Recently, photo scams within the crypto world are becoming more and more frequent. Smaller exchanges find it hard to keep up with false two-factor authentication (2FA) frauds. However, reports that identified the newest threat point at a lack of complex protection as the main trigger.
[button link=”https://app.basitfx.com/login” size=”medium” target=”new” text_color=”#eeeeee” color=”#3cc195″]Check out the Safest Trading App[/button]
Officially, big platforms, such as Kraken, Coinbase, and Binance state they do not feel threatened by these photo scam attacks. However, other incidents do show that even the most robust safety measures can be broken. Hacks, 51% attacks, phishing emails, and other tactics took a lot of money from users since the start of the blockchain market.
Photo Scams Revealing Security Issues
There was never a good time to leave cryptos in online exchanges for a prolonged period. This is especially true when the volume is substantially large. Hackers could try to break defenses while exchanges themselves might close their operations. One of the more famous examples is QuadrigaCX, whose CEO died recently while not providing access to 430,000 ETHs. The scandal raised questions on whether the situation was intentional or not.
Recent developments in the market showcase yet another proof of the claim, this time with phishing strategy in tow. Instead of targeting traders and investors, scammers would trick the exchange’s staff using altered photographs. The goal is to change the 2FA process, allowing fraudsters to gain full access to the account. Since the request itself is a legitimate one, phishing attempt is hard to detect – result – loss of cryptocurrencies.
[button link=”https://app.basitfx.com/login” size=”medium” target=”new” text_color=”#eeeeee” color=”#3cc195″]No. 1 Security Trading Account[/button]
Research efforts by Hold Security and Bank Info Security show just how serious the issue is. With numerous data fraud techniques available, about 10,000 fake pictures are in circulation. Alex Holden, Hold Security’s Chief Information Security Officer, such photographs cost about $50 according to the company’s investigation. Obtained through the dark web, hackers would reset the 2FA easily. The issue is growing, as some exchanges do not have capacities to recognize a genuine user photo.
“Some companies cannot assert what their client looks like… It’s not like hackers publish success rates,” Holden says. “But because we know that [hackers who] we are monitoring are making money off of it, I’d say yeah.”
Big Platforms not Worried
Whereas smaller exchanges suffer under pressure, bigger competitors do not believe it is such a big problem. Both Kraken and Coinbase representatives commented that platforms’ complex verification processes are a safety layer in themselves. With regular checks happening daily, photo frauds would pose little to no threat. Binance also encountered the said phishing attack with doctored pictures. However, using a webcam’s “face verification,” the company successfully protects itself from such attacks.
“Given the measures we currently have in place, I don’t believe this threat is something for Binance to be particularly worried about at present.”
With adequate protection measures, attempts to use fake pictures would fail. Interestingly, both reports show that serious companies do have these attacks in mind. As such, they are hard to penetrate and even harder to fool. However, it also serves as a reminder that cybercriminals do have ways to improve their tactics. As such, they might gain access to solutions that would allow them to bypass even the most reliable protection systems.
Scams & Hacks are Ever-evolving
Since the start of the blockchain in 2009, hacking and photo scam attempts unveiled just how creative cybercriminals can be. Recent incidents at Coincheck, Coinrail, and other platforms took away $731 million from users. On the smaller scale, phishing emails and blockchain network attacks both have devastated smaller companies. EOS Bet is one of those, losing $338,000 of funds as hacker got hold of its app safety properties.
Ethereum Classic’s 51% attack triggered much debate in the community on the ability of blockchain to defend itself. Pausing all transactions, companies like Coinbase did help alleviate the situation. However, the aftertaste left after the incident shows that improved security systems are needed. Thus, new cryptocurrencies and teams backing them are in the midst of improving their defenses. Consequently, hackers are within the same process, enhancing their attacks and strategies as well.