Home

Bitcoin

Tag: cryptocurrency security

Crime Doesn’t Pay – At Least Not In Bitcoin

Posted on by Conor Maloney

Invariably the first thing someone new to the crypto space asks about is whether Bitcoin is used for crime. Organised crime, sinister crime, dark web crime.

“Isn’t that used to buy drugs and fund terrorists?”

Why, yes, yes it is. it’s money.

You know what else is used to buy drugs and fund terrorists?

Fiat currency. The vast majority of drugs are bought with fiat currency, and unlike Bitcoin, cash isn’t traceable unless someone’s been writing down all the serial numbers. It’s anonymous.

A common misconception is that Bitcoin is an anonymous currency as well, but that’s not quite true – as we’ve mentioned here on Crypto Is Coming before, Bitcoin is actually pseudonymous, meaning that people make transactions under the pseudonym of their public key (the Bitcoin address is like their ‘name’).

While it’s not immediately obvious who’s spending what, and people can and do get away with transferring Bitcoin without being successfully traced, Bitcoin leaves a far more permanent and transparent “paper trail” than any other kind of money – the blockchain.

The Bitcoin blockchain ledger stores all of the transactions that were ever made – you can literally trace the very first Bitcoin transaction all the way down to today.

Because each Bitcoin has its own cryptographic signature, it’s not really fungible – instead of having ‘a’ coin like with fiat, you have ‘that specific coin that was used in a drug deal in 2004 and was then split into three sums and used to buy computer parts and play satoshi dice.’

It’s actually incredible how traceable it is, and all it takes is to make one proveable connection between a person and a BTC address to learn every transaction they’ve ever made – not exactly ideal for criminal masterminds.

Funding Terror

Recently I visited a dark web marketplace aimed at funding paramilitary jihadists in Syria to buy weapons and combat training (seriously). The site accepts Bitcoin, because it’s the most famous currency and everyone knows it – it also accepts Monero, because it’s anonymous.

How much money was in the Bitcoin wallets? None. How much was in the Monero wallets? I have no earthly idea – the Monero blockchain isn’t transparent, and there’s no way of tracing funds once they’ve been sent which is why it’s used so often in cryptojacking malware.

Benjamin Strickland, the investigator who first put me on to the site, routinely investigates Bitcoin crime, and once traced a series of transactions that connected Syrian paramilitaries (different ones), South African kidnappers, and international scammers and extortionists all to the same wallet, proving a link between all the groups.

When I spoke to Strickland about this he pointed out that Bitcoin isn’t a good currency for committing crimes due to the inherent lack of anonymity, a far cry from the public perception that Bitcoin is for masked hoodlums only.

You know who else pointed this out recently? Subject matter expert Yaya Fanusie director of analysis for the Foundation For Defense of Democracies Center on Sanctions and Illicit Finance. He stated that while a number of terrorist groups including al-Qaeda and the Islamic State have attempted to raise funds using cryptocurrency several times without achieving any notable success.

He cited paramilitary group Mujahideen Shura Council (MSC) as one example – their crypto fundraising campaign ran for several weeks in 2016 and ended up netting just a little over $500 in donations.

Fanusie said that “cold hard cash is still king,” pointing out that many of the terror groups his audience were concerned with lived in areas with poor infrastructure making Bitcoin a complicated choice.

You know who his audience was?

The US Senate. Maybe now it’ll start to sink in for them. To play the devil’s advocate, white supremacist groups in the US have had much more success in their BTC crowdfunding efforts, perhaps due to having readier access to the appropriate technology.

Funding Drugs and Money Laundering

The same goes for drugs, although here we get into murkier waters. Dark web marketplaces offer Bitcoin mixing services, which amounts to money laundering – users swap currencies around between each other at random to attempt to confound the efforts of investigators like Strickland, making it much more difficult to trace.

This is more common in drug dealing online due to the comparatively small amounts of money in each transaction (for the most part), leading to many thousands of transactions taking place in a vast network of drug consumers who are available to swap currencies in the mixing service.

Bitcoin drug purchases represent a tiny, tiny, tiny fraction of all drug purchases which are mostly made with curencies like the US dollar, but yes, this mixing service helps with anonymity. That said, if the FBI really want to track someone down using Bitcoin, they can – case point, Ross Ulbricht; Dead Pirate Roberts.

Silk Road Bust

Despite his best efforts, after years of allegedly running a billion dollar black market on the dark web Silk Road admin Ross Ulbricht was eventually identified and arrested by the FBI.

While they haven’t revealed all of their secrets, refusing to explain how they located the servers, what we did learn from their investigation was illuminating and demonstrated that evidence can stick around on the web for a long time.

An FBI agent codenamed Agent-01 found Bitcoin Talk posts from 2011 under the username ‘Altoid’ who wrote repeatedly about the Silk Road, perhaps as a means of shilling it to would-be customers:

“Has anyone seen Silk Road yet? It’s kind of like an anonymous Amazon.com. I don’t think they have heroin on there, but they are selling other stuff.” Eight months later, Altoid posted again seeking a “pro in the Bitcoin IT community” – and directing interested parties to contact rossulbricht@gmail.com.

From there the feds drew connections between the DPR persona and Ulbricht, such as repeated references to the school of economics outlined by Ludwig von Mises. The FBI said that while DPR used a VPN, the server it was accessed from (according to the subpoenaed VPN records!) was in an internet cafe near Ulbricht’s home.

They arrested him in a public library, making sure to wait until he was logged in so they wouldn’t need to try and crack his passwords, simply plugging in a flash drive to extract unencrypted content from his laptop.

26,000 bitcoins were tracked (over $40 million at the time), identified as being funds used in drug trafficking, and seized due to the accessibility of the blockchain record.

Bitcoin is many things – a pioneer, a groundbreaking achievement, kind of a pain in the ass when the network gets clogged – but it’s not a suitable means of funding terror or organized crime.

Unfortunately for the FBI and their international counterparts, that is the realm of privacy coins.

Crypto Is Coming!

Subscribe to our newsletter

Interested in other cool crypto content? Check out The Evolving Bitcoin OTC market and Crypto Hedge Funds.

Follow us on twitter @cryptoiscom

Cops Arrest Hacker for stealing $5 million worth of Crypto!

Posted on by Gregg

A few weeks ago California police arrested a 20 year old college student for stealing over $5 million worth of cryptocurrencies. Joel Ortiz, the student in question, allegedly stole the cryptocurrency from 40 victims by hacking their cellphone numbers. Ortiz targeted people attending the highly publicized cryptocurrency conference “Consensus” in New York City that takes place every year in May. One entrepreneur attending the conference was hacked for $1.5 million!

The technique he used, “SIM card hijacking”, has become common for hackers looking to prey on cryptocurrency enthusiasts making it more important than ever to decouple cryptocurrency trading accounts from phone numbers.  “SIM card hijacking” consists of contacting a mobile service provider and convincing the customer support into transferring the victim’s phone number to a new SIM card controlled by the hacker. In many cases, even Two-factor authentication isn’t enough to stop the attacks from occurring as hackers can bypass that as well.

Joel Ortiz was arrested at LAX airport on his way out of the country. He is currently facing 28 charges including 13 counts of identity theft,13 counts of hacking and 2 counts of grand theft. After his arrest, Ortiz admitted to having access to millions of dollars in cryptocurrency. Investigators believe Ortiz also intended to hijack victim’s twitter and email accounts with the intention of selling them back to the victim’s for a ransom.

Police were able to zero in on Ortiz after investigating one case where Ortiz focused on one victim in particular over the course of a few months. The hacker initially hijacked his phone number, then email and social media accounts and even went so far as to harass his daughter. The cybercrime unit of the California police department caught up with the hacker by analyzing the call records for the hacked phone, linking it with two android devices and then figuring out which email accounts linked to those devices.

Stay safe out there!

Follw us on twitter @cryptoiscomin

Signup for our newsletter here

Interested in other cool crypto posts….check out Institutions are finally coming!and Bitcoin ETF approval could be huge for crypto!.

All major crypto hacks visualized (graphic)

Posted on by Gregg

Great graphic from Howmuch.net showing all the major cryptocurrency hacks in one graph.

Security has long been a major concern with cryptocurrencies. Having total sovereignty over your finances comes with major benefits, but as uncle ben used to say “with great power, comes great responsibility”. There will always be black hat hackers looking for ways to exploit our carelessness and lack of security to steal our hard earned crypto…and to be fair, they’ve been successful. The Mt.Gox hack still leads the way with $450 million with Coincheck coming in a close second at $400 million. Below them we see BitGrail at $170 million, Bitfinex (they bounced back nicely didn’t they) at $77 million, and Parity at $160 million. These were the first but certainly not the last. Lets just hope crypto remains valuable enough to be a target for hacking in the first place over the next few years (kidding…Btc to $100k for sure right…).

Exchanges, get your shit together!

Make sure to check out our wallets guide to security and follow us on twitter here

Crypto Wallets: What are they and how do I use them?

Posted on by wiredshut2

As you have no doubt realized by now cryptocurrencies are not stored or maintained like your normal fiat (cash) currencies. No banks involved. Cryptocurrencies are stored on secure digital wallets that store public and private keys and interact with various blockchains. That means if you want use Bitcoin or any other cryptocurrency you will need a wallet.

These wallets allow you to store, send and receive digital currencies such as Bitcoin, Litecoin, or Ripple. That may sounds easy enough, “I’ll just download a wallet and I’m in the game.” It’s not that easy, so I’m here to help you understand the differences and even compare a few.

Let us start with how a wallet works:

There are lots of misconception and misunderstanding about cryptocurrency wallets even though their use is prevalent. Crypto wallets are similar to your home safe. You have a key (or code), and you had better not lose that key as you could lose ownership of your valuables. Instead of a physical box crypto wallets are software programs that store your public and private keys. See, similar. Don’t lose your effing key! 😉

Private keys are essential. If you do not ‘own’ your private key, you technically do not control your cryptocurrency. Again…Don’t lose or share your key! Your private key looks something like this (This is not a valid key):

7297b646f941171d524f1d565b8c8c0e3f77042a555b06f12b67a2b5f6b11b

So do you remember we said wallets store, send and receive digital currencies, right? When a person sends you Ethereum (or whatever) you will need your private key to access the funds transferred and access your assets. This movement of assets from wallet to wallet, or wallet to cryptocurrency exchange is recorded on the blockchain and your wallet balance will reflect that.

How do you send and recieve?
Your wallet will have a public and private key/address. The public key is used to send and receive cryptocurrency and can be disseminated with others. If you wish to send cryptocurrency from your wallet to another address, or exchange, you will have to be provided an address to send to. It is very important you copy and paste the address correctly. Verify before you send.

Your private key is used with the public key to create a signature that cannot be forged. Your private kry must be kept a secret. Varys like secret. Eunuch like secret.

What type of cryptocurrency wallets are there?

You can download a wallet to your smartphone, you can create one online via a web browser, you can download a wallet and store it on your PC or you can buy a physical wallet. Wallets all come down to three categories: hardware, software or paper.

  • Mobile: A mobile wallet will run on your smartphone. Much like your PC security is high as only you control your smartphone. Same setbacks apply though: Hacked, virus or a stolen phone compromises your wallet. MyCelium is arguably one of the best mobile crypto wallets
  • Desktop: These wallets are downloaded and installed on your PC or laptop. Because the wallet installed on your pc or laptop, it can only be accessed from them. Desktop wallets offer a high level of security but if your computer gets a virus or is hacked your wallet could be compromised too. Bitcoin core is an example of a Bitcoin desktop wallet.
  • Online: Wallets that are on the cloud, web based. These are by far the most convenient wallets as it gives you the ability to access your funds it from anywhere. There are two main drawbacks to online wallets. If you recall from the beginning of this article I said “If you do not ‘own’ your private key, you technically do not control your cryptocurrency”?Online wallets store your keys online and are therefore not controlled by you. This makes them vulnerable to attach and theft. *IMPORTANT: Be certain to double check the URL for your online wallet (bookmark it) before entering passwords. There are a lot of phishing scams out there.
  • Hardware: By far the most secure method of storing your crypto loot. In this case your private keys are stored on physical device, not unlike a USB drive. While your HW wallet has to connect online to send and receive currency, they are stored offline which provide added security.***Important: We recommend you always purchase your hardware wallet directly from the manufacturer. Better to be safe than sorry. Also always record your written backups of your keys.
  • Paper: A paper wallet is a piece of paper that contains copies of the public and private keys that make up a wallet. Will generally also have a QR code for a quick scan. The benefit of a paper wallet? Simple: The keys are not stored digitally anywhere

Cryptocurrency Wallet Safety:

Wallet Type Security Level Example wallet
Desktop Medium Bitcoin Core, breadwallet
Hardware High Ledger or Trezor
Online Low MyEtherWallet, blockchain.info
Software Medium Mycelium, Jaxx
Paper Highest Paper, you fool

Ultimately it’s up to you to decide how comfortable you are with which type of wallet. I know many people who use a combination of two or three wallets. Do your research and review the products you plan to use. In a way selecting a cryptocurrency wallet is like selecting a bank to store your cash. You want: Security, peace of mind and confidence in the product.

Follow us on twitter @cryptoiscomin

Subscribe to our newsletter to get the coolest infographics and articles from the crypto world