Crypto theft is reaching new heights — here’s how to protect your stash
What can you do to stay ahead of scammers?
Direct theft vs scams
There are two main ways criminals obtain cryptocurrency: stealing it directly, or using a scheme to trick people into handing it over.
In 2021, crypto criminals directly stole a record US$3.2 billion (A$4.48 billion) worth of cryptocurrency, according toChainalysis. That’s afivefold increasefrom 2020. But schemes continue to overshadow outright theft, enabling scammers to lure US$7.8 billion (A$10.95 billion) worth of cryptocurrency from unsuspecting victims.
Crypto crime is a fast-growing enterprise. The rise of the crypto economy and decentralized finance (or DeFi), coupled withrecordcryptocurrency prices in 2021, has provided criminals with lucrative opportunities.
Australian data confirm the global trends. TheAustralian Consumer and Competition Commission reportedmore than A$26 million was lost to scams involving cryptocurrency in 2020 from 1,985 reports. In December, federal policetold the ABCcrypto scam losses for 2021 exceeded A$100 million. That’s despite many incidents likely left unreported, often due to embarrassment by victims.
Theft from exchanges
Most consumers obtaincryptocurrencyfrom anexchange. This involves opening an account and depositing currency, such as Australian dollars, before converting it to a chosen cryptocurrency.
Typically the cryptocurrency is held in a “custodial wallet”. That means it’s assigned to the consumer’s account, but the private keys that control the cryptocurrency are held by the exchange. In other words, the exchange stores the cryptocurrency on the consumer’s behalf.
But just as a bank doesn’t hold all of its deposits in cash, an exchange will only hold enough cryptocurrency in “hot” wallets (connected to the internet) to facilitate customer transactions. For security, the remainder is held in “cold” wallets (not connected to the internet).
Unlike a bank, however, the government does not have afinancial claims schemeto guarantee cryptocurrency deposits if the exchange goes bust.
The recent BitMart hack is a cautionary tale. On December 4,the exchange announcedit had “identified a large-scale security breach” resulting in the theft of about US$150 million (A$210.6 million) in crypto assets from hot wallets.
BitMart temporarily suspended withdrawals and later promised it would use its “own funding to cover the incident and compensate affected users”. It’s unclear when this will happen, withCNBC reporting in Januarythat customers were still unable to access their cryptocurrency. BitMart wasn’t the first exchange to be hacked, and it won’t be the last.
Similarly, consumers may be left with losses if an exchange fails for commercial reasons, rather than theft. Australians were left stranded in December when liquidators wereappointed over Melbourne-based exchange myCryptoWallet.
One way consumers can protect themselves from exchange theft, or insolvency, is to transfer their cryptocurrency from the exchange to a software wallet (a secure application installed on a computer or smartphone) or a hardware wallet (a hardware device that can be disconnected from the computer and internet).
The cryptocurrency will then be under your direct control. But be warned, if you lose your private keys,you lose your cryptocurrency.
Types of scams
Drawing on the ACCC’s latest edition ofthe Little Black Book of Scams, the following types of scam are commonly observed in the cryptocurrency space, where the scammer is not personally known to the target:
If a victim doesn’t already have a cryptocurrency exchange account, scammers may also coach them on how to open one. Some will mislead victims into installing remote access software on their computer, granting the scammer direct access to their internet banking or exchange account.
Practical challenges
There are practical legal challenges in the crypto crime environment. Whilereporting scamscan be helpful in providing data and intelligence for regulators and law enforcement, it’s unlikely to result in the recovery of funds.
Taking civil legal action may be possible, too, but identifying perpetrators is difficult. Since cryptocurrency is by its very nature global and decentralized, payments are often made to parties outside of Australia.
So prevention is easier than a cure. The main way to avoid being scammed is to ensure you know exactly who you’re dealing with, transact through a reputable exchange and ensure all the channels you go through are verified. If an offer sounds too good to be true, it almost certainly is.
Regulation on the horizon
In Australia, cryptocurrency exchanges must be registered withAUSTRAC, in compliance with anti-money laundering and counter-terror financing obligations. But there are currently no other licensing requirements (such as capital requirements or cybersecurity, for example).
Last year, the Senate Select Committee into Australia as a Technology and Financial Centrerecommendeda more comprehensive licensing framework. The Australian governmentagreed with the recommendation, and the federal treasury department is due to begin consulting on what this will look like.
Mandatory measures to curb cryptocurrency crime at the exchange level will likely be high on the agenda.
This article byAaron M. Lane, Senior Lecturer in Law,RMIT Universityis republished fromThe Conversationunder a Creative Commons license. Read theoriginal article.
Story byThe Conversation
An independent news and commentary website produced by academics and journalists.An independent news and commentary website produced by academics and journalists.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
