Before there were bank robberies, now cryptocurrencies are stolen online. The proof is the record seizure of bitcoins announced Tuesday by the United States, worth 3.6 billion dollars, which shows the fragility of these totally virtual assets.
How was it possible to divert and control such an amount of money when it is guaranteed that the technology that protects this new form of money, the ‘blockchain’, is unfalsifiable?
Here are some clues:
Hack the exchanges
In the American case, the target was a Bitfinex cryptocurrency exchange platform. These sites often host significant reserves of digital currency, making them especially interesting for criminals.
“It can happen that malicious people manage to enter their servers to steal the money,” explained Manuel Valente, director of analysis and research at Coinhouse, one of those platforms.
Alexandre Stachtchenko, from the KPMG advisory service, says that certain platforms store access keys to their clients’ digital portfolios on their servers, which makes them vulnerable.
“If they manage to penetrate the server, the passwords can be stolen,” he assured. “Once they have the passwords, they move the bitcoins from one address to another and bam! people no longer have access to those bitcoins.”
Hack the blockchain
There is an even more unusual possibility -because it is very complicated and expensive- to steal cryptocurrencies: hacking the “blockchain” itself.
This “blockchain”, a huge public record that is impossible to falsify, contains the details of all transactions.
Each block is linked to the previous one and it is theoretically impossible to modify a line of code without altering all the chains, and certain users (the “miners”) have the mission of verifying the transactions.
“If you take control of more than half of the ‘mining’ network on a particular ‘blockchain,’ you will be able to suppress transactions,” Valente noted.
With this you can claim that certain payments never existed and collect them a second time.
The Gate.io platform lost $200,000 in such an attack in 2019.
The “crypto craze”
Today, cryptocurrency is often used as bait or as a preferential means of payment in a cyber attack.
In the case of ransomware attacks, hackers frequently demand a ransom in cryptocurrency in exchange for restoring the hacked registry, explained Erica Stanford, author of a book on cryptocurrencies.
She also cited pyramid schemes, where investors are promised returns on massive investments but only when new victims trust them with their money.
Such scams, which also involve domains other than cryptocurrencies, have generated $7 billion in 2019, according to analyst firm Chainalysis.
“The main scam is not so much to replace cryptocurrency as to make people believe that they are going to get rich quick to catch them,” says Erica Stanford.
More suspicion, less market
Despite everything, cryptocurrencies are less and less used by cybercriminals. According to Chainalysis, cryptocurrency transactions for illegal purposes reached $10 billion in 2020, down from $21.4 billion a year earlier.
Alexandre Stachtchenko explained that the platforms reinforced their security, even building types of “bunkers” to protect their digital safes.
“As soon as the stolen bitcoins are put into motion, the whole world finds out,” Valente said. “Therefore, almost no company accepts trading with bitcoins that were stolen.”
The $3.6 billion worth of bitcoin that US investigators recovered on Tuesday had been in a digital wallet for almost seven years before it was discovered.