Cyber bank robbers stick up Ethereum owners for $225 million

FILE  Fans cool racks of bitcoin-mining machines at a server farm in Guizhou, China, June 23, 2016. The value of Ether, the digital money that lives on an upstart network known as Ethereum, has risen an eye-popping 4,500 percent since the beginning of 2017, and may soon surpass bitcoin, its inspiration. (Gilles Sabrie/The New York Times) less FILE  Fans cool racks of bitcoin-mining machines at a server farm in Guizhou, China, June 23, 2016. The value of Ether, the digital money that lives on an upstart network known as Ethereum, has risen an ... more Photo: GILLES SABRIE, NYT Photo: GILLES SABRIE, NYT Image 1 of / 1 Caption Close Cyber bank robbers stick up Ethereum owners for $225 million 1 / 1 Back to Gallery

Here’s another reason to be leery of the initial coin offerings being done at a staggering pace in the cryptocurrency world: There’s a 1-in-10 chance you’ll end up a victim of theft.

Phishing scams have helped push up criminal losses to about $225 million this year, according to Chainalysis, a New York firm that analyzes transactions and provides anti-money-laundering software. In such scams, investors are tricked into sending money to Internet addresses pretending to be funding sites for digital token offerings related to the Ethereum blockchain technology.

More than 30,000 people have fallen prey to Ethereum-related cybercrime, losing an average of $7,500 each, with initial coin offerings amassing about $1.6 billion in proceeds this year, Chainalysis estimates.

“It’s a huge amount of money to generate in such a short period of time,” said Jonathan Levin, co-founder of Chainalysis, whose software and database are used by some of the largest bitcoin companies and U.S. law enforcement agencies. “The cryptocurrency phishers are doing pretty good against all the other types of criminals that are out there.”

Indeed, the huge amount of wealth that has fallen prey to cybercriminals is approaching the losses incurred by robberies in the U.S. for the entire year of 2015, which stood at $390 million, according to statistics released by the FBI.

MBA BY THE BAY: See how an MBA could change your life with SFGATE's interactive directory of Bay Area programs.

The offerings are digital token sales typically that raise ether, with users transferring the funds to addresses provided by startups. Investors, sometimes eager to get early access to new token offerings have been tricked into providing their credentials to fake websites through targeted email campaigns, Twitter posts and Slack messages, said Levin.

Ether rose 0.3 percent to $324.92 on Thursday, according to data from coindesk, while bitcoin rose 0.4 percent to $4,151.47.

Most attacks involve creating websites or social media accounts that sound similar to the real ICO project. Levin gave the fictional example of a project named “illuminate,” which an impostor might fake by spelling it as “iIIuminate.” Using the fake account, they would solicit potential investors to send money to the criminal’s address.

His firm compiled the data by identifying digital wallets used by scam artists. That information is usually public because criminals widely circulate it, hoping to fool investors into sending them money.

Other common forms of crime involve tapping into project loopholes. The decentralized autonomous organization is a smart contract project built on top of Ethereum that was intended to democratize how Ethereum projects are funded. A bug in the system was exploited and that led to the theft of $55 million worth of ether at the time.

Levin didn’t provide data for bitcoin-related cybercrime, and not because it is any safer. He said such data is harder to track as scams are usually specific attacks on individual holders, rather than initial-offering-related campaigns that try to dupe many people at once.

“The overall figures mean there are infrastructure that we need to build to help prevent people from getting abused,” said Levin.

Lulu Yilun Chen and Yuji Nakamura are Bloomberg writers. Email: ychen447@bloomberg.net, ynakamura56@bloomberg.net