Data leaks and crypto hacks: how to mitigate risks?

Key takeaways:

  • Facebook’s recent data breach exposed a lot of users’ information.
  • Such breaches can put crypto funds at risk.

Over the last few years, we have witnessed a number of crypto-related hacks. Amongst the most notorious ones, we can take the example of the Kucoin hack in 2020 or the Binance hack in 2019. Just earlier this month, the decentralized finance (DeFi) platform FinNexus reported suffering a hack on its Twitter account. Hackers were able to gain access to exchange platforms or wallets and steal large amounts of funds, directly defrauding users of their crypto savings.

Another way for hackers to steal crypto is with data leaks that are becoming quite recurrent. We can take the example from Facebook’s recent data breach. Facebook data such as names, email addresses, or telephone numbers were leaked on a hacking forum in April 2021 exposing 533 million users to security threats. Earlier this month, the Turkish exchange, BtcTurk has also acknowledged a data breach of 500,000 users’ data from 2018 after the data has been published for sale on a forum.

How can data leaks be a threat to crypto funds?

Data from such breaches often include a lot of personal information such as names, email addresses, or phone numbers. Such information can then be used to scam or hack people

Such data leaks can put crypto users at risk because this kind of personal information can be used to hack users’ accounts or scam them. The major ones are SIM swap and phishing campaigns.

A SIM swap is a way for the hacker to gain access to a mobile phone and bypass the two-factor authentication (2FA) that the user has set up. It is then easy for the hacker to steal cryptos from the user’s account.

Besides, phishing scams also use stolen data from data leaks. A phishing scam consists of sending emails to victims to redirect them to a fraudulent website for instance a fake exchange platform. Scammers will then try to collect the user’s sensitive information (such as credentials or private keys) and use this data to steal the user’s funds.

How does Scorechain deal with crypto scams and hacks?

With Scorechain Blockchain Analytics, compliance teams can easily track funds related to scams, phishing or hacks and take appropriate measures such as freezing and refusing the funds. Among other compliance features, those mentioned below are the most used by Scorechain users:

  • Risk scoring

Scorechain Blockchain Analytics Platforms use a risk scoring formula to assess the risk of wallets or transactions. A wallet associated with scams, phishing or hacks is flagged and assigned with a low score of 1

Wallet flagged as Phishing on Scorechain Ethereum Analytics Platform

If the funds from an address flagged as “Scam”, “Phishing” or “Hack” are sent to or received by another wallet, its scoring will also be impacted negatively. A transaction involved with funds from such wallets will also have a low scoring accordingly.

  • Risk indicators

Besides, the risk indicators feature is another layout for compliance teams to mitigate the risks. They can set risk indicators such as “Scam”, “Phishing” or “Hack” to be notified promptly.

Risk indicator “Hack” triggered for incoming funds on Scorechain Bitcoin Analytics Platform

  • Reports

In addition to financial data, all the information about scoring and risk indicators are also displayed in the Scorechain Know-your-address (KYA) and Know-your-transaction (KYT) reports. These reports can be used to file Suspicious Activity Reports (SARs) for example.

Today, it is fundamental for VASPs and all companies dealing with cryptocurrencies to have comprehensive AML/CTF processes and policies. Scorechain provides its users with all the necessary tools to mitigate ML/TF risks. Feel free to contact us to learn more about how Scorechain solution can help you in your compliance journey: contact@scorechain.com

About Scorechain

Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance since 2015, the Luxembourgish company serves worldwide customers in 36 different countries with more than 200 licenses established, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets customers onboarding, audit and law firms and some LEAs.

Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger and Tezos. The software can de-anonymize the Blockchain data and connect with sanction lists to provide a risk scoring on digital assets transactions, addresses and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.