Categories
Culture, Society & Family Economics & Statistics Researcher news SMU In The News Student researchers Technology

CoinDesk: Research — Over $11 Million Lost in Bitcoin Scams Since 2011

The researchers painstakingly read forum threads post by post, even translating messages written in languages other than English.

Bitcoin, SMU, scammers, $11 million, Moore, Vasek

With the cryptocurrency Bitcoin increasingly popular for digital transactions, the digital currency news site CoinDesk covered the research of SMU Bitcoin experts Marie Vasek, lead researcher on the study, and Tyler W. Moore, both in SMU’s Computer Science and Engineering Department in the Lyle School of Engineering.

The study by Vasek and Moore, “There’s no free lunch, even using bitcoin: Tracking the popularity and profits of virtual currency scams,” found that fraudulent schemes have scammed at least $11 million in Bitcoin deposits from unsuspecting cyber customers over the past four years.

Bitcoin is the digital world’s most popular virtual currency, with millions in circulation.

The study is the first empirical study of its kind. Vasek and Moore found that hucksters used four different types of schemes through authentic-looking web-based investment and banking outlets to lure customers and heist deposits.

Vasek explained to CoinDesk journalist Joon Ian Wong how the researchers extracted Bitcoin addresses linked to the frauds, enabling them to look at transactions from victims to fraudsters recorded on the transaction addresses.

The CoinDesk article, Research: Over $11 Million Lost in Bitcoin Scams Since 2011, published Jan. 29, 2015.

Read the full story.

EXCERPT:

By Joon Ian Wong
CoinDesk

Scams promising bitcoin riches have netted swindlers at least $11m in the last four years, researchers have found.

Some 13,000 victims handed over their money unwittingly in 42 different scams over that time period, their data suggests.

However, the total amount of funds cheated from victims over this period is almost certainly higher than the estimated $11m the research identified.

A co-author of the research, Marie Vasek, said:

“There are a lot of scams that we couldn’t measure at all. There were scams we couldn’t find or verify … We think presenting our findings as they are, a lower bound, makes a lot of room for us and others to further quantify scams in this space.”

Vasek, who researches computer security at Southern Methodist University, co-wrote the paper with Tyler Moore, an assistant professor in computer science at the same institution.

Painstaking search
The paper, titled There’s No Free Lunch, Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams, has been presented at the Financial Cryptography and Data Security conference taking place in Puerto Rico this week.

Vasek and Moore combed online repositories of scam accusations, including a mega-thread of scams, hacks and heists on the Bitcointalk forum that has been maintained since 2012, as well as the subreddit r/bitcoin, BadBitcoin.org and CryptoHYIPs.com.

This process required the researchers to painstakingly go through forum threads post by post, even translating messages that were written in languages other then English, as well as visiting the websites that scammers created to publicise themselves.

“We went through every single post to determine if the scheme was a scam, any associated bitcoin addresses with the scheme, and any associated scams,” Vasek said.

Using this method they found 349 scams, which were then whittled down to 192 deceptions after excluding phishing, malware and pay-for-click websites, which fall outside the scope of the study.

Read the full story.

Follow SMUResearch.com on twitter at @smuresearch.

SMU is a nationally ranked private university in Dallas founded 100 years ago. Today, SMU enrolls nearly 11,000 students who benefit from the academic opportunities and international reach of seven degree-granting schools. For more information see www.smu.edu.

SMU has an uplink facility located on campus for live TV, radio, or online interviews. To speak with an SMU expert or book an SMU guest in the studio, call SMU News & Communications at 214-768-7650.

Categories
Culture, Society & Family Economics & Statistics Student researchers Technology

Bitcoin scams steal at least $11 million in virtual deposits from unsuspecting customers

First empirical study of its kind identifies fraud on seemingly legitimate web sites purposely designed to steal customers’ funds

bitcoin, moore, smu, fraud

Fraudulent schemes have scammed at least $11 million in Bitcoin deposits from unsuspecting cyber customers over the past four years, according to new cyber security research from Southern Methodist University, Dallas.

Bitcoin is the digital world’s most popular virtual currency, with millions in circulation.

In the first empirical study of its kind, SMU researchers found that hucksters used four different types of schemes through authentic-looking web-based investment and banking outlets to lure customers and heist deposits, said computer security expert Marie Vasek, lead researcher on the study.

“Our calculation of $11 million is almost certainly at the low-end,” said Vasek. “The amount of Bitcoin that depositors have lost to these scams is probably many millions more.”

Typically the scams succeed by exploiting not only people’s greed, but also the urge to “get rich quick,” coupled with the inability to judge the legitimacy of web services to decide which financial sites are good or bad, said Bitcoin and cyber security expert Tyler W. Moore, co-researcher on the study.

“Because the complete history of Bitcoin transactions are made public, we have been able to inspect, for the first time, the money flowing in and out of fraudulent schemes in great detail. It’s like having access to all of Bernie Madoff’s books for many of these scams,” said Moore, director of the Economics and Social Sciences program of the Darwin Deason Institute for Cyber Security in SMU’s Lyle School of Engineering.

13,000 victims and counting in four different kinds of scams
The researchers identified 41 scams occurring between 2011 and 2014, in which fraudulent sites stole Bitcoin from at least 13,000 victims, and most certainly more.

“We found that the most successful scams draw the vast majority of their revenue from a few victims,” Vasek said.

The researchers were only able to track revenues for about 21 percent of the scams, which would indicate that the amount of Bitcoin actually stolen most likely far exceeds $11 million.

The findings emerged when the researchers ran a Structured Query Language database dump of all relevant Bitcoin transactions, then analyzed Bitcoin addresses (the account numbers) of both victims and the siphoning transactions of scammers.

The researchers presented the findings, “There’s no free lunch, even using bitcoin: Tracking the popularity and profits of virtual currency scams,” at the 2015 19th International Financial Cryptography and Data Security Conference, Jan. 26-30, in San Juan, Puerto Rico. Vasek is a graduate student in the Lyle School’s Computer Science and Engineering Department. Moore is assistant professor in the Lyle School’s Computer Science and Engineering Department.

“The amount of fraud being attracted by Bitcoin is a testament to the fact the virtual currency is gaining in legitimacy,” said Moore. “But scams that successfully hijack funds from depositors may end up scaring away consumers who will fear using Bitcoin for their legitimate digital transactions.”

There are 13.7 million Bitcoin in circulation, according to blockchain.info. The number of Bitcoin transactions exceeds 100,000 per day.

The research was partially funded by the U.S. Department of Homeland Security’s Science and Technology Directorate, Cyber Security Division, and the Government of Australia and SPAWAR Systems Center Pacific.

Four scams, each with varying lifespans, strategies and success
Vasek and Moore identified four common scams by tracking forum discussions, where scams are often initially advertised and later exposed, and by tracking web sites.

High-yield investment programs, otherwise known as online Ponzi schemes, which promise investors outlandish interest rates on deposits. The scammers lure both unsuspecting victims as well as those fully aware it’s a Ponzi scheme who hope to cash out in time. Of all the scams, this type has taken in the lion’s share of money from victims. The biggest of these scammers was Bitcoin Savings & Trust, formerly First Pirate Savings & Trust. When such schemes collapse, as they eventually do, and often within about 37 days, they’re replaced with a new program, often run by the same criminals, say the researchers. These scammers consistently pay out to their investors far less than they take in.

Mining investment scams are classic advanced-fee fraud, taking orders and money from customers but never delivering any mining equipment — specialized computer processors and electronic devices for mining Bitcoin. These retailers typically endure for 145 days, much longer than Ponzi schemes. Vasek and Moore looked at Labcoin, Active Mining Corp., AsicMiningEuipment.com and Dragon-Miner.com.

Victims make deposits into scam wallets under the promise the service offers greater transaction anonymity. If the deposit is small, scammers leave the money, but if it rises above a threshold, scammers move the money into their wallet. Services such as Onion Wallet, Easy Coin and Bitcoinwallet.in each surfaced with transfers from victims siphoned to one address held by a scammer.

Exchange scams, such as BTC Promo, CoinOpend and Ubitex, offer PayPal and credit card processing, but at a better exchange rate than competitors. Customers soon find out, however, they never get Bitcoin or cash after making payment. Longer-lived exchange scams survived about three months. Wallet and exchange scams exploit the difficulty in judging the legitimacy of web services.

The study is not a comprehensive review, the researchers note, as they were limited to those scams for which they could determine a minimum estimate of the prevalence and criminal profits of the scams after analyzing the public ledger of all Bitcoin transactions ever executed.

The researchers conservatively estimate that $11 million has been taken by scams, while only $4 million has ever been returned. Most of the successful scams catch a few “big fish,” say the researchers, who pay the bulk of the money into the scam.

“Bitcoin scams pose a problem for more than the victims who directly lose money,” Moore said. “They threaten to undermine trust in this promising technology, and cast a chilling effect on those interested in trying out new services. By mining the public record for fraudulent transactions, we hope to deter would-be scammers and assist law enforcement in cracking down on the bad actors.” — Margaret Allen

Follow SMUResearch.com on twitter at @smuresearch.

SMU is a nationally ranked private university in Dallas founded 100 years ago. Today, SMU enrolls nearly 11,000 students who benefit from the academic opportunities and international reach of seven degree-granting schools. For more information see www.smu.edu.

SMU has an uplink facility located on campus for live TV, radio, or online interviews. To speak with an SMU expert or book an SMU guest in the studio, call SMU News & Communications at 214-768-7650.