Mahesh, 39, a Hyderabad-based businessman was recently duped of Rs 80 lakh by fraudsters who allegedly operated a fake cryptocurrency exchange. He claimed that between December 2021 and April 2022, he had invested Rs 80 lakh in a crypto exchange whose URL ended with an extension ‘.ac.sh’.
Mahesh has now lodged a complaint with the cybercrime unit. Mahesh told the police that he came to know of the crypto exchange through a friend. The police have now lodged a case under sections 66-C and 66-D of the Information Technology Act, and 419 and 420 of the Indian Penal Code against unidentified fraudsters for operating the fake exchange.
Incidentally, this is not the first incident where people have been cheated with such tactics.
A Crypto Crime Report 2022 by Chainalysis, a Singapore-based Blockchain data platform said that cryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020.
To understand the technological loophole and how cyber authorities are handling such crimes, Outlook Money reached out to some senior police officers who are investigating such crimes, as well as to the technological experts to throw more light on how investors could safeguard themselves.
What Technical Loophole Leads To Such Crimes?
Sandeep Shukla, a professor of Computer Science and Engineering at IIT-Kanpur, and co-director of the National Blockchain Project explained that there are essentially two types of crimes.
In the first type of crime, a crypto protocol is deployed by honest accounts to create an application, but malicious attackers enter it by finding a security vulnerability in the protocol or the smart contract, and then perform transaction or a sequence of transactions to exploit the protocol. Examples include the DAO (Decentralized Autonomous Organization) attack on Ethereum and many other recent attacks on De-Fi protocols.
Another type of crime is based on the pseudo anonymity cover that public Blockchain platforms provide. Here, people engage in activities under the cover of anonymity, such as scams, phishing, gambling, money laundering, NFT Scams etc.
“With modern crypto forensic tools, we can sometimes break the pseudo-anonymity, but if they use VPN/TOR etc, and also use false KYC with exchanges, or if they use exchanges outside the jurisdiction they can get away,” says Prof. Shukla.
Gaurav Mehta, founder of Catax, crypto taxation, auditing, and forensics start-up also pointed out that majority of crimes happen when individuals manage their own private keys which are susceptible to hacking and finishing, wherein individuals are lured to disclose their private keys in one or other form with various schemes promising quick returns.
He, however, cautions against installing cracked software, unauthenticated apps, and browser extensions.
Challenges Cyber Authorities Face While Solving Cyber-Related Crimes
Triveni Singh, Superintendent of Police, Cyber Crime at Uttar Pradesh Police told Outlook Money that one of the biggest challenges in crime related to crypto is tracking.
“Whenever a crime happens and we ask for any data, they are not able to show it. But now, to follow such cases, we are getting help from some companies where they provide us with tools to trace them. I can’t share name of the company, but those tools help us to know how transactions happen. On the basis of that, we are using open-source intelligence to trace such cases,” he says.
A report of Chainalysis noted that only in 2021, Indian users visited crypto scam websites over 9.6 million times. The most visited scam websites in India are coinpayu.com, adbtc.top, hackertyper.net, dualmine.com and coingain.app. These five websites alone received about 4.6 million visits from Indian users.
Ankush Mishra, ACP, who looks into money laundering, crypto, and cybercrimes for Uttarakhand Police pointed out that one of the challenge for them in crypto crimes was that several criminals had created WhatsApp groups where they had their own people as the admins.
“These criminals use these groups as a net and try to showcase their fishy investment plans through which they try to influence common people to invest in such investments,” he says.
He further noted that another challenge that they were facing was that although these exchanges have been expanding their businesses, but at the same time they do not know anything about the wallets where the money goes in.
Both senior police officers asked people to not believe in fraud calls, messages, and social media posts that promise lofty investment outcomes.
How Investors Can Exercise Caution?
Professor Shukla has asked people to not get into crypto investment, as the entire scenario (of crypto investment) seems like a Ponzi scheme – which is based on speculation and manipulation by the crypto owners.
“The fact that it is so complex for regulators or law enforcement agencies to do much at this time, it is best to avoid crypto as an investment vehicle, especially as a long-term investment,” he said.
Divakar Prayaga, SVP and Head of Information Security, CoinDCX recommends investors to refrain from clicking on phishing links received through emails/SMSs, and stay away from downloading unapproved software or malicious files from the Internet that might contain malware.
Aritra Sarkhel, director of WazirX, a crypto exchange shares a few points to remain more cautious.
Research what the communities are saying about the crypto and the founders on Telegram and Reddit groups/forums.
Check how resilient the crypto behaves on exchanges when there are major dips.
Please resist the Fear of Missing Out (FOMO). Just because a crypto is trending, do not just jump in and invest in it.
Do not trust random ‘Influencers’ on You Tube/Instagram pitching for certain cryptos. Research first, buy second.
You do not need to buy the entire crypto. You can buy fractions of a crypto. This is like fractional investing in shares in the US market.
Understand the taxation based on the country you are in.