A BBC tech journalist recently reported losing roughly $30,000 USD in crypto funds for not securing his private key(s).
The Private Key Is… Key…
To say cryptocurrency is a tricky business would be an understatement. The arena, given its growth and expansion over the last year or so, has ultimately opened the door to several hackers and malicious actors that seek to take funds that aren’t theirs or that they didn’t earn. Through SIM-swapping, phony initial coin offerings (ICOs) and standard malware or cyberattacks, the routes to obtaining funds illicitly are plentiful, and they continue to plague the industry even today.
The journalist – who goes by the name Monty Mumford – used a company called myetherwallet.com to store his ether tokens. After allowing it to grow to its present size, he ultimately opened his account one day to see that it had all disappeared overnight.
As it turns out, he had stored his private key in his email drafts so that he could always get to it when it was needed. At press time, it’s not clear how the funds were taken, but some are suggesting that the cloud service on his computer was infiltrated by the hacker (or hackers). This allowed them to “get inside,” view the draft in his email and attain the key from there.
In an article for the BBC, Mumford explains that he ultimately found his funds were transferred to an account on Binance. He thus contacted the exchange to get the ball rolling and see if he could find out where to go from there, but the experience was, as he describes, a “Kafkaesque nightmare.” He writes:
Binance wouldn’t disclose anything until it had been contacted by law enforcement, so I went to the Action Fraud website, reported my case, and obtained a crime number, but six months passed with no news on my stolen investments, so I went on the offensive and contacted US bounty hunters Cipher Blade who work with the FBI in Philadelphia to pinpoint thieves and track them down – in exchange for a percentage of the bounty. They discovered that my money had been deposited by the thief (or thieves) in a ‘consolidation wallet’ then divided up into chunks and sent to four different deposit addresses on the Binance exchange.
How to Avoid Similar Situations
From there, the journalist was forced to contact police authorities who said that they would investigate the matter and see about obtaining IP addresses or any other personal information the hackers may have left behind. They would then contact Binance to see where it could go next in finding the lost funds.
Mumford warns others to “learn from his mistakes.” He says one should always avoid storing their passwords on their computer, as malware can decipher keystrokes and find one’s private keys.