The warning blared like a siren, a massive attack targeting users on the Binance cryptocurrency exchange.
“There is a massive phishing scam via SMS targeting,” Binance alerted. “It leads to a phishing website to harvest your credentials… NEVER click on links from SMS!”
The scam, which entices users to cancel withdrawals via an SMS (short message service) text message and then directs them to a malicious website, is not a one-off event but part of a growing wave of crypto crime. The attacks are coming as the cryptocurrency market suffers a severe selloff, and scammers are taking advantage of less-savvy consumers during the panic.
In that way, cryptocurrency crime is becoming just like any other type of payments crime, according to Binance.
“They target innocent users, or the elderly, or the general public as a whole,” said Tigran Gambaryan, vice president of global intelligence and investigations for Binance, one of the world’s largest cryptocurrency exchanges. “User education is really the key.”
Gambaryan was previously a special agent at the Internal Revenue Service’s cyber crimes unit, where he focused on identity theft, terrorism financing and Bank Secrety Act Violations. He also investigated several high-profile cryptocurrency cases, including the Mt. Gox hack.
Cryptocurrency hackers stole more than $ 1.2 billion during the first quarter of 2022, according to Yahoo Finance, citing data from Unify, a cryptocurrency security company. That’s nearly 800% higher than the first quarter of 2021, when the losses from hacks totaled $ 154 million. And 2021 was a bumper year for cryptocurrency fraud overall, counting hacks, thefts, rerouted payments and other financial crimes.
Illicit cryptocurrency addresses received more than $ 14 billion in 2021, up from $ 7.8 billion in 2020, according to Chainanalysis – though Chainalaysis points out that 79% growth in fraudulent cryptocurrency transactions is blunted by the growth on overall transactions. There were nearly $ 16 trillion in cryptocurrency transactions in 2021, up more than 560% from 2020.
Cryptocurrency payments can be shielded from market volatility by using stablecoins, which tie their valuation to traditional currency, though the recent crash of the Terra stablecoin demonstrates that this system isn’t foolproof. But even when stablecoins succeed at controlling volatility, they don’t shield merchants or consumers from payment fraud, Binance’s executives argue.
“The security issue doesn’t matter what the market is doing,” said Matt Price, who works on security at Binance. Before joining Binance in September 2021, Price was also a special agent with the IRS Criminal Investigation Cyber Crime Unit, where he led investigations into crimes designed to use cryptocurrency for illicit purposes.
Binance processed $ 7.7 billion in crypto exchange volume in 2021, and its Binance Coin is the most valuable coin by market capitalization behind Bitcoin, Ethereum, USD Tether and Cardano. The Binance Pay app supports more than 40 cryptocurrencies.
Gambaryna also joined Binance in 2021 as the crypto exchange bolstered audit and investigations capabilities.
Cryptocurrency fraud risk stems from digital asset transactions relying on digital wallets that have code problems or other weaknesses, according to Forrester Research. These flaws create openings for credential theft, keyloggers and other modes of attack. Attackers used phishing to steal Bitcoin from the Electrum wallet network, for example, while MyEtherWallet users were also victimized, the research firm said.
The emerging security risks to cryptocurrency transactionsinclude poor blockchain implementation and external hacks the are contributing to “rampant” fraud in crypto payments, according to Andras Cser, a vice president and principal analyst at Forrester, adding the regulatory ambiguity of cryptocurrency also contributes to heightened fraud risk as the use of digital assets expand.
“Anti-money-laundering and compliance is extremely [early stage] with crypto payments and there’s no governance for crypto payments, “Cser said.
Binance partners with third parties such as Chainanalysis to analyze transaction data on blockchains to spot potential fraud through activities on its platform.
That’s led to warnings such as the massive phishing SMS scam, as well as alerts on criminal activity around new cryptocurrency-adjacent innovations such as nonfungible tokens. Non-Fungible Tokens or NFTs, which are a digital representation of art or other content, are expanding in popularity among payment companies for use as rewards currency or for fundraising.
Binance’s research has flagged potential NFT fraud such as fake marketplaces, phony technology support, counterfeit NFTs or “rug pull” scams, in which a group of people release a collection of NFTs that are tied to a larger event that never takes place, allowing the crooks to keep the initial funds.
“We spend a large portion of each day meeting with blockchain analytics companies and law enforcement, and when an attack does touch Binance, we’re able to freeze accounts and hopefully aid in getting the folks involved arrested,” Price said.
The expanding threat of cryptocurrency scams and transaction fraud is equal to or perhaps greater than the risk of market volatility, according to Gambaryna. “I’ve been through at least five of these downturns, where people said crypto is dead. Crypto is here, the Pandora’s box has been opened.”
As the market recovers and grows following each downturn, more targets for fraud emerge, similar to other advancements in payments that draw new adoption and more attention from scammers, Price said.
“When I started at the IRS in 2009, the big thing was scams tied to prepaid debit cards,” Price said of attacks that use stolen or compromised credentials to misdirect funds. “But as crypto is widely adopted, we’re seeing these types of scams also moving to crypto.”