It’s Bot Versus Scambot in the 2018 Crypto Arms Race

Guest Contributor

Guest Contributor Kenneth Berthelsen is the CMO at AmaZix

For as long as the internet has existed, there have been automated scams conducted through it. Perhaps the most notorious is the 419 Nigerian prince scam, offering victims a sizable sum of money in return for covering the hefty administration fees on a foreign dignitary’s international transfer of funds.

When crypto exploded into the public consciousness last year, it also came to the attention of a new breed of criminal. No longer was it the drug lords attracted to the dark web and the notorious silk road marketplace that was shut down by the FBI. No, this time it was a more white-collar criminal that was interested in fraud.

As these new criminals discovered, a confidence trick carried out using cryptocurrency is difficult to detect and almost untraceable – especially in smaller amounts. In many ways it’s the perfect crime – and the criminals are all over it with an estimated $670 million being lost to crypto scammers in Q1 of this year alone.

Phish Bait

We may imagine crypto scammers as talented hackers, shrouded in mystery and employing skills and dark arts available to only a select few. The truth, however, is far more mundane. That’s because the real gift for cyber criminals is how easy it is to carry out the crime.

One common version of a crypto con is a type of phishing attack where a fake team member of a crypto project directs the victim to a cloned website or social media account. This in turn entices them to send their cryptocurrency to a certain wallet address in return for a bonus or time-limited offer.

In many cases the victim doesn’t spot the crime for days, they just assume the transaction went through successfully, as to all intents and purposes it did. It’s only when the acknowledgement email doesn’t come through or the payment doesn’t show up on a dashboard that you might notice you’ve been conned.

By that time the funds are completely out of reach. After all, there’s no bank to complain to in order to get your money back, when it’s gone it’s gone – nobody can send it back to you. Except for the owner of the wallet, the criminal.

We all know what email phishing looks like but in this emerging world of crypto, habits have not been formed and we aren’t used to these new forms of phishing attacks. No passwords are handed over, alarm bells don’t ring. It can be as simple as clicking on a link and not verifying the address the funds are being sent to.

Phishing for Tweets

More recently the scammers have moved onto Twitter. We’ve all seen the phenomenal number of cloned accounts offering cryptocurrency to followers of high profile and celebrity accounts. Elon Musk even praised the ‘mad skillz’ of the Ethereum scam bots:

Even today, Twitter is struggling to keep on top of these bot accounts, which has led to a decidedly low-tech solution from influencers like Ethereum’s creator Vitalik Buterin changing his Twitter handle to Vitalik "Not giving away ETH" Buterin.

The Machines are Fighting Back

As the scammers use ever more sophisticated tools, the tools being used to fight back are evolving. In community forums at the front line of the war are the bots – keeping Telegram safe. At AmaZix we have bots working across multiple projects and channels, they delete content and ban users before anyone even notices. And once an account is banned in one channel, it is removed from all channels.

Bots are catching bots now, and our crypto community moderators are acting as generals presiding over enormous AI battles, with friendly bots designed to keep their users safe fending off scambots looking to separate them from their hard-earned crypto.

The necessity of a strong and reactive bot security force was exposed earlier this month when Duo Security discovered a network of at least 15,000 crypto scambots operating across Twitter, a number which likely doesn’t even scratch the surface of the problem.

Basic security bots that can detect their enemies through simple techniques such as keyword searches may be rudimentary, but they are just the beginning. Over the past few years, AI technology has developed in both power and complexity, allowing security firms to create programs that can trawl huge digital spaces, processing thousands of pieces of information per second. These bots can take greater action than banishing malicious accounts, which can simply be recreated under a slightly different name. Some AI-backed tools can now act as a reliable safeguard, informing their human users when they encounter dangerous sites or accounts.

These AIs have been fed tremendous amounts of scam data, with each successful con teaching them how to perform their duties more effectively, essentially becoming ‘super bots’. As scambots lack the resources to collect similar data on crime-prevention, this provides the anti-scam solution with a crucial edge.

Social Media is getting a boost from Enterprise-proven technology such as that offered by BrandShield. Its technology monitors, finds and shuts down cloned accounts and websites. Used by enterprise to detect trademark infringement and counterfeit sales, it’s finding a new use in crypto to help shut down the scam sites before anyone is defrauded.

As crypto thrives and blockchain is greeted with wider mainstream acceptance, the AI security systems which utilise it will grow in power, offering a hopeful future for crypto communities and the bots that protect them.