https://bitcoinmagazine.com/ | May 1st, 2016 | Visit the original article online
Bitcoin has a history of hacking, phishing and ransomware attacks. The latest attempt aimed to replace Bitcoin QR codes with redirection to the thief’s wallet. Bitstamp, a British-based Bitcoin exchange portal, caught the attempt although not after the scammer had succeeded three times.
On March 11, BitStamp alerted the Bitcoin community to the fact that a Google Chrome extension was driving bitcoins to an alternate site. Bitcoin uses QR codes to transfer funds from one account to another. The phisher had intercepted the recipient's QR by plugging in an extension, known as “BitcoinWisdom Ads Remover,” that would divert funds to the thief’s address.
History of Bitcoin Scams
Digital currency has been plagued by thefts since 2011. A study done last year by Marie Vasek and Tyler Moore of University of Texas tallied 41 scams that occurred between 2011 and 2014, in which 13,000 victims were harmed. Honorary mention has to go to pseudonym victim Allinvain, a member of the BitcoinTalk forums who, in June 2011, became the first person to have his Bitcoin account hacked. The invader compromised the victim’s Windows computer and stole 25,000 bitcoins, which today would amount to $14 million. The Allinvain theft has been followed by numerous hackings that magnify given the relatively small size of the Bitcoin industry.
Digital currency is especially vulnerable due to its pseudonymous nature and absence of any sort of chargeback mechanism. Scam artists and frauds love cryptocurrency. Its lure hooked ex-Secret Service agent Shaun Bridges, too.
December 2015, Shaun Bridges was caught niggling $820,000 in bitcoin from accounts connected to the Silk Road, an online black market that dabbled in illegal drugs. Attorney (AUSA) Kathryn Haun told the court that:
One item of discovery was a series of text messages in which Mr. Bridges engaged with another member of the Baltimore IRS task force, and the two were routinely talking about their bitcoin trading. It was unclear if it was part of the proceeds of this case, but all the while [Bridges] is telling the other person: 'I'm guarding Mrs. Obama right now.’
Bitcoin users defend themselves from invaders by using technological tools such as hardware wallets, encrypted key storage, multi-signature protocols and digital escrow. Thieves respond by upping their game. On both sides, the methods become more and more sophisticated.
Four Types of Bitcoin Scams
As of 2016, Vasek and Moore found that four bitcoin scams existed: Ponzi schemes, mining scams, scam wallets and fraudulent exchanges.
Ponzi scams, or high yield investment programs, hook you with higher interest than the prevalent market rate (e.g. 1-2% interest per day). These programs redirect your money to their own wallets.They also tend to collapse and to pull themselves up again with new programs often run by the same criminals. Researchers Moore, Han, and Clayton first discovered these Ponzi programs in 2012 and noticed that they latched onto virtual centralized currencies such as Liberty Reserve, Perfect Money, and EuroGoldCash.The government bolted these, but scammers turned to decentralized digital currencies such as Bitcoin and Litecoin instead.
You can usually recognize these Ponzi schemes by the fact that they advertise Bitcoin addresses in order to accept incoming payments, rather than using common payment processors such as BitPay or Coinbase.
Bitcoin Mining Scams
Mining scams are those that have you pay to mine Bitcoin on your behalf. They fail to deliver. Moore and Vasek incriminated Labcoin, Active Mining Corporation, Ice Drill, AsicMiningEquipment.com, and Dragon-Miner.com. All, to some extent, promised outrageous returns and pocketed the money.
Bitcoin Exchange Scams
Bitcoin Exchange Scams offer features that established players omit, such as PayPal/Credit Card processing, or a better exchange rate. Needless to say, these scams default on their goods. BTC Promo, btcQuick, CoinOpend and Ubitex are examples. Each was short lived. Each bombastically succeeded in siphoning off torrents of dollars in the short time they operated.
Bitcoin Wallet Scams
Bitcoin scam wallets carry similar features to online wallets, but with a difference: The operators siphon some or all of your money to their addresses. The ruse goes as follows:
Victim deposit bitcoin into scam wallet.
If the amount of money falls below the thief’s targeted threshold, money stays.
If the amount of money satisfies the thief, she siphons it into her own wallet.
These ruses were first detected in early 2013, where bitcoin users complained of losing money once they deposited larger amounts. Examples include Onion Wallet, Easy Coin, and Bitcoinwallet.in. Each was operated by the same scammer who managed to pinch almost $1 million in total.
Bitcoin Ponzi, or high-yield investment, scams predate Bitcoin and perpetrate 60% of all thefts. The other three scams are still fresh around their ears, but do well too. Of all types, bitcoin wallet scam is the most consistent and offers the steadiest stream of ill-gotten gains.
One such scam, a Google Chrome extension scam, was foiled when Google removed 21 extensions from its Google store. All were developed by TheTrollBox. The most malicious, the “Cryptsy Dogecoin Live Ticker,” was intended to reroute Bitcoin funds to the scammer’s wallet.
This “BitcoinWisdom Ads Remover” became the latest most similar such example.
In this most recent case, the extension scam was targeted for 200 addresses, but only three transactions made their way to the interceptor’s wallet. Some suggest these may have been pilot attempts indicating that the scammer failed in his project.