but none of them is public or commercial and I hold no financial interest in any such vendors. Nonetheless, I have not named any companies).
Fake Bitcoin Wallets
Every user requires a bitcoin wallet to store their funds and to send and receive payments. There are four main types of wallets for bitcoin, namely; hardware wallets, web wallets, desktop wallets, and mobile wallets.
Scammers, seeing the high demand for mobile wallets, have started to create fake wallets to defraud people. The fake bitcoin wallets usually have a name that is very similar to legitimate and trusted wallets such as Coinbase or Mycelium and, in some cases, even the same logo. These copycat tactics trick the user into downloading it believing it is the legitimate company’s wallet. Some fake wallets have crept onto the Apple and Android stores masquerading as genuine wallets.
Another way that fake wallets get customers is by promising greater transaction anonymity according to Marie Vasek’s and Tyler Moore’s study:
“I was able to analyze three of these services (Onion Wallet, Easy Coin, and Bitcoinwallet.in), in which all transfers from the victims were ultimately delivered to the same address held by the scammer. These particular scams advertise themselves as offering a mixing service that enhances transaction anonymity for customers. In fact, all three services appear to be operated by the same scammer, because the siphoning transfers all go directly to the same Bitcoin address.”
The way wallet scams work is that the user downloads the mobile wallet and starts to use it. It usually works for a while, but once the amount stored in the wallet reaches a certain threshold, it is moved out of the wallet leaving the user empty handed.
To prevent yourself from falling for such a scam, download wallets directly from the link provided on the reputable bitcoin wallet provider’s website.
Fake Cloud Mining Services
Bitcoin mining is a process where complex mathematical equations are solved by Bitcoin “miners” in exchange for rewards in the form of new bitcoins. These equations validate the transactions in the blockchain ensuring that all requirements are met and that no double spending can occur.
Cloud mining companies charge users a small fee in return for mining bitcoin (or other cryptocurrencies) on behalf of the user. That allows individuals to receive the financial rewards for mining cryptocurrency without having to purchase and maintain expensive bitcoin mining hardware.
However, this area of the Bitcoin economy has also been infiltrated by scammers. Cloud mining scams are websites that state that they are offering cloud mining services without actually conducting any cryptocurrency mining. Generally, these sites pay users out for a period after they have purchased a fake cloud mining contracts for more than the payouts they are receiving. Then, after some time, the fake cloud mining company stops paying out, and users’ funds disappear. In other words, fake cloud mining operations are simply Ponzi schemes that pay out as long as more users are attracted to the service and are buying fake mining contracts. Once the amount of new paying users dries up, the scammer disappears with the funds.
Examples of cloud mining scams are Hashinvest, Hashpoke, Cointellect, GAW Miners and HashOcean, with GAW Miners and HashOcean arguably having been the biggest cloud mining scams executed to date.
Advertisement
Worldcore
Joshua Garza, the owner of GAW Miners, allegedly got away with over $10 million worth of investors funds and was charged by the SEC with various counts of fraud. He convinced investors that he had large amounts of computing power necessary to mine bitcoin, which led to strong sales of his fake cloud mining contracts. However, investors did not get the returns they were promised and were, instead, defrauded out of a significant amount of their invested funds, so they filed a class-action lawsuit against GAW Miners.
To prevent yourself from falling victim to a bitcoin cloud mining scam, conduct thorough research on the cloud mining service providers you are considering using and make sure that they are properly incorporated businesses that are run by individuals whose identities are known.
Bitcoin Investment Schemes
Bitcoin investment schemes are another common type of scam in the Bitcoin economy. Bitcoin investment schemes are somewhat similar to cloud mining scams in the sense that they promise returns and pay out small daily returns until one day all payments stop and the scammer runs off with users’ invested funds. Like cloud mining scams, bitcoin investment scams are set up as Ponzi schemes.
Since these “investments” usually seem very profitable at first as daily payments are being received by users, many users will re-invest their “returns” into the scheme to generate more profit. Once a user tries to withdraw his or her earnings, however, is where the trouble usually starts and before you know it, the investment scheme stops paying and users lose their invested funds.
If you decide to put funds into a digital currency investment service ensure that the company providing the service is properly incorporated and run by reputable industry professionals. Also, make sure that the investment strategy they propose is outlined and makes sense. Most of all, anyone who guarantees high returns in any investment service is lying as there is no certainty in the investment world.
MLM Schemes
Bitcoin multi-level marketing (MLM) schemes with no actual product or service that promise high commissions for successful referrals are simply another type of Ponzi scheme. Funds paid out to participants in the scheme are not company profits. Instead, they are solely a share of the new money that new users that were referred to the service are placing into the scheme.
Any multi-level marketing scheme that does not have participants selling an actual product or service are almost always guaranteed to be Ponzi schemes.
Fake Exchange Scams
Bitcoin exchanges are services provide users with a marketplace that allows them to trade bitcoin for fiat currency or other cryptocurrencies. However, there have also been instances of fake exchanges in the bitcoin economy.
Fake exchanges swindle users by asking them to put a payment in that goes to the purchase of bitcoin. However, the exchange does not remit anything to the user. These exchanges usually attract customers by having lower credit card processing fees than their competitors.
Hence, it is highly recommended to only use reputable exchanges that are regulated and trusted by community members instead of just any site that promises users a good price and low transaction fees.
Phishing Scams
Phishing scams involve sending out emails with the intention to steal personal information. Bitcoin phishing scams usually involve a user receiving an email where they are informed they won bitcoins but to collect their coins; they are required to log onto their wallets through a link in the email body. Once this happens, the user puts his or her wallet username and password onto the fake wallet site and, thereby, loses access to their wallet and the bitcoin held therein as his login information gets stolen by the scammers.
Phishing scams are very common and have also started to plague the Bitcoin community. Always be careful when clicking on any links in emails that seem inauthentic, especially when you are checking your emails on your phone, where it is easier to miss the details of the actual sender.
Bitcoin-flipping scams.
"These scams could be an offer to instantly exchange bitcoins for money after paying an initial startup fee or a promise to double your initial investment overnight.
The other end of the bargain is never held-up, and bitcoins are stolen immediately. Scammers succeed because they’re able to broadcast their scam to thousands of unsuspecting targets through social media."
Bitcoin pyramid schemes.
These scams are harder to recognize than the more egregious bitcoin-flipping examples described above, but the end result is the same; the scammer eventually makes off with the victim’s stolen bitcoins.
This tried and tested idea relies upon high yield investment programs and multi-level marketing. In these ethically grey schemes, a low initial investment can be multiplied by signing up additional members using referral links. Before long, hundreds of victims have joined the scheme. At a later point in time, the original scammer walks away and the pyramid collapses."
App & Plugin Scams
This is relatively new and pretty scary development. Scammers have stepped up their game - there are now bitcoin scams that operate as apps and plugins.
More recently, in March 2016, the Bitcoin community was urged to uninstall a Chrome add-on called ‘BitcoinWisdom Ads Remover’ which can steal bitcoins by replacing QR codes in popular exchanges with fake QR codes.
how to resolve this : It’s hard to predict what kind of scam apps or plugins (or something else?) to appear next. The fake app had plenty of (fake) 5-star reviews, so we know that we can’t even trust Android Play Store ratings. Exercise extreme caution - to be safe than sorry, email customer support to verify that the app/plugin is indeed, theirs.
last year , the Bitcoin community was warned against a fake Localbitcoin app, available on Android (since taken down) that phished for bitcoins.
Bitcoin Authority Scams
This is one of the hardest scams to see through because the scammers appeared to have high authority among Bitcoin community members. For example, the digital currency exchange platform Cryptsy did not tell its users that it was allegedly hacked out of $6 million worth of bitcoin in 2014. Instead, they simply did not allow users to withdraw bitcoins and ignored support tickets. Before that, the community was shocked by the Mt Gox incident. It was a respected bitcoin exchange, until it suddenly disappeared without a trace, along with approximately 744,000 bitcoins.
More recently, the fake organisers of London Bitcoin Forum apparently got away with thousands of pounds in ticket and sponsor fees. The event, which was scheduled for 23-24 March 2016 promised a lively 2-day event featuring talks from prominent Bitcoin industry leaders, networking opportunities, presentations and much more. Many Bitcoin news websites, companies, and members of the public shared the event and made plans to attend it, until it was revealed as an elaborate scam. By this time, the website and Facebook page were taken down without notice or news. The only silver lining: this particular incident brought to light the lack of proper guidelines for bitcoin news reporting by major bitcoin news websites.
Solution (kind of): We would say ‘only use the services you trust’, but this advice is meaningless here. All of the above were trusted entities (at that point). However, you can reduce the risks. Divide your bitcoin storage across several wallets, or cold storage it. Practice a healthy level of skepticism over any news article and review you read. If the website has a history of sweeping stories under the carpet, proceed future news (especially involving money) with caution.
How Can You Protect Yourself and things to be on the lookout for
Only deal with reputable, registered companies
Make sure you can verify the identity of the employees/owners
See if they are mentioned in reputable local or international news publications
Treat anonymous and new exchanges, apps and browser extensions with caution
List of known Bitcoin scams
Since it is very easy to set up a scam website, it is impossible to always have an up to date list of scams. You should do your own research and learn to look for suspicious schemes.
However, here are some sites that research/comment on scams:
http://www.badbitcoin.org/thebadlist/
http://bitcoinscammer.com/
https://bitcointalk.org/index.php?topic=1326821.0
http://behindmlm.com/
If you are putting your money anywhere, it's up to you to do your own research and investigation (Google and Reddit can take you far). And remember: if something sounds too good to be true, it probably is.
Like any get-rich-quick scheme, bitcoin scams thrive on the gullibility of its victims. Just because it's a digital currency doesn't mean you can acquire wealth quickly. Here are some more warnings to key into,
Don’t trust anyone claiming they will give you or help you mine bitcoin. Again, cryptocurrency is valued by cybercriminals for a reason, and nefarious behavior related to bitcoin runs rampant on social media and digital channels.
Avoid URLs associated with social media profiles advertising too-good-to-be-true bitcoin offers.
Be vigilant when engaging with the social media accounts of legitimate bitcoin brokers or trading platforms, as they are frequently victims of convincing impersonations.
Never engage in any financial transaction, bitcoin or otherwise, via direct message on social networks.
Conclusion
Bitcoin scams are not doing the Bitcoin image any favors at all . Is this the natural evolution of a decentralised currency such as bitcoin? So far, the lack of regulation for digital currencies as well as Bitcoin community’s preference to self-regulate is certainly making it easier for scammers to target bitcoin newcomers. It is unlikely that bitcoin scams will stop appearing From cash gifting schemes to high-yield investment programs that are just Ponzi scams in disguise, there's no end of opportunities to be separated from your cash., so our only hope is to keep ourselves updated and get digitally protected.
Do you have any other scams that i missed? please kindly share on the comment column so that we all learn,because we all do learn everyday
If you have already been scammed,please report the crime and expose them through all the social medias or other channels please and you can share with us too by dropping your comment below so we learn from your experience too,
Whether you are a bitcoin newbie, or someone who have been torched before, you should keep yourself up to date with the latest scam attempts. please we are all encouraged to do our very own research {DYR} because No backup plan is perfect. Even the most foolproof security can be compromised, kindly share your experiences and contribution with us please.
SHINE YOUR EYES WELL
credit
For your Enquires contact
@chuxlouis
© Coindeskbitcoin
WhatsApp: +2348037188995
[email protected]
credit
Success Is Delibrate dear steemains
#MillionairesMindset
KINDLY
UPVOTE
RESTEEM
AND
COMMENT
Follow @chuxlouis
Very true... Scammers are way ahead of current security protocols...
Wow nice one bro, you really took your time and the post is very informative. I just upvoted and reteemed this post.
Thanx boss.
Ur welcome bro.
Wow! This is a wonderful post. You really took your time to write this and gave detailed descriptio..... it's quite lengthy though, couldn't finish it at once.... will continue after a break
:)
thanx a lot,it was really necessary if you can ,kindly go through the other post ,it took me days to complete but i can i assure it was worth it totally.thanx a lot @mikedestiney
Resteemed to over 4900 followers and 100% upvoted. Thank you for using my service!
Read here how the new bot from Berlin works.
@resteem.bot
@royrodgers has voted on behalf of @minnowpond. If you would like to recieve upvotes from minnowpond on all your posts, simply FOLLOW @minnowpond. To be Resteemed to 4k+ followers and upvoted heavier send 0.25SBD to @minnowpond with your posts url as the memo
A very informative post. Thank you for taking time to write this. I think it’s essential that we keep ourselves updated with what’s happening in the digital currency world. Like you said in the post, to keep us digitally protected. Digital currency is deregulated. That’s one of the most important things about the digital currency and why the users are fond of it.
More blessings to you @hpwa i really do appreciate your contribution ,i just followed you know if it is ok with you,kindly go through other post in my blog i assure you,you will love it.
@minnowpond1 has voted on behalf of @minnowpond. If you would like to recieve upvotes from minnowpond on all your posts, simply FOLLOW @minnowpond. To be Resteemed to 4k+ followers and upvoted heavier send 0.25SBD to @minnowpond with your posts url as the memo
This is much work and really expanatory
Thanx a lot dear,it really took a lot of time to finish this,i would have divided it in parts but i just decided to leave it concentrated and undiluted i hope it gets concentrated upvotes and resteems by Gods grace.
Lovely post
Thanx a lot my sis,i am so glad u love it.more blessings to you.
Great post
Thaxnx @ lot
mahimonliner
Really nice post @chuxlouis, i can see you put a lot of effort into it, but i think you don't get the rewards because there are too many sources, you should write more by yourself and more based on your personal opinion, and then the rewards will start coming.
This post received a 1.6% upvote from @randowhale thanks to @chuxlouis! To learn more, check out @randowhale 101 - Everything You Need to Know!
Downvoted for supporting spammer and account thief @lovelygirl
...and also for being a gigantic copy paste.
Ok..Thanx a lot boss ..More blessings .Sometimes in life when you want to confirm something ,you play the fool and do what you are told and if at the end of the day ,what you had in in mind turns out to be truth ,then u attack without looking back....More blessings again
You just paid money to a scammer, please try to be more careful.
What an idiot!
It is all your fault! for sending that 1 SBD.
That created 1000 x SPAM in everyone wallet.
Now you transfer 1 SBD to @lovelygirl , another scammer account. ???