The new gold rush: A look inside cryptocurrency fraud

Cybercriminals are flooding to the new world of cryptocurrencies looking to exploit the boom in interest and adoption of these electronic currencies, according to Digital Shadows. This new gold rush is creating a new frontier for professional cybercriminals moving away from less profitable techniques and exploits to make money on the back of the huge interest in these digital currencies.

With over 1,400 cryptocurrencies in circulation, and new alternative coins – “altcoins” – emerging every week, cybercriminals have developed several schemes to defraud those looking to profit from the growth in cryptocurrencies. The most common methods include crypto jacking, account takeovers, mining fraud and scams against initial coin offerings (ICOs).

“Cybercrminals follow the money and right now they see in the unregulated and largely unsecure world of digital currencies a huge opportunity to target people, businesses and exchanges and make money quickly and easily,” said Rick Holland, VP Strategy, Digital Shadows. “In many ways its like the gold rush of the 1840s as people flood to the opportunity cryptocurrencies present and are preyed on by criminals and the unscrupulous.”

“This is a rapidly changing space and we see new scams crop up daily. While the future of cryptocurrencies remains somewhat uncertain, what we can be sure of is that cybercriminals will continue to find new ways of making money as long as there are enough suitable targets and the profits to be made justify their time and effort. Those that buy and trade crypto currencies should be aware it is the ‘wild west’ and be on your guard at all stages of the transaction cycle,” Holland added.

Botnets that use your computers to mine crypto currencies

There are two main ways that threat actors are currently fraudulently mining cryptocurrencies: botnets and crypto jacking. Botnets were first used to mine Bitcoin in 2014 but the complexity of doing so made it financially unviable however it is now making a comeback as newer cryptocurrency like Monero are easier to ‘mine’. As such Digital Shadows has observed botnets available to rent for $40, one such offering has ‘flown off the shelves’ with almost 2,000 rentals so far.

One new tool is a new mining software called “Crypto Jacker”, which combines Coinhive, Authedmine and Crypto-Loot into a WordPress plugin (cj-plugin), with added SEO functionality. Available since November 2017 for just $29, the software allows users to clone popular websites that can then be sent out in spam campaigns. According to the Crypto Jacker site, the software “provides a way to earn crypto currency from people who visit your links, even when you’re sharing other websites that you don’t own. We even cloak your website links for your (sic.) so they look like the original shares on social media.”

Targeting crypto currency exchange accounts

When people seek to convert crypto currency into hard cash they head to the crypto currency exchange. However, criminals are seeking to breach these accounts and are selling access them online. On just one popular criminal forum, Digital Shadows has identified over 100 user accounts being offered as recently as January 2018. Individual account details are exposed through phishing and credential stuffing. Credential stuffing works by automatically injecting compromised username and password pairs into login portals to fraudulently gain access to user accounts. Researchers detected multiple users sharing files that targeted cryptocurrency sites.

Fake Initial coin offerings (ICOs) and fake crypto currency exchanges

There are many instances of individuals creating entirely fictitious cryptocurrencies and performing exit scams. In the words of one cybercriminal “you can create a scam site…people will invest with the motivation for growth of this crypto currency.” However just as popular are fake currency exchanges. One freelance job site shows several individuals seeking assistance in cloning specific exchange sites and creating new cryptocurrencies.

Artificially inflating prices of crypto currencies then ‘dumping’ the stock

Just as traders can illegally inflate prices of stock in the real world – via so-called ‘pump and dump’ scams, so do groups of cybercriminals. Pump and dump groups exist to inflate the price of smaller, less well-known currencies to cash in on the increase in value. Criminals then cash out before the value plummets. While, ‘pump and dump’ campaigns are not a new phenomenon, there are more and more groups that are now involved in this type of activity. In January 2018 – Digital Shadows observed over 20 channels on Discord.