Large-scale cryptocurrency scams have become increasingly common in recent years, with a new multi-million-dollar case hitting the news almost weekly. In April 2022, the fraud detection team at CoinLoan caught and helped put a stop to what could have been another massive scam. After a team member received an email containing a link prompting them to download what seemed to be the latest version of Trezor Suite, the individual noticed that the linked domain was in fact a fraudulent copy of the Trezor website.
The attached download was programmed to steal the seed phrase associated with their unique wallet. The team at CoinLoan then got to work, first reporting the IP address to ensure that it and any following fraudulent domains were swiftly taken down before sending a report of the malicious wallet software binaries to VirusTotal, an online service that analyzes suspicious files for malware and automatically shares them with the security community. These quick actions by the CoinLoan fraud detection team quickly and effectively prevented hackers from gaining access to hundreds, if not thousands, of Trezor wallet users.
While this data breach was not the fault of the Trezor team (the hackers gained access to user emails through a popular email newsletter site), it does serve as a reminder as to why proper bank-grade security standards must be a priority for both crypto users and the companies they choose to engage with.
When asked about the CoinLoan team’s efforts, Max Sapelov, co-founder and CTO, responded by saying: “We are immensely proud of our fraud detection team, however, this incident does shed light on the inherent risks associated with (cold) non-custodial wallets, including software, connections to third-party vendors, and possible insider leaks. In contrast, custodial wallets such as CoinLoan often implement a series of checks and holds which prevent fraudsters from a) gaining access and b) moving or withdrawing crypto in the event of a leak. As attacks such as this become more common, it is our hope that users intelligently weigh up the pros and cons of each type of wallet.”
The unmistakable rise of crypto-targeted cybercrimes, such as the one prevented by the CoinLoan fraud detection team, must serve as a wake-up call for the cryptocurrency industry. These attacks have the effect of weakening customer trust and contributing to the view that cryptocurrency is an unstable and sometimes dangerous investment option. Bank-grade security standards such as those utilized by CoinLoan cannot be considered optional at this phase of industry growth without risking the degradation of public support at the same moment when cryptocurrency is poised to fully enter the mainstream.