Explainer: How Thieves Steal Cryptocurrency

Crypto investors often object to centralised control and reject stringent oversight – and that sometimes leads to lax security


When US officials announced on Tuesday they had recovered $3.6 billion of bitcoin stolen from a Hong Kong exchange in 2016, the case threw some light on the scams that surround cryptocurrency.

Bitcoin and other cryptocurrencies are bought, sold and stored on exchanges, just like commodities in the non-virtual world.

But crypto investors and those who organise exchanges often object to centralised control and reject stringent oversight – and that sometimes leads to lax security.

“Exchange sites have stocks that are relatively large at any given time in crypto,” said Manuel Valente of Coinhouse, a French company that manages crypto transactions.

“But these are servers, machines — and malicious people sometimes manage to get into their servers and steal money.”

Most of these problems are caused by weak security, he said. Alexander Stachtchenko of KPMG agrees, pointing out that some platforms still store passwords on their servers.

“If you can get into the server, you can steal the passwords,” he says. “Once you have the passwords, you move the bitcoins from one address to another and then people don’t have access to those bitcoins.”


Hacking Blockchain

All things crypto rely on the blockchain — a chain of code composed of interlocking blocks. It stores the details of all transactions made in cryptocurrency.

Because each block is linked, it is impossible to change a block of code without altering the whole chain — the basis of the security claims made by those who trumpet the benefits of crypto.

However, there is a theory that if a group was to obtain more than 50% of a particular blockchain, it could start rewriting transactions, blocking new ones and double-spending coins.

An exchange called Gate.io alleged it lost $200,000 in an attack like this in 2019, but experts think it would be impossible to target major players like bitcoin.

Such an attack “would be incredibly hard and incredibly energy intensive”, says Erica Stanford, author of Crypto Wars: Faked Deaths, Missing Billions & Industry Disruption.

“With bitcoin now it wouldn’t be possible because of how much energy it would use.”

Many of the scams around crypto are less to do with the technology and more linked to old-fashioned confidence tricks or extortion where the criminals asked for payment in crypto.


Ponzi-Style Schemes

The main family of scams have been the Ponzi-style schemes, where a new coin is hyped and its value inflated by the creators, who then dump all their coin when the price reaches its highest point, leaving many investors penniless.

Such frauds, while not unique to crypto, netted $7 billion for scammers in 2019 but dropped massively the following year, according to data company Chainalysis.

“The main scam hasn’t been about crypto so much as about using the belief that people will get rich quick to trick people into investing,” Stanford said.

She conceded, however, that the newness of crypto and its allure as a get-rich-quick idea has helped the scammers no end.

But, Stanford added, the market has now matured, people are more knowledgable, law enforcement and regulators are more involved and analytical tools abound, allowing the currencies to be traced.

  • AFP, with additional editing by George Russell




Singapore to Issue Framework on Sharing Scam Losses – ST


Australian Billionaire Sues Facebook Over Crypto Scam Ads


OneWorld Crypto Scam Targets Multiple Sites on YouTube



George Russell

George Russell is a freelance writer and editor based in Hong Kong who has lived in Asia since 1996. His work has been published in the Financial Times, The Wall Street Journal, Bloomberg, New York Post, Variety, Forbes and the South China Morning Post.