Whale Alert is back. We had the pleasure of conducting a second interview with the co-founder of Whale Alert. This time, we discussed how much scamming and hacking is going on in the crypto space constantly. Also, how you can protect yourself from scams. The probability of a newcomer being hacked is much higher that an experienced trader in the crypto space, and this is affecting adoption of crypto.
(Frank : Co-Founder at Whale Alert)
Interview Date :31st August 2020
- Frank from Whale Alert (All Interviews)
- Check Your Recipient BTC Address; Scam Alert
- Overly Convoluted, and Privacy Leakage Problems
- Scammers are Amateurs
- 2020 Giveaway Scams
- The Twitter hack was a small Hack
- Be Aware of Vanity Addresses
- New Crypto Users are Most Vulnerable
- People Are More Aware
- How to Check a Scam Website?
- Demographics of Scammers
- Do you pay attention to public figures?
- Vigilantism in Bitcoin
- Policing Problem in the Netherlands
- Token Size Matters
- Digital Gold Does Not Mean Gold
Frank from Whale Alert (All Interviews)
Check Your Recipient BTC Address; Scam Alert
We have built a completely new and different website called https://scam-alert.io/. We are dealing with so many transactions every day on blockchains. There are particular reasons why these transactions are happening on blockchains. One of the biggest reasons is that people are buying and selling coins on exchanges because the reason for those transactions executed is unknown most of the time. We have confirmed that some of those transactions have been used for terrorism funding and extortions.
There are a couple of companies that made claims on how much Bitcoiners use coins in scams and illegal activities. We wanted to check those claims and tried to verify that information, but we were not happy with the sources that were available on scam addresses and websites. There are a couple of them, but they do not do much besides collecting reports from people or copy and repost articles from other sources. It is very fragmented, and thus we could not trust the reports. Also, nobody was checking or confirming these reports and information on those articles. There was no additional analysis being done on any of those reports either. That is how we decided to do a better job and created our homepage, https://scam-alert.io/.
Overly Convoluted, and Privacy Leakage Problems
We created our scam submission site based on our experiences. We took in count what works and what does not work. For instance, we thought that a lot of these websites where you can report scams, especially the ones that are run by the police in various countries, are overly convoluted. There is too much information being asked from users when they want to file a report of a scam. That discourages them from filing those reports.
There are also a lot of privacy issues with them. Some people who want to file a scam-report have most likely visited pornographic sites (some maybe even illegal dark-web sites). When reporting a scam, they must confess to what websites they have been. That is not something most are willing to do, so even if they were scammed, they choose to remain silent. We decided to launch Scam Alert to not just collect the data on scammers and hackers, but also the data or addresses and websites. It is a place for people where they can check addresses, they want to send money to or websites that they visit for investments, for example. We combine the databases we have about scams on Whale Alert engines to create a clear perspective on the scam industry. If you go on the homepage, you will see the top scam transactions and the top scammers, and much more. It has given us a lot of insight into what is happening in blockchain and how big the scam industry is.
Now we do not stop there. We are also checking what addresses we think that people should not go to or send any money to. In many cases, people are not aware of where they are sending the money. Right now, we have over 50 thousand addresses that are being used for scams or are scam related. This information could be used on exchanges, for example, to do a pre-check before they send out money which people can withdraw from the exchanges. They can also confirm if it is a known scammer or if the address is of a website that has been flagged.
Scammers are Amateurs
Before we started the Scam Alert project, we thought hackers and scammers were quite skilled people who know what they are doing, as these are pretty serious offenses. However, we found out that a lot of these scammers are amateurs. They know how to build a basic and simple website, and how to create a bitcoin account. And that is it. That is all you need to start scamming people. We have seen a lot of these scam transactions move from scam sites to exchanges, even though these exchanges have KYC. That should never happen. I am confident that we can catch a significant amount of these scammers if there were cooperation between the exchanges, police, and an organization like us.
2020 Giveaway Scams
The giveaways have been the main scams of this year. Before the massive hack of Twitter accounts of famous and influential people, like Elon Musk, Barack Obama, Vitalik Buterin, etc. There were several giveaway scams where scammers pretend to be famous people and promise to double the return of whatever money or BTC you would send to them. If you think about the scheme of the operation and discard the connections to famous people, you would think that it is a scam without a doubt. Any critical person would realize that is not how things work. However, because there is a code of a famous personality like Elon Musk, who is known as a crazy and genius scientist that does weird things, this kind of a giveaway-scheme would fit the picture. This kind of setup clicks in some people’s heads, so they send BTCs. In some cases, we have seen people sending 16 BTC to 20 BTC, and they expect to see the double back, but they never see their BTC again. The only connections these giveaway scams had before the twitter hack was just a famous personality picture on a made-up website saying “I am giving away money”. That was enough for some people to get scammed, but most people would say “that’s not the real Elon Musk”. However, the scammers were somehow able to hack Twitter and get control over the accounts of many influential voices like the Real Elon Musk, and tweet about doing a giveaway. That gave the scammers legitimacy. It looked like the real Elon Musk was saying he is giving away money on this official account, so it must be true. By this, the scammer managed to lift those giveaways to the next level but fortunately for everyone involved, the hackers did it in an amateurish way, which limited the amount of money stolen.
The Twitter hack has broken some trust of its users. At first, you think that only one account got hacked, but then you realize all these official accounts got hacked. For a company like Twitter to have something like this happening is a big deal. People trust twitter having their security up, but that was not the case. Witnessing the hack, the users have become cautious.
We wanted to find out how this could have happened and who the perpetrators were, so we dived right into our research and started investigating. We started checking those addresses, but the hack vanished and bled out quickly. It was only possible because these were too high profiles involved, so the scammers exited pretty fast. It was not going on for a very long time, and the damage control was pretty low if you consider how much damage they actually could have caused. Thus, the amount of BTC that transferred to those addresses was limited. I think the scammers realized that they had made a mistake pretty early on. I am sure the scammers were expecting to make a million or so through the Twitter hack.
The Twitter hack was a small Hack
There are many give away scams still going on. Last month was when the last payment to a giveaway scam address happened. The biggest giveaway scam recently was pretending to be the Gemini exchange, and that scam ran from July 4th to July 17th, so approximately two weeks. The scammer made 350,000 US dollars, and they only used a simple website, a telegram account, and YouTube to scam people. They make a lot more money than the Twitter scam. However, nobody is paying attention to it. One reason for it is, it is such a low-profile scam, and YouTube deletes the videos as soon as they find out about the incidents.
Be Aware of Vanity Addresses
Right now, we have found ten different giveaway scams using vanity addresses with Gemini. Generally, bitcoin addresses are a random address, but it is possible to get a bitcoin address with a specific name in it. An address can start with “1” or “3”, and the next letters can be “ElonMusk” or “Gemini”. We have found many such vanity addresses in our database, and together they have managed to steal millions of dollars.
So far, nobody has been doing anything about it, but it is very easy to do something about it because those addresses do not change that much. For example, we have seen transactions from exchanges go directly to these giveaway addresses, and that should never happen. An exchange should never be exposing their customers to those scams, but nobody is doing anything to stop it, which is very alarming.
New Crypto Users are Most Vulnerable
I think that it happens to a small portion of crypto users, and the worst thing about it is that it happens to people who are not familiar with bitcoin or are new users to the cryptocurrency world. A lot of these scams are the first introductions to bitcoin for many people. These new users do not have any other connection to the community. For example, one transaction of five BTC to the Gemini vanity scam address got carried out recently, and so now, a person has lost 5 BTC. You can confirm that on our homepage. Is he going to come back to the cryptocurrency space and complain about it? I do not think so. He is probably discouraged to use crypto ever again. There is no proper feedback about these scams happening and how damaging they are. I believe the regulators in the cryptocurrency community do not care much about such matters as they should. They should be more present and have a clear voice to the users and such activities.
People Are More Aware
I think that the Twitter hack helped to make many aware of the illegal activities and illicit scams that are going on in the space. That brought the giveaway scams into the media, and I feel the number of people falling for these scams has gone down a little. So, it did help in that sense, but I do not think that people should be the ones to create awareness. It should be the exchanges and the places that are selling cryptocurrencies to the people. People do not hold BTC from anywhere. They are buying it from somewhere. So, I think the responsibility of awareness should shift towards those trading platforms, exchanges, and institutions.
How to Check a Scam Website?
We look at websites and the data websites put up. We take snapshots of websites and check if they are or not secure. It costs money to do everything on a website properly, and therefore the scam websites are often not built very well. That is a technical factor that you can consider when you go on a website. The first thing to look at is their social media accounts. A lot of those websites use a Twitter, Facebook, and Instagram icon on their websites, but when you click on it, it does not lead you anywhere, and that right away tells you it is a scam.
Another thing to be noticed is, those scam websites use the same templates. You have these very good-looking front pages, but when you click further to register, it becomes very amateurish. Also, bad use of English is an important factor. I think a lot of these scams are happening from India. Indian English is not American English. I would not say it is bad English, but there are a lot of strange expressions, words, and phrases which they use that no proper Exchange does use. Also, such scam sites use a single bitcoin address for deposits instead of unique addresses per client. So, there is a long list of ways on how to recognize these scams. There are a lot of amateurish scams, but there are also very good ones, so one has to check before doing anything, or else the assets will be gone for good.
Demographics of Scammers
We do not have any direct proof of where people are conducting such scams and hacks. The only reliable factors to guess where they are from is the language they use and the information I get from other anti-scams articles I read. More traditional scams such as phone scams have shifted their focus. For example, we have recently been receiving a lot of reports of people being called on their phones and asked to invest in BTC on scam websites. There are a lot of phone scams happening in the US. Most of the scammers most likely have a call center in India, where they do all of these calls all around the hour to scam people. If you look at these scam websites, they all use the same 24/7 available chat features in the bottom right of the website. They always state “We are available for chats if you have any questions”. These are live chats, and if you click on it and send a message, they will answer you back within 5 min. So, there is always someone who is keeping an eye on those chats on websites. One person cannot do all that, so we think there must be a whole team behind it. Traditionally, I would think that it is mostly done in India because Indian people also speak good English. If you speak English, it opens the world for you. That also means that a scammer can scam people from all over the world.
Do you pay attention to public figures?
We try to keep away from famous people in the space. Most of them have a cult of personality, and whatever they say, people see it as a voice of authority. That is why those giveaway scams have been able to create issues and damages. It shakes the trust of people when such things happen. It is not that the figure itself is not trustworthy, but other people use those images to push their agenda or try to scam people. In the case of Elon Musk, whenever he or any other famous figure says something about blockchain or space, it does a disservice to the people who are building and who are anonymous behind the scenes. Hence, we try to keep away from any claims or statements that are made by these prominent figures. Whatever they say is contaminated by their status, which is inevitable. Again, it is not to say that what they say is not valuable, but you should be careful with taking anything from any source, and you should also take the gravity of their personalities into account.
Vigilantism in Bitcoin
There is one big problem in the blockchain that also is its strength, and that is the decentralized side of blockchain. Police might locally have some authority on the exchanges. However, since it is a global business, there is always a way to transfer money from one place to another, when it is out of the reach of specific authority. Even the US has problems with confiscating Bitcoin due to addresses they are not familiar with. There is no other way to create a safe environment for this space unless the players themselves police it.
Most of the traffic goes through exchanges like Binance, Bitfinex, Coinbase, Houbi, etc. If they decide to start policing blockchains properly and make sure that the transactions are not illegal, it would make it much harder for hackers and scammers to exist in the space. I can understand that people are opposed to these kinds of things because they like the decentralized part of Bitcoin and the community. However, I think it is necessary to have some order in a maturing blockchain market. This kind of hacks and scam activities need to stop because the damage is getting too high, and the rewards are too great for the scammers. It is going to take some time before regulation and law are up to speed with what is happening, so we have to take action ourselves.
Policing Problem in the Netherlands
We have problems with regulators not taking sufficient and safe measures for the cryptocurrency space here in the Netherlands as well. We are desperate for some regulation and guidelines, but it is a difficult road as it is not a priority for the regulators to establish laws and regulations. They do not know what to do about it. The Netherlands is a very bureaucratic country, so things move slow. Thus, we decided we will simply ignore regulators for now, in the sense that we will track these criminals ourselves. We are going to build the needed products to stop these criminals without the regulators because there is no point in waiting. The traditional methods are not able to keep up with today’s new industries and evolutions. So, if we get into any trouble due to taking action on our own, if exchanges get into legal trouble for confiscating bitcoin, let us have the conversation with regulators then. I think that we have to do yourself as a cryptocurrency community, and not rely on the traditional ways of tracking and confiscating funds.
Token Size Matters
USDT Token Swap is something that has been happening for a couple of years now. In the beginning, we had the Omni layer. That was a layer on top of Bitcoin where Tether was used. As more transactions got executed on the Omni layer with Bitcoin, the fees became more expensive, and the system slowed down. The creators tried to solve that problem by issuing a token on Ethereum, and eventually, a lot of transactions on Ethereum were Tether transactions. That was part of the reason why the Ethereum network got congested, so they switched to Tron. They put additional tokens on TRX, and so on. I think we will see many more blockchains with USDT tokens, but this will only create more confusion, especially in the case of exchanges. If you have Tethter on an exchange, the Tether is in the order books of the exchange. So, it is in the exchange wallet, but not in our wallet, and it doesn’t matter if it’s on TRX, Ethereum, etc.
As soon as you want to take it off the exchange, you have to make a choice. Do you want your assets on the Bitcoin blockchain, or the Ethereum blockchain, or TRX blockchain? Whatever you decide on, the exchange must have the correct blockchain to support your transaction. Also, the exchange must have enough Tether to carry out your transaction. If a client on an exchange wants it on the Ethereum blockchain, but the exchange only has TRX Tether, they need to swap the TRX Tether to Ethereum Tether first. Many of these swaps do not change the total supply of Tether, but they inconvenience the customer. We do have insight into who is holding what and how much Tether. However, we do not know their identities. We do know that some of these exchanges have some very wealthy clients who have a lot of USDT and are swapping it regularly.
Many of these wealthy clients are using new prints for Tether and these swaps. Occasionally, when there is extra money printed on the blockchain, a lot of people use this as verification or validation for that blockchain is growing. However, is it correct to validate this as the growth of a blockchain? It depends on how you interpret these prints, and people should know about this, which is happening on a blockchain they have their assets.
Digital Gold Does Not Mean Gold
Many companies are offering tokens backed with gold, and call it digital gold. A lot of these companies are in Asia, as it is more popular than the western world. There is a gold Tether token as well. If you have a token that is backed by gold, the gold is not yours. It is the same thing as any gold-backed currency. You assume that you can trade the token for the gold, but you do not have the guarantee that the gold exists. I would do thorough research on any platform that offers digital gold or any token backed with gold, as we have found scams that promise a gold-backed token. That goes for any token that claims to be currency backed as well. It is important to know if those tokens are backed by the actual asset from a trustworthy company that has the reserves and can cash out.
There are a lot of scams going on, and they are usually not revealed until the damage has been done. Gold-backed tokens are popular in countries where they do not have actual gold reserves, such as east Asian countries. Such tokens, in particular, get people excited, and I can understand the sentiment. However, so do scammers. The scammers know what sells and what gets people excited. There is a lot of activity going on, like on Telegram and other social media platforms that sell scams as well. The most important factor to be considered is, if you do not have any of the real assets in your hands, it is not yours.
Whale Alert Homepage To Be UpdatedTo be honest, our homepage is getting dated. The number of followers is about 200 000 now, but we need a new website. There are a lot of things we want to do. We have many plans for executing better tracking and better data collection methods, etc. We also would like to build the opposite of Scam Alert, where we focus on what address, institutions, organization, trading platforms you can trust. So, not only focusing on the negative, but also focusing on who we think is trustworthy in this industry. We have a pretty strong voice in the community right now, and we would like to use this voice to send people to projects that we think are trustworthy, and that is central for blockchain development. Unfortunately, all those things cost resources, and you can never have enough resources for those operations, but hopefully, we will achieve this goal soon.
The current Whale Alert homepage is designed for people who know data. So, it is not very user friendly for people who are not too familiar with programming and data sets. I do think the best thing to do is follow us on twitter and on social media sites to be updated on any new moves that occur in the space. Also, read some of the articles we have written about Ripple and others, as well as, you should go to Scam Alert. We have plans to make an app in the near future that will allow less tech-savvy users to interpret the data as well.
Interviewer , Editor : Lina Kamada
The Article published on this our Homepage are only for the purpose of providing information. This is not intended as a solicitation for cryptocurrency trading. Also, this article is the author’s personal opinions, and this does not represent opinion for the Company BTCBOX co.,Ltd.