The warning blared like a siren, a massive attack targeting users on the Binance cryptocurrency exchange.
"There is a massive phishing scam via SMS targeting,"
The scam, which entices users to cancel withdrawals via an SMS (short message service) text message and then directs them to a malicious website, is not a one-off event but part of a growing wave of crypto crime. The attacks are coming as the cryptocurrency market suffers a severe selloff, and scammers are taking advantage of less-savvy consumers during the panic.
In that way, cryptocurrency crime is becoming just like any other type of payments crime, according to Binance.
"They target innocent users, or the elderly, or the general public as a whole," said Tigran Gambaryan, vice president of global intelligence and investigations for Binance, one of the world's largest cryptocurrency exchanges. "User education is really the key."
Gambaryan was previously special agent at the Internal Revenue Service's cybercrimes unit, where he focused in identity theft, terrorism financing and Bank Secrecy Act Violations. He also investigated several high-profile cryptocurrency cases, including the
Cryptocurrency hackers stole more than $1.2 billion during the first quarter of 2022, according to
Illicit cryptocurrency addresses received more than $14 billion in 2021, up from $7.8 billion in 2020, according to
Cryptocurrency payments can be shielded from market volatility by using stablecoins, which tie their valuation to traditional currency, though the
"The security issue matters no matter what the market is doing," said Matt Price, who works on security at Binance. Before joining Binance in September 2021, Price was also a special agent with the IRS Criminal Investigation Cyber Crime Unit, where he led investigations into crimes designed to use cryptocurrency for illicit purposes.
Binance processed $7.7 billion in crypto exchange volume in 2021, and its Binance Coin is the Fifth most valuable coin by market capitalization behind Bitcoin, Ethereum, USD Tether and Cardano. The Binance Pay app supports more than 40 cryptocurrencies.
Gambaryan also joined Binance in 2021 as the crypto exchange bolstered audit and investigations capabilities.
Cryptocurrency fraud risk stems from digital asset transactions relying on digital wallets that have code problems or other weaknesses, according to Forrester Research. These flaws create openings for credential theft, keyloggers and other modes of attack. Attackers used phishing to steal Bitcoin from the Electrum wallet network, for example, while MyEtherWallet users were also victimized, the research firm said.
The emerging security risks to cryptocurrency transactions include poor blockchain implementation and external hacks the are contributing to "rampant" fraud in crypto payments, according to Andras Cser, a vice president and principal analyst at Forrester, adding the regulatory ambiguity of cryptocurrency also contributes to heightened fraud risk as the use of digital assets expand.
"Anti-money-laundering and compliance is extremely [early stage] with crypto payments and there's no governance for crypto payments," Cser said.
Binance partners with third parties such as Chainanalysis to analyze transaction data on blockchains to spot potential fraud through activities on its platform.
That's led to warnings such as the massive phishing SMS scam, as well as alerts on criminal activity around new cryptocurrency-adjacent innovations such as nonfungible tokens. Nonfungible tokens, or NFTs, which are a digital representation of art or other content, are
Binance's research has flagged potential
"We spend a large portion of each day meeting with blockchain analytics companies and law enforcement, and when an attack does touch Binance, we're able to freeze accounts and hopefully aid in getting the folks involved arrested," Price said.
The expanding threat of cryptocurrency scams and transaction fraud is equal to or perhaps greater than the risk of market volatility, according to Gambaryan. "I've been through at least five of these downturns, where people said crypto is dead. Crypto is here, the Pandora's box has been open"
As the market recovers and grows following each downturn, more targets for fraud emerge, similar to other advancements in payments that draw new adoption and more attention from scammers, Price said.
"When I started at the IRS in 2009, the big thing was scams tied to prepaid debit cards," Price said of attacks that use stolen or compromised credentials to misdirect funds. "But as crypto is widely adopted, we're seeing these types of scams also moving to crypto."