What Are The Biggest Crypto Heists And Exit Scams And How Much Was Stolen? (#GotBitcoin?)
As the appeal of cryptocurrency has grown, so has the opportunity for scammers to part naive investors from their money. 2020 has been no exception, with cryptocurrency and blockchain forensics company Ciphertrace dubbing it “the year of the exit scam.” What Are The Biggest Crypto Heists And How Much Was Stolen? (#GotBitcoin?)
Exit scams are not a new phenomenon, with a 2018 report conducted by Statis Group revealing over 80% of initial coin offerings (ICOs) in that year to have been fraudulent. Here, we explain exit scams and how to spot them, as well as a look at some of the biggest scams that have been discovered by various researchers.
What Are Exit Scams?
The premise of cryptocurrency is simple, a new ICO launches, claiming to offer lucrative returns for investors. Investors can’t believe their luck and clamor to buy in. The business runs for some time on the back of the invested capital, but, sooner or later, disaster strikes and the company shuts down, often with no explanation.
After a while, it becomes obvious that the company is gone for good, along with the invested funds. The poisoned chalice of crypto’s decentralized nature often means that investors are left in the dark when trying to recoup or trace their pilfered funds.
How To Spot An Exit Scam
Many exit scams have tell-tale signs that investors should look out for. The financial content site Investopedia has a handy list of key characteristics.
First, exit scams often have inconsistent or misleading information about the team behind the project. When scouting potential investment opportunities, investors should scour for information on key members of any ICO.
It’s important to remember that online credibility can be faked by purchasing likes, profiles and followers on social media. Celebrity endorsements with verified accounts could also ring alarm bells for investors. A fake Twitter account purporting to be Elon Musk, with a supposedly verified twitter account, raised over $155,000 as part of a 2018 Bitcoin scam.
Investors should verify the credentials of backers, team leaders and promoters of cryptocurrency projects. Although individuals may seem to be legitimate at first glance, brand new social media profiles and few followers or connections should raise eyebrows.
The most significant characteristic unifying exit scams in cryptocurrency is the promise of a huge return on investment (ROI) — chances are that it’s probably too good to be true.
Investors should always look through even the smallest details of what they are required to invest and what the company purports to be able to give back to them.
ICOs usually come with a white paper, setting out the design details of the project along with a business plan and other information. Investors should pursue all available information for ICOs, as any vagueness in the white papers should signal a big red flag.
When investing in an ICO, it’s vital to get an understanding of the business model. Investopdia writes that anything powered by concept alone should be a warning to anyone tempted to buy in. Although cryptocurrency projects can and do launch off the back of technological advances, investors should be wary of projects looking to gather millions of dollars before taking a sober look at the project’s ability to return the investment from the published information.
Heavy promotion of an upcoming ICO can also be a sign of an exit scam. Past scams have employed bloggers to promote via numerous forums. Ads both online and in print media could also be suspicious.
$2.9 Billion Plustoken Scam Could Be Largest Exit Scam Ever
A 2019 report shared with Cointelegraph by the cryptocurrency and blockchain forensics company Ciphertrace dubbed 2019 the year of the exit scam and highlighted the billions of dollars stolen in multiple scams this year alone.
The report shines a light on what, if confirmed, could be the biggest crypto scam ever, with an estimated loss of around $2.9 billion after Chinese police uncovered an alleged Ponzi scheme involving the South Korean wallet provider and exchange PlusToken. Although more is being uncovered about PlusToken, mystery still surrounds the key events.
Ciphertrace reports that the platform has enshrouded several Chinese nationals, the government of Vanuatu, the Chinese police and the company’s co-founders — a South Korean man operating under the alias of “Kim Jung Un” and a Russian known only as “Leo.” The alleged PlusToken scam centers around an app with which the wallet provider claimed investors could invest in PlusToken (PLUS).
According to the report, the firm claimed that the token, based on the Ethereum blockchain, was developed by a major technology company. PlusToken is also said to have falsely stated that it could deliver wallet holders an ROI of between 8% and 16% per month, with a minimum deposit of $500 in crypto assets.
Ciphertrace also reported that no verifiable source of revenue existed other than the proceeds from new membership. Those were onboarded per the traditional method of a Ponzi scheme, which require a constant stream of new investment in order to support its semblance of growth.
Investors were incentivized to recommend new users with an invitation, which was the only way to join.
Although this was enough for some members to dismiss the legitimacy of the project outright, Leo, the company’s co-founder, published a press release that claimed he had met with Prince Charles, the future head of the English royal family, providing photos as proof. Ciphertrust reported that it had contacted the Prince Charles Foundation, which confirmed that Leo had indeed attended the event, but would not provide other information about the individual due to European Union General Data Protection Regulation, or GDPR.
PlusToken’s fate was seemingly sealed on June 28, after members of the Chinese police touched down in Vanuatu, detained six people involved with the project and extradited them back to mainland China. Ciphertrace reported that the so-called “PlusToken Six” were either Vanuatu citizens or applying for citizenship at the time of their arrest.
Soon after, PlusToken members found that they were unable to withdraw funds from their accounts. Customers were informed that withdrawals via the app were frozen due to “technical difficulties.” By June 20, the PlusToken app had ceased operations due to purported system maintenance.
For investors, there seems to be no secure lead on the final resting place of the allegedly billions of dollars of stolen funds. The Chinese government has yet to comment. A July 12 post from PlusToken stated that the six Chinese individuals were simply service users and not actually involved with the running of the company itself, stating that users should ignore the rumors and not try to log in until they receive confirmation that the servers are back online.
PlusToken Scam Selling Could Dump BTC Price For the Next Two Months
This year has yielded significant price action for Bitcoin (BTC), both to the upside and to the downside. Bitcoin’s price recently fell to around $6,500 as selling pressure continues to plague the market.
Recent data from crypto-Twitter analyst Ergo shows such selling is possibly due to further liquidation of 200,000 BTC in funds from the alleged PlusToken ponzi scheme.
Ergo Said In A Tweetstorm:
“If my numbers are correct, the 200k BTC estimates reported earlier this year were correct, and market impacts will continue for some time.”
Back in August, Cointelegraph reported on some of the funds thought to be associated with the PlusToken operation — a total movement of 22,923 BTC on August 17.
The alleged PlusToken scam is said to be one of the most sizeable exit scams the crypto space has seen thus far, Cointelegraph said in a separate report.
Crypto researcher Ergo conducted fairly extensive research on the subject, looking at various wallets thought to be associated with the alleged scam. Confirming the amount of BTC funds the scam controls might give an idea of how many Bitcoin the PlusToken crew could dump (or have dumped) on the open crypto markets, possibly accounting for past and future price action.
The analyst noted 200,000 BTC as the commonly stated amount the alleged scam might have originally controlled, citing three specific wallet addresses thought to be part of the operation.
Linking to a past article on the subject, the analyst pointed toward PlusToken’s use of Wasabi Mixer, a method of mixing coins to make tracking them more difficult, as well as a method Ergo referred to as “self-shuffling.”
“My current totals are around 187,000 BTC. This analysis is not complete yet, but roughly confirms the previous 200,000 BTC estimates.”
That tweet includes a helpful chart breaking down the numbers. Following the trail, Ergo concluded that 1,100 BTC have likely been sold each day so far in November.
“Assuming all of the mixed coins (129,000 BTC) accounted for so far have been sold over a period from early August through today will give an average of around 1,300 BTC sold per day,” the analyst said.
“Going forward we can use the daily sell estimates and the ~58,000 BTC unmixed total to estimate the duration of the remaining selling at between 1.5 and 2 months.”
But Bitcoin’s bearish pressure might instead be attributed to a lack of new retail money entering Bitcoin over the past two years, as stated by Tone Vays, or simply the ebbs and flows of the ever-volatile crypto market.
‘Anonymity Vouchers’ Could Bring Limited Privacy To CBDCs: ECB Report
The European Central Bank (ECB) is thinking through the logistics of a hypothetical central bank digital currency (CBDC).
Revealed Tuesday in an ECB report, Europe’s central bankers have developed an “anonymity voucher” to give prospective CBDC users limited privacy in their retail transactions.
The ECB’s “novel new concept” aims to bridge two clashing forces in the digitized payments landscape: Europeans’ desire for private transactions and regulators’ demand for anti-money-laundering (AML) enforcement.
“The ongoing digitalisation of the economy represents a major challenge for the payments ecosystem, requiring that a balance be struck between allowing a certain degree of privacy in electronic payments and ensuring compliance with regulations aimed at tackling money laundering and the financing of terrorism (AML/CFT regulations),” the report’s executive summary said.
The anonymity vouchers, issued to all account holders at a “regular interval” regardless of their account balances, could be redeemed on a one-to-one basis to shield their transactions, the report states.
Under the proposed system, if Alice wants to anonymously send CBDC tokens to Bob, Alice must hold the equivalent number of anonymity vouchers. The anonymized transactions would skip reviews from the ECB’s proposed AML Authority, the intermediary reviewing all transactions.
On April 9, 2018, two ICOs — iFan and Pincoin — operating under the umbrella of company Modern Tech based in Vietnam, went silent after reports outed them as scams that had scalped 32,000 investors out of an alleged $660 million in tokens, according to Tuoi Tre News.
Victims claim that the damages amount to roughly 15 trillion Vietnamese dong ($660 million) in token sales. Angered investors held a demonstration outside Modern Tech’s Ho Chi Minh City headquarters on April 8.
One of the initial characteristics that could have alarmed investors was the fact that Pincoin offered service users bonuses for successfully bringing other people on board. Pincoin did initially pay out cash until January 2018, when the company switched to iFan tokens, TechCrunch reported.
The owner of Modern Tech’s office building said that the company left its offices in March and that no one knew their current whereabouts. The firm left behind only an incomplete website that is now inactive. Modern Tech initially tried to pass itself off as a mere representative of both coins in Vietnam, prior to media reports confirming that seven of its Vietnamese executives were in fact behind the projects.
TechCrunch reported that the ambiguous mission statement from the then-functional site is typical of the vague and jargon-filled copy used by exit scammers:
“The PIN Project is about building an online collaborative consumption platform for global community, base on principles of Sharing Economy, Blockchain Technology, and Crypto Currency”
Financial scam directory Behindmlm released a report in February 2018 that found its buy-in method was typical of an ROI Ponzi scheme. Pincoin’s website is currently down, though iFan’s is still online.
QuadrigaCX — Regulators Catch On
The death of 30-year old Gerald Cotten shook the crypto world — not only because Cotten was the co-founder and CEO of Canada’s largest cryptocurrency exchange, QuadrigaCX, but also because his control of the passwords and keys to accounts rendered all the assets on the exchange forever inaccessible after his death. Cotten took over $195 million of stolen cryptocurrency with him to the grave.
Commenting on the May 9 Ernst & Young report, Ciphertrace said Cotten had played fast and loose with customer funds for many years in order to support a lavish lifestyle for both himself and his wife. Cotten allegedly exercised complete control over the exchange and used his position to perform “unsupported deposits” — i.e., fabricated transactions not represented by either fiat or cryptocurrency.
Cotten also used significant volumes of customers’ cryptocurrency via transfers from the platform into other exchanges he controlled. As per the EY report, Cotten shifted significant amounts of fiat and cryptocurrency between alias accounts, although less than 1% of these transfers was supported by documentation. Ciphertrace notes that as the admin, Cotten was in a perfect position to hide his fraudulent activities.
In a pattern that may now seem familiar, Cotten used customer funds to pay for QuadrigaCX operating costs after the company suffered liquidity issues due to his reported fraudulent use of user deposits. As QuadrigaCX began to struggle to stay afloat, EY reported that Cotten gambled customer funds in off-platform margin accounts to meet margin calls.
The report also states that Cotten traded unsupported deposits for legitimate funds thereby generating artificial trading markets, abused his position to override Know Your Customer requirements and hoarded all passwords:
“The Monitor understands passwords were held by a single individual, Mr. Cotten and it appears that Quadriga failed to ensure adequate safeguard procedures were in place to transfer passwords and other critical operating data to other Quadriga representatives should a critical event materialize (such as the death of key management personnel).”
As of April 12, EY estimated that Quadriga held around $20.8 million in assets and around $160 million in liabilities. The debts and assets are spread over three subsidiary companies, 0984750 B.C. LTD. (the “Quadriga Estate”), Quadriga Fintech Solutions and Whiteside Capital Corporation. On July 31, the Supreme Court of Nova Scotia approved over $1.6 million in fees for parties seeking remuneration from the exchange, according to court documents seen by Cointelegraph.
CFTC Action Launched After $147 Million BTC Scheme
On June 18, 2019, the United States Commodity Futures Trading Commission (CFTC) initiated a civil enforcement action against now-defunct Control-Finance Limited for a scheme involving $147 million worth in Bitcoin.
It is alleged that Control-Finance Ltd. defrauded over 1,000 investors by laundering around 22,858 Bitcoin. In mid-September 2017, its website was abruptly taken offline, payments to clients were suspended and advertising content from social media accounts was deleted.
The firm initially said that it would reimburse customers by late 2017. However, the company allegedly began transferring laundered Bitcoin by using the crypto wallet service CoinPayments. According to Ciphertrace’s Q2 2019 Anti-Money Laundering (AML) report, the CFTC complaint charges the company and its founder Benjamin Reynolds with:
“Exploiting public enthusiasm for crypto assets by fraudulently obtaining and misappropriating at least 22,858.22 Bitcoin from more than 1,000 customers through a classic high-yield investment (HYIP) Ponzi scheme called the Control-Finance Affiliate Program.”
Per the CFTC, the company claimed that investors who buy Bitcoin through the firm would be guaranteed daily profits thanks to their team of expert cryptocurrency traders. The complaint also stated that the firm falsely claimed market volatility would ensure funds invested through Control-Finance would result in profit.
The CFTC also alleged that Control-Finance misleadingly promised that it could earn customers a 1.5% ROI daily and 45% monthly. Control-Finance is also reported to have sent partial amounts of new clients’ BTC deposits to other customers, which were disguised as profit from trading, a tactic typical of Ponzi schemes. The legal action seeking civil monetary penalties and permanent trading bans continues.
Co-Owner Of Bitmarket Found Shot Dead After Alleged Exit Scam
On July 8, the Poland-based exchange Bitmarket shut down, citing liquidity issues. According to Ciphertrace’s Q2 2019 AML report, the shutdown cost users around 2,300 Bitcoin, approximately $23 million. Users attempting to log on to the site were met with the following message:
“We regret to inform you that due to the loss of liquidity, since 08/07/2019, Bitmarket.pl/net was forced to cease its operations. We will inform you about further steps.”
Ciphertrace reports that Bitmarket had a history of partners pulling out. In 2015, the firm lost payment processors CashBill and BlueMedia after the companies’ banks requested they end their working relationship with Bitmarket. PKO Bank Polski, Bitmarket’s own bank, also terminated its relationship with the firm only six months after Bank BPH had done so earlier in 2015.
Bitmarket’s two founders, Marcin Aszkiełowicz and Tobiasz Niemiro, have contradicting accounts about the misplaced user funds. Aszkiełowicz claimed that the exchange had been hacked for 600 BTC in 2015, an incident from which the company was unable to recover.
Niemiro, however, claimed that he was not responsible for activities on the exchange. Niemiro also purported to have been told that the company was purchased with a deficit of 600 BTC, which he allegedly repaid with his own money. Niemiro said he could not confirm that his partners had indeed used the money to purchase the 600 BTC.
Two weeks after the interview, Niemiro was found dead in a forest near his home with a gunshot wound to the head, which the police deemed to be self-inflicted. The District Attorney’s Office stated that it is not looking into the involvement of third parties in Niemiro’s death, but are still actively investigating the misappropriation of funds.
Binance: Funds ‘SAFU’ After Amazon Web Services Error Stops Withdrawals
Cryptocurrency exchange Binance has confirmed user funds are not at risk after a reported technical problem began affecting withdrawals.
According to CEO Changpeng Zhao, also known as CZ, the situation was being resolved on Aug. 23, while funds security was not compromised.
“Funds are #safu,” he wrote on Twitter, employing a now well-known catchphrase he had previously inadvertently created while confirming there was no danger to cryptocurrency holdings.
“Funds Are Safu” After AWS Error Busts Withdrawals
The issue, he explained, centered on Amazon Web Services (AWS). Problems with caching were producing error messages for a portion of Binance traders, with withdrawals also impacted.
“AWS is having an issue, mostly with caching services, affecting some users globally. We are working with them and monitoring the situation closely,” CZ wrote, adding:
“It’s causing some 500 error messages on APIs and affecting some withdrawal processing.”
Binance Shrugs Off Alleged KYC Data Leak
Binance had just recovered from a publicity scare which involved a self-proclaimed hacker alleging he had access to users’ Know Your Customer, or KYC, data.
Prior to that, a hack saw funds worth $41 million leave the platform due to a security issue — something which sparked a weeklong maintenance shutdown and payouts to affected users.
This week, Binance announced it was working on a new cryptocurrency project, Venus, as an answer to Facebook’s controversial Libra digital currency.
Crypto Exchange Upbit Confirms Theft of 342,000 Ether — $50M
Major South Korean cryptocurrency exchange — run by a subsidiary of Korean tech giant Kakao — has notified users of the theft of 342,000 Ether (ETH) from its hot wallet.
The incident was confirmed in an official statement written by Lee Seok-woo, the CEO of Upbit’s operator, Dunamu, on Nov. 27.
Upbit will use corporate funds to protect user assets
In His Statement, Lee Seok-Woo Revealed That:
“At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.”
Apologizing to users for any “inconvenience” caused, the CEO outlined measures by the exchange taken after it detected the incident while stopping short of calling it a “hack.”
The exchange has pledged to protect user assets, stating that the 342,000 ETH (roughly $50 million by press time) will be covered by corporate assets. It has already moved all crypto assets held in its hot wallet to cold storage.
Deposits and withdrawals will take at least two weeks to resume, with Lee Seok-woo promising to inform users as soon as they reopen.
The CEO further indicated that all other recent large-scale transfers were not abnormal, but were related to the exchange moving assets between hot and storage facilities.
In March of this year, Upbit and local cybersecurity firm East Security alleged that a phishing scam targeting its users had been perpetrated by hackers from North Korea.
In January 2018, South Korea’s four largest crypto exchanges — Bithumb, Upbit, Coinone and Korbit — created a hotline for major exchanges to ensure suspicious transactions could be detected and frozen immediately after being disclosed.
Bithumb has to date suffered three major security breaches, most recently in March of this year.
Signs Point To Inside Job In Upbit Crypto Exchange Hack, Says Commentator
Following the theft of 342,000 Ether (ETH) ($50 million) from major South Korean crypto exchange Upbit, some commentators have suggested that the hack was actually an inside job.
As Cointelegraph contributor Joseph Young tweeted on Nov. 27:
“The ‘hacker’ timed when UPbit was making crypto transfers to its cold wallet (other alts like TRON, etc.). Hence, I think the probability of it being an inside job is higher than external breach.”
Hacker’s Timing Was Advantageous
As Cointelegraph reported, the incident was confirmed in an official statement published earlier today, which read:
“At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.”
In its statement, the exchange emphasized that it deemed the 342,000 ETH transaction to be the only irregular transaction on the ledger, alluding to a number of other large-scale transfers that it said were related to the exchange moving assets between hot and cold storage wallets.
As data published by large-scale crypto transaction tracker Whale Alert has revealed, the 342,000 ETH transaction was followed by a series of major transfers of Tron (TRX) and BitTorrent (BTT) tokens.
While the ETH, TRX and BTT transactions were transferred to an unknown wallet, subsequent Stellar (XLM), OMG and EOS transfers were made from Upbit to crypto exchange Bittrex.
aking Upbit’s statement about cold storage transfers at face value, Young has argued for the strong possibility than an exchange employee took advantage of the timing of the storage transfers to perpetrate the theft.
Upbit today pledged to cover all user assets with corporate funds and exchange deposits and withdrawals will reportedly take at least two weeks to resume.
Markets React To Exchange Hack
Cryptocurrency markets have seemingly reacted to news of the incident, with Bitcoin (BTC) falling below $7,000 once again in an already fragile market climate.
Binance CEO Changpeng Zhao has tweeted that the exchange will “work with Upbit and other industry players to ensure any hacked funds that may make their way to Binance are immediately frozen.”
As Cointelegraph previously reported, the theft of 14 billion won ($13 million) in cryptocurrency from major South Korean cryptocurrency exchange Bithumb was believed by executives to be the work of an insider.
Upbit Promises Swift Reimbursement, Theories Over Missing Funds Swell
On Nov. 27, major South Korean cryptocurrency exchange Upbit announced that 342,000 Ether (ETH), accounting for roughly $50 million, were stolen from its hot wallet earlier that day. Details remain vague, and some users are suggesting an inside job, although experts are skeptical of the theory after analyzing the incident.
The platform’s operator has promised to compensate all stolen funds shortly. UpBit is the second “Big Four” exchange in the country to experience a major security breach this year.
Upbit is one of the largest cryptocurrency exchanges in South Korea (alongside Korbit, Bithumb and Coinone) and the only major domestic platform to post a profit in 2018. It was launched in October 2017 by Dunamu Inc. — a fintech firm backed by local internet giant Kakao — after it signed “an exclusive partnership agreement” with United States cryptocurrency exchange Bittrex.
As part of the collaboration, Upbit had a shared order book arrangement, with Bittrex orders visible in its bid windows. However, in September, the South Korean trading platform ostensibly broke off its partnership with Bittrex to reorganize its ETH, Bitcoin (BTC) and Tether (USDT) markets.
Upbit has been widely considered a safe and compliant exchange overall. Recently, it was put on par with industry juggernauts like Kraken and Coinbase as one of the space’s cleanest platforms in the Blockchain Transparency Institute’s latest market surveillance report, which verifies cryptocurrency exchange volumes.
Indeed, Upbit has seemingly put a lot of effort into security measures. Last year, it reportedly became the first crypto exchange to obtain an information security management system license from the Korea Internet and Security Agency.
Further, Upbit has been following guidelines set out by the intergovernmental Anti-Money Laundering-focused body, the Financial Action Task Force. Specifically, in September this year, Upbit ceased trading support for six cryptocurrencies, including some privacy coins.
Upbit is a member of the Korean Blockchain Association — a domestic alliance comprised of 14 crypto trading platforms — which published a self-regulatory framework for its members to boost trading transparency in April 2018. It contained five key requirements, including managing clients’ coins separately from their own, holding a minimum equity of 2 billion won ($1.8 million), and publishing regular audit and financial reports.
Finally, in January 2018, Upbit partook in creating a special hotline for domestic exchanges that aims to ensure suspicious transactions being detected and frozen immediately after disclosure.
The Attack And Upbit’s Initial Response
Upbit was relatively quick to confirm the loss. Around 3 p.m. local time, the first media reports surfaced, stating that the platform had halted all trading after a large amount of cryptocurrencies was withdrawn to an anonymous wallet.
On social media, users were already discussing a number of large-scale transactions from Upbit’s wallet that had been spotted by WhaleAlert, a service dedicated to tracking sizable cryptocurrency transactions.
There was a 342,000 ETH transaction to an unknown wallet, followed by 10 identical transactions totaling 100,000,000 TRX incoming from the exchange’s vault. At around 6 p.m. local time, Lee Sirgoo, the CEO of Upbit, published an official statement on the matter:
“At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.”
Apologizing to users for any inconvenience caused, Lee Sirgoo outlined the measures taken by the exchange after it detected the incident. The exchange has pledged to protect user assets, stating that the 342,000 ETH (or roughly $50 million) will be covered using corporate assets.
It had already moved all crypto assets held in its hot wallet to cold storage by the time the announcement was published, the CEO stated. Some of the funds may have been moved to Bittrex’s wallets, as data provided by WhaleAlert suggests.
Deposits and withdrawals will take at least two weeks to resume, Sirgoo added, promising to inform users as soon as they reopen. The CEO also clarified that all other recent, large-scale transfers were not abnormal, but were related to the exchange moving assets between hot and cold storage facilities.
Inside Job? Some Experts Are Skeptical
Notably, Lee Sirgoo avoided using the word “hack” in his statement, which prompted some commentators on social media to suggest that the incident was actually an inside job. As Cointelegraph contributor Joseph Young tweeted:
“The ‘hacker’ timed when UPbit was making crypto transfers to its cold wallet (other alts like TRON, etc.). Hence, I think the probability of it being an inside job is higher than external breach.”
However, Taylor Monahan, the founder and CEO of noncustodial wallet MyCrypto, analyzed the incident in detail by studying the nature of transactions and is hesitant to confirm the theory. “Anything is possible, of course,” she told Cointelegraph. “But a lot of people are jumping to conclusions without real supporting evidence.” Monahan then elaborated:
“The biggest thing that points to it not being an inside job is how the transactions were generated and signed. UPbit seems to follow a certain method with their programmatic transactions, and the ‘hack’ transaction in question used a different method. In addition, UPbit manually signed a transaction to secure their remaining ETH, after discovering the hack, and this too was generated differently than the ‘hack’ transaction.”
If it were an inside job or a breach of Upbit’s backend systems, it would align with the exchange’s typical behavior, she added, while the way that the ETH transaction was generated “points to someone who knows very little about the Ethereum network.”
Monahan also commended Upbit on how they have been handling the aftermath, but criticized the exchange’s languid use of cold storage, “If Upbit utilized cold storage more regularly and limited the value held by their hot wallet, the loss could have been minimized.”
Upbit Is Collaborating With KISA And Police
Upbit’s CEO Lee Sirgoo Told Cointelegraph That They Are Currently Cooperating With Kisa And The National Police Agency Cyber Bureau On The Matter:
“We will be able to provide you with more information once the investigation is complete.”
Nevertheless, Sirgoo was able to answer some specific questions through email upon request by Cointelegraph. For instance, he confirmed that the exchange has contacted all major trading platforms and asked to blacklist the attacker’s wallet address, and that the cryptocurrency community “has been extremely cooperative.”
In addition, he confirmed that Dunamu and Upbit have enough funds to reimburse the lost amount. “It should be completed shortly,” Sirgoo told Cointelegraph.
Exchanges Continue To Get Hacked In 2019
2019 has witnessed a number of high-profile crypto exchange hacks, including the $42 million Binance security breach, $19 million Bithumb heist and $28 Million Bitpoint break-in, which confirms that security is still an industry-wide problem. So what could finally stop centralized exchanges from getting hacked?
Hartej Sawhney, co-founder and CEO at Zokyo cybersecurity agency, suggests that compliance standards could improve the situation. “Centralized crypto exchanges are web services, not that different from an online banking applications,” Sawhney told Cointelegraph, continuing:
“Most companies respect security either because of regulation or they already faced a security breach. The cryptocurrency industry could benefit from compliance standards such as PCI-DSS or HIPAA.”
Further, Sawhney listed a number of concrete measures that exchanges should follow to achieve higher security, including establishment of adequate infrastructure, processes, tools, security testing and education on how to avoid cyber attacks, adding that, “Regular third-party offensive security testing needs to become standard and transparent.”
Upbit has promised to keep Cointelegraph updated once it have more information. KISA has not returned Cointelegraph’s request for comment.
Crypto Exchange UpBit’s Operator Launches Custody Service With Ledger
DXM, a financial services subsidiary of South Korean fintech firm Dunamu, has worked with crypto cybersecurity firm Ledger to launch an institutional crypto asset custody service.
The Partnership And The New Custodian
Industry news outlet TheBlock reported on Dec. 4 that DXM plans to launch the custodian under the name Upbit Safe and that Ledger Vault, Ledger’s custody arm, will support the initiative with its technology. Upbit safe will reportedly use Ledger’s hardware security technology to make trading more efficient and safer for its institutional clients.
Ledger’s Head of Asia-Pacific region Glenn Woo explained that Ledger Vault offers solutions that allow institutions to customize their custody rules to better fit their needs. DXM Chief Strategy Officer Eric Yoo told the outlet that the firm plans to target UpBit’s customers first. Yoo explained the new enterprise’s outlook:
“We are a subsidiary of the largest exchange in Korea and have an advantage over our peers given that we already have a lot of assets we can bring into our custody. […] The combination of the Upbit brand, Ledger Vault’s security technology, and DXM’s own technology will give DXM an edge in the Korean market.”
Lack Of Regulation Hinders Crypto Growth
Still, Yoo admitted that institutional participation in the crypto space in South Korea is largely hampered by unclear regulation. Still, he believes that clarity should improve as soon as next year, bringing new money to the local crypto industry:
“The biggest regulatory risk in Korea is uncertainty and lack of regulations. […] It’s quite a wild wild west out there. […] Once regulations become clearer, it’d be easier for us to engage with institutional money and not take the risks from uncertainties.”
Woo also explained that Ledger Vault is still a new service in the space and is still trying to penetrate the market. He hopes that with his company’s help, DXM will be able to help his firm scale its operations:
“DMX has a reputation of being very secure… With the track record that they have in Korea, they can definitely help us scale.”
The number of custody services aiming to secure the crypto assets of institutions is steadily increasing as regulation is making the space more suitable for institutional investors. One of the last examples is the custody feature launched by institutional Bitcoin (BTC) trading platform Bakkt for its entire client base after obtaining regulatory approval in the first half of November.
US SEC Charges Shopin Founder With Orchestrating Fraudulent $42 Million ICO
The United States Securities and Exchange Commission (SEC) has charged Eran Eyal, the founder Shopin, with orchestrating a fraudulent initial coin offering (ICO).
In a press release on Dec. 11, the SEC alleged that the businessman and his company defrauded hundreds of investors in an ICO that raised more than $42 million from August 2017 to April 2018. According to the SEC, Shopin’s actions constituted an unregistered securities offering of Shopin Tokens.
Eyal told investors he would use the funds from the token sale to create blockchain-based shopper profiles. These profiles would then track customer purchase histories across online retailers and recommend products based on this information. However, Eyal never created a functional platform. Marc P. Berger, Director of the SEC’s New York Regional Office said:
“As alleged in today’s action, the SEC seeks to hold Eyal and Shopin responsible for scamming innocent investors with false claims about relationships and contracts they had secured in support of a blockchain-based universal shopper profile […] Retail investors considering an investment in a digital asset that meets the definition of a security must be afforded the same truthful disclosures as in any traditional securities offering.”
Furthermore, Eyal allegedly lied about having forged partnerships with established retail outlets when in fact no such partnerships existed.
The SEC also claims that Eyal misappropriated investor funds to pay for personal expenses. From the SEC complaint:
“Eyal used over $500,000 of investor funds for expenses such as his rent, retail shopping, entertainment, tickets to philanthropic events, and a dating service, but omitted to disclose to investors that he would use any proceeds for his own benefit.”
The commission has charged Eyal and Shopin with violating the anti-fraud and registration provisions of the federal securities laws, and is seeking injunctive relief, disgorgement with prejudgment interest and civil money penalties. The SEC also seeks a bar against Eyal and Shopin prohibiting them from participating in any future securitized token offerings.
Eyal had previously been charged with defrauding investors for $600,000 by misrepresenting the staff and clients of his previous startup, Springleap.
VeChain Loses $6.6M In VET Tokens To Hacker In Attack On Buyback Wallet
VeChain Foundation’s wallet has been compromised in a hacker attack targeting funds earmarked for the foundation’s buyback program.
Per a VeChain Foundation announcement on Dec. 13, an unknown hacker has redirected 1.1 billion VET tokens — valued at approximately $6,600,000 at press time — from the VeChain Foundation’s buyback wallet to a personal wallet address.
Security Breach Is Likely A Result Of Internal Misconduct Unnoticed Due To Human Error
In the initial update on the incident, VeChain Foundation noted that the hack is in “no way related” to the operations of the actual standard procedure or VeChain’s hardware wallet solutions.
A member of Cointelegraph Consulting also indicated that VeChain enterprise products will not be affected.
According to the statement, the VeChain’s security breach was likely due to misconduct of one of its staff members in the finance team. Specifically, the person has allegedly created the buyback account partly violating the standard procedure approved by the Foundation. The auditing team did not pick up the misconduct due to human error, the announcement notes.
Measures To Mitigate The Situation And Add More Clarity
In the same announcement, the Foundation has listed a number of measures designed to mitigate the incident and get more clarity. As such, the firm provided a link with the hacker’s address tagged on VeChainStats in order to instantly trace other addresses interacting with the hacker’s address.
As part of their efforts, the company notified all exchanges to monitor, blacklist and freeze all funds coming from the attacker as well as withdrawals from the corresponding exchanging wallets.
Additionally, VeChain has launched a security investigation on other crypto assets that are subject to the custody of the Foundation to prevent further breach. The Singapore-based firm also reported on the incident to law enforcement in Singapore and will keep monitoring the situation and working with cybersecurity and law enforcement professionals to add more clarity, the statement notes.
VET Token Slides Over 4% Amid The Hack
VeChain is a major cryptocurrency and blockchain platform designed to enhance supply chain management and business processes. VET token is ranked the 28th largest crypto asset by market capitalization of $325 million at the time of this writing. Following the news, the token dipped over 4% with the market cap dropping to a low of $320 million. The altcoin is seeing a slight recovery at press time, according to Coin360.
VeChain, which is known for providing its blockchain Thor blockchain for Walmart China’s blockchain platform, has recently partnered with Cointelegraph Consulting, a division of Cointelegraph aiming to contribute to the global adoption of blockchain technology.
Alleged Bitcoin Ponzi Scheme Assets Frozen As US Judge Grants Injunction
A United States court has granted regulators a preliminary injunction against an alleged Bitcoin (BTC) Ponzi scheme which reportedly defrauded investors of $11 million.
In a filing with the United States District Court in Nevada dated Dec. 6, Judge Jennifer A. Dorsey ruled in favor of the Commodity Futures Trading Commission (CFTC) and against Circle Society, along with its operator, David Saffron.
CFTC Wins Injunction Against CIrcle Society
“…I find that this is a proper case for granting a preliminary injunction and other equitable relief to preserve the status quo, protect customers from further loss and damage, and enable the Commission to fulfill its statutory duties,” Dorsey wrote.
Circle will now see its assets frozen, and the CFTC will be able to inspect its financial records prior to any further legal action.
The CFTC originally charged Circle Society and Saffron in late September, after investors complained that the latter fraudulently maintained an $11 million Bitcoin binary options offering. At the time, the regulator likened the company’s activities to a Ponzi scheme, stating in an October press release:
“According to the complaint, the defendants fraudulently solicited funds from at least fourteen members of the public to participate in a pool operated by Circle Society, an entity Saffron created and used to perpetrate his fraud, by making false claims of Saffron’s trading expertise and guaranteeing rates of return up to 300%.”
U.S. Goes After Crypto Sales
The events underscore the increasingly persistent line taken by both the CFTC and its fellow financial regulator, the Securities and Exchange Commission (SEC), regarding cryptocurrency activities that do not conform to the law.
As Cointelegraph previously reported, enforcement action continues to impact even legitimate companies, with regulators specifically eyeing practices related to sales of tokens via initial coin offerings, or ICOs.
These include Canadian messaging firm Kik, which almost shut down after a lengthy legal battle with the SEC over its 2017 sale.
Shopin Founder Pleads Guilty to Orchestrating Fraudulent $42 Million ICO
The New York Attorney General (NYAG) Letitia James announced the conviction of Shopin founder Eran Eyal for orchestrating a fraudulent initial coin offering (ICO) following his guilty plea.
As the NYAG announced on Dec. 12, the former CEO of Shopin pleaded guilty to felony charges for running a fraudulent initial coin offering that raised more than $42 million between August 2017 and April 2018. Eyal also pleaded guilty to defrauding investors of $600,000 by misrepresenting the staff and clients of his previous startup, Springleap.
Quick Turnaround In Court
Yesterday, the United States Securities and Exchange Commission (SEC) charged Eyal for defrauding hundreds of investors in a scam ICO. According to the SEC, Eyal’s actions constituted an unregistered securities offering of Shopin Tokens. The SEC further claimed that Eyal also misappropriated investor funds to pay for personal expenses. Attorney General James commented on the conviction:
“My office won’t allow white collar criminals to get away with their schemes to defraud innocent victims, no matter how complex […] This one individual created company after company after company just to continue cheating investors out of hundreds of thousands of dollars. Using fake product trials and nonexistent contracts with major retailers he was able to lure victims to invest in his technology schemes, including his very own cryptocurrency. We will use every available resource at our disposal to pursue all who attempt to abuse and manipulate the system, because no one is above the law.”
Despite the Attorney General’s tough talk, the court seems not to have proscribed any jail time. The court ordered Eyal to pay $125,000 in restitution and $475,000 in judgments to investors, and to surrender the remaining $450,000 in cryptocurrency to the AG’s Office. The Brooklyn resident is further required to step down as CEO of Shopin, and is banned from raising capital or serving as an officer in a business in New York for three years.
SEC Seeks To Reopen Case Against Bitcoin Fraudster
Cointelegraph recently reported that the SEC has filed to reopen a case against Bitcoin (BTC) fraudster Renwick Haddow as he has not resolved the regulator’s claims for monetary relief against him. Last year, the SEC accused Haddow of defrauding Bitcoin investors for more than $37 million. The court found him guilty in June of 2019.
QuadrigaCX Victims Request Proof of Gerald Cotten’s Death by Exhuming Body
Canadian law firm Miller Thomson has made a request to the Royal Canadian Mounted Police (RCMP) to conduct an exhumation and post-mortem autopsy on the body of Gerald Cotten, the deceased owner of the now-defunct Canadian crypto exchange QuadrigaCX.
On Dec. 13, the Miller Thomson lawyers explained in a letter to the RCMP that the request to exhume and examine Cotten’s body was appropriate given the “questionable circumstances surrounding Mr. Cotten’s death and the significant losses” sustained by users of the cryptocurrency exchange.
Victims Need Clarity On Whether Gerald Cotten Is In Fact Deceased
The law firm further points to publicly available information about the debacle surrounding the Canadian crypto exchange, which, in the firm’s view, further highlights “the need for certainty around the question of whether Mr. Cotten is in fact deceased.”
Over the past year, the exchange has been engaged in a lengthy court case with the exchange’s creditors, some of whom have speculated wildly as to the fate of the lost cryptocurrency, and with some seemingly convinced that Cotton could have faked his own death.
Cotton reportedly died in India from a fatal disease in December 2018, taking with him the private keys and password to crypto wallets, resulting in users losing about $190 million.
Widow Of Gerald Cotten Hands Over $9 Million In Assets To Disgruntled Users
In October, the widow of Gerald Cotten, Jennifer Robertson, handed over $9 million in assets to the users of the QuadrigaCX crypto exchange. Robertson announced in a personal statement, that she would be transferring the vast majority of estate assets to EY Canada, the Big Four audit firm that acted as the bankruptcy trustee of QuadrigaCX during its insolvency hearings. She said at the time:
“I have now entered into a voluntary settlement agreement where the vast majority of my assets and all of the Estate’s assets are being returned to QCX to benefit the Affected Users.”
HitBTC Scammers Face Two Years In Jail For $140K Bitcoin Twitter Fraud
Two Canadian men who defrauded a Bitcoin (BTC) investor out of $140,000 by impersonating exchange HitBTC may serve two years in prison.
According to court records on Dec. 16, brothers Jagroop Singh Khatkar and Karanjit Singh Khatkhar pled guilty to charges of conspiracy to commit wire fraud over a scam carried out via Twitter in July 2018.
HitBTC Victim: “I Feel Sorry For Them”
The case originally came to light in July this year, as per documents filed with the United States District Court in Portland, Oregon.
Posing as the support service for HitBTC, the pair convinced a user, an unnamed 63-year-old woman, to reveal the email address attached to her trading account. They then hacked into the account, stealing 23 BTC, worth around $140,000 at the time.
As per the documents, the Singh Khatkhars “did unlawfully, knowingly, and intentionally transfer, possess, and use, without lawful authority, a means of identification of another, knowing that the means of identification belonged to a real person.”
At a plea hearing on Monday, the victim took pity on the defendants, having learned she would likely win back possession of the lost funds.
“I feel sorry for them. I have a son that’s 27. I hope they can turn their smarts into something more beneficial,” she reportedly said.
The Singh Khatkhars will return for sentencing next March.
Bitcoin Scams Continue To Surface
The case highlights the persisting trend of bad actors cashing in on cryptocurrency’s increasing mainstream appeal.
As Cointelegraph reported, the previous few months alone have seen multiple instances of crime associated with the theft of assets, some of which dwarf the Singh Khatkhars’ $140,000 haul.
Earlier in December, police in New Jersey arrested three men associated with an alleged cryptocurrency Ponzi scheme which collected a whopping $722 million.
Suspicions have also surfaced over new market entrants, notably in connection with the setup and profit potential touted by the founder of altcoin HEX, which launched at the start of this month.
Bitcoin Scammers ‘Tired’ of Crypto as Focus Switches to Prepaid Cards
Bitcoin (BTC) scammers may be abandoning the cryptocurrency to focus on extorting money via prepaid debit cards, a new study suggests.
Revealing its findings in a blog post on Dec. 16, cybersecurity company Kaspersky Lab highlighted a growing trend in Brazil as an example of hackers’ growing taste for prepaid cards.
Prepaid Cards’ International Appeal
Specifically, a so-called “sextortion” scam — demanding a victim pay money to avoid compromising information about his or her private life going public — targets Acesso cards in the country.
“The debit cards in this particular sextortion scheme — Acesso cards — are sold in Brazil and work with the Mastercard system,” Kaspersky explains. As such, money gleaned from cards can be spent anywhere Mastercard is accepted, the post continues:
“One of the features of these cards is that they are usable not only in Brazil, but internationally as well. Perhaps that’s the feature that the cybercriminals in question are particularly interested in.”
Two Photos To Steal Funds
The Acesso scam works by hackers sending fake emails en masse, which tell recipients to purchase a prepaid card in a store, load it with funds and photograph both sides. Armed with a visual representation of the card, the hackers can then spend the funds.
Whether the trend could ultimately lead to a complete loss of interest in using Bitcoin among scammers, however, is open to interpretation.
“It is still too early to say if prepaid debit cards will supplant bitcoin as the new ransom currency of choice, or whether such messages are the exception rather than the rule,” Kaspersky adds.
Meanwhile, cryptocurrency-related crime remains a major threat to internet users. In its latest annual summary of new threats, Kaspersky identified a total of over 2.2 million devices targeted by mining malware alone since November 2018.
Is PlusToken Scam About to Dump ETH? $105M Moves to Unknown Wallet
Ether (ETH) price faced fresh selling pressure on Dec. 19 as a giant transaction associated with the PlusToken ponzi scheme worried traders.
Data from Twitter-based monitoring resource Whale Alert, a single movement of 789,525 ETH ($105.1 million) between a known PlusToken wallet and an unknown recipient occurred early Thursday.
Giant Transaction Turns Traders Bearish On ETH
PlusToken, which hit a high of near $350 before crashing, has earned the infamous title of being one of the world’s biggest ponzi schemes. While still operational, its Chinese operators received an estimated $3 billion in Bitcoin (BTC) and ETH from unwitting investors purchasing PlusToken coins.
Despite several arrests, subsequent activity has shown one or more individuals still have access to the scheme’s wallets.
Noting the ETH move, trader and analyst Alex Krueger warned the consequences for the Ether price could be severe.
“Heads up,” he told Twitter followers.
As Cointelegraph previously noted, suspicions had already surfaced about PlusToken’s impact on Bitcoin. In a report last month, research firm Chainalysis suggested scammers may be using over-the-counter (OTC) off-ramps to sell BTC en masse, driving down the price.
Specifically, they eyed exchange Huobi’s OTC offering as a potential venue for the illicit transactions.
“Unfortunately, because it’s not possible to distinguish between trades made by OTC brokers in possession of PlusToken funds and all other trades made on Huobi, we can’t say for sure that PlusToken cashouts caused Bitcoin’s price to drop,” the report stated.
“However, we can say that those cashouts cause increased volatility in Bitcoin’s price, and that they correlate significantly with Bitcoin price drops.”
Cointelegraph has approached Huobi for comment. A representative said the exchange was examining the situation but had not responded as of press time.
Wertheimer: Ethereum Has “Reached The Absurd”
While both BTC/USD and ETH/USD have fallen significantly in recent weeks, Ether faces added difficulties as slow progress and controversial decisions by Ethereum developers take their toll on sentiment.
This week, critics came out against a decision to implement a second hard fork on Ethereum in under a month, which they said would disillusion nodes, which could easily be jettisoned from the network.
“When your ‘decentralized’ network moves to a non-emergency schedule of one hard fork every 3 weeks, you’ve reached the absurd,” pro-Bitcoin commentator Udi Wertheimer summarized on Monday.
“You jumped the shark. There’s really no excuse to this and people should be talking about it.”
Hackers Grab Nearly $480K From Blockchain Platform Nuls
Blockchain platform Nuls has lost almost $480,000 worth of NULS tokens due to a hack, according to a security update tweeted on Dec. 22.
In its tweet, Nuls said it had detected that 2 million tokens had been transferred, of which 548,354 tokens — worth roughly $131, 600 — had entered the trading market and were now untraceable.
Mandatory hard fork upgrade to be released ASAP
In response to the theft, Nuls has decided to hard fork the blockchain at block height 87,800:
“After the hard fork, the remaining 1451645.65303905 NULS that has not entered the trading market will be destroyed in a permanent freeze to prevent continued flow into the market.”
The action should help to prevent losses to community members, the team claims. The hard fork will be released as soon as possible, with the team notifying node owners that an upgrade is mandatory and should be complied with ASAP.
Nuls revealed that hackers exploited a security vulnerability in the Nuls 2.2. version, which it says has now been fixed. It also notes that all relevant cryptocurrency exchanges have been contacted and are actively cooperating with the Nuls team.
Post-hack, Nuls token sees only mild losses
The stolen tokens represent only 2% of the circulating supply of over 73 million. The hack has seemed to have little effect on NUL’s price movement. At press time, NULS has lost 1% on the day and is trading at $0.238.
With offices in southwestern China, Singapore and teams in the United States, Australia and South Korea, Nuls is an open-source, enterprise-grade blockchain platform that provides customizable, modular blockchain infrastructure for a variety of business requirements.
The company was ranked 4th in the latest crypto rankings report from China’s Center for Information and Industry Development.
Most Significant Hacks of 2019 — New Record of Twelve in One Year
Twelve major cryptocurrency exchange hacks occurred in 2019. Of these, 11 hacks resulted in the theft of cryptocurrency while one only involved stolen customer data. In total, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen from crypto exchanges in 2019. Cryptocurrency exchanges experienced more hacks last year than in 2018, when only nine cryptocurrency exchanges fell victim to security breaches.
As time goes on, you might think that cryptocurrency exchanges would become more secure. The reality, however, is that more hacks on cryptocurrency exchange are taking place year after year. In general, crypto exchanges remain unregulated, and it’s still unclear which regulatory agency has jurisdiction over the crypto markets.
Although there are no established rules regarding how cryptocurrency exchanges should safeguard customer funds, there are crypto-friendly countries and states. Canada, Malta and the American state of Wyoming have created crypto-friendly legislation that makes it easier for businesses to operate and gives them guidelines regarding security practices.
Sadly, not all countries have created guidelines or laws that help crypto businesses operate and reduce the risk for consumers. The way cryptocurrency exchanges store and protect their customer’s wealth differs from exchange to exchange; unfortunately, this makes cryptocurrency exchanges a hotbed for hacks that result in the theft of cryptocurrency or customer data. Let’s take a closer look at the cryptocurrency exchange hacks of 2019 and how much cryptocurrency, fiat and customer data was stolen in each incident.
CFTC Cannot Locate Man Responsible For Over $140 Million Crypto Ponzi
The United States Commodity Futures Trading Commission (CFTC) is having trouble locating Benjamin Reynolds, who is allegedly responsible for a cryptocurrency Ponzi scheme worth over $140 million.
Financial news outlet FinanceFeeds reported on Jan. 6 that the CFTC has filed a motion with the New York Southern District Court. More precisely, the regulator filed for the service of process on Reynolds by publication on The Daily Telegraph and extending for sixty days the time limit by which the service must be effected on him and his firm.
A Major Bitcoin Ponzi Scheme
In mid-June, the CFTC launched action against the company over an alleged $147 million Bitcoin (BTC) Ponzi. The CFTC filed against the Reynolds with the aforementioned court for allegedly defrauding over a thousand investors of at least 22,858 Bitcoin.
In a memorandum accompanying the motion, the regulator reportedly explains that it attempted to serve Reynolds at the address listed as his “service address” in the incorporation papers of Control Finance, the firm that managed the scheme. When the process server arrived at the address, he discovered that it does not actually exist.
The CFTC also tried to email Reynolds at the only known email address associated with him and his company, but got back an error message indicating that the message could not be delivered. The regulator learned from affected investors that the Ulsan District Prosecutors’ Office in South Korea is also investigating the scheme, but had similarly failed to contact Reynolds.
Scammers have long been using the speculative enthusiasm surrounding cryptocurrencies to lure in and defraud unsuspecting investors. As Cointelegraph reported, Bitcoin scam ads featuring the likeness of Martin Lewis have continued to appear on social media despite Lewis’ previous efforts to prevent such illegal practices.
One particularly famous cryptocurrency-related scam is OneCoin, which was a $4 billion pyramid scheme. The scam was first discovered in May 2015. However, proceedings are still ongoing, and OneCoin’s website shut down only at the beginning of December last year.
Lawyers Ramp Up Pressure To Exhume Quadriga CEO’s Body
Lawyers representing the former users of the QuadrigaCX platform are doubling down on a formal request to exhume the exchange’s founder’s body.
Miller Thomson, the court-appointed representative counsel for Quadriga’s former users, contacted Bill Blair, the public official responsible for overseeing the Royal Canadian Mounted Police, asking him to clarify whether the law enforcement agency investigating Quadriga’s 2019 collapse would exhume founder Gerald Cotten’s body in a letter emailed to creditors and posted to the law firm’s website Tuesday.
The law firm first requested the RCMP exhume and autopsy last month, asking the agency to both confirm Cotten’s body is indeed in his grave, as well as determine the cause of death. Cotten’s demise precipitated the exchange’s eventual transition into bankruptcy.
“Today, Representative Counsel issued a letter to the Honorable Bill Blair, Canadian Minister of Public Safety and Emergency Preparedness, requesting an update on whether the RCMP will conduct an exhumation and postmortem autopsy on the alleged body of Gerald Cotten prior to Spring 2020,” the letter reads.
The document notes users can contact the minister directly via email “if they have further questions about the RCMP’s management of this file,” while also suggesting they can contact their Members of Parliament for possible answers.
An email sent to Blair was not immediately returned.
‘Law Enforcement Activities’
Tuesday’s letter follows an update from Ernst & Young (EY), the bankruptcy trustee for Quadriga. The company, which was appointed by the Nova Scotia Supreme Court last year to consolidate Quadriga’s crypto holdings, said Monday it was requesting a court approve nearly $640,000 CAD ($484,000 USD) in expenses for cooperating with multiple federal agencies.
According to the report, EY spent $188,939 CAD between June 24, 2019, and Dec. 31, 2019, “in connection with the Law Enforcement Activities.” In addition, Stikeman Elliott and Lenczner Slaght, law firms representing EY, charged $133,618 CAD and $314,599 CAD, respectively, over the same time period.
According to EY, much of this billing comes from analyzing 750,000 documents the company compiled into an “EDiscovery Database,” which was then used to determine which documents met production demands from the various law enforcement agencies involved.
“During the process, the Trustee made various efforts to minimize costs and to streamline wherever possible the accumulation, review and production of documents,” the report said. “This included utilizing the services of contract lawyers specialized in privilege review and available at a significantly lower billing rate than other professionals managing the overall Law Enforcement Activities.”
However, the sheer volume of documents meant that “significant” effort on EY and its counsel’s part were still required, the report claimed.
A nearly 80-page breakdown details how the expenses were accrued. The report did not provide any information on how many claims were filed by creditors or how much each creditor might expect to receive.
Alleged Launderer Of $4B In BTC Vinnik Charged In France After Extradition
French authorities have charged former operator of now-shuttered crypto exchange BTC-e and Russian national Alexander Vinnik.
Bloomberg reported on Jan. 28 that Vinnik’s lawyers said that he will remain in France to face his charges following his recent extradition from Greece. According to an unspecified official at the prosecutor’s office, Vinnik was charged with extortion, aggravated money laundering, conspiracy and harming automatic data-processing systems.
The Legal Shuttle
One of his lawyers said that after his trial in France has run its course, authorities are expected to send him back to Greece so he can be extradited to the United States. After the U.S. prosecution is over, he would be finally sent to Russia. The French investigation is ongoing and no trial has been ordered. Ariane Zimra, a French lawyer for Vinnik said:
“There is no causal link between what Alexander Vinnik is being accused of and Alexander Vinnik.”
Vinnik is currently in a French hospital after going on a hunger strike for 40 days to protest his detention. Vinnik’s lawyers also recently filed a complaint that alleges a violation of his rights on behalf of his children.
Zoi Konstantopoulou, one of his lawyers, suggested that he is being persecuted because he is a blockchain genius and is seen as a threat to the banking system. He said:
“Alexander’s crime is to be Russian and a person with extraordinary technological knowledge that could liberate people economically. […] The Greek Minister of Justice has in essence decided that this person is going to spend his life being extradited, judged and then re-extradited, re-judged and yet again re-extradited and re-judged.”
An Overview Of Vinnik’s Case
Vinnik is believed to be involved in the hack of Bitcoin exchange Mt. Gox since the 300,000 BTC stolen there were allegedly not only laundered through BTC-e but were also on his personal wallet. Given those suspicions, the Mt. Gox trustee contacted the U.S. Department of Justice and requested information about him.
Vinnik was first indicted by the U.S. in July 2017. A Greek Court later ruled for his extradition to Russia in September 2018. In July 2018, however, local authorities ruled to extradite him to France, where he is now.
The matter of Vinnik’s extradition is a major diplomatic ordeal with multiple countries trying to obtain his extradition. Russia, for instance, filed multiple requests and asked for help from the United Nations High Commissioner for Human Rights in an attempt to bring him under its jurisdiction.
Alexander Vinnik Claims Injustice While Now Fighting Charges In France
After spending 30 months in detention, Greek authorities have finally extradited the Russian national and alleged Bitcoin (BTC) money launderer Alexander Vinnik to France. Prosecutors in France are charging Vinnik, operator of the defunct BTC-e crypto exchange, with multiple counts of money laundering, extortion and conspiracy.
Vinnik also has pending extradition requests from both Russia and the United States. The alleged Bitcoin criminal has previously stated his preference for extradition to his native homeland, which Greek officials have turned down.
Thus, after the conclusion of his trial in France, Vinnik will return to Greece to face another extradition to the U.S. The U.S. State Department reportedly wants to question Vinnik in connection with the Mt. Gox hack and subsequent theft of 300,000 BTC allegedly traced to Vinnik’s personal crypto wallet. Reports also suggest that Russian state agents funneled money through BTC-e to fund interference in the U.S. 2016 presidential elections.
Amid the three-way diplomatic tussle, Vinnik’s legal team said that its client has been subjected to gross human rights abuses. Vinnik’s lawyers have also accused prosecutors of working to keep their client in detention without charges or a trial while preventing him from having any contact with members of his family.
Vinnik’s defense lawyers also allude to the prosecution being sponsored by political and business interests based on their client’s involvement in crypto and blockchain technology. The former BTC-e chief is one of a few crypto personalities to have run-ins with the law, much like Silk Road creator Ross Ulbricht, who is currently serving a double life sentence for running a darknet drug market.
Alleged Human Rights Abuses Amid Vinnik’s Two-Year Detention
In a phone call with Cointelegraph, Zoe Konstantopoulou, one of Vinnik’s lawyers, leveled allegations of human rights abuses against the Greek authorities. Commenting on the scale of these infringements, Konstantopoulou revealed:
“Alexander has been subject to arbitrary detention for 30 months, which is prohibited by the Greek constitution. During this period, he has been made to suffer cruel and inhuman treatment from the authorities.”
According to Konstantopoulou, Vinnik is being held without trial or charges and in the absence of any court orders. Konstantopoulou has also claimed that the case against Vinnik has some political undertones with vested interests in Greece, France and the U.S. looking to punish the former BTC-e operator.
When asked about the effect of these alleged maltreatments on Vinnik’s health, Konstantopoulou revealed that the health status of the Russian national continues to deteriorate. “Alexander is currently on the 44th day of his hunger strike in protest of the gross human rights violations suffered at the hands of the authorities in Greece,” she revealed during a call with Cointelegraph.
Apart from the alleged maltreatment, Vinnik’s lawyer also revealed that Greek law enforcement was preventing any contact between the former BTC-e operator and his family. According to Konstantopoulou:
“Greek law enforcement isn’t allowing Alexander to see his family, even his wife who has been diagnosed with brain cancer.”
In a private note to Cointelegraph on the Vinnik case, Yusaku Senga, CEO of cross-blockchain swap platform Swingby, said crypto personalities accused of wrongdoing usually suffer harsher punishments than their counterparts in mainstream finance. According to Senga:
“If we look at the prosecution of Charlie Shrem and compare it level of prosecution brought against Goldman Sachs and its senior directors for their involvement in the huge scale of money laundering and embezzlement in the 1MDB scandal in Malaysia, it’s hard not to argue that crypto advocates and entrepreneurs are being much more harshly persecuted.”
Like Vinnik, Charlie Shrem was also associated with another crypto exchange, BitInstant. U.S. authorities arrested Shrem in 2014, charged him with money laundering and sentenced him to two years in prison.
Timeline Of Vinnik’s Prosecution
In July 2017, Greek police arrested Vinnik while on vacation with his family in the tourist village of Ouranoupoli. Thus began the over two-year legal battle that has kept the Russian national behind bars while three different nations jostle for Vinnik’s extradition so he can face criminal charges.
Shortly after his arrest, the U.S. filed an extradition request and seemed to be successful in pushing for Vinnik’s transfer stateside. By September, officials in Moscow also requested Vinnik’s extradition to Russia.
By 2018, France entered the fray, turning the case into a diplomatic three-way tussle. Greek police also revealed an assassination plot with suspected Russian criminals reportedly intent on stopping Vinnik’s return to the country.
In mid-December 2019, Greek judicial authorities finally moved to extradite Vinnik to France to await trial. At the beginning of the year, Vinnik’s case entered a new phase with his extradition to France. Authorities in the country have already leveled money laundering and conspiracy charges against him.
Vinnik’s legal troubles stem from his alleged involvement in the BTC-e crypto exchange. Launched in 2011, the defunct platform saw little in the way of crypto trading activity until Mt. Gox — the market leader at the time — fell into financial trouble following one of the biggest Bitcoin exchange hacks in history.
With Mt. Gox out of the way, BTC-e grew exponentially, accounting for about 15% of all U.S. dollar-denominated Bitcoin trading activity by late 2016. Despite being a major player in the crypto trading space at the time, BTC-e had little in the way of Know Your Customer and anti-money laundering protocols.
Thus, the platform reportedly became a popular channel for funneling “dirty money.” Mt. Gox hackers allegedly used the exchange to launder 300,000 BTC, the exact amount of which was also found in Vinnik’s wallet.
Apart from the money laundering, several law enforcement authorities say BTC-e replaced Silk Road as the channel for illicit deals with many users of the platform engaging in drug trafficking and sales of other banned or regulated goods.
Concerning Bitcoin And Criminal Activities
Crypto critics usually espouse the same rhetoric of digital currencies as being channels for online criminal activities. Many financial regulators and governments opposed to or keen on strictly regulating the cryptocurrency industry usually tout the same refrain of digital currencies enabling tax evasion, money laundering and terrorist financing, to mention a few.
The counter-argument offered by crypto proponents is that Bitcoin and other cryptocurrencies only account for a small portion of global financial crimes. A January 2020 report by blockchain analytics firm Chainalysis revealed that crypto payments on the darknet accounted for 0.08% of all digital currency transactions in 2019.
Cryptocurrency Scams Took In More Than $4 Billion In 2019
Ponzi schemes are the latest form of bitcoin fraud, with big platforms like one called PlusToken drawing the most money.
Seo Jin-ho, a travel-agency operator in South Korea, wasn’t interested in exotic investments when a colleague first introduced him to PlusToken, a platform that traded bitcoin and other cryptocurrencies. But the colleague was persistent.
“You won’t regret this,” she said, according to Mr. Seo. She visited him several times early in 2019, telling him he could earn 10% a month. Finally, his skepticism gave way, and he bought $860 of cryptocurrency on the PlusToken platform.
His investment grew at a dazzling rate. He invested more—a lot more. In less than five months, he bought $86,000 of cryptocurrencies, cashing out only $500.
“I was thinking, what’s the point of keeping money in the bank?” said Mr. Seo, who is in his late 40s. He went to PlusToken conferences. He told his friends about it. He became a convert.
In June 2019, all that changed. Chinese authorities concluded PlusToken was a scam and arrested six Chinese citizens allegedly running the platform out of the Pacific island nation of Vanuatu. The site stopped working. People couldn’t get their money out. Mr. Seo, and myriad others like him, lost access to everything.
Big Year For Crypto Fraud
Bitcoin-based frauds raised more money in 2019 than in 2017 and 2018 combined.
Authorities in China declined to comment. Authorities in Vanuatu couldn’t be reached. In October, a man called Leo, who said he was the PlusToken chief executive, said “everything is OK” in a YouTube video. Attempts to contact representatives of PlusToken weren’t successful.
PlusToken was a Ponzi scheme. That was the conclusion by Chainalysis, a New York-based firm that designs software that can analyze cryptocurrency data and help track illicit transactions.
Its clients include the Federal Bureau of Investigation, the Drug Enforcement Administration and the Internal Revenue Service. PlusToken drew investors mainly in South Korea and China in 2018 and the first half of 2019. It netted at least $2 billion, Chainalysis said.
Cryptocrime is expanding. Ponzi schemes and other frauds involving bitcoin and cryptocurrencies lured at least $4.3 billion from investors in 2019, according to Chainalysis. That was a bigger haul than the combined $3 billion in 2017 and 2018.
After a boom in dubious initial coin offerings in 2017 and a number of hacks in 2018, Ponzi schemes have become among the most popular vehicles for fraud. The biggest ones have been prolific: Just six well-orchestrated scams were responsible for about 90% of the funds stolen last year, Chainalysis said.
“There’s been huge growth in ones that mimic investing opportunities,” said Kim Grauer, head of research at Chainalysis. They are becoming more sophisticated, larger in size and they reach into the mainstream, victimizing naive investors, she said.
Cryptocurrencies have struggled to find acceptance in the 11 years since bitcoin launched. At its height in 2017, bitcoin’s price neared $20,000, and it attracted a passionate following among some investors who predicted it would upend global finance and replace the dollar.
But the hype ran ahead of the fundamentals, and the bubble burst the next year. The number of average daily transactions in 2019, about 325,000, was up about 13% from 2017’s 288,000. But the dollar value of those transactions was flat. It totaled about $3.8 trillion in 2019, according to research firm TradeBlock, versus $3.7 trillion in 2017.
Still, there are plenty of inexperienced investors who have heard stories of bitcoin riches and think they can get rich, too. Fraudsters use that naiveté against them, said Christopher Janczewski, a special agent at the Internal Revenue Service who has led criminal investigations that involved cryptocurrencies.
“A lot of it is just traditional crime dressed up,” he said. “They’re still always driven by fear, or confusion, of missing the next boom.”
Federal law-enforcement agencies including the IRS, the Securities and Exchange Commission and the Justice Department have all been involved in different investigations into cryptocurrency-based illicit activities. The IRS declined to discuss any open investigations. The Justice Department couldn’t be reached for comment.
PlusToken had a futuristic slant in the materials that the group published, including a “white paper,” but operated like a classic Ponzi, according to Chainalysis and interviews with alleged victims. People opened accounts on the PlusToken platform, investing in cryptocurrencies like bitcoin and ethereum. The platform was supposedly trading on their behalf. Users were promised dazzling returns.
The alleged perpetrators organized meetups and elaborate conferences. They introduced a blond-haired Russian known only as Leo as chief executive and attempted to market him as a celebrity. Mr. Seo said he was told Leo had been an artificial-intelligence developer at Alphabet Inc.’s Google and had secured hundreds of millions of dollars of investment from the British royal family.
To bolster that claim, a group calling itself the PlusToken Alliance posted a photo on its Facebook page that appeared to show Leo at a charity reception with Prince Charles in London in 2019. It is unclear who maintained the page.
Without more information about his identity, a spokeswoman for Alphabet said she couldn’t confirm whether Leo had ever worked for the company. The Prince Charles Foundation, which represents Prince Charles, couldn’t be reached for comment.
The aggressive marketing paid off. Chainalysis tracked about 180,000 bitcoin, 6.4 million ether and 110,000 tether that went through PlusToken wallets. Calculating the prices at the various times investors deposited funds, those investments added up to $2 billion.
Some of that money appears to have been paid out to early investors, but Chainalysis said much of it was transferred to wallets likely controlled by the operators themselves.
Although big projects like PlusToken have drawn the most money, smaller operators trawl the internet as well. Gary Condry said he was victim of one of them in November.
Mr. Condry, a 70-year-old Army veteran in Wooster, Ohio, said he started texting with a man calling himself Jason Hanley whom he found on social media. Mr. Hanley maintained pages on Instagram and Facebook, where he promoted an investment website called cryptoinvestments247 and promised weekly payouts.
“I had never really invested in anything,” said Mr. Condry, who was already in debt. “Bitcoin sounded like the quickest way to make money,” he added.
Text messages between Gary Condry and a man calling himself Jason Hanley, who promised exponential profit for trading small amounts of bitcoin.
In late November, he gave Mr. Hanley $200, followed by an additional $700 in early December. Within weeks, he was told, his account had risen to nearly $17,000.
There was a catch, though. Mr. Hanley demanded an additional $1,700 before he would pay out Mr. Condry’s “profits,” according to text messages from Mr. Hanley that were reviewed by The Wall Street Journal. This wasn’t part of their agreement, Mr. Condry said. After a number of angry text messages, he said he gave up trying to cash out his profits, or to even recoup his original investment.
“I already lost it,” Mr. Condry said. “I didn’t see it.” Mr. Condry said he called the Ohio attorney general to report the events. The attorney general’s office couldn’t be reached for comment.
When reached by the Journal, Mr. Hanley declined to discuss Mr. Condry’s investment or cryptoinvestments247.
“I’m busy, man,” he texted later. “Got no time for everything.” An hour later, the Facebook account was deleted. Soon after, the Instagram account was gone, too.
In August, Mr. Seo was among some 200 PlusToken investors who filed a complaint with prosecutors in Seoul to kick-start an investigation into the alleged scam. Others in the group are still hoping their PlusToken wallets will start working again, he said.
“That false hope is killing people,” he said.
PlusToken Scam Moves $123M In Bitcoin Just As BTC Price Regains $10K
As Bitcoin (BTC) and Ether (ETH) price rallied to new 2020 highs on Feb. 11, a large transaction totaling nearly 12,000 BTC was moved from a wallet associated with the PlusToken Ponzi scheme.
Twitter-based crypto transaction bot, WhaleAlert, noted that “12,000 #BTC (118,852,619 USD) transferred from unknown wallet to unknown wallet.” This transaction was later followed by a second transaction splitting the 12,000 BTC into smaller sums.
According to PeckShield Inc. co-founder and VP of research, Chiachih Wu, a total of 12,423 BTC ($123 million) was moved into what Wu says appear to be cold wallet addresses.
Meanwhile, Twitter users Sue Zhu and ErgoBTC allege that the group behind the PlusToken scam is covertly moving a significant amount of Bitcoin from wallet addresses associated with the group. Zhu noted:
“Plus Token coins are on the move again, but more importantly, are now being split into smaller amounts vs the single output transfers from a few hours ago.”
As previously reported by Cointelegraph, the PlusToken Ponzi scheme was one of the largest scams in existence to rock the crypto sector. Initially, the project was presented as a South Korea-based exchange offering a high-yield return on investment but eventually, the entire operation was exposed as a scam after several million participants found they were unable to withdraw their investment.
In the past, such movements were followed by suspected massive open market sales on cryptocurrency exchanges which led to sharp corrections in Bitcoin, Ether and many other altcoin prices.
In 2019, Crypto Twitter researcher Ergo estimated that a major market sell-off was possibly driven by the PlusToken scammers liquidating 200,000 BTC on the open market. Ergo explained in November:
“If my numbers are correct, the 200k BTC estimates reported earlier this year were correct, and market impacts will continue for some time.”
Many analysts also believe that PlusToken sales are one of the primary catalysts for the 7-month long market downtrend that began after Bitcoin price reached $13,800 on June 26, 2019.
Given that Bitcoin has not long escaped this 7-month downtrend when bears completely controlled the price, investors casting a wary gaze at today’s transfers are not overreacting as the move could eventually culminate with a repeat of previous bulk crypto sales.
Adding further explanation to today’s transfers, Chiachih Wu said, “it seems a programmed transaction since all 7 new utxos are split into smaller parts (100-400 BTC) in the same block…will be gone soon.”
Considering that in 2020 Bitcoin price is up by 42.9% and Ether has gained 82.89%, now seems like an opportune moment for the PlusToken scammers to capitalize on their ill-gotten gains.
At the time of writing, both transactions have been confirmed and as the event gains traction in crypto media it will be interesting to see how investors and the price react to the possibility of some or all of the $123 million in Bitcoin being sold at market rate on cryptocurrency exchanges.
Coin Ninja CEO Arrested For Allegedly Laundering $311M With Bitcoin Privacy Tools
Larry Harmon, the CEO of Bitcoin media site Coin Ninja and founder of crypto wallet provider DropBit, is facing federal charges related to his use of Bitcoin privacy tools.
United States federal prosecutors are charging Harmon with conspiracy to launder money and operating a money transmitting business without a FinCEN license.
According to an arrest warrant filed earlier this month, Harmon allegedly laundered over 354,468 Bitcoins (BTC) (worth $311 million at the time of the transactions), allowing the users of a privacy tool named Helix, and a darknet search engine named Grams, to make transactions on AlphaBay, a known dark market that was shut down in 2017.
Helix allowed users to mix the coins before spending through a CoinJoin transaction. The mixing of coins has been associated with money laundering and other illicit activities.
Harmon is facing a 30-year prison sentence for these alleged crimes.
Harmon Denied Bail
Journalist and podcaster Peter McCormack reportedly spoke to Harmon’s brother, Gary Harmon, who said that Coin Ninja’s assets have been frozen and that the FBI has removed $4,000 in Bitcoin from its Lightning Network node.
According to McGormack, Larry has been denied release on bail bond because he was deemed a flight risk, “even though they have confiscated all his assets.”
The state attorney’s motion to detain Harmon shows that the state believes that Harmon will not reasonably appear in court if permitted a release on bail as he has “significant family ties outside the United States” and is “subject to a lengthy period of incarceration if convicted.
DropBit has gained some attention among Bitcoiners, particularly because it allows the users to send BTC on-chain and over the Lightning Network using Twitter handles or phone numbers. Since DropBit’s funds have been frozen, Gary Harmon and its developers are personally funding the wallet’s operations, according to McCormack.
New Email Extortion Scam Targets Google’s AdSense, Demands Bitcoin
A new extortion scam targeting website owners serving banner ads through Google’s AdSense program has begun circulating the Internet. The malicious scheme demands Bitcoin (BTC) in exchange for preventing an attack, which would purportedly lead to the users’ AdSense account suspension.
The email-based extortion scheme was reported by security news and investigation blog KrebsOnSecurity, on Feb. 17. The blog post detailed that some site owners received a message as their site had been spotted by the malicious program as one seeking revenue from publishing an ad. The message ostensibly read:
“Very soon the warning notice from above will appear at the dashboard of your AdSense account undoubtedly! This will happen due to the fact that we’re about to flood your site with huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP’s in rotation — a nightmare for every AdSense publisher.
More also we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site.”
The message appears as a warning, wherein the cybercriminals demand $5,000 worth of BTC to deter the attack.
The user who shared the message with KrebsOnSecurity said that their recent AdSense traffic statistics had detected a substantially increased invalid traffic. Google ostensibly called the scam a classic threat sabotage, where a fraudster tries to trigger an enforcement action against a publisher by sending invalid traffic to their inventory.
Google’s Strict Policy Toward Ads
The news came on the heels of Google’s new policy regarding its ads, wherein the team behind AdSense said that it will stop showing ads before invalid clicks happen. “This year, we’re enhancing our defenses even more by improving the systems that identify potentially invalid traffic or high risk activities before ads are served.
These defenses allow us to limit ad serving as needed to further protect our advertisers and users,” Google explained.
Previously, Google took a hard line on decentralization and cryptocurrency. The most prominent example of hostility from Google occurred in June 2018, when the company announced that it would ban all crypto-related advertising in accordance with an update to its Financial Services policy.
Most recently, Google blacklisted keywords mentioning Ethereum (ETH) on its advertising platform, Google Ads. Google confirmed that “Ethereum” had been blacklisted as a keyword “regardless of the nature of the service that is being promoted.”
Criminals Increasingly Demand Bitcoin
The leading cryptocurrency has been gaining popularity among criminals around the world. Earlier in February, two letter bombs exploded in the Netherlands and an anonymous criminal asked for a Bitcoin payment to prevent future attacks.
In Thailand, Singaporean Mark Cheng was kidnapped and tortured for a $740,000 ransom in BTC. After transferring all his available funds of $46,000, he allegedly made a daring escape as his captors prepared to murder him.
Decentralized Lending Protocol bZx Hacked Twice In A Matter Of Days
Decentralized finance (DeFi) proponents are taking a hard hit after decentralized lending protocol bZx saw two successful hacks just days apart with losses totalling around $954,000.
According to bZx’s report, the protocol was compromised for the first time on Feb. 14, when the team was at the ETHDenver industry event. The second attack, according to industry news outlet The Block, took place on Feb. 18.
The First Attack’s Procedure
The attacker used multiple DeFi protocols to lend and swap significant quantities of Ether and wrapped Bitcoin (WBTC) — a token on the Ethereum blockchain that tracks the price of Bitcoin (BTC) — in a way that allowed him to manipulate the prices and profit off of a decentralized leveraged trade.
The attacker first took loaned 10,000 Ether (ETH) from decentralized lending protocol dYdX, then used 5,500 ETH ($1.46 million) to collateralize a 112 wrapped Bitcoin (WBTC) loan (over $1 million) on DeFi protocol Compound.
At this point, the attacker sent 1,300 ETH (over $372,000) to decentralized margin trading ETH to open a 5x leveraged position on the ETH/BTC pair on bZx’s Fulcrum trading platform and borrowed 5,637 ETH through Kyber’s Uniswap and swapped them for 51 WBTC, causing large slippage.
This, in turn, allowed the attacker to profit from swapping the 112 WBTC from Compound to 6,671 ETH, resulting in a profit of 1,193 ETH (nearly $318,000). The hacker finally paid back the 10,000 ETH loan on dYdX that he took before.
According to an in-depth analysis of the attack, the transaction with which the attacker opened the leveraged trade should have been prevented by safety checks, but those checks did not fire due to a bug in bZx’s smart contract. The team behind the protocol has announced that the bug has been patched.
The Second Attack
The nature of the second attack is still largely unclear, but a message from the project’s CVO and operations lead Kyle Kistner in the official bZx Telegram group suggests that it was an oracle manipulation attack. Oracles are usually centralized components that provide external data to on-chain applications.
The Block estimates the loss to be 2,388 ETH (nearly $636,000). Kistner said that the team can neutralize the hack and prevent the loss of user funds like they did for the first hack. Furthermore, he promised that bZx developers will switch to oracles based on the Chainlink protocol, seemingly suggesting that it would make the system safer.
Cointelegraph will update this article with further information once it is forthcoming.
The Prevalence Of Crypto In Hacks
The non-reversibility of transactions is a basic property of most cryptocurrency, or at least is strived for by most projects. While desirable for many reasons, this feature is also appreciated by cybercriminals who get to keep funds if they manage to steal them, while wire transfers could instead be reversed.
Hacker groups are also saying ahead of the curve by updating their methods. Cybersecurity firm TrendMicro recently discovered that hacking group Outlaw has been updating its toolkit for stealing enterprises’ data for nearly half a year.
Earlier this month, Cointelegraph reported that hackers compromised five United States law firms and demanded two 100 Bitcoin ransoms from each firm: one to restore access to data, and one to delete the hacker’s copy instead of selling it.
Chinese Exchange FCoin Closes Down, Still Owes Users $125 Million
Zhang Jian, founder of Chinese crypto exchange Fcoin, revealed in a post earlier today that FCoin may not be able to pay the 7,000-13,000 BTC (that’s $67 million to $125 million) that it owes users.
According to Zhang, the exchange hasn’t been hacked and isn’t an exit scam. But evidence suggests it might be exactly that.
Zhang claims that the shutdown is the result of a series of internal data errors and decisions that are too complicated to explain:
“This is a problem that is a little too complicated to be explained in a single sentence, the time span is also large, and the two story development lines are advancing and affecting each other at the same time, leading to the final outcome.”
The Beginning Of A Nightmare
After FCoin’s launch in May, the exchange’s reported trading volumes became some of the biggest in the world overnight with a new business model called “transaction mining.” Later it was reported by one Redditor that this volume was actually fake. The FCoin order book appears to be crawling with bots. “The price of FT is constantly manipulated,” wrote one Redditor, who also described the exchange as a scam.
The business model was suspicious from the get-go. There was no airdrop nor ICO at launch. FCoin distributed 51% of its native tokens to users for reimbursing transaction fees. Users were incentivized to transact as frequently as possible, since the platform reimbursed 100% of the transaction fees they paid in FT tokens. 80% of the exchange’s daily revenue from transaction fees were then paid back to users.
Binance’s CEO Changpeng Zhao has called FCoina Ponzi scheme since the middle of 2018. He also commented on Zhang’s post in a tweet:
“I rarely called out anyone, with exceptions. On Chinese social media, I called FCoin a pyramid scheme in mid-2018. Their founder calls his own plan a “better invention than #Bitcoin”. That did it for me. Who would say such a thing? About themselves? Except scammers.”
Zhang said there had been errors detected in the FCoin system ever since 2018 but did not explain why FCoin had failed to address such problems before it’s too late:
‘With the deepening of the investigation, we found a large number of existing data problems of dividends and mining returns, and these problems have existed for many days. As a result, a large number of users have already been through operations such as buying and selling various currencies and withdrawing cash, causing the pollution of assets.”
The platform was suspended a few days ago by its own account for risk-control. This caused a great deal of speculation that the project was shutting down and its operators were using it as an excuse vanish.
The Final Struggle
In the last few sentences on his blog post, Zhang claimed he would handle the users’ email requests for withdrawals personally. He also mentioned that he will compensate FCoin user losses with the profits he would make from his other projects. But then again, he did not mention what specific project he has been working on or when would he be able to pay back the money he owes to the users.
Some Chinese sites have reported that with Zhangjian’s admitting he owes users $125million debts, he might face potential civil lawsuits in the near future. Yet given that the exchange is registered overseas and Zhang has also moved out of China, it may be difficult for the FCoin case to see a domestic legal solution.
FCoin Blames Poor Auditing For Shutdown, But Others Suspect Exit Scam
Less than two years after bursting onto the scene, Chinese crypto exchange FCoin has shut down its operations. The platform, founded by Zhang Jian, also says it may be unable to pay the 7,000 to 13,000 Bitcoin (BTC) — about $67 million to $125 million — that is owed to its customers.
Jian, the former chief technology officer of Huobi, tried to explain the reasons for the platform’s insolvency, identifying poor auditing practices. Crypto pundits, however, say there is a more sinister aspect to FCoin’s demise — one that involves a cleverly orchestrated exit scam by the platform’s hierarchy.
An examination ofFCoin’s cold wallet shows numerous transfers to other cryptocurrency exchanges. The platform also destroyed a large cache of its eponymous native token, worth about $75 million.
With the platform’s crypto shortfall, it appears users will face significant difficulties in receiving their compensation from FCoin. Jian could also face legal troubles, especially seeing as authorities in Beijing are keen on extending the crypto trading ban to exchanges domiciled overseas but still providing services to Chinese citizens.
In a post published by Jian on Feb. 18, 2020, the FCoin founder attempted to set the record straight concerning the platform shutting down. As previously reported by Cointelegraph, Jian revealed that in addition to going out of business, the platform may not be able to pay back as much as 13,000 BTC owed to its customers. An excerpt from Jian’s tell-all reads:
“The internal problems and technical difficulties we face are the result of financial difficulties. It is expected that the scale of non-payment is between 7,000–13,000 BTC.”
According to Jian, FCoin’s demise was neither due to a hack or an attempted exit scam. Instead, the former Huobi CTO blamed a series of data and decision errors — specifically concerning proper auditing of the payouts of the platform’s transaction mining model.
The FCoin founder’s statement revealed that several months of the platform’s operations went by before the exchange began implementing any significant checks and balances in its back-end. This operational failure eventually led to catastrophic consequences for the crypto exchange.
A Little Bit Of History
In May 2018, FCoin entered the crypto exchange scene with a novel business model called “trans-fee mining.” This new development took the concept of exchange tokens to another level by reimbursing users with a percentage of the transaction fees received by the platform.
In FCoin’s case, this reimbursement was 100% of the trading fee for each transaction. Thus, for every crypto trade on its platform, FCoin would pay back the user the full amount of the transaction in its native FCoin Token (FT).
Data from the report at the time showed that platforms using the same model as FCoin had been accounting for 12% of the total crypto spot trading market. Traders looking to enjoy what was essentially cost-free transactions were rushing to FCoin and the likes to trade their tokens. Beyond reimbursing users with 100% of their trading fees in FT, FCoin added another layer to its trans-fee mining model by paying its users 80% of its daily revenue.
This meant users were incentivized to trade on platforms that make use of the trans-free mining model, which ultimately led to an explosion of activity. According to CryptoCompare’s December 2018 review of cryptocurrency exchanges, platforms running the trans-fee mining model were beginning to pull-in significant trading volumes.
By 2019, FCoin adjusted its trans-fee mining model, canceling the 100% FT reimbursement, deciding instead to payback transaction fees with the cryptocurrency in which the trader executed the trade. The Chinese crypto exchange also reduced its daily revenue payback to 20%, with the remaining 80% held for one year and still allowing FT holders to earn interest during the holding period.
These adjustments, made at the end of April 2019, were supposed to help the platform move toward a more sustainable operating model. However, as the narrative below will show, the move came too late to salvage what was already a crypto exchange in dire straits.
FCoin’s Trans-Fee Mining Bubble
In theory, trans-fee mining ought to incentivize users to trade frequently, thereby increasing the exchange’s transaction volume. In reality, the model encouraged dishonest activities — an influx of bots, spoofing, wash trading, etc. To earn more money per trade, rogue actors would collude to create fake transaction volumes, propping up the trading activities on these platforms.
In 2019, several reports emerged showing that the majority of volume data provided by crypto trading metrics providers such as CoinMarketCap was from wash trading. Most of the platforms singled out in a Bitwise report were running some form of a trans-fee mining protocol.
It didn’t take long after the emergence of FCoin and trans-fee mining for some crypto pundits and other stakeholders to issue multiple warnings about the model. Back in 2018, Binance CEO Changpeng Zhao called trans-fee mining a reverse initial coin offering. At the time, Zhao remarked:
“You use BTC or ETH to pay for the transaction fee to the exchange, where it pays you back 100% via the exchange tokens. Isn’t it the same with using BTC or ETH to buy the exchange tokens?”
While FCoin was pulling in large transaction volumes, the back-end architecture that ought to prevent any abuse of the system was not yet in place. With the increasing transaction volume came a spike in the price of FT.
Buoyed on by the upward trajectory of FT’s price action, platform users were increasing their transactions on the platform, earning valuable FCoin tokens that were likely sold for other cryptocurrencies like Bitcoin.
Meanwhile, poor back-end controls on the exchange meant that some users were receiving fee reimbursements in excess of the stipulated amounts prescribed by the model. Then came the crash of FT, with the price falling by about 95%.
FCoin Price Crash On Aug. 30, 2019
According to Jian, this decline and the discovery of irregular FT payments forced the team to use the exchange’s resources to buy a significant portion of the tokens back in a bid to create scarcity and engineer a return to upward price action. However, the FT buybacks ultimately failed to rescue FCoin. Instead, there seems to have been a steady outflow of funds from the platform’s Bitcoin wallets right up until the announcement of the exchange’s shutdown.
Following The Money
The flow of funds from FCoin Bitcoin wallets also provides further insight into how the trans-fee mining bubble caused the demise of the crypto exchange. Crypto forensic startup PeckShield published a report detailing cryptocurrency transfers from the platform’s wallets.
Balance of FCoin’s cold wallet, April 2018 to February 2020
According to the report, FCoin’s cold wallet held 13,272 BTC in mid-July 2018. This figure is the largest Bitcoin cache held by the exchange, and it signaled the prosperous early months of the platform’s operations.
However, over the following six weeks, FCoin’s holdings dropped 10,000 BTC, as just 3,505 BTC was left in the cold wallet by August 2019. This period — from mid-July 2019 to the end of August 2019 — lines up perfectly with the first discovery of irregular reimbursements and other data errors alluded to by Jian in his statement earlier this week. An excerpt from PeckShield’s report translated from Chinese reads:
“We speculate that FCoin’s cash flow problem may already have emerged in July 2018. Pandora’s box may have been opened at that time when it was in the limelight.”
In summary, FCoin’s cold wallet saw two major outflow streams — totaling 8,009 BTC and 11,107 BTC — and a third, smaller transfer of 55 BTC. These outgoing transactions occurred over a period spanning from June 13, 2018, and Feb. 17, 2020 — the day before Jian’s public statement.
From these two major streams, smaller BTC amounts were funneled to major crypto exchanges such as Huobi, Coinbase, Bitstamp and OKEx, to mention a few. In total, PeckShield estimates that more than 19,100 BTC was transferred out of the FCoin cold wallet. Another translated excerpt from the report reads:
“We have statistically summarized all FCoin-related address balances and found that there are about 477 BTC remaining.”
With events still unfolding, unanswered questions persist about the nature of FCoin’s demise. For one, why was there an increasing amount of net BTC outflows from the platform’s cold wallet while the price of FT was tumbling?
These outflows do not appear to be user withdrawals, given their non-random nature. Data from on-chain analysis shows that the transaction amounts were always nice, round digits such as 100 BTC or 150 BTC. Dovey Wan, a founding partner at blockchain investment firm Primitive Ventures, argued that the orderly distribution of the net outflows is proof that those transactions were not user withdrawals.
In a separate analysis by white hat crypto transaction analyst ErgoBTC, there is evidence that shows every outbound transaction from FCoin’s cold wallet is followed by a 100 BTC or 150 BTC deposit on an exchange such as Huobi or OKEx.
Another puzzling question from the FCoin debacle shows up in the absence of net outflows between April 2019 and August 2019. Why would a crypto exchange’s cold wallet, which had seen drastic changes in its balance over a period of almost one year, suddenly come to a standstill for four months?
Exit Scam, Ineptitude Or Both?
As for the question of whether FCoin’s demise was an exit scam or the product of ineptitude on the part of the platform’s hierarchy, Josh Lawler, a partner at Zuber Lawler and Del Duca LLP, told Cointelegraph:
“The story of FCoin, intentional or otherwise, is that of a Ponzi scheme. The facts and circumstances would be violations of any number of regulatory laws designed to prevent exposure of the investing public to fraud and incompetence. At best, FCoin’s story is a combination of the two. In the digital asset space, it is a cautionary tale as to what happens when undercapitalized and over-exuberant entrepreneurs try to become instant unicorns.”
In his statement, Jian promised to pay back affected users, revealing that he was personally overseeing email withdrawal requests from users of the platform. According to Jian, this process could take between one and three months, with the FCoin founder stating that profits from his next venture will also be used to compensate the victims of the crypto exchange’s insolvency.
FCoin published a statement on Feb. 20 that stated it was considering reopening the exchange. According to the letter: “At present, the social committee and Zhang Jian are discussing the restart plan, and the follow-up will be gradually disclosed to the community according to the process.”
Justin Sun, the CEO of Tron (TRX), has also pledged to help affected FCoin users, promising 1,000 BitTorrent tokens (BTT) to each FCoin customer who moves to the Poloniex exchange. Back in November 2019, Sun was reportedly part of a team of investors that acquired Poloniex from Goldman Sachs-backed fintech firm Circle.
Bitcoin Cash Faces ‘Slow Death’ After Alleged $30M Hack — Commentator
Altcoin Bitcoin Cash (BCH) has become the subject of intense speculation after a major investor claimed he lost $30 million in a wallet hack.
In a now-deleted Reddit post from Feb. 22, the investor, who appears to be Dreamhost founder Josh Jones, said the attacker also stole 1,500 Bitcoin (BTC) worth $14.4 million.
Hacker Steals Reported $45M
The hack came in the form of Jones’ SIM card being compromised. So far, he has not confirmed whether this was a so-called “SIM swap,” or whether the funds were commandeered by other means.
In the deleted post, Jones appealed to BCH miners not to validate the transactions. He wrote:
“It’s only had 3 confirmations, if any miners/the community can help somehow, I’ve got the private keys. Help help help.. Big reward obviously.”
Commenting on the events, Dovey Wan, founding partner at crypto asset fund Primitive Ventures, warned that the impact would go far beyond Jones himself.
In a series of tweets, Wan reproduced the Reddit post, criticizing Jones for keeping such a large amount of cryptocurrency in a wallet accessible simply from his smartphone. She described the attack as “really brutal.”
Wan: BCH Drama Will Result In “Slow Death”
Subsequently, Wan added that the hacker was splitting up the stolen funds, likely in an attempt to conceal their origin and make them easier to sell on exchanges.
“RIP BCH .. only a double-spent can help this poor guy now,” she wrote, continuing that Bitcoin Cash as a cryptocurrency faced a significant threat:
“No matter what, this 60000 $BCH hack, the dispute among BCH camp between Ver and Jihan, all these will mark a slow death of it.”
As Cointelegraph reported, Bitcoin Cash has seen various contentious events throughout its lifespan, including a hard fork in 2018 which resulted in the creation of another altcoin, Bitcoin SV (BSV).
It is unclear which other problems Wan was referencing when she mentioned two of its leading figures — Bitmain executive Jihan Wu and Bitcoin.com founder Roger Ver.
At press time, BCH/USD had barely reacted to the hack, slipping just 1% on the day to trade at $373. Year to date, the pair is still up over 80%.
What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,What Are The Biggest,