Scams, death, network takeover attacks. There’s no shortage of strange ways users can lose money in the cryptocurrency wild west.
Bitcoin Ponzi scams are raking in millions – all without much effort.
That may be self-explanatory to those who traffic the social media forums where the subject is discussed, but to researchers, it’s also a fertile ground for new findings. For them, someone asking for money and promising 100x returns isn’t simply a nuisance, they’re an opportunity for study.
Indeed, the Financial Crypto 2018 conference in Curacao last week delved deep into the many ways these scams are propagating and why some have been so much more successful than others.
University of New Mexico assistant professor Marie Vasek looked through nearly 2,000 scams, revealing research that hinted at the sheer variety seeking crypto gains. Some, she said, last for ages until the hoax is found out, others come and vanish overnight, all without much interest.
By looking at the scams and how long each lasted – what they called the scam’s “time of death” – Vasek shed light on what works the best for scammers, typically launching their scams on popular and reputable bitcoin forums, such as Bitcoin Talk.
The gist? The most long-lasting scams are those where the scammers engage with the community the most and have a thriving community of commenters.
Vasek told attendees:
“Small cores of about five people that are very good at doing this. You see this in our other paper. One will die and another appears.”
Attracting victims, like flies to a light, is as easy as acting as if the scam has tons of attention, she said. To this end, about 30 percent of scam threads have posts from shills, or those that the scammers pay to post positive things about the scam, according to Vasek’s analysis.
But there’s no shortage of strange ways users can lose money in the cryptocurrency Wild West. As such, computer researchers in Curacao looked at some of the stranger ways as well.
Dead or not?
Another report from researcher group IC3 explored how death can cause problems for users who are trying to secure their cryptocurrencies.
As an example, the researchers highlighted multi-signature wallets, a variation on the tool that aims to add security by giving multiple users the ability to sign and spend funds. That way, if one private key is compromised by an attacker or otherwise, they can’t do anything.
But these protections are a double-edged sword. If one participant in a 2-of-2 multi-signature setup dies or disappears, the funds will then be unspendable and lost forever.
The easiest way to mitigate the issue would be to introduce some entity that is trusted to declare whether Bob dies or not, Cornell University computer science researcher Fan Zhang argued. But with cryptocurrencies, the whole idea is to prevent a single point of failure, such as one that accidentally declares Bob dead, when he isn’t really.
“Of course, we don’t want to trust anyone. So, how do we realize this without trusted third party? And how do we prove if Bob has been hit by the bus or that a key is permanently unusable?” Zhang said.
That’s the question the group of IC3 researchers in work they call “paralysis proofs,” which aims to “prove” that one person involved in the multi-signature setup can no longer participate, whether one of them died or simply lost their private key.
There are a couple of ways they can do this. With ethereum it’s straightforward. But with bitcoin, Zhang suggested the easiest way to prove a user can’t participate in a multi-signature transaction would be to bring in trusted hardware, located in some computers, into the mix.