2019 was another banner year for crypto fraud that will continue to adversely impact prices of Bitcoin and Ethereum going forward as Ponzi scheme PlusToken unwinds. Although some of its perpetrators have already been jailed in China, active wallets suggest that the entire crime ring hasn’t been arrested.
Moreover, the flow of funds demonstrates the sophistication of the scheme and the associated individuals who were not yet nabbed. Meanwhile, 2020 is picking up where its predecessor left off, with the $2.5 million MoonPay exploit of IOTA’s wallet showing that crypto fraud remains endemic.
MoonPay Found to Have Incubated the Latest Crypto Scam
The dollar value of the Trinity scam, which saw MoonPay’s content delivery network exploited to serve up malicious SDKs to IOTA wallet users, is a fraction that of PlusToken. However, the MoonPay attack, which saw a vulnerability in the firm’s fiat-crypto on-ramp exploited, is more insidious due to its sophistication. The hack, derived from a vulnerability that lay unpatched for three months, has sent shockwaves not only through the IOTA community but through that of all the crypto projects that have integrated MoonPay’s technology.
8.55 Ti in IOTA tokens, worth around $2.5 million, were stolen by the attacker, with an investigation by the IOTA Foundation finding that the fault lay in “illicit versions of Moonpay’s software development kit (SDK), which was being loaded automatically from Moonpay’s servers (their content delivery network) when a user opened Trinity. The code was loaded into the local Trinity instance, and, after the user’s wallet was unlocked, decrypted the user’s seed and sent the seed and password to a server controlled by the attacker.”
MoonPay claims to have “retained top cybersecurity experts to assist in our discovery process,” into the exploit, tweeting:
“Once our investigation is complete, we will take further action as per GDPR and other regulatory requirements. A complete report with our learnings to follow.”
Damningly, however, MoonPay is believed to have known about the issue affecting the IOTA Trinity wallet for over a week without acting to address it. As the post-mortem into the MoonPay attack ramps up, the PlusToken scam is winding down – but not before potentially more market damaging dumps.
On Alert for The Big Dump
According to research conducted by Chainalysis, the PlusToken Ponzi scheme managed to unknowingly defraud investors and individuals of as much as $2 billion worth of Bitcoin, Ethereum, USD Tether, and OmiseGo. China has already extradited six of the known perpetrators from Vanuatu, but wallets attributed to the scheme have been gradually cashing out, with nearly $200 million reportedly liquidated.
A significant portion of the stolen funds has already been laundered using a basket of different fraud strategies to obfuscate movements and exchange crypto funds for clean fiat. Among the strategies deployed were “peel chains.”
This is a process whereby a user with a large number of coins in a single wallet address sends coins to new addresses, liquidating a small amount of the total along the way (peeling) before sending the remaining funds along to the next wallet address and repeating the action.
Over time, as the original amount is moved to new wallet addresses, declining by the amount “peeled” away, the funds are eventually reaggregated before the process is repeated. However, this technique has declined in popularity given the growing ability to map the flow of funds along with rising transaction costs (especially in Bitcoin).
Mixers, like Wasabi Wallet, attempt to shuffle coins to add a degree of anonymity to transactions. This is accomplished by joining multiple payments from multiple users together simultaneously and attempting to break the connection between a transaction input and output. The goal of such an activity is ultimately to preserve coin-holder privacy.
However, in the case of PlusToken, a key element of the “cash-out” strategy hinges upon the absence of stringent KYC protocols at OTC brokers. OTC brokers simply match buyers and sellers, normally for bulk orders that are privately negotiated. In the case of PlusToken, OTC brokers operating on the Huobi platform who do not uphold stringent KYC requirements were the preferred vehicle. Accordingly, OTC brokers have become the first port of call for eager criminals and fraudsters seeking to cash out in off-exchange transactions.
Fighting Back With More Stringent KYC
For cryptocurrency investors and enthusiasts, the possibility of the remaining PlusToken coins being dumped in markets via such off-ramps presents a serious downside risk for token prices. Likewise with the $2 million in IOTA tokens that the attacker has yet to market sell due to the paused coordinator that’s prevented all network transactions. Yet, there are ways that exchanges can improve faith and confidence in their fraud prevention efforts while fighting back against these actors intent on cashing out and crashing the market.
Counterfeiting and currency fraud have been around almost as long as the currency itself. In its earliest forms, individuals would attempt “clipping,” or shaving the edge of coins minted from metals to be reshaped into replicas later. Another popular method was plating coins of lower quality and cheaper metals with higher quality metals as a cunning disguise.
As fraud has grown more sophisticated in the digital age, fiat on and off-ramps for cryptocurrency have had to become vigilant to prevent financial crimes from being perpetrated. Installing additional checkpoints, and better KYC is one attentive way to thwart these activities and help protect crypto users.
Although it is possible to trace stolen funds, as highlighted in the Chainalysis PlusToken investigation, that does not mean that hackers and fraudsters are always caught. Money laundering can take many shapes and forms, and shadowy elements operating within the crypto industry are complicit in abetting these crimes, despite the stringent measures in place.
Exchanges intent on operating lawfully, to avoid becoming a dumping ground for ill-gotten gains, have tools at their disposal to fight back against fraudsters. The implementation of KYC checkpoints makes it easier to spot fraud before it exposes exchanges to regulatory risks.
Fighting Back Against the Fraudsters
Cryptocurrency is built on complex architecture. The number of moving parts within the technology stack means there will always be a potential for fraud perpetrated by malicious actors. Just as fiat currency can be stolen, counterfeited and schemed away from unwitting users, so too can nefarious hackers gain access to systems to defraud exchanges and investors.
There are many measures that exchanges are taking to fight back, including enhanced cold storage, better disclosure, and fortifying KYC checkpoints. Wallet providers and other industry stalwarts should choose their payment partners wisely, focusing on reputable companies that will support their attempts to thwart crypto criminals. A joined-up approach is required, with crypto companies, including exchanges and payment gateways, working closely to identify and combat fraud.
Share this post
Regulation and Society adoption
