One of the things which worries potential crypto investors is security. Holding digital assets securely is new territory for most of us and the POlice, HMRC and many insurers are lacking in specialist investigators and knowledge. So here’s some news from CoinLoan, which highlights a typical fake website link scam, which will be familiar to many of us seeing the DVLA licence renewal site racket over the last decade.
CoinLoan announces its fraud detection team caught and helped put a stop to what could have been another massive scam in April 2022. After a team member received an email containing a link prompting them to download what seemed to be the latest version of a software Suite (starting with T. Next, we call it T-app), the individual noticed that the linked domain was in fact a fraudulent copy of the T-app website.
The attached download was programmed to steal the seed phrase associated with their unique wallet. The team at CoinLoan then got to work, first reporting the IP address to ensure that it and any following fraudulent domains were swiftly taken down before sending a report of the malicious wallet software binaries to VirusTotal, an online service that analyzes suspicious files for malware and automatically shares them with the security community. These quick actions by the CoinLoan fraud detection team quickly and effectively prevented hackers from gaining access to hundreds, if not thousands, of T-app wallet users.
While this data breach was not the fault of the T-app team (the hackers gained access to user emails through a popular email newsletter site), it does serve as a reminder as to why proper bank-grade security standards must be a priority for both crypto users and the companies they choose to engage with.
When asked about the CoinLoan team’s efforts, Max Sapelov, co-founder and CTO, responded by saying: “We are immensely proud of our fraud detection team, however, this incident does shed light on the inherent risks associated with (cold) non-custodial wallets, including software, connections to third-party vendors, and possible insider leaks. In contrast, custodial wallets such as CoinLoan often implement a series of checks and holds which prevent fraudsters from a) gaining access and b) moving or withdrawing crypto in the event of a leak. As attacks such as this become more common, it is our hope that users intelligently weigh up the pros and cons of each type of wallet.”
The unmistakable rise of crypto-targeted cybercrimes, such as the one prevented by the CoinLoan fraud detection team, must serve as a wake-up call for the cryptocurrency industry. These attacks have the effect of weakening customer trust and contributing to the view that cryptocurrency is an unstable and sometimes dangerous investment option. Bank-grade security standards such as those utilized by CoinLoan cannot be considered optional at this phase of industry growth without risking the degradation of public support at the same moment when cryptocurrency is poised to fully enter the mainstream.