We have often stated that fraud predates cryptoassets and blockchain technology; however, the tools and instruments made available through this disrupting technology demand an urgent update by the security forces to succeed in fighting crypto crime. As fraudsters evolve in education and sophistication, an urgent reaction is required.
This post is a continuation of our article under the same title which is available here. We have approached this concerning issue covering different types of crypto frauds and scams. Through our pro bono work at the Legal Clinic of the Bitcoin Argentina NGO we are devoted to shaping an aggressive response against cryptocrime. Also, we have been monitoring this issue during the pandemic and we have also approached this problem on Fintech companies’ Liability for Crimes against Users evaluating their duty of safety from the civil responsibility side.
Crypto crime international evolution
As reported by BeInCrypto, crypto-related crime fell in 2023. The annual evaluation (considering periods from July through July) reflects a 65% reduction in crypto crime except for Ransomware that showed a significant growth. We consulted our experts regarding this issue. Miguel Satzger, Head of Sales for the Americas of Base 4 Security, our partner in IT security, stated that they are working actively in Incident Response and in prevention as well. He stated as follows: “Upon a cyber security incident, no action must be taken, and it must be reported immediately for a proper incident response. At this first stage, remediation activities are pursued working closely with the organization’s different departments. If the organization decides to start a negotiation with the attackers, we advise them along the process.”
Martín Elizalde, partner at Foresenics, makes the following suggestions regarding prevention and damage control: “even though any tip is not faultless and cannot be construed as a legal advice, as a general rule any emotional reaction should be left aside and the situation must be conducted as a business transaction.
Among other things, experts recommend:
– To set a different communication means with the malicious actors and ask them to decrypt a test file.
– To request a proof of file deletion.
– In the meantime, to investigate how the malicious actor hacked the organization’s network.
– To be respectful: this must be treated as a business transaction.
– To request more time: attackers are likely to extend the time during ongoing negotiations. Victims should not be afraid of asking for more time. Attackers generally press their victims to make quick decisions, threatening them to leak stolen files or doubling the ransom amount after a certain period of time.
– You should state your ideas in an objective and convincing manner. Attackers will surely understand your position and will be likely to accept your offer. This will convince them that you are willing to cooperate with them.
– Negotiation is sought to reduce attackers’ demands, not to cheat them. If they ask for money, make a lower bid. You can offer to pay them a small amount in advance under the pretext to increase the balance.
– To bargain in a shamelessly way. Since malicious actors are not involved with your financial situation, they are not sure if you are telling the truth about what you can afford to pay.”
The good news, as reported by this survey by Chainalysys, is that security forces and crime-prevention agencies have dealt a major blow to cryptocurrencies’ inflows to illegal wallets such as fraud, scams, hacks, malwares and illicit businesses through black markets. This explains the overall crypto-crime decline. The reduction of crime proceeds and/or the increase of crime cost are key issues in fraud prevention, since lower profits will discourage malicious actors from developing illegal activities.
Another interesting survey was the one shared by Tara Annison from Elliptic during EthCC.6. As reported by BeInCrypto,this research is focused on those assets, currencies and blockchains which are predominant in illicit cryptocurrency activity. There was a shift in the type of assets used for cybercrime: in 2020, 97% of cybercriminals demanded ransoms in BTC but this percentage fell to 19% in 2022. In turn, stablecoins such as USDT and USDC now account for the majority of illicit transactions for its easy accessibility. Even though the issuers of these stablecoins could freeze the tokens related to illicit activities, the intervention of private companies could be considered “arbitrary” and could infringe on the principles that govern the crypto ecosystem such as non-intervention, privacy and non-censorship. For the moment, the position of issuer companies and exchanges is passive in this sense due to the low volume of wallets and amounts involved.
Today, the TRON blockchain is an appealing target for cybercrime due to its agility for wallets creation, cost-effectiveness and poor traceability (ideal for cybercriminals).
Other concerning facilitators of crypto crime are smart contracts (wrapped BTC on ETH network for instance), “bridges” and “mixers”. As reflected in our article on OFAC sanctions with respect to Tornado Cash (for having being used by the North-Korean hacker Lazarus Group) several governmental agencies are committed to sanctioning companies that offer these solutions, even open-source solutions. Programmers involved in these illicit activities were sanctioned as well. Only in 2022, USD 4,100 million dollars were laundered by virtual currency mixers, and this is only a small proportion from the total laundered amount.
Famous cases in USA and UK
However, positive actions can be encountered in the ransomware universe. USA and UK authorities have recently sanctioned 11 hackers behind ransomware that were responsible for, at least, USD 833M worth of crypto extortion. Although this does not imply that funds were recovered, the OFAC (USA) together with the OFSI (GB) have been able to identify, through their joint task teams, 11 individuals who were behind one of the most profitable “companies” in this type of cybercrime, as reported by BeInCrypto.
This group (Trickbot) is among the highest crypto-earning organizations after Lazarus Group based in North Korea. Beyond all sort of speculations of Trickbotties with Russian intelligence, the positive news is the fruitful training taken by the security agencies of both countries to be able to identify this group who operates since, at least, 2016. Untouchable criminals have been finally identified and sanctioned properly. It remains to be seen if they will appear in court (as expected).
Another famous fraud within the United States -as reflected in this article– is the Bitcoin scam perpetrated by Jack Orvidas. He has been sanctioned by the CFTC for an amount of USD 500,000 and was requested to repay USD 2 million dollars as well. Finally, he has been banned from transacting with commodities for a term of 10 years.
Orvidas fraudulently promised huge earnings through a Bitcoin fake pool (alleging that cryptocurrencies were something “like printing money”). On the grounds of false representations, a negative trading background and lack of investments’ safeguard, the CFTC sanctioned him. Among other cases, the CFTC sanctioned Mirror Trading International in September 2023 with a record fine of USD 1,7 million dollars in an attempt towin the race against cybercrime.