Research indicates that large cryptocurrency exchanges are increasingly being targeted by scammers using doctored photographs to trick two-factor authentication reset procedures. The attack once again highlights the importance of securing one’s own private keys and not entrusting security to a third party exchange.
There is a market on dark web forums for doctored images and the rates to buy them are remarkably cheap. However, given that many large exchanges require multiple verification methods to reset a two-factor authentication, it remains to be seen just how effective the scam will be.
Cryptocurrency Exchanges are Still Not Safe Storage Options
Those cryptocurrency users choosing to leave their digital assets on centralised exchanges have a lot to be fearful of already. There is the ever-present risk of the site itself falling victim to a security comprise. Then there is the whole QuadrigaCX debacle, which appears to have been caused by either negligence on part of the now-deceased CEO or perhaps something more sinister altogether.
Add to these issues the risk of phishing attacks and potential mismanagement of company finances à la Mt. Gox and it is easy to see why almost every thought leader in the space advocates learning to secure your own digital assets.
The latest reported scam being used to defraud people out of their cryptocurrency holdings involves attempting to trick an exchange’s staff using altered photographs. The idea is to convince the exchange that a request to reset the often-mandatory two-factor authentication security process required to gain access to accounts is a legitimate one and is coming from the owner of the account.
Research by Hold Security and reported by Bank Info Security, states that there is a wealth of information relating to data fraud techniques on dark web hacking forums. Amongst these covert pages is around 10,000 doctored photographs, used for various verification techniques.
According to Alex Holden, the Chief Information Security Officer at Hold Security, an altered photograph will cost scammers around $50. Bank Info Security published an example of such a picture. It featured an anonymous individual holding up a passport and a note with the date and the words: “Reset 2FA”.
Those orchestrating the attack against cryptocurrency exchange users will submit a request to change the device used to obtain two-factor authentication codes. They will then provide a photograph that has been doctored to show information about the targeted user.
Since some exchanges do not require a customer to submit photographic identification when they sign up, Holden states that the doctored photographs will have had some success.
“Some companies have no ability to assert what their client looks like… It’s not like hackers publish success rates,” Holden says. “But because we know that [hackers who] we are monitoring are actually making money off of it, I’d say yeah.”
Largest Exchanges are Not Worried About Threat from Doctored Photographs
Of course, a lot of cryptocurrency exchanges do require new users to verify their identity with a government-issued document before trading on the platform. For this reason, many of the largest exchanges are not concerned about their users’ security – at least not from this attack. However, most were less-than-willing to talk about examples seen of scammers using fake photographs in such a manner.
A representative from Coinbase commented on the fact that the San Francisco-based exchange uses multiple levels of ID verification to reset account passwords and two-factor authentication. Similarly, Kraken stated that each ID verification picture must display a custom message and those users with the highest tier accounts will have already submitted photographic identification upon signing up for the upgrade.
Binance, meanwhile, reported that it had indeed seen examples of attempts to beat two-factor authentication using doctored photographs:
“Unfortunately, we’re no stranger to these types of malicious attempts to gain access.”
However, a representative from the trading venue giant did go on to talk about its security procedures. The exchange requires users submit a set of photographs for resetting two-factor authentication, along with a “face verification” step using a webcam:
“Given the measures we currently have in place, I don’t believe this threat is something for Binance to be particularly worried about at the present time.”
Thanks to the heightened security at these massive cryptocurrency trading venues, it seems unlikely that many attempts to reset two-factor authentication will be successful. Even at smaller exchanges, users almost always need to send request emails from the address used at the time of registering for an account. From the crudeness of the attack detailed, the security precautions taken by both the targeted venue and individual user would need to be incredibly lax indeed for it to be successful.
Related Reading: MyEtherWallet Users Targeted with Phishing Email Scam
Featured Image from Shutterstock.