Bitcoin.org Double Your Cash Scam: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/bitcoinorgdoubleyourcashscam.php}} thumb|Bitcoin.orgBitcoin.org is a widely consulted reference on the bitcoin protocol and status. In September 2021, the site's DNS was redirected to a malicious server, which displayed a scam claiming to double people's money if they sent it to a particular donation address. While no post-mortem on the source of the breach was provided, do...")
 
(Another 30 minutes complete. Additional sources merged in. Prevention completed. Information moved around.)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/bitcoinorgdoubleyourcashscam.php}}
{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/bitcoinorgdoubleyourcashscam.php}}
{{Unattributed Sources}}


[[File:Bitcoinorg.jpg|thumb|Bitcoin.org]]Bitcoin.org is a widely consulted reference on the bitcoin protocol and status. In September 2021, the site's DNS was redirected to a malicious server, which displayed a scam claiming to double people's money if they sent it to a particular donation address. While no post-mortem on the source of the breach was provided, domains can typically be hijacked and changed through a social engineering attack on the registrar. It appears that close to $18k worth of bitcoin was taken, although this is controversial since the largest transfer of 0.4 bitcoin may have come from the hacker themselves. None of the funds have been recovered.
[[File:Bitcoinorg.jpg|thumb|Bitcoin.org]]Bitcoin.org is a widely consulted reference on the bitcoin protocol and status. In September 2021, the site's DNS was redirected to a malicious server, which displayed a scam claiming to double people's money if they sent it to a particular donation address. While no post-mortem on the source of the breach was provided, domains can typically be hijacked and changed through a social engineering attack on the registrar. It appears that close to $18k worth of bitcoin was taken, although this is controversial since the largest transfer of 0.4 bitcoin may have come from the hacker themselves. None of the funds have been recovered.


This is a global/international case not involving a specific country.
This is a global/international case not involving a specific country.<ref name="bleepingcomputer-8287" /><ref name="cobrabitcointwitter-8288" /><ref name="bitcoin-8289" /><ref name="namecheaptwitter-8290" /><ref name="coinpollnettwitter-8292" /><ref name="coinpollarchive-8293" /><ref name="vxundergroundtwitter-8294" /><ref name="blockchaindotcom-8296" /><ref name="coinmarketcap-623" /><ref name="mrcl0wnlabtwitter-8297" /><ref name="devaritethefoxtwitter-8298" /><ref name="gort1356890twitter-8299" /><ref name="thebluematttwitter-8300" /><ref name="cloudflarehelptwitter-8301" /><ref name="itsgoharrtwitter-8303" />


== About Bitcoin.org ==
== About Bitcoin.org ==
Line 12: Line 13:
"Although Bitcoin is assumed to be created by a pseudonymous identity, "Satoshi Nakamoto," the author of the research paper that gave birth to the cryptocurrency, a newer identity "Cøbra" is lately seen managing the Bitcoin.org website, social media, and community channels." "Today the site is an independent open source project with contributors from around the world. Final publication authority is held by the co-owners, but all regular activity is organized through the public pull request process and managed by the site co-maintainers."
"Although Bitcoin is assumed to be created by a pseudonymous identity, "Satoshi Nakamoto," the author of the research paper that gave birth to the cryptocurrency, a newer identity "Cøbra" is lately seen managing the Bitcoin.org website, social media, and community channels." "Today the site is an independent open source project with contributors from around the world. Final publication authority is held by the co-owners, but all regular activity is organized through the public pull request process and managed by the site co-maintainers."


"http://Bitcoin.org has been compromised. Currently looking into how the hackers put up the scam modal on the site. May be down for a few days."
Website: <ref name="bitcoinarchive-8291" /><ref name="bitcoinarchive-8295" /><ref name="bitcoinarchive-8302" /><ref name="bitcoin-8304" />


=== New Update From Bitcoin.org ===
"The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years. Send Bitcoin to this address, and we will send double the amount in return! Limited to the first 10000 users!"
"The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years. Send Bitcoin to this address, and we will send double the amount in return! Limited to the first 10000 users!"
"Appears to be DNS hijack as noted by @nukedotasia." "[I]t appears the domain was taken over. The WHOIS info was updated at the time of the hack, the nameservers + DNS changed, and if you try to visit any of the actual pages other than the index you'll get a 404. It's a completely different website save for the domain name."
"[U]nfortunately, some cryptocurrency enthusiasts may have fallen for the scam as evident from the attacker's wallet balance. The transaction history shows multiple deposits made from different Bitcoin addresses to the attacker's wallet."
"The last updated balance of the wallet was at 0.40571238 BTC or approximately US$17,000." "Scammers probably didn't make off with as much money as the BTC wallet shows as noted by @SadFrogFacts." "For context, 3 people have sent $100, 1 person has sent around $200, the rest(0.4 BTC) seems to have been sent as a way to make the “giveaway” seem legitimate, so likely scammer’s own coins."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
* Known history of when and how the service was started.
* What problems does the company or service claim to solve?
* What marketing materials were used by the firm or business?
* Audits performed, and excerpts that may have been included.
* Business registration documents shown (fake or legitimate).
* How were people recruited to participate?
* Public warnings and announcements prior to the event.
Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.


== The Reality ==
== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
The bitcoin.org website DNS had been compromised, allowing the attackers to redirect the website to a server under their control. The updated website continued to claim to be the bitcoin foundation and instructed users to send funds to the scammer, claiming that and funds sent would be doubled.
 
* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.


== What Happened ==
== What Happened ==
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
After the bitcoin.org website was redirected to a malicious server via a DNS attack, a phishing message was displayed on the site. Several users sent bitcoin funds to the attacker's address.
{| class="wikitable"
{| class="wikitable"
|+Key Event Timeline - Bitcoin.org Double Your Cash Scam
|+Key Event Timeline - Bitcoin.org Double Your Cash Scam
Line 57: Line 29:
!Description
!Description
|-
|-
|September 22nd, 2021 8:10:17 PM
|September 22nd, 2021 8:10:17 PM MDT
|Main Event
|Main Event
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|-
|-
|
|September 22nd, 2021 11:08:00 PM MDT
|
|CobraBitcoin Twitter Post
|
|CobraBitcoin posts a tweet reporting that the bitcoin.org website has been compromised<ref name="cobrabitcointwitter-8288" />. The website reportedly may be down for a few days.
|-
|September 22nd, 2021 11:12:00 PM MDT
|Controversy Over Domain Ownership
|Twitter user WhaleWire asks CobraBitcoin how it feels "to be compromised", referencing a controversy over the ownership of the original bitcoin.org domain<ref name=":0">[https://twitter.com/WhaleWire/status/1440906869866909696 WhaleWire - "How does it feel? To be compromised." - Twitter] (Jul 2, 2022)</ref>.
|}
|}
== Technical Details ==
"Appears to be DNS hijack as noted by @nukedotasia." "[I]t appears the domain was taken over. The WHOIS info was updated at the time of the hack, the nameservers + DNS changed, and if you try to visit any of the actual pages other than the index you'll get a 404. It's a completely different website save for the domain name."
Attacker's Address: 1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N<ref name="blockchaindotcom-8296" />


== Total Amount Lost ==
== Total Amount Lost ==
The attacker's bitcoin wallet displayed 0.40571238 BTC as having been received<ref name="blockchaindotcom-8296" />. There is some controversy that the attacker may have pretended to fall for their own scam, however there is no documented case of this happening in any other bitcoin doubling scam.
The total amount lost has been estimated at $18,000 USD.
The total amount lost has been estimated at $18,000 USD.


How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
== Immediate Reactions ==
CobraBitcoin announced the compromise on Twitter.
 
=== Tweet From CobraBitcoin ===
CobraBitcoin shared a Tweet to warn the community that the domain had been compromised<ref name="cobrabitcointwitter-8288" />.<blockquote>"http://Bitcoin.org has been compromised. Currently looking into how the hackers put up the scam modal on the site. May be down for a few days."</blockquote>


== Immediate Reactions ==
=== Controversy Over Bitcoin.org Ownership ===
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Twitter user WhaleWire asks CobraBitcoin how it feels "to be compromised", referencing a controversy over the ownership of the original bitcoin.org domain<ref name=":0" />.


== Ultimate Outcome ==
== Ultimate Outcome ==
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
"[U]nfortunately, some cryptocurrency enthusiasts may have fallen for the scam as evident from the attacker's wallet balance. The transaction history shows multiple deposits made from different Bitcoin addresses to the attacker's wallet."
 
"The last updated balance of the wallet was at 0.40571238 BTC or approximately US$17,000." "Scammers probably didn't make off with as much money as the BTC wallet shows as noted by @SadFrogFacts." "For context, 3 people have sent $100, 1 person has sent around $200, the rest(0.4 BTC) seems to have been sent as a way to make the “giveaway” seem legitimate, so likely scammer’s own coins."


== Total Amount Recovered ==
== Total Amount Recovered ==
There do not appear to have been any funds recovered in this case.
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?


== Ongoing Developments ==
== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
TBD - Any efforts to trace these funds?
 
== Individual Prevention Policies ==
== Prevention Policies ==
In general, be familiar with the common scams. Anything claiming to pay back more than you send them is typically a scam.
In general, be familiar with the common scams. Anything claiming to pay back more than you send them is typically a scam.


== References ==
{{Prevention:Individuals:Question Unrealistic Profit}}
[https://www.bleepingcomputer.com/news/security/bitcoinorg-hackers-steal-17-000-in-double-your-cash-scam/ Bitcoin.org hackers steal $17,000 in 'double your cash' scam] (Apr 29)


[https://twitter.com/CobraBitcoin/status/1440905892543832064 @CobraBitcoin Twitter] (Jul 2)
{{Prevention:Individuals:Double Check Transactions}}


[https://bitcoin.org/en/ Bitcoin - Open source P2P money] (Jul 2)
{{Prevention:Individuals:End}}


[https://twitter.com/Namecheap/status/1440896036487245832 @Namecheap Twitter] (Jul 2)
== Platform Prevention Policies ==
{{Prevention:Platforms:Cryptocurrency Safety Quiz}}


[https://web.archive.org/web/20210917091640/https://bitcoin.org/en/ Bitcoin - Open source P2P money] (Jul 2)
{{Prevention:Platforms:Establish Industry Insurance Fund}}


[https://twitter.com/coinpoll_net/status/1441001403842015232 @coinpoll_net Twitter] (Jul 2)
{{Prevention:Platforms:End}}


[https://web.archive.org/web/20210923184752/https://coinpoll.net/news/bitcoin-news/bitcoin-org-hacked-bitcoin-btc-website-down.html Bitcoin.org hacked: bitcoin (BTC) website down - CoinPoll | Grow crypto together] (Jul 2)
== Regulatory Prevention Policies ==
{{Prevention:Regulators:Cryptocurrency Education Mandate}}


[https://twitter.com/vxunderground/status/1440875093593231360 @vxunderground Twitter] (Jul 2)
{{Prevention:Regulators:Establish Industry Insurance Fund}}


[https://web.archive.org/web/20210923025255/https://bitcoin.org/ Bitcoin - Open source P2P money] (Jul 2)
{{Prevention:Regulators:End}}


[https://www.blockchain.com/btc/address/1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N Address: 1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N | Blockchain Explorer] (Jul 2)
== References ==
 
<references>
[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (May 15)
<ref name="bleepingcomputer-8287">[https://www.bleepingcomputer.com/news/security/bitcoinorg-hackers-steal-17-000-in-double-your-cash-scam/ Bitcoin.org hackers steal $17,000 in 'double your cash' scam] (Apr 29, 2022)</ref>
 
<ref name="cobrabitcointwitter-8288">[https://twitter.com/CobraBitcoin/status/1440905892543832064 CobraBitcoin - "http://Bitcoin.org has been compromised. Currently looking into how the hackers put up the scam modal on the site. May be down for a few days." - Twitter] (Jul 2, 2022)</ref>
[https://twitter.com/MrCl0wnLab/status/1441106379083636747 @MrCl0wnLab Twitter] (Jul 2)
<ref name="bitcoin-8289">[https://bitcoin.org/en/ Bitcoin - Open source P2P money] (Jul 2, 2022)</ref>
 
<ref name="namecheaptwitter-8290">[https://twitter.com/Namecheap/status/1440896036487245832 @Namecheap Twitter] (Jul 2, 2022)</ref>
[https://twitter.com/DevariteTheFox/status/1440929885766127620 @DevariteTheFox Twitter] (Jul 2)
<ref name="bitcoinarchive-8291">[https://web.archive.org/web/20210917091640/https://bitcoin.org/en/ Bitcoin - Open source P2P money] (Jul 2, 2022)</ref>
 
<ref name="coinpollnettwitter-8292">[https://twitter.com/coinpoll_net/status/1441001403842015232 @coinpoll_net Twitter] (Jul 2, 2022)</ref>
[https://twitter.com/gort1356890/status/1440880174883647490 @gort1356890 Twitter] (Jul 2)
<ref name="coinpollarchive-8293">[https://web.archive.org/web/20210923184752/https://coinpoll.net/news/bitcoin-news/bitcoin-org-hacked-bitcoin-btc-website-down.html Bitcoin.org hacked: bitcoin (BTC) website down - CoinPoll | Grow crypto together] (Jul 2, 2022)</ref>
 
<ref name="vxundergroundtwitter-8294">[https://twitter.com/vxunderground/status/1440875093593231360 @vxunderground Twitter] (Jul 2, 2022)</ref>
[https://twitter.com/TheBlueMatt/status/1440894787352104961 @TheBlueMatt Twitter] (Jul 2)
<ref name="bitcoinarchive-8295">[https://web.archive.org/web/20210923025255/https://bitcoin.org/ Bitcoin - Open source P2P money] (Jul 2, 2022)</ref>
 
<ref name="blockchaindotcom-8296">[https://www.blockchain.com/btc/address/1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N Attacker's Bitcoin Address - Blockchain Explorer] (Jul 2, 2022)</ref>
[https://twitter.com/CloudflareHelp/status/1440958572628742144 @CloudflareHelp Twitter] (Jul 2)
<ref name="coinmarketcap-623">[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (May 16, 2021)</ref>
 
<ref name="mrcl0wnlabtwitter-8297">[https://twitter.com/MrCl0wnLab/status/1441106379083636747 @MrCl0wnLab Twitter] (Jul 2, 2022)</ref>
[https://web.archive.org/web/20210923114201/https://bitcoin.org/en/ Bitcoin - Open source P2P money] (Jul 2)
<ref name="devaritethefoxtwitter-8298">[https://twitter.com/DevariteTheFox/status/1440929885766127620 @DevariteTheFox Twitter] (Jul 2, 2022)</ref>
 
<ref name="gort1356890twitter-8299">[https://twitter.com/gort1356890/status/1440880174883647490 @gort1356890 Twitter] (Jul 2, 2022)</ref>
[https://twitter.com/ItsGoharr/status/1443661999498399753 @ItsGoharr Twitter] (Jul 2)
<ref name="thebluematttwitter-8300">[https://twitter.com/TheBlueMatt/status/1440894787352104961 @TheBlueMatt Twitter] (Jul 2, 2022)</ref>
 
<ref name="cloudflarehelptwitter-8301">[https://twitter.com/CloudflareHelp/status/1440958572628742144 @CloudflareHelp Twitter] (Jul 2, 2022)</ref>
[https://bitcoin.org/en/about-us About bitcoin.org] (Jul 2)
<ref name="bitcoinarchive-8302">[https://web.archive.org/web/20210923114201/https://bitcoin.org/en/ Bitcoin - Open source P2P money] (Jul 2, 2022)</ref>
<ref name="itsgoharrtwitter-8303">[https://twitter.com/ItsGoharr/status/1443661999498399753 @ItsGoharr Twitter] (Jul 2, 2022)</ref>
<ref name="bitcoin-8304">[https://bitcoin.org/en/about-us About bitcoin.org] (Jul 2, 2022)</ref>
</references>

Latest revision as of 16:47, 16 November 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Bitcoin.org

Bitcoin.org is a widely consulted reference on the bitcoin protocol and status. In September 2021, the site's DNS was redirected to a malicious server, which displayed a scam claiming to double people's money if they sent it to a particular donation address. While no post-mortem on the source of the breach was provided, domains can typically be hijacked and changed through a social engineering attack on the registrar. It appears that close to $18k worth of bitcoin was taken, although this is controversial since the largest transfer of 0.4 bitcoin may have come from the hacker themselves. None of the funds have been recovered.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15]

About Bitcoin.org

"Bitcoin.org was originally registered and owned by Bitcoin's first two developers, Satoshi Nakamoto and Martti Malmi. When Nakamoto left the project, he gave ownership of the domain to additional people, separate from the Bitcoin developers, to spread responsibility and prevent any one person or group from easily gaining control over the Bitcoin project."

"From 2011 to 2013, the site was primarily used for releasing new versions of the software now called Bitcoin Core. In 2013, the site was redesigned, adding numerous pages, listing additional Bitcoin software, and creating the translation system."

"Although Bitcoin is assumed to be created by a pseudonymous identity, "Satoshi Nakamoto," the author of the research paper that gave birth to the cryptocurrency, a newer identity "Cøbra" is lately seen managing the Bitcoin.org website, social media, and community channels." "Today the site is an independent open source project with contributors from around the world. Final publication authority is held by the co-owners, but all regular activity is organized through the public pull request process and managed by the site co-maintainers."

Website: [16][17][18][19]

New Update From Bitcoin.org

"The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years. Send Bitcoin to this address, and we will send double the amount in return! Limited to the first 10000 users!"

The Reality

The bitcoin.org website DNS had been compromised, allowing the attackers to redirect the website to a server under their control. The updated website continued to claim to be the bitcoin foundation and instructed users to send funds to the scammer, claiming that and funds sent would be doubled.

What Happened

After the bitcoin.org website was redirected to a malicious server via a DNS attack, a phishing message was displayed on the site. Several users sent bitcoin funds to the attacker's address.

Key Event Timeline - Bitcoin.org Double Your Cash Scam
Date Event Description
September 22nd, 2021 8:10:17 PM MDT Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
September 22nd, 2021 11:08:00 PM MDT CobraBitcoin Twitter Post CobraBitcoin posts a tweet reporting that the bitcoin.org website has been compromised[2]. The website reportedly may be down for a few days.
September 22nd, 2021 11:12:00 PM MDT Controversy Over Domain Ownership Twitter user WhaleWire asks CobraBitcoin how it feels "to be compromised", referencing a controversy over the ownership of the original bitcoin.org domain[20].

Technical Details

"Appears to be DNS hijack as noted by @nukedotasia." "[I]t appears the domain was taken over. The WHOIS info was updated at the time of the hack, the nameservers + DNS changed, and if you try to visit any of the actual pages other than the index you'll get a 404. It's a completely different website save for the domain name."

Attacker's Address: 1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N[8]

Total Amount Lost

The attacker's bitcoin wallet displayed 0.40571238 BTC as having been received[8]. There is some controversy that the attacker may have pretended to fall for their own scam, however there is no documented case of this happening in any other bitcoin doubling scam.

The total amount lost has been estimated at $18,000 USD.

Immediate Reactions

CobraBitcoin announced the compromise on Twitter.

Tweet From CobraBitcoin

CobraBitcoin shared a Tweet to warn the community that the domain had been compromised[2].

"http://Bitcoin.org has been compromised. Currently looking into how the hackers put up the scam modal on the site. May be down for a few days."

Controversy Over Bitcoin.org Ownership

Twitter user WhaleWire asks CobraBitcoin how it feels "to be compromised", referencing a controversy over the ownership of the original bitcoin.org domain[20].

Ultimate Outcome

"[U]nfortunately, some cryptocurrency enthusiasts may have fallen for the scam as evident from the attacker's wallet balance. The transaction history shows multiple deposits made from different Bitcoin addresses to the attacker's wallet."

"The last updated balance of the wallet was at 0.40571238 BTC or approximately US$17,000." "Scammers probably didn't make off with as much money as the BTC wallet shows as noted by @SadFrogFacts." "For context, 3 people have sent $100, 1 person has sent around $200, the rest(0.4 BTC) seems to have been sent as a way to make the “giveaway” seem legitimate, so likely scammer’s own coins."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

Ongoing Developments

TBD - Any efforts to trace these funds?

Individual Prevention Policies

In general, be familiar with the common scams. Anything claiming to pay back more than you send them is typically a scam.

Any time that you are promised any profit or benefit in exchange for an initial payment, smart contract approval, or deposit, pay special care as to whether the entity making that offer is trustworthy, actually who they say they are, and has the means to fulfill what they're promising. There are no magic algorithms providing guaranteed returns from trading or mining. Trading on average will lose money. Mining is expensive and complex. No one is going to immediately send back more than you sent them. NFT projects will rarely announce a surprise mint in only a single location. Are you fully prepared for the event your money is kept and nothing is delivered in return?

Every approval on Web3 is an opportunity to lose all of the funds present in your wallet. Take the time to review the transaction in full. Fully check over the balance, permissions, and entire address which you are interacting with. Do not trust that your clipboard or any website front-end is guaranteed to provide an accurate address or transaction status. Always perform a test transaction prior to the first high-value transaction in any session.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Bitcoin.org hackers steal $17,000 in 'double your cash' scam (Apr 29, 2022)
  2. 2.0 2.1 2.2 CobraBitcoin - "http://Bitcoin.org has been compromised. Currently looking into how the hackers put up the scam modal on the site. May be down for a few days." - Twitter (Jul 2, 2022)
  3. Bitcoin - Open source P2P money (Jul 2, 2022)
  4. @Namecheap Twitter (Jul 2, 2022)
  5. @coinpoll_net Twitter (Jul 2, 2022)
  6. Bitcoin.org hacked: bitcoin (BTC) website down - CoinPoll | Grow crypto together (Jul 2, 2022)
  7. @vxunderground Twitter (Jul 2, 2022)
  8. 8.0 8.1 8.2 Attacker's Bitcoin Address - Blockchain Explorer (Jul 2, 2022)
  9. Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap (May 16, 2021)
  10. @MrCl0wnLab Twitter (Jul 2, 2022)
  11. @DevariteTheFox Twitter (Jul 2, 2022)
  12. @gort1356890 Twitter (Jul 2, 2022)
  13. @TheBlueMatt Twitter (Jul 2, 2022)
  14. @CloudflareHelp Twitter (Jul 2, 2022)
  15. @ItsGoharr Twitter (Jul 2, 2022)
  16. Bitcoin - Open source P2P money (Jul 2, 2022)
  17. Bitcoin - Open source P2P money (Jul 2, 2022)
  18. Bitcoin - Open source P2P money (Jul 2, 2022)
  19. About bitcoin.org (Jul 2, 2022)
  20. 20.0 20.1 WhaleWire - "How does it feel? To be compromised." - Twitter (Jul 2, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Bitcoin.org_Double_Your_Cash_Scam&oldid=5195"