Russia-Ukraine Cryptocurrency Scams Detected by ResearchersCryptocurrency Popularity and Value, Russian Sanctions Spark Security Concerns
From how cybercriminals are setting up new schemes to common cybercrime scams launched against the blockchain, Information Security Media Group has compiled snippets of security-related news in the cryptocurrency sphere.
Here are some of the most notable conversations and analysis this week.
Russia-Ukraine Crypto Schemes and Defense
With the U.S. and other nations placing strict sanctions on Russian banks to cease its invasion of Ukraine, there has been wide public debate on whether oligarchs or government officials could potentially bypass sanctions. Although Russia produced the most cybercriminals leveraging ransomware attacks in 2021, according to research by Chainalysis, research security teams warn about phishing attacks and other schemes related to cryptocurrency in light of the Ukraine invasion (see: Ransomware Proceeds: $400 Million Routed to Russia in 2021).
Security research firm Chainalysis responded on Twitter to mass queries about Russia's ability to evade sanctions through cryptocurrency, saying it was "optimistic that the cryptocurrency industry can counter attempts by Russian actors to evade sanctions with crypto."
Yesterday, the U.S. Treasury Department announced extensive sanctions against Russian businesses and elites following the country’s invasion of Ukraine. This has prompted many to ask Chainalysis how Russia may attempt to use cryptocurrency to evade sanctions.— Chainalysis (@chainalysis) February 25, 2022
In brief, the thread referenced research findings that show Russian threat actors are still the primary source from ransomware attacks and cryptocurrency laundering related to hiding ransoms. Ukraine and Russia are among the largest adopters of cryptocurrency and between Feb. 19 and Feb. 24, according to data by Kaiko, and trading of rubles and hryvnia - Ukrainian currency - has dominated and grown by 8.6 and 8.2 times, respectively. The firm is also monitoring known Russian threat actors to track laundering attempts.
Some cybercriminals, in an attempt to defraud individuals and organizations focused on the mass media attention to Russian sanctions, have been sending phishing messages, alerting cryptocurrency users that their accounts will be disabled, according to research firm Cofense.
"We have no evidence to suggest - based on IOCs, tactics, or campaign sophistication - that any of these campaigns were conducted by nation states directly involved in the war in Ukraine," Cofense says in a blog.
According to the Financial Crimes Enforcement Network, legitimate cryptocurrency platforms that follow regulations will adhere to the same rules as traditional banks. Cybercriminals, however, will likely flock to illicit underground operations.
Further, the U.S. National Cryptocurrency Enforcement Team named a new director last month and Deputy Attorney General Lisa Monaco provided remarks at the Munich Security Conference, stating the U.S. Department of Justice was focused on bringing justice to cybercriminals laundering money. Monaco stated at the conference that the NCET was working with international agencies to target foreign cybercriminals that do not have extradition agreements with the U.S (see: First National Cryptocurrency Enforcement Team Director Named).
Crypto Platforms Divided on Russia Ban
Earlier in the week, Mykhailo Fedorov, vice prime minister of Ukraine and minister of digital transformation, called for cryptocurrency exchanges to ban Russian users and freeze accounts. Digital assets, although praised by some blockchain experts as having benefits for law enforcement officials in tracking illicit funds, also have a reputation for criminal use on less legitimate trading platforms.
I'm asking all major crypto exchanges to block addresses of Russian users.— Mykhailo Fedorov (@FedorovMykhailo) February 27, 2022
It's crucial to freeze not only the addresses linked to Russian and Belarusian politicians, but also to sabotage ordinary users.
Some larger cryptocurrency trading platforms, however, have decided against unilaterally banning Russian users, causing public backlash because of the possibility Russia could evade sanctions.
“There are tens of thousands of exchanges globally. Many of them are very small, many of them are less secure. Many of them are less compliant. We don’t control the industry. I can publish my sanction list, you can publish yours, guess what? No one else is going to follow it. It just moves Russian users to other smaller platforms," Changpeng Zhao, founder and CEO of Binance, said on BBC Radio 4's Today program, according to The Guardian.
Other U.S. cryptocurrency exchanges, including Kraken and Coinbase, have also decided against a ban, which could result in the trafficking of funds around current sanctions, according to regulators and others.
Ross Delston, U.S. lawyer and former banking regulator, told Reuters this move could weaken the sanctions and "allow an avenue for a flight to safety that would not have existed otherwise."
U.S. legislators, such as Sen. Elizabeth Warren (D-Mass.) who has been outspoken about the dangers of cryptocurrencies, said on Twitter that "U.S. financial regulators need to take this threat seriously and increase their scrutiny of digital assets."
Crypto Scams Follow the Market
Mikhail Sytnik, security expert for threat analysis firm Kaspersky, tells ISMG that cryptocurrency-related phishing scams continue to grow in 2022. More than 460,000 phishing attempts were made in 2021 and with an increased interest in digital assets, Sytnik says there will not be a shortage of cryptocurrency-related scams.
"Cryptocurrency-related phishing schemes are likely to grow as this newer digital payment system continues to gain popularity, because with increased uptake comes more potential victims to cybercriminal activities," Sytnik says. He also says cryptocurrency prices in the stock market can coincide with cybercriminals launching attack campaigns.
Bitcoin, for instance, has surged in markets over the past seven days, according to data by CoinGecko, indicating there may be a rise in scams and criminal attempts on the blockchain. Also, after the donation of more than $100 million in cryptocurrency to Ukraine, there has been an uptick in scams related to Ukraine humanitarian aid donations, according to research by Cofense.
Other than common phishing and social engineering ploys, Sytnik warns of an attack vector called arbitrage, in which cybercriminals lure users through a message offering to sell cryptocurrency at a higher price point on a phony exchange. The user, after transferring the funds to the cybercriminals, loses everything.
In another popular scheme, cybercriminals create fake initial coin offerings, aka IOCs, usually capitalizing on an interesting project that catches the eye of investors, Sytnik says. They design websites to garner the attention of cryptocurrency investors and provide a sense of legitimacy and reliability. Some cybercriminals have more complex methods to determine expensive assets in a user's wallet, such as sending a phony smart contract, which then allows the cybercriminals to automatically withdraw funds.
Sytnik says cryptocurrency users can mitigate these risks by updating devices to prevent attackers from exploiting vulnerabilities, implementing alert systems to indicate a scam site and being skeptical of any free offerings that appear too good to be true.