Bitcoin Ponzi scams rake in the millions – all without much effort.

This can be self-explanatory for those who are dealing with social media forums where the subject is discussed, but for researchers, it is also fertile ground for new discoveries . For them, someone who is asking for money and who promises 100x returns is not just a nuisance, it is an opportunity to study.

Indeed, the Financial Crypto 2018 conference in Curaçao last week explored in depth the many ways in which these scams spread and why some have been so much more successful than others.

Marie Vasek, an assistant professor at the University of New Mexico, scoured nearly 2,000 scams, revealing research that foreshadowed variety in search of crypto earnings. Some, she said, lasted a long time until the hoax was discovered, others came and went overnight, all with little interest.

Looking at the scams and how long each has lasted – what they have called the "time of death" of the scam – Vasek has shed light on what works best for crooks, by launching usually their scams on popular and famous bitcoin forums such as Bitcoin. Speak.

The essential? The most enduring scams are those where fraudsters interact the most with the community and have a thriving community of commentators.

Vasek told the participants:

"Small nuclei of about five people doing very well what you see in our other diary, one will die and another will appear."

Attracting victims, such as flies, is as easy as acting as if the scam had a lot of attention, she said. To this end, about 30 percent of scam threads have messages of shills, or those that crooks pay to post positive things about the scam, according to Vasek's analysis.

But there is no lack of strange ways that users can lose money in the Wild West cryptocurrency. As such, Curaçao's computer scientists have also examined some of the ways from abroad.

Death or not?

Another report by the IC3 research group explored how death can cause problems for users trying to secure their cryptocurrency.

For example, researchers have highlighted multi-signature portfolios, a variant of the tool that aims to add security by giving multiple users the ability to sign and spend funds. That way, if a private key is compromised by an attacker or otherwise, they can not do anything.

But these protections are a double-edged sword. If a participant in a 2-of-2 multi-signature facility dies or disappears, the funds will be unusable and lost forever.

The easiest way to alleviate the problem would be to introduce an entity that is supposed to declare whether Bob dies or not, argued Cornell University computer scientist, Fan Zhang. But with crypto-currencies, the idea is to prevent a single point of failure, like the one that accidentally declares Bob dead, when he's not really.

"Of course, we do not want to trust anyone, so how can we achieve this without a trusted third party?" And how to prove that Bob was hit by the bus or that a key is permanently unusable? " Zhang said:

This is the question of the group of IC3 researchers in the work that they call "proofs of paralysis", which aims to "prove" that a person involved in multi-signature configuration does not can no longer participate, that one of them is dead or simply lost private key.

There are many ways to do it. With ethereum it's simple. But with Bitcoin, Zhang suggested that the easiest way to prove that a user can not participate in a multi-signature transaction would be to embed trusted hardware, located on some computers, into the mix .

In short, trusted material sends "life signals" to a participant who is suspected of losing their key or who may be dead. If the participant does not respond to the signal in a timely manner, his / her key is no longer needed to spend the funds.

Everything seems fine, but a member of the public has reported a possible fault. "You could get money by killing Bob," he said. This is not as worrying as you might think since security experts often think of this kind of attack scenario.

Fen, an IC3 researcher, was in agreement, saying, "If you can kill Bob, all the bets are off." Killing Bob is a different story. "

Whether it is a true vulnerability or not, the problem they are trying to solve is indeed currently in the minds of researchers. Thus, there are other proposed solutions, such as adding a timelock to a multi-signature transaction so that it can be spent after it has been unused for a period of time. a while

"hostile takeover"

Another researcher, Joseph Bonneau of New York University, examined how much it would cost to run perhaps the most infamous blockchain attacks, a "51% attack", where an entity controls a much of the mining capacity. to bend (or break) the rules of the system.

The main answer from cryptocurrency advocates is that it would not be in the interest of the attacker because attacking the network requires you to spend millions or billions to buy from it. mining equipment. And, once they do all that, they will not be able to make as much money out of it.

But, in a new research, Bonneau explores how good it would be to launch such an attack, for someone who does not expect profit.

"If there is a villain like [character Auric] Goldfinger in James Bond movies without intrinsic motivation, how much would a blockchain be expensive to kill?" he asked.

Bonneau explains that there are different ways to buy the power needed to disrupt the network, ranging from blockchain to blockchain

.

It started with the easiest to execute. Rather than buying thousands of mining computers and wiring them, a lazy attacker can launch a "rent attack" by buying electricity online using a cloud platform such as 39; Amazon Web Services by clicking a few buttons.

Since it is possible to rent GPUs, the underlying power of ethereum, but not ASIC, the hardware that secures bitcoin, is an attack that affects ethereum, but not bitcoin. "It would take about two million dollars at the time to attack the Ethereum," said Mr. Bonneau

.

In the meantime, if a malicious attacker were to instead launch what Bonneau calls a "build" attack, it is there that a malicious attacker actually buys enough of the physical hardware of exploitation mining to control the network.

As you may have understood, buying equipment is more expensive than renting it temporarily. Bonneau estimates that it would take about $ 1.5 billion from the hour to execute such an attack against bitcoin or ethereum.

That said, Bonneau argues that his analysis of the back of the briefcase is not quite accurate. "People have been chatting with me on Twitter, but I would say that the exact number does not matter, the order of magnitude does," Bonneau said, adding that he remains "a lot to model" and "we need a more detailed analysis". "

Bonneau hinted, however, that with the estimates that he has made for the moment, these attacks could be too cheap and easy. "Is it enough for a $ 80 billion system?" he asked in an open question to the audience.

If more and more people are starting to use this form of money online, this vector of attack could grow in the minds of people, he concludes by concluding the presentation with a prediction:

"I think there will be more fear that this will happen in the future."

CoinDesk image of the Financial Cryptocurrency 2018 conference

Leader in blockchain news, CoinDesk is a media that strives to achieve the highest journalistic standards and adheres to a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

