Gaining unauthorized access to financial accounts and withdrawing funds is an insidious attack that plays out repeatedly on deposit accounts at financial institutions, but what happens when the account is stored in the account-holder’s brain and the funds on the blockchain? Enter the world of Bitcoin brain wallets. Successful account takeovers are commonly link to social engineering, identity theft, the use of malicious code, and breach of familial trust. However, regardless of the method employed, in each case a digital credential-holding platform is exploited. Bitcoin enables users to create a variety of wallets for storing credentials that secure digital currency in a blockchain. The most secure wallets are not connected to the internet where they are vulnerable to attack. Bitcoin wallets store credentials, not bitcoin, and the host comes in several forms: (1) cloud wallets, (2) mobile wallets, (3) USB cold storage wallets, (4) paper wallets, and (5) brain wallets. All of these wallets use random data to create unique private encryption keys that are required to access funds stored in the blockchain. For example, a private encryption key that is impractical to recreate by brute force attack can easily be generated by applying a strong encryption algorithm to twelve randomly selected dictionary words. Perhaps the least known Bitcoin wallet is the brain wallet. With the brain as its host, the brain wallet enables the Bitcoin user to exercise global mobility without concern of losing their encryption key through the loss, destruction or confiscation of a computing device or a piece of paper. The brain wallet also protects against loss arising from fraud committed by unscrupulous exchange operators who provide wallet custody services on their cloud platforms. At this point, you are likely wondering how brain wallets are created, so we will take a look at this next. Whereas wallet
QuadrigaCX was Canada’s largest cryptocurrency exchange by volume until their website suddenly went offline on January 28, 2019. The exchange reportedly held about CAD $250 million in customer cryptocurrency and fiat. Leading up to the cessation of operations, customers had been reporting on social media that they were experiencing delays with fulfilling withdrawal requests. However, things seriously began to unravel on January 31, 2019 when the message at quadrigacx.com citing maintenance as the reason for being offline – was replaced with a notice that the company had filed with the Nova Scotia Supreme Court for creditor protection. It will likely be some time before investors get a sense of what this all means, but what has been revealed to date paints a portrait of utter dismay. According to a filing with the Ontario Supreme Court of Justice released – November 9, 2019 – Canadian Imperial Bank of Commerce (CIBC) had frozen about CAD $25.7 million linked to QuadrigaCX’s cryptocurrency exchange operations, and which the bank had considered to be disputed funds. The filing suggested that the frozen funds represented money transferred to Custodian Inc. – a processor for QuadrigaCX. Custodian Inc. was reportedly established for the sole purpose of receiving and holding deposits for individuals transacting on the QuadrigaCX platform, however, CIBC observed that the sole officer and director of Custodian Inc. transferred a portion of deposited funds to his personal account with CIBC. QuadrigaCX attributed delays in customer withdrawals to the freezing of funds by the bank according to media reports. Customers took to social media to complain about issues concerning withdrawal requests. On January 14, 2019, a Tweet from the QuadrigaCX account announced that Gerald (Gerry) Cotten – the company founder and CEO – had passed. The affidavit filed in the Supreme Court of Nova Scotia by his widow Jennifer
Sextortion, ransomware, money laundering, tax evasion, terrorism, fraud; just a few crimes getting a boost from cryptocurrency. Is your organization affected? Are you ready to fight blockchain crime? Yesterday’s toolkit is not going to cut it in the cryptoverse; it’s time to consider what your needs are and tool up. According to the Association of Certified Fraud Examiners 2018 Report To The Nations, fraud can take 5 to 24 months to be detected. When we factor in vectors that are not being monitored – such as blockchain – the exposure can persist for much longer periods. It may take a while before some organizations realize that they have been affected by blockchain crime. When criminals commit offences related to blockchains, they appropriate tokens of value stored in the blockchain by stealth, by force, or in collusion – to their benefit, and to the detriment of their victims. In my previous post “Following The Money In The Age Of Blockchain“, I explained how – through blockchain forks – a victim could remain oblivious to being victimized through sheer ignorance. Other transactions involve the movement of value tokens from one party to another to facilitate illicit transactions. The emerging threat of blockchain crime warrants attention. Perceived anonymity has emboldened criminals to demand money in bitcoin to unlock computer files, or destroy purported webcam videos of victims in compromising states (fabricated threats given an air of legitimacy by providing the victim with a compromised password used by the victim and sold on the dark web). These are the obvious attacks, and they should be reported to law enforcement. The reports should include the bitcoin address to which the criminal requested to have funds sent. Even if your local law enforcement is not equipped today to do anything with these addresses, it is worth
In the age of blockchain, funds associated with death, divorce, taxes, and fraud are susceptible to the perils of forks in Bitcoin’s blockchain, in ways that can allow foul play to go undetected. Blockchain forks have opened up new avenues for money to be hidden in plain sight. But what is a blockchain fork?A blockchain fork is created when a cryptocurrency protocol is altered, and miners decide to maintain both the old and the new protocol. Both chains share legacy data, but at the time of the fork (when the new protocol is adopted), the network splits into the old protocol (A), and the new protocol (B). The letter “Y” provides a good visual of how a fork behaves. Blockchains create tokens which are ascribed names such as “bitcoin”; when there is a fork, a new name is ascribed to the new token such as “Bitcoin Cash”. The code or protocol, defines the difference between the two cryptocurrencies. In the case of Bitcoin Cash, a segment of the community proposed a solution for addressing Bitcoin’s scale problem, which the majority did not buy into. This resulted in the creation of Bitcoin Cash – a cryptocurrency that increased transaction throughput in a controversial way; by increasing block size. Cryptocurrency protocols continually undergo code improvements, and in most cases the majority of miners agree to adopt the new code and the blockchain continues its linear progression. When a cryptocurrency blockchain forks, things get interesting. Anyone who owned a bitcoin or a fraction of a bitcoin at the time of the fork, is automatically entitled to an equal number of the new cryptocurrency. The owner of 1 bitcoin at the time of the Bitcoin Cash fork – now owns 1 bitcoin and 1 Bitcoin Cash. This is often referred to as an airdrop