The hazardous, under-regulated world of crypto and NFT token trading promises crypto criminals years or even decades of blockchained untraceability.
Last week, the US Justice Department announced it had arrested a husband-and-wife team on crypto-money laundering charges amounting to a record-shattering US$3.6b in Bitcoin tied to a hacking of the Bitfinex digital currency exchange in 2016.
According to the authorities, the arrest of New Yorkers Ilya Lichtenstein and Heather Morgan for their deeds was their biggest financial seizure.
The criminal couple had helped hackers to launder 119,754 stolen bitcoins and initiated more than 2,000 unauthorized transactions. In later years, when an underground market (AlphaBay) that the duo used to launder funds went bust, US authorities managed to access the site’s internal transaction logs and link Lichtenstein with stolen crypto funds.
Since it took more than five years for stolen crypto funds to even come to light, investors of cryptocurrencies and the latest NFTs need to take note: despite increased action being taken by authorities to regulate the trading of such digital blockchained assets, when things go wrong, the very technology used to secure such assets can also protect cybercriminals from being tracked until years later—and only by flukes of criminal carelessness or errors. You can also be sure even more record-shattering crypto fraud and hackings are in the pipeline this year or beyond!
According to Oded Vanunu, Head of Products Vulnerability, Check Point Software: “After seeing reports of stolen crypto wallets triggered by free airdropped NFTs, we discovered critical security vulnerabilities that, if exploited, could have led hackers to hijack user accounts and steal entire crypto wallets of users. We have also witnessed scammers use spoofed search engine ads to steal over US$500k worth of crypto in just a matter of days. In addition we have showed how use crypto criminals can use various techniques to manipulate smart contract functionality. We advise crypto speculators to make sure they check the browser URL, look for the extension icon, never give out their passphrases, beware of spoofed crypto ads, and again double check the URLs!”