Cryptocurrency theft: How to detect step by step a new scam that worries experts

Es un hecho que durante 2021 los delitos en relación a las criptomonedas crecieron. Según un informe de Chainalysis, consultora especializada en el tema, el año pasado se rompió el récord de criptomonedas robadas con un equivalente a 14 mil millones de dólares.

Most of the deceptions or scams to steal cryptocurrencies is given through social engineering or phishing techniques.However, in recent times crimes were detected where criminals distrust intelligent contracts to create false tokens and thus keep user money.

An example of this is observed in the Check Point Research (CPR) report, an intelligence division of threats of Check Point Software Technologies Ltd, where it is detailed what the method that the criminals are using to steal money to cryptocurrency buyers.

"The findings are based on previous CPR investigations on cryptocurrencies. Last October, CPR identified the theft of portfolios in Opensa, the largest NFT market in the world," indicate from the company provider of cybersecurity solutions worldwide.And they add: "In November, the researchers revealed that cybercriminals are using phishing campaigns in search engines to steal half a million dollars in a matter of days."

After giving that context, they go on to detail step by step as is the new system used by cybercriminals to steal money from cryptocurrency buyers.

How to distrust the smart contracts

To create fraudulent tokens: cybercounts distrust the so -called intelligent contracts, programs stored in blockchain that are executed when predetermined conditions are met.Check Point Research describes the steps followed by the attackers to take advantage of this type of contract. They manipulate the functions: with the transfer of money, preventing selling, or increasing the amount of the quota.Most manipulations occur when money is transferred. They create a hype through social networks: opening Twitter/Discord/Telegram channels, without revealing their identity or using the false image of other people, and will start giving bombproject for the public to start buying.

"Withdrawal of money": once the amount of money they want is reached, they will withdraw from all the money from the contract, and will erase all the channels from social networks.

Omit the Timelocks: so it will not be seen that these tokens block a lot of money in the contract reserve, nor that Timelocks add.Timelocks are used above all to delay administrative actions and are generally considered a strong indicator that a project is legitimate.The boom and rage for cryptocurrencies is what triggers the amount of crimes in relation to them.There are more and more billions of dollars that move daily in that digital asset market that still does not have clear regulations in most countries.

In addition, there are more and more companies entering the cryptocurrency sector.For example, PayPal is considering the launch of its own cryptocurrency, Facebook has changed its name to the finish line, and Mastercard has announced that the partners of their network can allow their consumers to buy, sell and maintain them using a digital purse.

On the other hand, Disney wants to build a metaverso, Nike bought an NFT company, Starbucks customers can already use the new Bakkt application to pay in the cafes of the chain with Bitcoin converted.Meanwhile, Microsoft is building its metaverso, Visa has confirmed that a pilot with Crypto.com is being carried out to accept cryptocurrencies to settle transactions in its payment network.Adidas joined the metaverso through NFT and the funds are flowing to this format, so it is not surprising that the attackers aimed at this new payment form.

In that sense, Check Point Research's investigation investigates how cybercounts created tokens to cheat consumers and offers advice on how to identify these scams.

"In our last publication, we show how the Smart Frank fraud works real contracts, and we expose the real fraud of tokens in the market: a) hiding the functions of 100% of the rate and then b) hiding the functions of the backdoorThis publication aims to alert the community of cryptocurrencies that the scammers are, indeed, creating fraudulent tokens to steal funds. To avoid these scams, I recommend that their users diversify their portfolios, ignore the ads and test their transactions, "Oded Vanunu, Chief of Product Vulnerabilities at Check Point Software stands out.

Tips to avoid fraud with cryptocurrencies

Diversify the purses: having a purse is the first step to be able to use bitcoins and, by extension, any other cryptocurrency.These purses are the tool with which users store and manage their bitcoins.One of the keys to keep them safe is to have a minimum of two different cryptocarters.The objective is to be able to use one of them to store purchases and others to trade and exchange.

In this way, they will maintain their most protected assets because the wallets also store each user's passwords.These are a fundamental part when it comes to merchant with cryptocurrencies and have a public key, which is what makes other users send them to their portfolio.If a cybercrime manages to access them through any attack, you will have access to the purse with which you are merchant, but if you have another purse in which the already acquired are stored, the bitcoins will be kept safe.

Ignore ads: Many times, users look for Bitcoin wallet platforms through Google.And it is at that time that they can make one of the biggest mistakes: click on one of Google's ads, which appear first.Cybercounts are usually behind these links, creating malicious websites through which stealing credentials or passwords.Therefore, it is safer to go to the web pages that are not a Google ad.

Test transactions: there are times that many people sin of cautious and cybercriminals take advantage of it.To avoid falling into one of your traps, one of the measures that can be put into practice is that before sending large amounts of crypto, sending a "test" transaction first with a minimum amount.In this way, in case we are sending it to a false purse, it will be easier to detect deception and lose much less.

Double attention to reinforce security: one of the best measures to be implemented to protect from any type of cyber attack is to activate the double factor authentication on the platforms in which an account is.In this way, when any attacker tries to log in to any of them irregularly, he will receive a message to check his authenticity, preventing a cybercrime can access.With the authentication of two factors, instead of requiring only a password for authentication, the login in an account will require the user to send a second key, making it safer.

What is a Token and a Smart Contract

"A token is a currency similar to Bitcoin and Ethereum, but some of the projects are created to innovate and build new technologies, while others are there for fraudulent purposes. Research investigates how cybercriminals have created tokens to cheat consumersAnd it offers advice on how to identify these scams, "they explain from Check Point Research.

Some tokens contain a 99% purchase rate that allows you to steal all the money in the purchase phase.

Some of the tokens do not leave the Buyer Rresnder (Squid Token) so that the only one authorized to sell is the owner. Other tokens imply a 99%sale commission, which means that in the sales phase they will take away all their money.

And there are others that are not malicious, but have security vulnerabilities in the contract source code and lose their funds at the hands of cybercriminals that exploit vulnerabilities.

On the other hand, from Bit2me they explain that "a Smart Contract is a special type of instructions that is stored in the blockchain.""It also has the ability to self -execute actions according to a series of parameters already scheduled. All this in an immutable, transparent and completely safe way," they conclude.

Source: Forbes Argentina.