Hacked, scammed and on your own: navigating cryptocurrency 'wild west'
When Peggy and Marco Lachmann-Anke learned in January that hackers cracked a 40-character password and cleaned out their cryptocurrency wallet, they did not go to the police or alert the tokens’ issuer, the Berlin-based technology group IOTA.
They bought more coins.
The Cyprus-based German couple, who describe themselves as financial educators, figured they had no chance of recovering the coins and it was not even clear who might take up their case. Yet they took the roughly USD 14,000 loss in stride - something that comes with the territory when one bet on a new, exciting technology in a yet unregulated market.
“We really believe in cryptocurrencies. We have studied this for about a year before investing, so we are aware of the risks,” Peggy Lachmann-Anke said. “There was nothing we could do.”
Far from unusual, the episode is emblematic for a market where few rules apply and where investors’ faith in the blockchain technology goes hand in hand with the belief that it also helps criminals cover their tracks so well that trying to catch them is a fool’s errand.
Patrick Wyman, FBI supervisory special agent at the financial crimes section of the agency’s anti-money laundering unit acknowledges cryptocurrencies pose some unique challenges.
“A decentralized currency system like bitcoin or another form of virtual currency is not governed by any entity, suspicious reporting activity, and any anti-money laundering compliance,” Wyman told Reuters.
Various estimates show cryptocurrency crime is on the rise, keeping pace with the market’s rapid growth. That forces investigators to focus on high-profile cases, security professionals and officials say, effectively leaving small investors to their own devices.
“We do not pretend that every law enforcement agency is devoting resources to every single crime. That would not be possible,” said Jaroslav Jakubcek, an analyst at Europol, which serves as a centre for the European Union’s law enforcement cooperation, expertise and intelligence.
Officials still encourage people to report cryptocurrency theft to local police like any other crime, saying failing to do so only emboldens criminals.
Yet because many victims simply do not see the point, cryptocurrency theft is far more common than any published estimates suggest, security professionals say.
According to financial research firm Autonomous NEXT and Crypto Aware, which works with investors affected by crypto scams, about 15 per cent of cryptocurrencies have been stolen between 2012 and the first half of 2018, representing a cumulative USD 1.7 billion in value at the time of the theft and with a rising tendency. In the first half of this year alone, more than USD 800 million has already been stolen, according to the data.
Yet Lex Sokolin, a partner and global director of fintech strategy at the firm, estimates that as much as 85 per cent of crimes go unreported and says the published statistics only represent publicly reported heists.
Reuters interviews with half a dozen victims paint a similar picture. Out of that group, only two reported their losses to the authorities and one soured on cryptocurrency investments.
Armin Fischer, a Vienna-based IT specialist said he lost about USD 5,300 in ether coins in a phishing scam in the summer of 2017 and immediately alerted the local police just to find out that the duty officer had no idea what he was talking about.
He said it took many months of knocking on doors to get his case ultimately taken up by Vienna prosecutors’ office, but it is still pending. Fisher says by now he has had enough.
“I have seen firsthand how big the security leaks are.”
Others are more philosophical.
Dave Appleton, a blockchain developer for HelloGold, a gold trading app company in Kuala Lumpur, said he lost about USD 3,000 of ether coins when scammed by a fake site touting a startup’s token pre-sale. He said he just moved on, glad he did not lose more.
“The point is there’s no one to report the crime to,” Appleton said. “I am not sure what country or jurisdiction it would come under.”
According to ICO tracker Coinschedule a record USD 21.3 billion flowed into new tokens so far this year as investors keep snapping up “initial coin offerings,” undeterred by high-profile heists, bitcoin’s and other currencies’ slide from late 2017 peaks, and government warnings of widespread fraud and theft.
David Jevans, chief executive of cybersecurity firm CipherTrace in Menlo Park, California, estimates that even when exchanges or trading platforms get hacked, perhaps only a fifth of stolen coins is recovered because of the ease with which digital tokens can move across several borders.
“You have to get law enforcement in five countries interested enough, have time enough, and have evidence enough to open a case,” he said. “By the time they agree, get the information, do all the paperwork, the money has been moved.”
Security experts say in most cases millions need to be at stake to justify such an effort.
US entrepreneur and long-time cryptocurrency investor Michael Terpin, who says he got robbed twice, learned firsthand that not all hacks are created equal.
He said the first time when criminals accessed his cellphone with stolen SIM card credentials, emptied a wallet connected to it, and tricked his friends into sending money by impersonating him on Skype, he contacted a friend at the FBI.
But once she learned that only USD 60,000 got stolen, she advised him to file a report via the FBI’s internet crime centre website. Terpin said he did but never heard back.
Then, when last January he lost almost USD 24 million in tokens from his mobile account, he went straight after the service provider AT&T, filing a USD 224 million lawsuit accusing it of negligence that allowed “digital identity theft,” a claim AT&T denies.
Undeterred, Terpin says he remains committed to blockchain comparing it to the early days of Amazon.com Inc when the online retailer faced much scepticism and even derision.
“That’s similar to today’s narrative that all ICOs (initial coin offerings) are scams and nothing will ever be developed of value because they’re not already fully deployed,” he said.
A steadfast commitment to the new technology and believe that it gives sophisticated criminals the upper hand mean that even some multimillion heists go unreported.
For example, when hackers stole about USD 9 million worth of ether tokens from a Zug, Switzerland-based company Swarm City in July 2017, the peer-to-peer digital platform did not report the theft to the police, business leader Bernd Lapp said.
“It’s impossible to track and return the funds. We live and die with this technology.”