journalfront

Cryptocurrency

"Cryptocurrency Scammers Leveraging Typos in Digital Wallets"

2024-11-27

Cybersecurity researchers at Stony Brook University have made a significant discovery regarding a new cryptocurrency scam. This scam, known as "typosquatting," takes advantage of human error to siphon funds from unsuspecting users' digital wallets. In a detailed paper posted to the arXiv preprint server, the researchers explain how scammers set up deceptive Blockchain Naming System (BNS) domain names to divert cryptocurrency payments into their own wallets. Although the paper is still under peer review, its findings highlight the critical need for vigilance in the rapidly expanding digital currency space.

Uncover the Hidden Dangers of Cryptocurrency Typosquatting

Understanding the Backbone of Cryptocurrencies

Most cryptocurrencies rely on blockchain, a decentralized digital ledger technology. It securely records transactions across a network of computers without the need for a central authority. Cryptographic methods ensure transparency, security, and immutability. Each transaction is grouped into a block and linked to the previous one, forming a chain. Blockchain is the foundation of cryptocurrencies like Bitcoin and Ethereum, and its applications extend to various fields such as supply chain management, healthcare, and finance.Blockchain Name Service (BNS) simplifies interactions on blockchain networks by replacing complex wallet addresses with human-readable names. Just like the Domain Name System (DNS) translates web addresses into IP addresses, BNS maps user-friendly names to blockchain wallet addresses or other decentralized resources. This innovation enhances the accessibility and usability of blockchain technology, making it easier for users to engage with cryptocurrencies and decentralized applications.Cryptocurrency is a digital currency stored in crypto wallets and managed on secure online platforms. It uses word-based addresses instead of complex alphanumeric wallet codes. Platforms like Coinbase rely on these user-friendly addresses to simplify transactions. However, this convenience also presents a vulnerability. If a user misspells a recipient's word-based address and the misspelling corresponds to a scammer-created domain, the funds are redirected to the scammer's wallet."Unsuspecting users may inadvertently mistype or misinterpret the intended name, leading to an irreversible transfer of funds to an attacker's address instead of the intended recipient," the researchers state in their paper.

The Prevalence of Cryptocurrency Scams

As the adoption of digital currencies grows, cryptocurrency scams have become more common. According to recent reports, billions of dollars are lost each year to fraudulent schemes targeting cryptocurrency users. The decentralized and pseudonymous nature of blockchain technology, which provides strong security for legitimate transactions, also attracts bad actors who exploit vulnerabilities.Common scams include phishing attacks, Ponzi schemes, fake investment platforms, and wallet-related fraud such as typosquatting. The rapid evolution of the cryptocurrency market, combined with limited regulatory oversight in many regions, has enabled scammers to develop new techniques to deceive users. This emphasizes the importance of increased vigilance and education among crypto investors.

The Devil in the Typos of Your Digital Wallet

To understand the prevalence of typosquatting, the Stony Brook researchers conducted a comprehensive analysis of over 5 million BNS domain names."To assess the prevalence of typosquatting within BNSs, we examined three different services (Ethereum Name Service, Unstoppable Domains, and ADAHandles) across three blockchains (Ethereum, Polygon, and Cardano). We collected a total of 4.9 million BNS names and 200 million transactions, which is the largest dataset for BNSs to date," the team wrote in their paper.They identified approximately 25,000 squatting domains targeting around 37% of legitimate names. These scams often target well-known figures in the cryptocurrency community, such as Ethereum co-founder Vitalik Buterin, whose name is frequently misspelled.One concerning scenario detailed in the study involves charitable donations. In these cases, both the donor and the intended recipient may be unaware that a scammer has intercepted the funds, as the transaction appears legitimate on the surface.To combat this type of fraud, the researchers stress the importance of double-checking addresses before sending cryptocurrency. While the decentralized nature of cryptocurrency offers excellent security for legitimate transactions, it also means that errors cannot be corrected once a payment is sent to the wrong wallet.The findings clearly demonstrate the need for enhanced user awareness and caution as cryptocurrency adoption continues to increase.Kenna Hughes-Castleberry is the Science Communicator at JILA (a world-leading physics research institute) and a science writer at The Debrief. Follow and connect with her on BlueSky or contact her via email at kenna@thedebrief.org.

The U.S. Treasury Department's actions in sanctioning cryptocurrency mixer Tornado Cash in 2022 have sparked significant legal and technological debates. This case not only involves questions of regulatory authority but also touches on the complex issues surrounding cryptocurrency and privacy.

Unraveling the Treasury's Sanctions on Tornado Cash

Background and Legal Context

In 2022, the U.S. Treasury Department took a controversial step by imposing sanctions on cryptocurrency mixer Tornado Cash. This move was based on accusations that it was facilitating the laundering of over $7 billion for North Korean hackers and other malicious cyber actors. A three-judge panel of the New Orleans-based 5th U.S. Circuit Court of Appeals sided with six users of Tornado Cash who had filed a lawsuit challenging these sanctions. Cryptocurrency mixers are anonymized software tools that enable users to conceal the source or owner of digital assets. The sanctions were imposed under the International Emergency Economic Powers Act by the Treasury Department's Office of Foreign Assets Control. OFAC blacklisted Tornado Cash after concluding it was involved in laundering the proceeds of cyber crimes, including more than $455 million stolen by the Lazarus Group, a North Korean government-backed hacking group.This case raises important questions about the balance between national security and technological innovation. The design of self-executing smart contracts in Tornado Cash provides increased anonymity by collecting, pooling, and shuffling cryptocurrencies. Judge Don Willett, a conservative appointee of Republican President-elect Donald Trump during his first term, argued that federal law only gave OFAC the authority to regulate property, and Tornado Cash's immutable crypto-mixing smart contracts did not constitute property. He acknowledged the real-world downsides of certain uncontrollable technology falling outside OFAC's sanctioning authority but emphasized that it was up to Congress to update the 1977 law for the internet age, not the court.

Implications for the Cryptocurrency Industry

The ruling in this case has significant implications for the cryptocurrency industry. Paul Grewal, the chief legal officer of Coinbase, hailed the ruling as "a historic win for crypto and all who care about defending liberty." Coinbase had argued that OFAC's decision to sanction an entire technology could stifle innovation and undermine privacy. The case has highlighted the need for a more nuanced approach to regulating cryptocurrency while also protecting national security interests. It remains to be seen how this ruling will impact the future of cryptocurrency regulation and the development of anonymized software tools in the digital asset space.In May, one of Tornado Cash's developers, Alexey Pertsev, was sentenced to five years and four months in prison in the Netherlands for money laundering. Two Tornado Cash founders, Roman Semenov and Roman Storm, were separately charged last year with money laundering and sanctions violations by federal prosecutors in New York. These prosecutions further demonstrate the seriousness of the issues at stake and the ongoing efforts to combat cryptocurrency-related crimes.Overall, the U.S. Treasury Department's sanctions on Tornado Cash have ignited a firestorm of legal and technological discussions. The outcome of this case will likely shape the future of cryptocurrency regulation and have a lasting impact on the cryptocurrency industry.

In Cleveland, Ohio, an elderly Elyria resident faced a harrowing ordeal when he fell victim to a cryptocurrency scam that cost him a staggering $400,000. Federal prosecutors have revealed that conmen utilized the crypto giant Tether to launder the ill-gotten gains. This tragic incident not only wiped out the man's life savings but also left him and his wife relying on Social Security and family assistance.

Unraveling the Cryptocurrency Scam's Devastating Impact

How the Scam Unfolded

Investigators traced the $408,000 in stolen cryptocurrency back to accounts that contained an additional $539,000 worth of stolen or laundered cryptocurrency. Prosecutors then sought to have the entire $947,000 worth of cryptocurrency forfeited to the government. The discovery came as the FBI in Cleveland was actively investigating cryptocurrency scams in Northeast Ohio and across the nation. These scams typically occur through various means such as phone calls, text messages, or messages sent via social media and dating apps.In the case of the Elyria man, he received an alert on his Macbook screen in October 2023, indicating that his laptop was compromised. He was directed to call a specific phone number, where he spoke with two men who posed as Apple employees. The scammers managed to convince the man that someone had stolen over $80,000 from him, likely from Russia or China. In a desperate attempt to secure his remaining funds, the man gave the scammer full remote access to his computer.The scammers then wired money from the man's bank to a virtual currency account and proceeded to transfer it to other cryptocurrency wallets. Tether froze the wallets until authorities could obtain a judge's approval to seize the currency. This incident is not an isolated one; in October, prosecutors had already filed a similar civil forfeiture case seeking to have $200,000 in cryptocurrency forfeited that was stolen from an Ashtabula man.Adam Ferrise, who covers federal courts at cleveland.com and The Plain Dealer, has been closely following these cases and bringing the details to light. His work sheds light on the growing problem of cryptocurrency scams and the need for increased awareness and protection.

The Consequences for the Victim

The loss of $400,000 in cryptocurrency has had a profound impact on the Elyria man and his wife. They are now forced to make ends meet with Social Security and the help of their family. This case serves as a stark reminder of the dangers and risks associated with cryptocurrency, especially when it falls into the hands of scammers. It highlights the importance of being vigilant and cautious when dealing with online transactions and financial matters.The cryptocurrency industry has been growing rapidly, but it has also attracted its fair share of fraudsters and criminals. These scams not only cause financial losses but also erode trust in the digital currency space. As the FBI continues to investigate and take action against cryptocurrency scams, it is crucial for individuals to educate themselves about the risks and take steps to protect their assets.In conclusion, the cryptocurrency scam that targeted the Elyria man is a cautionary tale that underscores the need for increased awareness and regulatory measures in the cryptocurrency space. By staying informed and taking proactive measures, individuals can better protect themselves from falling victim to these scams and safeguard their hard-earned money.