Harpoon Cannon Method: How Scammers Catch Bitcoin Whales | Tech Security
Bitcoin whales are considered to be people who have thousands of coins in their crypto-wallets. As it turned out, there are very few of them. Chainalysis studied the network of the first cryptocurrency and found that only 1600 addresses contain more than 1000 BTC. Probably, several of them belong to Satoshi Nakamoto, a man everyone knows about but nobody knows personally. Others may belong to a number of big Bitcoin businesses.
Nevertheless, many people who bought Bitcoin in 2010-2011 for fun or during experiments with niche industries, or who like radical anarchist ideas or are cryptography fans, fabulously got rich by 2017. The 2017 euphoria made many of them multimillionaires and even billionaires. They are called Bitcoin whales. Some of them we know from the Forbes list, but some of these people stay in the shadow.
Not all of them are active participants in the community; not all of them have successful Bitcoin businesses. Some of them just exchanged some of their Bitcoins on luxury goods. Traveling and other things that can be bought for fiat money. Their states are scattered over dozens of different wallets, the connections between which may not even exist. The Winklevoss twins, for example, have devised their own novel solution to store their crypto fortune.
However, when you trade 10-15 BTC, then security and legality are your problems, and when you need to exchange 1000-5000 BTC, it becomes a problem for authorities. Real criminals – drug lords or terrorists, for instance – have their own established channels for money laundering, and state authorities have their own methods of destroying such channels.
But what if you are a good guy but you need to exchange a huge amount of money, let’s say 5000 BTC? Even considering the bearish lawlessness of the current market, it makes approximately $32 million at the rate of $6,400. How many sports bags do you need for this amount of cash? Is it possible to arrange everything in offshore zones? Such questions arise in the seller’s head. And the main one is – where do I find a buyer?
Clever fraudsters took care of the answer to the main question (Where do I find a buyer?) and introduced their next scheme. We call it a harpoon cannon because this time attackers aim at single whales, not organizations like exchanges or wallets.
Scammers start netting their possible victims through information flows and fake statements in popular social platforms used by community members. The story they tell always has identical contours and diverges only in non-essential details.
A certain person “with great experience in international cryptocurrency deals” has a “big client/buyer” who is ready to buy 10,000 – 20,000 BTC at a price of 3-5% less than the Bitfinex price. And the task of this “experienced intermediary” is to find a seller or sellers.
Then protentional buyers are invited to meet in such cities as Monaco or Zurich to negotiate the deal and make the necessary transfers in tete-a-tete mode. In addition, to scale this scheme, intermediaries attract other intermediaries, promising the latter commissions, which gives the scheme a pyramidal character.
One might think that most Bitcoin whales are intelligent people and are able to feel bad things, but scammers are extremely persuasive, focusing on details and nuances, demonstrating professionalism in the crypto sphere. And what can happen to a man in a wonderful Switzerland, a country of bank secrecy, luxury, and security? It is the names of the cities that create the so-called luxury effect so that the story of a large buyer seemed believable.
The actual scheme is quite simple. A person arrives to the city, fraudsters tell him something, and then one day a weapon appears on the scene and the seller is given a very simple choice: either a translation or a bullet.
More sophisticated fraudsters can arrange a change of suitcases with cash or any other virtuoso trick in order to convince the seller that he received money without actually receiving anything.
There are some raids of European law enforcement agencies, which take the issue of money laundering and violation of tax legislation very seriously. Even in Switzerland, where bank secrecy is akin to the biblical commandment, the transfer of a suitcase or sports bags with a huge pile of cash will cause suspicion.
Although most of the whales do not fall into traps, for scammers it is enough to catch once in 6-12 months. Once a person agrees to a personal meeting, we can assume that the harpoon hit the target. The least that can be lost in the course of such a mess is money, but it is possible to go to jail or even lose a life.
All members of the community should remember that Bitcoin industry has attracted the attention of not only hackers, talented crackers of digital systems, but also good old con artists from the sphere of classical crime. They can come up with dozens of methods for identifying and robbing whales, but the latter should always be a step ahead and certainly not to be fooled by such stupid schemes.
To stay safe, it is better to not talk about your big Bitcoin sums in public or social media. Attackers often start with collecting info on you, so cybersecurity should be your priority number one. Do not click on suspicious links or email attachments, and always use best VPNs and TOR when dealing with confidential accounts and transactions. Think about scattering your money across multiple sites not to lose everything in one time. Be careful about new acquaintances. Con artists can wait for long time steadily winning your trust.
About the Author: David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the www.Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.