Whale Alert is back. We had the pleasure of conducting a second interview with the co-founder of Whale Alert. This time, we discussed how much scamming and hacking is going on in the crypto space constantly. Also, how you can protect yourself from scams. The probability of a newcomer being hacked is much higher that an experienced trader in the crypto space, and this is affecting adoption of crypto.
(Frank : Co-Founder at Whale Alert)
Interview Date :31st August 2020
Check Your Recipient BTC Address; Scam Alert
We have built a completely new and different website called https://scam-alert.io/. We are dealing with so many transactions every day on blockchains. There are particular reasons why these transactions are happening on blockchains. One of the biggest reasons is that people are buying and selling coins on exchanges because the reason for those transactions executed is unknown most of the time. We have confirmed that some of those transactions have been used for terrorism funding and extortions.
There are a couple of companies that made claims on how much Bitcoiners use coins in scams and illegal activities. We wanted to check those claims and tried to verify that information, but we were not happy with the sources that were available on scam addresses and websites. There are a couple of them, but they do not do much besides collecting reports from people or copy and repost articles from other sources. It is very fragmented, and thus we could not trust the reports. Also, nobody was checking or confirming these reports and information on those articles. There was no additional analysis being done on any of those reports either. That is how we decided to do a better job and created our homepage, https://scam-alert.io/.
Overly Convoluted, and Privacy Leakage Problems
We created our scam submission site based on our experiences. We took in count what works and what does not work. For instance, we thought that a lot of these websites where you can report scams, especially the ones that are run by the police in various countries, are overly convoluted. There is too much information being asked from users when they want to file a report of a scam. That discourages them from filing those reports.
There are also a lot of privacy issues with them. Some people who want to file a scam-report have most likely visited pornographic sites (some maybe even illegal dark-web sites). When reporting a scam, they must confess to what websites they have been. That is not something most are willing to do, so even if they were scammed, they choose to remain silent. We decided to launch Scam Alert to not just collect the data on scammers and hackers, but also the data or addresses and websites. It is a place for people where they can check addresses, they want to send money to or websites that they visit for investments, for example. We combine the databases we have about scams on Whale Alert engines to create a clear perspective on the scam industry. If you go on the homepage, you will see the top scam transactions and the top scammers, and much more. It has given us a lot of insight into what is happening in blockchain and how big the scam industry is.
Now we do not stop there. We are also checking what addresses we think that people should not go to or send any money to. In many cases, people are not aware of where they are sending the money. Right now, we have over 50 thousand addresses that are being used for scams or are scam related. This information could be used on exchanges, for example, to do a pre-check before they send out money which people can withdraw from the exchanges. They can also confirm if it is a known scammer or if the address is of a website that has been flagged.
Scammers are Amateurs
Before we started the Scam Alert project, we thought hackers and scammers were quite skilled people who know what they are doing, as these are pretty serious offenses. However, we found out that a lot of these scammers are amateurs. They know how to build a basic and simple website, and how to create a bitcoin account. And that is it. That is all you need to start scamming people. We have seen a lot of these scam transactions move from scam sites to exchanges, even though these exchanges have KYC. That should never happen. I am confident that we can catch a significant amount of these scammers if there were cooperation between the exchanges, police, and an organization like us.
2020 Giveaway Scams
The giveaways have been the main scams of this year. Before the massive hack of Twitter accounts of famous and influential people, like Elon Musk, Barack Obama, Vitalik Buterin, etc. There were several giveaway scams where scammers pretend to be famous people and promise to double the return of whatever money or BTC you would send to them. If you think about the scheme of the operation and discard the connections to famous people, you would think that it is a scam without a doubt. Any critical person would realize that is not how things work. However, because there is a code of a famous personality like Elon Musk, who is known as a crazy and genius scientist that does weird things, this kind of a giveaway-scheme would fit the picture. This kind of setup clicks in some people’s heads, so they send BTCs. In some cases, we have seen people sending 16 BTC to 20 BTC, and they expect to see the double back, but they never see their BTC again. The only connections these giveaway scams had before the twitter hack was just a famous personality picture on a made-up website saying “I am giving away money”. That was enough for some people to get scammed, but most people would say “that’s not the real Elon Musk”. However, the scammers were somehow able to hack Twitter and get control over the accounts of many influential voices like the Real Elon Musk, and tweet about doing a giveaway. That gave the scammers legitimacy. It looked like the real Elon Musk was saying he is giving away money on this official account, so it must be true. By this, the scammer managed to lift those giveaways to the next level but fortunately for everyone involved, the hackers did it in an amateurish way, which limited the amount of money stolen.
The Twitter hack has broken some trust of its users. At first, you think that only one account got hacked, but then you realize all these official accounts got hacked. For a company like Twitter to have something like this happening is a big deal. People trust twitter having their security up, but that was not the case. Witnessing the hack, the users have become cautious.
We wanted to find out how this could have happened and who the perpetrators were, so we dived right into our research and started investigating. We started checking those addresses, but the hack vanished and bled out quickly. It was only possible because these were too high profiles involved, so the scammers exited pretty fast. It was not going on for a very long time, and the damage control was pretty low if you consider how much damage they actually could have caused. Thus, the amount of BTC that transferred to those addresses was limited. I think the scammers realized that they had made a mistake pretty early on. I am sure the scammers were expecting to make a million or so through the Twitter hack.
The Twitter hack was a small Hack
There are many give away scams still going on. Last month was when the last payment to a giveaway scam address happened. The biggest giveaway scam recently was pretending to be the Gemini exchange, and that scam ran from July 4th to July 17th, so approximately two weeks. The scammer made 350,000 US dollars, and they only used a simple website, a telegram account, and YouTube to scam people. They make a lot more money than the Twitter scam. However, nobody is paying attention to it. One reason for it is, it is such a low-profile scam, and YouTube deletes the videos as soon as they find out about the incidents.
Be Aware of Vanity Addresses
Right now, we have found ten different giveaway scams using vanity addresses with Gemini. Generally, bitcoin addresses are a random address, but it is possible to get a bitcoin address with a specific name in it. An address can start with “1” or “3”, and the next letters can be “ElonMusk” or “Gemini”. We have found many such vanity addresses in our database, and together they have managed to steal millions of dollars.
So far, nobody has been doing anything about it, but it is very easy to do something about it because those addresses do not change that much. For example, we have seen transactions from exchanges go directly to these giveaway addresses, and that should never happen. An exchange should never be exposing their customers to those scams, but nobody is doing anything to stop it, which is very alarming.
New Crypto Users are Most Vulnerable
I think that it happens to a small portion of crypto users, and the worst thing about it is that it happens to people who are not familiar with bitcoin or are new users to the cryptocurrency world. A lot of these scams are the first introductions to bitcoin for many people. These new users do not have any other connection to the community. For example, one transaction of five BTC to the Gemini vanity scam address got carried out recently, and so now, a person has lost 5 BTC. You can confirm that on our homepage. Is he going to come back to the cryptocurrency space and complain about it? I do not think so. He is probably discouraged to use crypto ever again. There is no proper feedback about these scams happening and how damaging they are. I believe the regulators in the cryptocurrency community do not care much about such matters as they should. They should be more present and have a clear voice to the users and such activities.
Interviewer , Editor : Lina Kamada
【Disclaimer】
The Article published on this our Homepage are only for the purpose of providing information. This is not intended as a solicitation for cryptocurrency trading. Also, this article is the author’s personal opinions, and this does not represent opinion for the Company BTCBOX co.,Ltd.