Doctored photos are now among the litany of ways that hackers are trying to gain access to people’s cryptocurrency accounts, according to cybersecurity firm Hold Security. Fake photos are being sold on the dark web as a way for hackers to trick financial institutions (such as cryptocurrency exchanges) into resetting your two-factor authentication, thereby getting around the one-time pass code that most commonly protects your account.
If you lose your phone, or if a hacker claims you’ve lost your phone, then one of the options to regain access is to get in contact with the exchange, who could ask you to submit a photo of yourself holding various forms of ID. This provides just the opening a hacker needs. By submitting a photo impersonating you, they can tether your account to their phone, use your login info, and get that one-time passcode they need to get into your wallet or exchange account and extract your cryptocurrency.
Alex Holden, chief information security officer at Hold Security, says that hackers work with graphic designers on the dark web to replace the information on a photo of someone holding a passport or driver’s license with your information. The exchange often doesn’t know what you look like—this isn’t your local credit union—so if your name is Dan and they see a photo of someone holding a passport that says they’re Dan, with a matching birthdate, passport number, and passport photo, the exchange may see no reason to be suspicious. Holden says he has seen doctored images meant for exchanges Xcoin and Bitrex.
The quality of these altered photos varies greatly, from something resembling a collage made by a child to a seamless image by a professional. Some even replace the metadata on the photo to make it appear that it hasn’t been altered. To the naked eye, the latter is difficult to identify.
“We don’t see a lot of alteration of [pictures of] someone holding a piece of paper, but the individuals holding their IDs, the number of these we see is quite large,” says Holden. “There are probably tens of thousands of cases of this over the past year or so.” He says prices for these services vary as well. One photo could go for $50 while another could be closer to $100 if it’s a rush job.
For users, there isn’t a whole lot you can do to prevent this sort of thing. Much of the information hackers use is already readily available. The onus is on exchanges to make themselves less vulnerable to this sort of hack, says Holden. (Perhaps they might take a lesson from blockchain proposals to counter deepfakes?)
“Because of repeat orders [to these graphic designers], we are assuming they are successful,” says Holden. “We see the image exchanges. We see some conversations among hackers, thanking them for the services. If it was completely fruitless, I don’t think it would be that popular.”
With an estimated $950 million worth of cryptocurrency stolen from exchanges and infrastructure in 2018, other hacking techniques like SIM swapping on the rise, and the continuing mystery of QuadrigaCX, the lesson should be clear: Don’t store your life savings on an exchange.
Image courtesy Hold Security.