Research reveals that massive crypto exchanges are increasingly becoming prey to scammers using doctored images to trick two-factor authentication reset procedures. The attack highlights the importance of not entrusting security to a third party exchange and securing private keys.
Doctored photographs have a market on dark web forums and the rates to purchase them are notably cheap. However, considering that several large exchanges are requiring multiple verification methods for resetting a two-factor authentication, it remains to be seen how effective it will be.
Crypto users who decide to leave their digital assets on centralized exchanges already have a lot to be worried about. The site itself might fall victim to a security compromise. There is also the QuadrigaCX debacle, which was seemingly caused by negligence on part of its deceased CEO or something more sinister.
Add to these issues the potential mismanagement of company finances and phishing attacks, and it can be seen why many thought leaders in the space encourage learning to protect digital assets.
The most recent reported scam being utilized to defraud individuals out of their crypto holdings involves trying to trick an exchange’s staff with doctored images. It convinces the exchange that a request to reset the two-factor authentication security process is legitimate and came from the account owner.
Per research by Hold Security, plenty of information about data fraud techniques can be found on dark web hacking forums. Among these covert pages is approximately 10,000 altered images utilized for different verification techniques.
Hold Security Chief Information Security Officer Alex Holden said a doctored image will cost scammers roughly $50. An example of such a photograph was posted by Bank Info Security. It showed an anonymous person holding a passport and a note with the date and “Reset 2FA.”
The attackers submit a request to change the device utilized to receive two-factor authentication codes. They will then send an image which has been doctored to display details about the targeted user.
“Some companies have no ability to assert what their client looks like… It’s not like hackers publish success rates,” Holden states. “But because we know that [hackers who] we are monitoring are actually making money off of it, I’d say yeah.”
Many crypto exchanges oblige new users to verify their identity using a government-issued document. For that reason, a lot of exchanges are not concerned about the security of their customers. However, many were less-than-willing to discuss instances of scammers utilizing fake images in such a manner.
A Coinbase representative commented on the fact that the San Francisco-headquartered exchange leverages multiple ID verification levels to reset two-factor authentication and account passwords. Similarly, Kraken said all ID verification images should show a custom message and clients with highest tier accounts will have already provided photographic identification after signing up for the upgrade.
“Unfortunately, we’re no stranger to these types of malicious attempts to gain access,” Binance reported. The exchange asks users to provide a set of pictures for resetting two-factor authentication as well as a “face verification” step through a webcam:
“Given the measures we currently have in place, I don’t believe this threat is something for Binance to be particularly worried about at the present time.”
The security precautions taken by both the individual user and targeted venue would have to be incredibly lax for it to become successful.