{"id":193025,"date":"2021-03-03T14:21:00","date_gmt":"2021-03-03T11:21:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/step-by-step-how-crypto-fraud-and-security-breaches-are-investigated\/"},"modified":"2021-03-03T14:21:00","modified_gmt":"2021-03-03T11:21:00","slug":"step-by-step-how-crypto-fraud-and-security-breaches-are-investigated","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/step-by-step-how-crypto-fraud-and-security-breaches-are-investigated\/","title":{"rendered":"# Step by step: How crypto fraud and security breaches are investigated"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a337419d6a36\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a337419d6a36\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/step-by-step-how-crypto-fraud-and-security-breaches-are-investigated\/#Hunting_the_hackers\" >Hunting the hackers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/step-by-step-how-crypto-fraud-and-security-breaches-are-investigated\/#An_investigation_in_action\" >An investigation in action<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/step-by-step-how-crypto-fraud-and-security-breaches-are-investigated\/#Keeping_track\" >Keeping track<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># Step by step: How crypto fraud and security breaches are investigated <\/strong>&#8221;<\/p>\n<div class=\"post-content\" data-v-5a136f3a>\n<p dir=\"ltr\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/crystalblockchain.com\/\"><img loading=\"lazy\" decoding=\"async\" width=\"1480\" height=\"200\" alt=\"\" src=\"https:\/\/s3.cointelegraph.com\/storage\/uploads\/view\/102792dee32898a7dcca06eb060f94bb.jpg\"><\/a><\/p>\n<p dir=\"ltr\">It\u2019s every exchange\u2019s worst nightmare: Falling victim to a security breach. An incident can disrupt a trading platform\u2019s operations for weeks, affect customer confidence and damage a carefully cultivated reputation \u2014 even causing crypto markets to fall in some cases.<\/p>\n<p dir=\"ltr\">Crypto companies have been ramping up their security measures in recent years, determined to ensure that malicious actors don\u2019t get an opportunity to infiltrate their systems. This has prompted hackers, scammers and fraudsters to rely on more sophisticated techniques.<\/p>\n<p dir=\"ltr\">One crucial weapon has emerged that helps trading platforms take speedy action in the event that their infrastructure is compromised: Analytics software. But how do these companies go about their investigations whenever a breach is reported? What are the tools that can be relied upon to follow a thief\u2019s tracks?<\/p>\n<p dir=\"ltr\">This is a step-by-step guide to investigating crypto fraud, security breaches and ransomware.<\/p>\n<h2 dir=\"ltr\"><span class=\"ez-toc-section\" id=\"Hunting_the_hackers\"><\/span>Hunting the hackers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p dir=\"ltr\">Irrespective of whether cryptocurrencies are stolen through fraudulent activities or scams \u2014 with ransomware becoming an increasingly popular method for swindling victims \u2014 investigation techniques often follow a similar pattern.<\/p>\n<p dir=\"ltr\">The first step is to identify a criminal\u2019s crypto address as soon as possible. This information can then be passed on to analytics software companies, which can im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely tag the address as high risk. Doing this quickly can ensure that the entity is easier to track. There can be times when there\u2019s little information about an address hash, but this doesn\u2019t mean that there\u2019s a dead end. That\u2019s because transaction and date filtering can be used instead.<\/p>\n<p dir=\"ltr\">Next, it\u2019s a race against time to start tracking bad actors who may begin to obfuscate the funds that they have mis<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ropriated. They may start sending transactions to other exchanges or use mixing services and darknet entities. Although this commonly happens immediately after crypto has been taken, it can sometimes take months or years for obfuscation to commence \u2014 when a criminal may think no one is looking. Analytics providers can offer transaction alerts to ensure that victims can be immediately notified when funds flow to or from an address.<\/p>\n<p dir=\"ltr\">These transaction alerts need to be acted upon as a matter of urgency, as work begins to follow the trail. A crucial step involves notifying exchanges that might end up receiving some of this crypto to ensure they are able to block stolen funds that flow into their accounts. Visualization tools can play a role in illustrating how misappropriated assets are distributed \u2014 and show the addresses that may be directly or indirectly connected to the criminal.<\/p>\n<h2 dir=\"ltr\"><span class=\"ez-toc-section\" id=\"An_investigation_in_action\"><\/span>An investigation in action<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p dir=\"ltr\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/crystalblockchain.com\/\">Crystal Blockchain<\/a> has shared an example of how investigations work in practice. The analytics software provider recently played an instrumental role in examining the aftermath of a hot wallet security breach that affected Eterbase in September 2020,\u00a0which Cointelegraph reported on at the time.<\/p>\n<p dir=\"ltr\">Immediately after the theft took place, Eterbase sprang to action by publicly announcing the address that was used by the Bitcoin thief. This enabled Crystal to immediately tag this wallet as a high-risk entity.<\/p>\n<p dir=\"ltr\">Quickly, it became possible to piece together information about this address \u2014 including statistics on further transactions and connections. It soon emerged that this suspicious wallet had connections to 16 other addresses.<\/p>\n<p dir=\"ltr\">Through Crystal\u2019s All Connections tool, it was revealed that this address had indeed received funds from Eterbase, as well as other exchanges, which had been sent on to a plethora of unnamed entities.<\/p>\n<p dir=\"ltr\">The company said it was able to look further than a one-hop distance \u2014 and include indirect connections in its results. From here, it was established that 80% of the total funds that were stolen had been sent to a mixing service.<\/p>\n<p dir=\"ltr\">Eterbase went live once again on Jan. 15 \u2014 with its team asking exchange users to stop using old crypto deposit addresses that belonged to their accounts. In an update at the end of January, the company said that an official investigation is still ongoing \u2014 and it stressed that affected users who are eligible for a refund will receive one as soon as possible.<\/p>\n<h2 dir=\"ltr\"><span class=\"ez-toc-section\" id=\"Keeping_track\"><\/span>Keeping track<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p dir=\"ltr\">Crystal Blockchain says crypto crime is growing in parallel with the crypto markets. The company recently\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/crystalblockchain.com\/security-breaches-and-fraud-involving-crypto\">released a map<\/a> of security breaches and fraud within the digital assets sector over the past 10 years.<\/p>\n<p dir=\"ltr\">The interactive timeline tracks the number of incidents in every year since 2011, and also provides a total figure for the funds that were stolen. Its data suggests that $1.48 billion was taken across 28 incidents in 2020.<\/p>\n<p dir=\"ltr\">Users who visit this article can also use a spinning globe to find out the total volume of funds that have been stolen in countries around the world \u2014 with the hardest-hit nations colored in the darkest shade of red.<\/p>\n<p dir=\"ltr\">According to Crystal, the most common locations for exchange breaches include the U.S., the U.K., South Korea, Japan and China. The largest-ever crypto security breach remains the incident involving the\u00a0Japanese exchange Coincheck in 2018, overtaking the Mt. Gox incident back in 2014.<\/p>\n<div style=\"background-color: #f0f0f0; padding: 8px 21px; font-weight: bold; color:#253137;\">Learn more about <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/crystalblockchain.com\/\" style=\"color: #253137\">Crystal Blockchain<\/a><\/div>\n<div id=\"post-content\"><span style=\"font-size: 12px; color: rgb(169, 169, 169);\"><span style=\"font-weight: 600\">Disclaimer.<\/span> Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice. <\/span><\/p>\n<\/div>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/step-by-step-how-crypto-fraud-and-security-breaches-are-investigated\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Step by step: How crypto fraud and security breaches are investigated &#8221; It\u2019s every exchange\u2019s worst nightmare: Falling victim to a security breach. An incident can disrupt a trading platform\u2019s operations for weeks, affect customer confidence and damage a carefully cultivated reputation \u2014 even causing crypto markets to fall in some cases. Crypto companies&#8230;<\/p>\n","protected":false},"author":1,"featured_media":193026,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy8xY2Y1Yjk3YjE1MWY5OGY1YTVlY2EyNzMxNjA5ZWU5YS5qcGc=.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74882,72287],"class_list":["post-193025","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-hacks","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/193025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=193025"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/193025\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/193026"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=193025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=193025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=193025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}