Virtual Lairs: Where Your Stolen Cryptos Are Hiding (pt. 1, extended)

First there were petty thieves. They lurked in the bazaar waiting to snatch the loosest materials off store fronts and from your pockets. They were often successful. You might have left the bazaar before realizing what you were missing and you would never find out where your stolen goods went.

Forward several centuries or millennia and there were masked bank robbers. You stored your money in a bank with a safe behind cast iron bars that surely couldn’t be broken into without the keys until the weakness of people compromised that arrangement. Maybe your remote town lived in fear of robbery on the regular.

Discover the present day to find a new breed; part petty theft – part bank robbery. From the supposed security of your home office you log into your online wallet to check your balance or make a transaction only to find zeros strewn across your screen. You had thought your password was secure and that your keys were safely hidden away from even the most talented hackers, but the numbers don’t lie. Even your fingerprint was benchmarked.

The reactions to these incidents was and still is uniform: confusion, curiosity, shock, fear, and disappointment, followed always by anxiety and hardness in that order. Why? How could this happen? How stupid I was to do this or that. I’ll never do this again I don’t care about what I might lose out because I might lose out on everything from here on out. It isn’t fair. This isn’t fair. But fairness is neither caring nor aware.

--

This three-part series aims to reveal several key notes for traders, potential traders, enthusiasts, and critics of cryptocurrency. It is true that trading can be a minefield of dangers including but certainly not limited to theft as explained above, but it is also true that blockchains are inherently safe. They betray people only in as much as people betray; and only in as much as we ignore the information printed on their blocks in digital stone. Every hack that has ever been perpetrated on a blockchain has a record of transactions leading us to the perpetrator.

Knowing who the bad actors are gives us, exchanges and regulators the power to keep them from acting on the blockchain again. Currently several nations are in ongoing talks about how to regulate cryptocurrencies internationally. One of the main sticking points is the security of traders and preventing hacks. Regulators should consider the information in this series to recognize how easy it is to catch thieves on the blockchain and create regulations reflecting these revelations.

This first installment will outline the premise of people’s fears about trading cryptos. There are sensational hacks of millions of dollars at a time from exchanges, much larger hauls than any petty thief, bank robber, or train robber ever could dream of. There are tiny, almost insignificant thefts from the countless scams in the crypto realm which, when accumulated, amount to millions in their own right. Both sting the hearts of traders. Horror story and cautionary tale, sad yet empowering eliciting scrutiny and calmness, take from this series what you will, but hopefully you will never feel helpless before crypto thieves again.

--

The first big crypto hack ever publicized came from the Mt. GOX exchange based in Japan. In June, 2011, the price of a Bitcoin was about $17 (those were the days). In that month, the largest Bitcoin exchange at the time, Mt. GOX, experienced a devastating hack that dropped the price of a Bitcoin down to one cent USD. The criminal is still at large.
An auditor from MT GOX apparently accessed his account from a compromised computer. This means that his computer where he performed his duties related to MT GOX had a security breach of some kind. Maybe he downloaded torrents on this computer or went to unsafe websites, but the point is that his system was not safe. A bad actor hijacked his device in order to manipulate the price of a Bitcoin in his favor. He used the exchange software to create an ask order of one cent USD per bitcoin which he filled with his own money, of course.

The exchange reacted swiftly and the user price rebounded back to the regular trading price quickly, but the damage was done. All told, the hacker got away with $8.75mil in other people’s Bitcoins. The Bitcoins that were stolen from MT GOX went to invalid addresses that had no private keys. It was possible to follow the transactions all the way to wallets that technically shouldn’t have existed anyway.

Another notable hack occurred in 2018, also in Japan, at Coincheck. It should be noted that there is no intentional denigration of Japanese exchanges here.

The Coincheck hack involved NEM, otherwise known as XEM in other countries. This hack, which Coincheck has insisted was not an inside job, occurred because the exchange kept coins on a hot wallet instead of a cold wallet. A hot wallet is a digital wallet that stores coins online so there is immediate access to them. A cold wallet is a digital wallet that stores coins offline, so users must temporarily and manually connect the wallet to the internet to make transactions to and from it. Exchanges usually keep coins in a cold wallet for a number of reasons, not least of which being the security of their assets.

In January, 2018, Coincheck confirmed that roughly 523,000,000 NEM were stolen from their hot wallet. The coins were sent to a single wallet, NC4C6PSUW5CLTDT5SXAGJDQJGZNESKFK5MCN77OG, then funneled to others. It is also reported that some of these coins ended up on Cryptopia and Yobit.

A third, and most recent hack did not involve exchanges. Instead, the hack affected wallets themselves. One of the largest wallet services, My Ether Wallet (MEW), was involved, but hackers only took advantage of the Google internet service which was supposed to direct users to MEW. The hackers managed to take control of the service to reroute users to a site in Russia where they were using a mock version of MEW. The hackers gained access to accounts and subsequently appropriated over $10mil in coins. Those coins were all conveniently sent to one address: 0x1d50588c0aa11959a5c28831ce3dc5f1d3120d29.

Think this couldn’t happen to you? Think again. Here are some numbers to consider before presuming you’re safe. First, the MT GOX hack in 2011 affected 6% of all available Bitcoins. That amounts to 525,000 total coins from users across the entire MT GOX platform. What if this happened to Binance today?

Coincheck recently reimbursed 260,000 customers for their hack. There was an estimated 23,952,849 total crypto wallets in use in Q1 2018. Nearly 11% of all estimated crypto users worldwide were affected by this hack. There’s a good chance one of you is reading this right now gritting your teeth.

Burgeoning blockchain projects need funding just like any startup. In the stock market, a company would execute an IPO where traders can buy shares of a company at a discount directly from the company before the company’s shares are listed on an exchange. Blockchain projects execute initial coin offerings (ICO) for the same purpose and in a similar fashion as IPOs. An unfortunate fact about ICOs, however, is that they are often executed by scam companies who take investors’ money, issue coins, then close shop, leaving investors with worthless coins.

Scam ICOs are so common that governments have, in some cases including South Korea, India, and China, totally banned ICOs before even considering a regulatory framework for cryptos in general. Too many people have been made subject to ruinous results because of scam ICOs. Again, it is difficult to track down the perpetrators of these scam ICOs once they close shop because their wallets are anonymous.

--

One can put themselves in the shoes of the users affected by these hacks and scams. After the desperation ranging in intensity from mild to severe sets in, helplessness grows. The current environment feels like the virtual wild west to many. Essentially these hackers are virtual train robbers riding alongside then seizing a data stream to collect all the virtual coins onboard. Where is the recourse against them?

As it is, there is little anyone can do to punish crypto thieves because there is neither a legal framework protecting virtual property nor adequate law enforcement agencies in place to track criminals’ activities. We postulate that it is easier to track down and prevent bad actors in the crypto realm than would be inferred by the inadequacy of law enforcement agencies.

This series is premised on the fact that blockchains are inherently secure due to their nature. Their data are immutable and organized neatly and publicly. Anyone can use the data on the blockchain to find, identify, and stop criminals from committing their crimes.

The next issue in this series will present Doo Wan Nam’s research as the head analyst at Crypto of Korea regarding the recent MEW/DNS problem and ICO scams. Basing his research on the undisputable record on the blockchain, he has discovered a link via wallet addresses between the wrongdoers of the MEW/DNS problem and various other ICO scams. His results, which offer the wallet identities of the criminals, offer solace for the future of law enforcement and crime prevention on the blockchain.