Cyber criminals have lured would-be investors into sending money to their addresses rather than actual ICO addresses
Cyber criminals have reportedly stolen $225 million worth of digital currencies through phishing scams in 2017. In these scams, would-be investors were tricked into sending money to Internet addresses claiming to be funding sites for virtual token offerings on Ethereum’s blockchain.
Based on data from New York-based researcher Chainalysis, over 30,000 investors were victims of the Ethereum-related cyber crimes, losing an average of $7,500 each in the process, with initial coin offerings (ICO) amassing around $1.6 bln in proceeds in 2017.
According to Chainalysis co-founder Jonathan Levin, the loot of the cyber criminals is very hefty.
“It’s a huge amount of money to generate in such a short period of time. The cryptocurrency phishers are doing pretty good against all the other types of criminals that are out there.”
Cyber criminals’ modus operandi
According to Levin, the hackers created websites or social media accounts that mimic a real ICO project. They then solicited prospective investors to send money to their address using these fake accounts. Other methods of luring victims include Twitter posts, Slack messages, and targeted email campaigns.
Levin claimed that cyber criminals were also able to steal money by tapping into project loopholes. He cited as example the decentralized autonomous organization (DAO) project, which was aimed at democratizing how Ethereum projects are funded. Cyber criminals were able to exploit a bug in the system that led to the theft of $55 million worth of Ethereum at that time.
Due to the huge losses suffered by investors, Levin recommended the creation of infrastructure that will help people from getting abused.
“The overall figures mean there are infrastructure that we need to build to help prevent people from getting abused.”