Financial pyramids

Breach and hack

Bitcoin transaction malleability

MiT attacks (man-in-the-middle)

Cryptojacking

Physical theft

The anatomy of theft has gone through a game-changing evolution with the emergence of cryptocurrencies. Cybercriminals can steal funds without leaving their basement and rest assured their identity is reliably hidden behind the anonymity of the Internet. Things are completely different with physical theft. Here’s a brief story of the biggest bank heist in history, just to illustrate the scope of the difference. It was pulled off in 2005. A group of burglars rented commercial property in the center of Fortaleza, Brazil, posing as a company producing artificial turf. They spent three months digging a 200-meter tunnel underneath a couple of city blocks to get to the Banco Central building. Then, the felons drilled their way into the vault through 1-meter-thick concrete, running off with about $65 million worth of Brazilian real notes that weighed over 3 tons. Obviously, it takes enormous effort and a sizeable group of people with special skills to perpetrate this type of heist. It is also an extremely slippery slope because robbers run the risk of leaving DNA traces behind, being betrayed or even murdered by accomplices. The present-day thieves operating in the online realm do not have to worry about digging tunnels, transporting stolen stuff, or leaving a trail of breadcrumbs for the law enforcement. Cybercriminals have plenty of tools up their sleeve to obfuscate their identity and location and get away with high-profile felonies as long as they are prudent enough. The following techniques, for instance, allow threat actors to steal huge amounts of cryptocurrency without being busted.The objective of financial pyramids and ponzi schemes is to lure as many investors as possible and generate returns for older contributors at the expense of new ones. This fraud applies to the cryptocurrency domain as well. A virtual hedge fund called Bitcoin Savings & Trust (BS&T) gained notoriety for being a classic pyramid scam promising a weekly interest rate of 7%. Its founder Trendon Shavers, going under an online alias ‘pirateat40’, was able to raise about 500,000 BTC in 2012, which was worth $5.6 million back then. When this pseudo-fund shut down, though, most backers never returned their invested Bitcoins, nor did they get any interest. Shavers only made some payouts to older investors and misappropriated at least $150,000 for personal use.Nicehash, a popular cryptocurrency mining marketplace, admitted to having lost a whopping $62 million worth of Bitcoin as a result of a well-orchestrated hack pulled off in early December 2017. The felons compromised the service’s website to gain a foothold on the payment system, which allowed them to transfer away the contents of the Bitcoin wallet. The crooks had somehow managed to lay their hands on the login credentials of one of Nicehash employees, which they leveraged as the entry point for the attack. Another prominent case happened back in 2011, when private keys of the Japan-based Mt. Gox exchange’s hot wallet were stolen. The way the threat actors did this was prosaic: they got hold of the wallet.dat file storing the keys. Consequently, they got access to all of the customers’ Bitcoins. Another adverse effect was that the felons were able to reroute funds being deposited to arbitrary addresses from the .dat file. This stealthy theft lasted several years and caused losses amounting to about $450 million.When someone makes a Bitcoin transaction, they digitally sign it to verify that it’s a valid one. This signature includes information about the sender’s Bitcoin address, the recipient’s address, the amount being transferred, and the addresses that previously submitted those funds to the sender. The blockchain takes these details and generates a hash that’s unique to this particular transaction. A flaw in the Bitcoin protocol referred to as “transaction malleability” allows slightly editing the signature to create different hashes for the same transaction. Criminals can take advantage of this loophole by tweaking the ID of an incoming transaction and then claiming that the transfer of Bitcoins has failed. The system’s response would be to resend the funds. This was the case with the Silk Road 2.0 black market hack, where crooks reportedly harnessed the transaction malleability bug to withdraw coins worth more than $36 million.It is definitely fun to watch criminals stealing from other criminals. That’s what happened in the case of the Onion.top Tor proxy service hoax, where its operators used a clever man-in-the-middle technique to pilfer Bitcoins from distributors of various extortion viruses in late January 2018. A Tor proxy allows users to visit Tor network domains via a regular web browser rather than Tor Browser. The above-mentioned Onion.top resource was caught substituting Bitcoin addresses on ransomware payment pages with their own. Consequently, people who fell victim to the GlobeImposter, Sigma and LockeR ransomware strains and decided to cough up ransoms for data decryption ended up paying to the wrong address that was inserted by the Tor proxy service reps. This foul play is worth an Oscar, really.This vector of cybercrime denotes illegal cryptocurrency mining. Cryptojacking is most commonly performed by infecting computers or servers with malware that uses the hosts’ processing power to mine Bitcoins without users’ consent. Coin mining per se is absolutely legal activity. However, threat actors can inject miners into systems via shady techniques, including malvertising, application bundling and the use of Trojans. The only obvious symptom of such an attack is unusually high CPU utilization as the miner is operating in the background.As strange as it may sound, Bitcoin can be stolen at gunpoint. In January 2018, three armed men tried to rob a Bitcoin exchange in Ottawa, Canada. Fortunately, they suffered a fiasco and fled empty-handed after an employee called the police. Another incident took place in New York in November 2017 and was more successful. A robber reportedly kidnapped his ‘friend’ and coerced him to provide the keys to his digital wallet that held $1.8 million worth of cryptocurrency. Obviously, old school robbery and cybercrime can go hand in hand.The ubiquity of cryptocurrencies provides cybercrooks with plenty of ways to pilfer a lot of money fast and stay on the loose. The only challenge they are confronted with is all about converting their illegal gain into fiat money without raising too many red flags. As opposed to real-life bank robbery, this type of theft implies less or no violence at all, which is certainly good news. However, the losses tend to be substantial, so it makes sense adopting countermeasures proactively. Be sure to scrutinize the background and reputation of a Bitcoin exchange or other cryptocurrency-related services provider before trusting it with your funds. Stay on top of industry news. And finally, do not invest more money in cryptocurrencies than you can afford to lose.