“Our agency counted about 80 large-scale cryptocurrency thefts over several years,” Ilya Sachkov (Group IB)

Ilya Sachkov, CEO of Group IB (a private cybercrime investigation company), is an expert on network crimes. He reveals the theft of cryptocurrencies and hacking computer systems, and also deals with their prevention, advising the company.



Smile-Expo talked with Ilya about the "crimes of the century", committed with the participation of cryptocurrency , and about who will help you in case of the theft of your bitcoins.



Interviewer: Elena Andreeva (E.A.)



Respondent: Ilya Sachkov (I.S.)



. .: Publications on cryptocurrency love to repeat the phrase that every tenth bitcoin and broadcast in the world has been stolen. Tell me, as an expert, how close is it to the truth?



IS: I think that such an assumption is most likely true. Cryptocurrency theft occurs frequently. Here, for example, several very large cases of theft of bitcoins, which I can remember offhand: hacking the Bitfinex Exchange (stolen 120,000 bitcoins); theft from Mt.Gox (the damage is estimated at 740,000 bitcoins); robbery of the Bitstamp exchange (19,000 bitcoins) and BitFloor (24,000 bitcoins). [Hacking Bitfinex Exchange - in August 2016; theft of funds from Mt.Gox occurred from 2011 to 2014; Bitstamp was hacked in January 2015, and BitFloor - in September 2012 - EA].



There are still dozens and hundreds of less high-profile cases: we at Group IB analyzed cases of hacking into cryptocurrency projects and counted about 70-80 different cases. And this is without taking into account the numerous phishing with ICO and cryptocurrency theft from the wallets of ordinary users!



Stats are not happy with ether either, now these coins are often stolen at ICO. As a rule, phishing, vulnerabilities in smart contracts, deface are used. For example, hackers who attacked ICO CoinDash successfully bred $ 7.5 million. According to statistics from the analytical agency Chainalysis, 10% of the funds invested on the air flowed into the hands of hackers.



. .: Is there a 100% reliable way to save bitcoins ? Today there are paper and hardware wallets; multi-signature wallets - isn’t their owners really in danger?



IS: In general, cold wallets are a reasonably safe way to store bitcoins. With the right approach and the presence of a head on the shoulders, bitcoins in cold wallets will remain safe. But people who keep the crypt in hot wallets, on the contrary, should sleep less peacefully. There is no guarantee that a particular wallet will not be hacked.



. .: In one of the interviews you said that phishing sites, especially the “counterparts” of promoted ICOs, pose the greatest threat to cryptocurrency owners today. How common is this phenomenon? Does every bona fide ICO have phishing clones?



IS: Phishing is an incredibly common method of fraud. For example, often, if you drive in “Yandex” or Google myetherwallet, in the first place will be an advertising link to a phishing portal. Twin sites are cheap to maintain and quite profitable with the right approach. For those cases that we observed, hackers managed to earn from $ 30,000 to $ 2.5 million per week.

Almost every well-promoted project has phishing counterparts. Projects that care for their investors hire companies to identify and remove such “clones”, but users also need to be careful.



. .: How can you distinguish the original site?



IS: In order to distinguish a phishing site from a legitimate one, you need to check the domain of the site and the ssl certificate. As a rule, phishers use lets encrypt certificates and very similar domain names.

Sometimes it is very difficult to distinguish. URLs are very similar, moreover, there are fake sites, some sections of which lead to the real ones.



. .: What other popular tricks using the "human factor" are used by cybercriminals?



IS: Here, perhaps, the three most popular. First, the creation of fake accounts in social networks, blogs and instant messengers, with ads leading to clone pages. Secondly, the aggressive use of contextual advertising and DDoS-attacks, to complicate the path for the user who is looking for a very specific page. Well, and, perhaps, the compromise of the accounts of the tops of the team with the purpose of injecting false information. Very often compromise accounts in the Slack messenger. And phishers like to throw their links into the project's public chat rooms in Telegram.



. .: Tell us about viruses that steal cryptocurrency from users' computers. How do they act and how to protect themselves from them?



IS: These viruses are common banking Trojans, which are reconfigured to steal data not from online banking, but from usernames / passwords for cryptocurrency services. There are also viruses that steal private keys from Bitcoin wallets that are on the victim's computer. There are also programs that replace the purse of the recipient of cryptocurrency on a web page.



The protection is as follows: follow the principles of digital hygiene, use antiviruses and regularly update their databases.



. .: How common is “technical” (hacker) hacking of wallets? Is it dangerous for regular users or only for project wallets?



IS: It all depends on the wallets. Viruses, which I mentioned earlier - aimed at stealing private keys from computer wallets - one of the means of such hacking. As for blockchain projects, there are cases of theft of funds from user wallets. For example, in this way funds were withdrawn from the Bitfinex site.



. .: What advice would you give to those who stole the bitcoins? What to do and who to contact?



IS: My first advice is to bring the incident to the maximum publicity. It is unlikely that it will be possible to return the funds, but it will be useful to warn others not to attack the same rake.



If time allows, try to find the attacker. There are several ways to do this. You can search the Internet for a purse that has spent money: sometimes people leave their public keys on subject forums. For example, in this way they found the Dread Pirate Roberts (Silk Road) wallet. If you could not find it directly, you can try to analyze links with other wallets through blockseer.com services and, using open sources of information, determine the owner.



All transactions in Bitcoin are transparent, but their authors usually operate under pseudonyms. Therefore, many companies are exploring ways to establish the identity of a bitcoin wallet owner. For example, there are studies that suggest de-anonymization methods that use IP distribution protocols in a Bitcoin peer-to-peer network or analyzing transaction graphs for clustering wallets and determining the identity of the owner. But the methods of scientific research to apply at home is very difficult.



Considering all the factors, the probability of returning Bitcoins, unfortunately, is quite low. Therefore, the main advice is to be prudent and attend to a reliable way to store cryptocurrency.