The tenth part of the Ethereum crypto currency invested in the ICO was stolen by fraudsters who used phishing sites and social network accounts for this. The amount of cyber-theft is already approaching the amount of funds stolen by the usual way. Participation in the initial placement of the tokens (Initial Coin Offering - ICO) on the Ethereum blockbuster platform (crypto currency ether) assumes that in one of ten cases a participant will become a victim of fraud. This is reported by Bloomberg.
The losses from phishing scams on this platform have already reached $ 225 million this year, the agency refers to the data of the New York firm Chainalysis, which develops software to combat money laundering. All ICO's in Ethereum this year are estimated at $ 1.6 billion, said co-founder Jonathan Levin. For comparison, in 2015 in the US, losses from conventional fraud amounted to $ 390 million.
According to Chainalysis, digital thefts are due to the fact that investors mistakenly send money to Internet addresses that are represented as sites for ICO.
Most scammers create accounts in social networks or individual sites. For example, the name of the fraudulent project illuminate differs from this iLLuminate only in the case of two letters.
More than 30 thousand people were the victims of fraud, connected with the crypto-currency ether, each of them lost about $ 7,5 thousand, the company's statistics specifies.
A large number of thefts are due to the insufficient security of the infrastructure of the detached block, the experts interviewed by RBC are convinced. First of all, this applies to electronic purses, in which investors in the crypto currency keep their funds.
Such purses are divided into "hot" and "cold", explains the head of the group for the provision of legal services for technological projects of Deloitte in the CIS Artem Tolkachev. "Any crypto currency has two keys: public key (it is indicated for transferring funds to it and is available to everyone) and private (which is known only to the owner and is needed to confirm the transaction). If a person uses a "hot" purse, then both these keys are stored on the Internet from an external provider. If "cold", the private key is on an external device (for example, a flash drive) and is not available to anyone other than the user, "- says the expert.
Accordingly, when hackers steal login and password from a "hot" wallet, they automatically gain access to both keys.
Hacking a "cold" wallet is also possible, warns the managing partner of United Traders company Anatoly Radchenko. "Money from the wallet in this case can steal the Trojan, but this happens rarely. Only a good antivirus can protect a user, "he says.
For those who prefer "hot" storage, the expert advises you to connect two-factor authentication. "A person matches their phone or email address with a password from the site where the wallet is located. With two-factor authentication, in addition to the login / password pair, it needs to enter the code that came to the phone or mail, or when entering the wallet, or when trying to transfer funds from the exchange or to the exchange, "Radchenko explains.
Artem Tolkachev adds that you should not keep all your money in one purse, but rather share your savings between different sites.
Experts agree that it is extremely difficult to find hackers. Scammers create a lot of false addresses and anonymous wallets, to determine the identity of which a specific person is impossible.
Ethereum - the second most popular crypto currency after Bitcoin. The airing rate is $ 324.92. The most popular currency is Bitcoin - $ 4151.47.
Earlier, the Securities and Exchange Commission (SEC) equated the primary offer of tokens to the traditional placement of securities and warned about the need to register such transactions in order to ensure market transparency.
The SEC's decision was criticized. For example, the founder of VKontakte and Telegram Pavel Durov stated that "the SEC banned American companies and investors from taking part in the future of the world economy."