2020 Marks A Year Of Exit Scams, Thefts And Security Flaws

by Marsha Tusk

The past year has been a rollercoaster ride for the world of cryptocurrencies, as modern economies still suffer from the COVID-19-induced market crash in March. However, the market uncertainty made it possible for a blooming underground hacking scene, which targeted the emerging economical sector as the main victim.

Nevertheless, the crypto sector saw an evident transformation from a speculative-driven space to a more stable financial structure. Furthermore, tech and payment giants like PayPal, Google, Microsoft, as well as some large-scale institutional players like the central banks of China, the European Union, and Switzerland, all set an eye to exploring the possibilities behind the crypto ecosystem.

And despite the joint efforts of regulators, project developers, and the crypto community, the sector is still a primary target for exit scams, thefts, and security breaches. In 2020 alone, more than 30 large-scale reported security breaches or scams occurred, while many others still remain unreported.

January, for example, saw Poloniex do a massive password reset campaign, following a leak in user credentials in social media, exposing login information due to a data breach.

February 2020 was the month in which Helix Bitcoin mixing services owner was arrested, due to suspicion of laundry of over $300 million worth of bitcoin. Also in February, the IOTA foundation shut down operations of its entire network, due to hackers exploiting a security breach in IOTA’s wallet app. Altsbit joined IOTA in the victim list, as the exchange was hacked and the majority of user funds were stolen in a cyberattack. 

March brought a security breach in Microsoft’s Windows SMB protocol, dubbed Prometei. The botnet exploit was used to hijack computer resources in order to mine for cryptocurrencies. March also saw YouTube being hacked to promote a Ponzi scheme, themed after Bill Gates. 

Two exchange platforms were hacked in April, with Lendf.me losing $25 million worth of cryptocurrencies, while the Bisq exchange lost an equivalent of over $250,000 in Bitcoin. 

May 2020 saw several supercomputers, designed to carry out massive calculations, getting hacked and used for mining various cryptocurrencies. 

June had three major security breaches, as $90 million worth of BTC-e were frozen by New Zealand Law Enforcement, due to a money-laundering investigation. June also saw a massive organized crime group, dubbed CryptoCore, conducting malicious activities on several online exchanges. Coincheck also suffered from a security breach in June, as hackers gained access to Coincheck’s domain registration system, causing the exchange to stop all deposits and withdrawals for a short period of time. 

Several of the most influential Twitter accounts were hacked in July, as hackers stole the login information and used the Twitter profiles of President Joe Biden, Elon Musk, and Bill Gates to promote a crypto scam. Coinbase managed to block a $280,000 crypto theft attempt in July, with Bitcoin being the most desirable cryptocurrency among hackers. Also in July, AT&T got involved in a $1,9 million SIM hijacking case, while GPay operations were suspended by UK authorities for providing crypto scams via fake celebrity endorsement. 

August saw the most crypto scams in 2020, as FritzFrog crypto-mining botnet compromised at least 500 government and enterprise servers. Meanwhile, Ukrainian law enforcement authorities seized an organized crime group, which allegedly laundered at least $42 million worth of cryptocurrencies for various ransomware teams. August also saw one of the largest crypto-related law enforcement operations, as Chinese police arrested over 100 individuals tied to the PlusToken scam. August was also the month in which the Lazarus hacking organization started a new campaign, disguised as job adverts on Linkedin.

In September, KuCoin’s hot wallets were a victim of a $150 million worth hack attack. The same situation occurred with Eterbase, as the exchange lost around $5,4 million in user funds, which were stored in hot wallets. 

In October, Kik was fined $5 million by the U.S. SEC for conducting an unauthorized securities offering. Meanwhile, with the boom of the DeFi sector, hackers stole nearly $24 million from Harvest Finance, only to return 10% of the amount shortly after. 

November: Flash loan protocol attack did not spare Akropolis, as the company suffered from a massive $2 million attack. Akropolis even posted a big bounty payment in return for the illicitly-acquired funds. International efforts led to US and Brazilian law enforcement seizing $24 million in cryptocurrencies from people, allegedly connected to crypto scams. 

But maybe one of the most significant hits was done by the U.S. Justice Department, which seized $1 billion worth of Bitcoin, claimed to be from the Silk Road dark web marketplace. 

However, despite the list of cyberattacks, the crypto sector still remains a luring place for both retail and institutional investors in the light of Bitcoin’s recent price action, which pushed the crypto leader past its all-time high in 2017.