Gullible users, lack of regulation, spur crypto cybercrimes in India

Gullible users, lack of regulation, spur crypto cybercrimes in India
Photo Credit: Pixabay
9 Jan, 2022

Last week, India's Enforcement Directorate conducted several raids as part of an investigation into a massive crypto scam that involved a fake crypto called Morris coin that was floated to dupe millions of investors in Kerala, Tamil Nadu and Karnataka of over Rs 1200 crore.

Last month, the official Twitter handle of Prime Minister Narendra Modi was 'briefly compromised' and a message was posted declaring that India has accepted crypto as legal tender.

Sample of a crypto scam. Source: Safe Security

The massive surge in the value of cryptos after the pandemic and the availability of multiple wallets and exchanges has spurred a massive investment spree in cryptos. The value of some of these new cryptos, such as Dogecoin, soared by 8300% last year, exceeding even that of Bitcoin. And even though Bitcoin prices are crashing again, the lure of cryptocurrencies remain. While it's still not clear how many people in India own cryptos, some of the large crypto exchanges such as CoinSwitch Kuber claim to have over 15 million users.

That said, with more people in India trading in all sorts of cryptos, hackers are having a field day. According to blockchain analysis firm Chainalysis,  crypto investors lost over $2.8 billion globally to various crypto scams in 2021. The total value of cryptocurrencies held by illicit wallet addresses worldwide soared by 79% last year to $14 billion from $7.8 billion in 2020. 
Illicit address refers to wallets used for cyber attacks, ponzi schemes and other scams.

Sample of a crypto scam. Source: Safe Security

Stealing cryptos from wallets through phishing attacks or tricking people into spending on unknown or fake cryptos, such as Morris coin, are some of the ways in which crypto owners and investors have been targeted by scammers and hackers recently.

In many instances, cybercriminals use channels like Whatsapp and Telegram to scam young crypto owners with the promise of doubling their money. “In a few cases, we have seen employees of cryptocurrency exchanges sharing databases of cryptocurrency owners with cybercriminals, who use this information to start cyberattacks using SMS or even WhatsApp messages with phishing links to takeover crypto accounts," said Rahul Tyagi, co-founder, Safe Security (formerly Lucideus), a cybersecurity firm.

Despite increase in crypto investments, actual knowledge about cryptocurrencies or their underlying technologies is low in India, as is the awareness about cybersecurity. Users treat their cryptocurrency wallets like their e-wallets like Paytm, lamented Tyagi. “Users have to understand that unlike traditional fintech, where a formalised redressal system exists in case of frauds, for cryptocurrencies, if you lose control of your wallet or send cryptocurrency to an unintended address, there is no way to revive it,” he added.

According to N.S. Nappinai, a Supreme Court advocate and founder of cyber safety organization Cyber Saathi Foundation, while attacks on crypto owners started a few years back and grew during the pandemic, crypto scams have been going on for many years. “Now both are flourishing,” she said. “People don't know either about blockchain or cryptocurrency. They are easily enamoured and fall for these scams," she added.

On their part, crypto wallets and exchanges have been trying to educate users about security. Many offer features that can minimise the risks too. Tyagi pointed out that most users are unaware that crypto wallets have an option called whitelisting crypto account addresses. If activated, it reduces the chances of fraud. It’s an opt-in feature that allows withdrawals to go only to addresses that you have pre-designated. “Users need to explore and understand the security and privacy aspects of cryptocurrencies before they invest," he added.

Legal experts believe that the lack of regulation on cryptos in India has heightened the risk, as many users don't know which coins are legitimate and which are not. For instance, Nappinai said that “at a very basic level” regulation will ensure that there is clarity in terms of what is permissible and what is criminal. "So that, from an investor’s perspective, it is preventive and protective. And from the law enforcement perspective, it gives them clarity to prosecute.”

India has shifted its stance on cryptos and instead of a blanket ban is now seeking to regulate it, according to recent reports. The government had listed the Cryptocurrency and Regulation of Official Digital Currency Bill 2021 in the Winter session of Parliament last month but it was not tabled.

Though scammers and cybercriminals can still be prosecuted under existing laws, regulation will encourage investors to file complaints and ensure that not just anyone can issue new coins out of the blue and start collecting money through initial coin offerings. Nappinai pointed out that before a Supreme Court judgement on an appeal by the Internet and Mobile Association of India (IAMAI) in 2020, people were too scared to even file a complaint for crypto crimes.

“The government should take a call on saying yes or no to crypto,” said Nappinai. “If you're going to say maybe or yes to certain things, then be specific in terms of what you are going to allow. What will be the parameters needed to release a private coin or what are the investor protections in place,” she insisted.