Cryptocurrency Account Security – Fin Tech – United States – Mondaq

Crypto-hacking and theft have been front and center in the news.
Separate from the failures and alleged fraud of CeFi
crypto-exchanges, estimates suggest that $3.8 billion worth of cryptocurrencies have
been stolen in the past year. It’s become vital to understand
how to proceed when these situations arise.

Crowell & Moring has been working with clients to address
such situations and has been involved in the tracking and tracing
of over 30M USD of stolen cryptocurrency funds. Working with
domestic and foreign law enforcement, we have investigated remote
access fraud, Ponzi schemes, and numerous pig butchering scams. Many of these frauds are
cautionary tales that can ensnare highly sophisticated
organizations and persons.

As an example, last year a client, an institutional investment
firm, was moving over 200 Bitcoin (“BTC”) to one of the
largest cryptocurrency exchanges (the “Crypto Exchange”).
The transfer went through. But when the client attempted to login
to its Crypto Exchange account, it received a message noting that
there was unusual activity, and that the account was frozen until
additional KYC diligence could be performed.

The client called the telephone number provided in the message
and explained to the Crypto Exchange personnel that the activity
they viewed as unusual – movement of over 200 BTC – was
in fact legitimate. The Crypto Exchange explained to the client
that, as an institutional investor, he should be using a
“premium” account instead of a personal account, and that
a premium account could save him a great deal of transfer fees. The
Crypto Exchange personnel set up the premium account with the
client on the telephone and placed the over 200 BTC into that
account. An hour or so later when our client logged into his Crypto
Exchange account, he was dismayed to find that all of the BTC he
transferred was gone.

It turns out, the client was never on the phone with the Crypto
Exchange.

Our forensic analysis indicated that scammers registered a bogus
domain name, created a bogus Crypto Exchange subdomain on that
domain, and likely paid for premium search engine placement for the
terms ‘the Crypto Exchange login’ to direct visitors to
their fraudulent website. Any person who landed on that site would
have received the unusual activity notification with the request to
contact the Crypto Exchange.

Here are the takeaways:

First, when logging into an exchange, users should
bookmark the login page in their browser or directly navigate to a
domain name. Using search engines to find any crypto exchange login
page could land you on a fraudulent site.

Second, if you receive a KYC or unusual activity
notification with a request to call an exchange, become immediately
skeptical. If you ever need to call any crypto exchange or service
provider, use only the phone numbers on their main website. In
addition, think about how much time you usually spend on hold
calling any financial institution: a dead giveaway that you may
have reached a fraudster is the fact that they answer the phone
immediately, ready to help.

Third, because of the layered security that many
exchanges have in place that require multifactor authentication,
fraudsters will often suggest that, for support purposes, you
navigate to a remote access link, such as GoToAssist or LogMeIn.
Those services will allow the fraudster direct access to your
device, bypassing the security measures exchanges put in place.
Legitimate technical support for crypto exchanges will never
require you to download files or navigate to websites that enable
remote access to your devices.

The volume and velocity of attacks and scams targeting
cryptocurrency holders is not going to subside any time soon. Based
on data we are tracking, malicious activity of this sort is on the
rise and becoming more and more sophisticated, and, as with pig
butchering, the fraudsters have highly sophisticated and layered
schemes in place that may not be evident until a victim has lost a
great deal of funds.

If you or your firm are the victim of a theft, time is of
essence, and we suggest you immediately engage specialized counsel
to assist. In subsequent posts, we will be addressing additional
wallet security measures, for both hot and cold wallets.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.