2020’s worst cryptocurrency data breaches, thefts, and exit scams
If we said “2020 was a year we would never forget”, that statement would not be wrong. COVID 19 turned everything upside down, and as businesses were fighting to survive, however, in the criminal world, their business saw quite a boom.
Over the past several years, cryptocurrencies have gained a lot of attention from cyber attackers. The reason being is because of its decentralized and ungoverned features, as opposed to traditional fiat currencies which are controlled by the banks. From the Wild West to something more akin to a stable financial structure, cryptocurrency has evolved dramatically.
Additionally, the introduction of blockchain technology for cryptocurrencies has given tech giants like IBM, Microsoft, and Google, a platform to explore making operations more secure and efficient.
However, blockchain and cryptocurrency technology are still new and experimental, and any intrusion in the wallets can lead to data breaches. In the past year, we have seen many cases of exit scams and fraudulent coin launches, known as Initial Coin Offerings (ICOs) that cause major losses to investors.
Below is a list of the worst crypto scams, thefts, and data breach events, throughout 2020.
Poloniex – Phishing Scam
Poloniex, a cryptocurrency exchange experienced a phishing scam which was handled immediately. The crypto exchange sent emails to account holders of a scam message they discovered on a microblogging platform. The message contained a list of leaked email addresses and passwords claiming to be used to access Poloniex accounts.
However, the exchange explained that almost all the emails listed in the scam message did not belong to Poloniex accounts, but they requested the account holders to reset their passwords to prevent any breaches.
Microsoft – Engineer Theft
A former Microsoft software engineer was convicted for 18 felonies, stealing over $10 million from the company’s retail sales platform. Volodymyr Kvashuk, a Ukrainian citizen, was found guilty of wire fraud, money laundering, email fraud, identity theft, fake tax return filings, access device fraud, and access to a protected computer.
Kvashuk used his privileged access in Microsoft to steal assets such as gift cards and digital currency from an online retail platform. Initially, he stole $12,000 but later the theft escalated to $10 million in seven months. When questioned, he claimed to be “working on a special project to benefit the company”. The jury rejected his claim and sentenced him to 20 years in prison.
YouTube – Ponzi Scam
A hacker hijacked tens of YouTube accounts and renamed them to Microsoft brands. 30+ YouTube profiles were hacked and live-streamed an old presentation of Bill Gates concerning start-ups that he gave in 2019 at Village Global. The broadcast also asked the audience to participate in the “crypto giveaway” – where victims were tricked to send a small amount of cryptocurrency to receive double returns.
According to YouTube stats, tens of thousands of users saw the video stream. This incident was not the only one where a famous person was impersonated for a crypto scam. The account of the YouTuber’s founder was also hacked previously in a similar manner and many other accounts.
Lendf. me – Reentrancy Attack
Hackers stole more than $25 million worth of cryptocurrency from Lendf.me, a lending platform. They orchestrated a sophisticated “Reentrancy attack” by chaining bugs with legitimate features of different blockchain technologies. In a reentrancy attack, hackers repeatedly withdraw funds in a loop before an original transaction is approved or declined. The hackers returned the stolen funds but accidentally leaked the IP address during the attack.
Supercomputers – Cryptocurrency Mining Malware
Various supercomputers across Europe were infected with cryptocurrency mining malware. The security incidents were recorded in UK, Germany, and Switzerland. The attackers got access through supercomputers clusters via compromised SSH credentials.
The credentials were stolen from university students in China, Canada, and Poland who were involved in computing jobs. The purpose was to mine Monero (XMR) cryptocurrency.
Read More >> Cryotucurrency Crime Report Summary
Coincheck – Data Breach
Coincheck is one of the biggest Japanese cryptocurrency exchanges that suffered a data breach. The intrusion caused unauthorized access to Coincheck’s domain registration service. In 2018, the platform suffered a $500 million hack, which is the biggest cryptocurrency theft in the history. However, in the most recent attack, the company recorded no losses, but they temporarily stopped the crypto remittance service to recover from the attack.
Twitter – Cryptocurrency Scam
In July 2020, hackers breached Twitter employee accounts to gain access to high-profile and verified accounts. The hackers compromised accounts of Barrack Obama, Elon Musk, Joe Bide, Micheal Bloomberg, Bill Gates, Apple, Kim Kardashian, Kanye West, Uber, and many others. According to Twitter, hackers interacted with 130 accounts, for 45 accounts they reset passwords, logged-in accounts, and sent promotional cryptocurrency scam tweets.
The hackers accessed the direct messages of 36 accounts and viewed information such as emails and phone numbers of the targeted accounts.
Source: ZDNet
2gether – Cyberattack
2gether is a cryptocurrency trading platform that suffered a cyberattack on its server in July 2020. The unknown attackers stole €1.83 million in cryptocurrency from the investment accounts. The amount stolen equates to 26.79% of the total funds.
ETERBASE – Hot Wallets Breach
A Slovakian-based cryptocurrency exchange lost $5.4 million worth of cryptocurrency funds when hackers breached the internal network. The theft involved various cryptocurrencies including Bitcoin, Ether, Ripple, ALGO, TRON, and Tezos from the company’s hot wallets – crypto accounts connected with the internet.
Source: ZDNet
Kik – Illegal Cryptocurrency Offering
SEC issued a $5 million penalty to Kik for offering an illegal ICO for “Kin” tokens, and not complying with the securities laws. According to SEC, Kik did not register Kin before offering in 2017.
GoDaddy – Social Engineering Scam
In November 2020, GoDaddy – a domain registrar, confirmed their employees were entrapped to facilitate attacks on different crypto exchanges via phishing and social engineering. As reported, a small number of customer domains were altered.
Compounder Finance – Exit Scam
Compound Finance claimed to be an automated farming system that promised investors compound interest in digital assets. Also, they offered native CP3R tokens as rewards. In a rug pull, unexpected removal of liquidity from a token, the platform transferred out roughly $10.8 million in the form of Bitcoin, DAI, Ether, and other tokens. The company swapped the safe/audited contracts with the malicious contracts to steal investor funds.
Learn how to protect yourself from getting scams here
Note:
We have a team of professionals who investigate the fraud cases thoroughly and provide a detailed analysis with documents necessary to report a scam or fraud to higher authorities. We aim to evaluate each case with the utmost attention and resolve them in a manner that the victim gets closure as soon as possible.
