The Criminal Investigation Team of the Zhejiang Public Security Department discussed with imToken and SlowMist on the current situation of blockchain fraud and methods and measures to protect the security of user assets.
Original title: “Provincial Public Security Department Criminal Investigation Team: How to file a case when digital assets are stolen”
Organize: imToken
Blockchain security is an issue that requires our continuous attention, because the assets on the blockchain are not the same as traditional assets in nature. It is based on technologies such as cryptography and public and private keys. If fraud does occur, the possibility of asset recovery is much lower than that of traditional assets.
On June 9, imToken conducted a live broadcast event on station B with the theme “How to ensure the security of blockchain users’ assets”.
The following is the text version of this live broadcast👇
host:
- Lianwen Research Director-Pan Zhixiong
Guests:
Criminal Investigation Team of Zhejiang Provincial Public Security Department-Xu Xiaohua (hereinafter referred to as Team Xu)
Partner and CTO of SlowMist Technology-Blue
imToken user support manager-Xiaopang
1. With the hot market, various frauds have become extremely rampant, posing a great threat to the security of ordinary people’s assets. Can you list the more common scams related to digital assets?
Team Xu: The public security organs classify some fraud or theft cases involving the Internet as new types of Internet-related crimes. In recent years, with the development of the financial system of the entire society and the Internet, in fact, there are fewer and fewer traditional cases. I think everyone should also feel deeply that this kind of theft in the past is difficult to implement with the popularization of road monitoring and mobile payment. At the same time, this traditional snatching, fraud, and road crime are gradually shrinking due to these reasons.
But from my personal understanding of crime, this type of crime involving the violation of citizens’ property will never die. It can be said that this type of crime will continue to exist until we realize communism. Now this type of crime has actually slowly evolved into the Internet and the financial field of blockchain.
From the perspective of our public security, about 18 or 19 years later, this new type of crime has accounted for more than half of all types of crimes. Crimes involving blockchain have a slow development process. In the early stage, a large number of frauds related to the blockchain were actually new bottles of old wine. Some traditional crimes began to set up scams and pyramid schemes in the name of blockchain.
In our earliest days, we called this kind of fraud cases in the name of investment blockchains as killing pigs or investment disks. And the earliest investment market should be 18 or 19 years ago. Because of the 1CO boom in 2017, after many of these air coins came out, some people had a vague impression of the blockchain and wanted to invest. However, there are many investment platforms set up in the name of blockchain and digital currency. In fact, there is no such digital asset on the chain at that stage. The victim invests in the platform, and all he gets is a number in the database, and it is not actually on the chain.
After a wave of gains in Bitcoin and related currencies last year, another wave of investors came in. Nowadays, many of these air coins are actually on the chain, and there are more and more investment disks and pig-killing disks. With the increase of blockchain investors, some new crimes have arisen, such as using a wallet to scan a QR code, and then using this DApp to steal all the balance in your wallet.
Some time ago, there were cases of counterfeiting USDT issued through ERC-20 in our province. There may be more and more cases of this kind in the future, because it is difficult for ordinary investors to distinguish between true and false coins. Fraud cases are roughly these categories.
Pan Zhixiong: Thank you, let me summarize it. In the early days, it was new bottles of old wine, just under the guise of the blockchain, but the practice of centralized databases, including many popular 1CO projects in 2017, was actually fraudulent under the name of the blockchain. Last year and this year, it may have actually been on the blockchain, and fraud was carried out through more covert means.
2. What is the scale of the number of cases faced by the public security organs in the field of digital assets, and how much is an upgrade from the previous one? What are the general types of illegal and criminal activities?
Team Xu: We are now in the context of a relatively large criminal trend change, and there are more and more new types of blockchain cases involving the network. In addition to the crime of using blockchain to commit fraud just mentioned, the public security organs also found out that many types of cases are not necessarily related to the blockchain, but they are all related to the blockchain.
At present, a large number of criminals are using digital assets to launder money. Money laundering is a topic that can never escape from cases such as financial crimes or property infringement crimes. When it comes to cases in the blockchain field, we just discussed blockchain-related scams, but in fact, the biggest type of crime in the blockchain field should be money laundering. It has been more than ten years since the birth of Bitcoin. We can see that with the development of blockchain, money laundering crimes have been developing along with the entire industry ecology.
I have read some papers before and have a rough statistics on global money laundering crimes. Its overall scale is a very large number, which may have accounted for about 10% of global GDP. If the demand for money laundering really accounts for 10% of global GDP, this means that as long as which industry and which field can support such crimes, the industry itself will inevitably be expanded to a very large magnitude.
A few months ago, the total amount of Bitcoin has exceeded one trillion U.S. dollars. Money launderers use the blockchain to launder money, using the anonymity, decentralization and other characteristics of the blockchain, which perfectly meet the needs of crime. We divide money laundering crimes into front-end and back-end of funds.
The front-end refers to the victim or gambler in a gambling crime, how his first-level funds enter the platform and enter this funding link. For example, if you spend online, you may use Alipay to pay. In the field of crime, like many cases of this type of fraud, the victim generally uses some third-party payment software or bank card to pay his first money in the first-level financial system. We call this the front end of the capital link.
After going to the back end, money laundering crime is generally a first-level bank card to a second-level bank card, and then a part of the money will gradually enter the exchange or the chain, and finally the funds will be laundered. This is the back end of the funding link.
In the past, money laundering related to encrypted assets was mainly in the back-end field. Now, due to the popularity of digital assets, many such crimes that directly defraud victims’ coins are also increasing. In the gambling field, there are also more and more overseas gambling platforms that directly accept gamblers’ digital assets to recharge. In the entire criminal ecology field, it is possible that the proportion of digital assets will become higher and higher in the next period of time.
In addition, blockchain and digital assets have also given another kind of soil for the growth of criminal cases-the ransomware virus that was relatively popular in the past few years. The ransomware virus encrypts the information files in the victim’s computer, and then provides a payment address for encrypted assets for ransom. Before the blockchain, it was impossible for the criminal suspect to leave a simple bank card account number, because it was an account that can be controlled by a centralized institution.
After the block chain investment boom last year, more and more investors have entered this field. In each link of the blockchain ecology, many new types of crimes may be derived. For example, the recent cooperation between us and imToken mainly involves someone using counterfeit wallet applications. Ordinary investors don’t know how to identify official channels. They may download the counterfeit wallet application that is implanted by hackers in the backdoor. After he generates the wallet key, the information will be uploaded to the server preset by the hacker. If digital assets are transferred to this wallet address, the hacker will transfer the assets directly.
Then there are the fake tokens issued through ERC-20 that I just mentioned. The current investor knows that he needs to buy USDT first and then go to the currency transaction, but he does not know the distinction between true and false USDT. There are many fake USDT tokens on the chain now. I once saw a counterfeit USDT account in a case. The balance was 999… which is a very large number. Such fake tokens are difficult for ordinary investors to distinguish.
There are mainly these three categories. One is the use of digital assets for money laundering, the other is the use of old wine in new bottles, traditional crimes cover the shell of digital assets, and the third is for every link of the blockchain ecology in the future, which will definitely occur. Some newer criminal methods.
3. As a wallet party, imToken must have contacted many victimized users. What cases have they encountered? How is it handled?
Xiaopang : imToken roughly divides these cases into two categories, one is fraud and the other is theft of coins.
For example, when the market was very hot in 2017, one way for the project to promote at that time was airdrop. Some project airdrops may bring good returns to investors, but more often they are valueless airdrops made by imitating well-known projects to induce users to transfer money to a certain contract address, and deceive users to receive the corresponding through transfer. The airdrop currency said that the currency may be listed on the exchange for a period of time, and then it will be able to make a profit.
In 17 and 18 years, there were more cases of such scams. As the entire market weakened later, these scams disappeared, or they became a way of filling old wine with new bottles, inducing you to invest. In the end, these projects were big. The probability will go away, such as the MGC we have previously revealed. It is a centralized wallet that pretends to be a decentralized wallet, inducing users to create a wallet or import some keys generated by other software into it. Your mnemonic phrase and private key are recorded on the server, and the crooks finally All your assets are stolen, which is a fraud case. But you will find that he combined the two actions of fraud and theft. In 20 and 21 years, this scam escalated again due to the explosion of the market. Such as the QR code scam a while back. Scan the QR code to enter a transfer page. When you confirm the transfer, you are actually authorizing the fraudster to transfer your assets.
In another type of currency theft event, there are many situations where people around you steal currency or a team manages the private key together, which leads to this kind of currency theft event. In the past, some users did not understand the importance of private keys, and would send mnemonic words and private keys to WeChat groups, or to some cloud servers. This kind of network transmission behavior would cause his assets to be stolen. But now a new type of scam has appeared. You did not leak the mnemonic phrase and private key, but just completed an authorization and gave others the authority of the digital assets in your account. Then others can steal your assets. This category is a case that has a relatively large impact on users.
For imToken, we not only have to deal with these cases, but also give users an answer. Like the LCS project we revealed a while ago, after receiving reports from users, we first judged the cause and effect of the entire incident. I took the LCS software installation package he downloaded from the user and gave it to our colleagues in the security department for professional analysis, and found that it was similar to the aforementioned MGC, and it would record the user’s private key and upload it to the server.
After we found the reason, we fed it back to the user, and the step of asking him to call the police was the beginning of the difficulty. Users will think that the responsibility for the loss of assets lies with imToken, and imToken should help them to report to the police and recover such assets. In this regard, we have communicated with the public security and lawyers. The user is the subject of the loss of assets, so the user must go to the police. After filing the case to the police, first of all, our imToken wallet side knows that your assets were stolen with evidence, not made up by you. In addition, users can only recover their assets through legal channels after they report to the police.
Regarding the handling of the loss and theft of assets reported by users, we must try our best to find some clues for him as soon as possible, and we recommend him to call the police. After reporting to the police, if the police needs to contact imToken, we will give the user an official verification process. The purpose is to help users recover their assets, and at the same time let him know how the assets were stolen, so that he can avoid the same scam in the future.
Pan Zhixiong: It sounds like your workload is really large, because your user base is also large.
Xiaopang: Yes, but this is where the responsibility lies. From my personal point of view, this is my own job, and I hope to help more people; from our company’s point of view, as an enterprise in this emerging industry, this is our social responsibility.
4. As a security audit agency, I must have monitored a lot of application issues and user asset issues. Which are the more common issues? What are the general procedures for dealing with such security issues?
Blue: Currently, many DeFi projects are looking for us to do audits. There are also many scams in DeFi projects, and there is a risk of user assets being stolen. For example, some project parties have the right to directly transfer money from the fund pool. In addition, there are a lot of off-road projects in the industry, which is equivalent to the fact that users invest money in a project and lose money, which is also a kind of fraud.
In the DeFi world, the damage to user assets is mainly caused by the theft of assets. Recently, there have been endless thefts of project parties on various public chains. When users participate in a DeFi project, they actually authorize their own assets to the project. Regarding this point, the user may have a misunderstanding. He believes that the assets are stored in the imToken wallet and cannot understand why the project party is hacked and his assets will also be lost. In fact, when you participate in a DeFi project, you need to authorize funds to the project party, which is equivalent to giving you control of your own assets to the project party.
When you are attracted by the annualized rate of return of a project, the project party and hackers may be staring at your principal. Now many hackers treat DeFi as an ATM. Now most project parties are willing to spend money to do security audits, so there are fewer incidents of asset theft due to technical vulnerabilities than before.
5. How did the public security agencies respond to these rampant frauds in the blockchain industry? What is the case handling process of the public security organs?
Team Xu: I saw some netizens in the live broadcast room who reported that they had been scammed for participating in a certain project, and asked the police whether they would file a case for investigation. Let me introduce our case handling process first.
For all fraud and theft cases, we recommend that victims report to the police as soon as possible, especially cases involving traditional funds. Reporting the case as soon as possible after being defrauded will help the police to immediately identify or freeze relevant funds. Assets to restore the loss of the victim.
For such cases involving blockchain, the process is the same. The victim reports the crime as soon as possible to allow the police more time to start work. In addition, before reporting the case, we recommend that the victim prepare as much detailed information as possible, such as a fraud case. It is best for the victim to provide relevant platform information or application information, fund flow, chat history (such as pictures, QR codes, links), etc. Wait. The more information the victim provides, the more channels the police can query and analyze during the investigation and handling of subsequent cases.
In fact, the police all over the country attach great importance to this type of fraud. From the Ministry of Public Security to the public security organs at all levels of provinces, cities and counties, they are all vigorously propaganda and prevention. We realize that the difficulty of combating such crimes is increasing day by day. With the continuous crackdown by our police, the ecology of crime is constantly changing.
For this type of case, we have a deep feeling. The traditional fraud cases were relatively simple earlier. By checking the flow of funds, we can basically see the location of the suspect. For example, he withdrew money from an ATM machine. During this period of time, we can see the location of the suspect. Basically, our police arrested suspects on business trips throughout the year. But now, the means and methods of money laundering by criminal suspects are constantly escalating, and it is becoming more and more difficult to trace the funds. As the criminal targets in the country have been cracked down by the public security organs, more and more criminal suspects are hiding outside the country, and affected by the epidemic, it is difficult for us to go out even if we are cooperating with police in countries. Effective cross-border combat.
Therefore, from the perspective of the police, we hope to start with more prevention and pay more attention to prevention education. Therefore, in recent years, the police have done a lot of work in promoting anti-fraud and strengthening citizens’ awareness of anti-fraud. You should have seen relevant propaganda slogans and videos online and offline in real life, as well as various propaganda materials produced by the police, and we are also engaged in technical confrontations with criminals through some technical means To intercept crime-related funds or criminal communications, in this regard, we are also doing more exploration and attempts in the technical field. In general it is like this.
Pan Zhixiong: Do you have any analysis and statistics on the data on the blockchain , or do you mainly start with the flow of bank funds?
Team Xu: We have been trying to carry out statistics on the chain in recent years. The police in various places are also familiar with the data analysis on the mainstream chains. For the tracing of funds on the chain, we are still thinking of more methods. In addition to the police’s own data analysis, we are also cooperating with relevant institutions in the blockchain industry.
6. How does the country determine the nature of this type of crime? What are the qualitative standards and categories? What about sentencing?
Team Xu: Criminal cases in the blockchain field are not only a new challenge for our public security organs, but also for public security, procuratorate and law.
Because in this new type of crime in the category of digital assets, the traditional definition of value, determination of damage, judgment of authenticity, and the establishment of evidence systems have all been impacted to a certain extent. For example, at the most basic level, we all know that the data on the chain is public and can be checked by everyone, so how to fix the data on the chain as a form of evidence and provide it to the prosecutor’s office or court for prosecution. Regarding this point, local public security agencies are still exploring.
When we introduced various blockchain crimes earlier, there was a case of counterfeiting well-known tokens. For example, fake USDT, then how to distinguish between true and false? First of all, true and false USDT are all tokens issued based on the same technical standard. Even if it is true USDT, there is no clear definition of its value in our current legal system. It is difficult to find relevant appraisal agencies to define which one is true. false.
For such cases, we are also doing some experiments and explorations, which are a bit similar to crossing the river by feeling the stones. However, with the increase of such crimes, the police in various places should develop their own methods to combat or investigate such crimes. Waiting until there is a clear definition in the law, or issued in the form of policy meeting minutes, etc., can effectively help us in judicial practice in blockchain cases.
7. Both the security team and the wallet party have a lot of cooperation with the police. What are the more memorable cases? Are there any cases handled by the three parties?
Xiaopang : From the perspective of imToken, whether it is for users or the police, as long as we need our help, we are definitely responsive. On the police side, we mainly provide assistance in two aspects. On the one hand, we are doing blockchain knowledge popularization, and on the other hand, we provide some clues that we can inquire.
In terms of specific cases, such as the previous PlusToken and brick arbitrage scams, we also assist the police in some work.
Regarding the scam of moving bricks and arbitrage, after we discovered it early, we would inform the community of the risks and proactively ban some counterfeit coins with the same name. In terms of products, users of imToken 2.0 should be able to feel our more work in security.
The tokens displayed in the early imToken were distinguished by the name of the token and the logo of the token. Later, in order to give users a clearer reminder, for tokens with the same name, such as USDT, we will suffix the subsequent USDT tokens with the same name. Add the “Unknown” mark to help distinguish tokens. If some tokens with the same name are confirmed to be counterfeit, we will mark them as risk tokens.
For those links to risky DApps, after we receive reports from users, colleagues in the security department will be responsible for checking whether the corresponding DApps are safe, such as whether it involves pyramid schemes, gambling, etc. If it is confirmed that there are risks, we will immediately respond Such links are banned.
One thing that impressed me was that there was a big MLM disk called Fosage. After we confirmed that it was an MLM project, we blocked this link as soon as possible. However, many users do not understand. Some users even sent emails accusing us of violating the principle of decentralization and should not judge some projects subjectively. But in fact, from our point of view, we must put the user’s asset security in the first place.
So in terms of security, imToken has always been invested, but in most cases, we do not take the initiative to inform the community or the outside world when we do behind-the-scenes work. But users who like imToken or follow imToken should be able to discover the changes in imToken.
Blue: I also feel deeply about what Xiaopang said. From the beginning of the 18th to the end of the 20th, I was also responsible for security at imToken.
imToken considers a lot for users in terms of security. ImToken always puts security in the first place. Any product improvement or technology research and development, if security problems are encountered, security is the first priority. I just mentioned risk token identification and risk DApp ban. You can now go to imToken to open a DApp, and you can see that it will give priority to reminding you that you are about to jump to a third-party website to remind you of risks.
As a security company, SlowMist will definitely assist in the first time if the public security needs to cooperate. For example, some related to data analysis on the chain, analysis of how assets are stolen, how hackers conduct technical attacks, etc. We will actively cooperate with the police in these aspects, and we will also do some blockchain knowledge popularization with the police. .
Pan Zhixiong: I noticed that SlowMist has been on CCTV recently.
Blue: It is true that the national level or CCTV has noticed the blockchain industry. For example, the counterfeit currency fraud we just mentioned is almost zero cost. If you want to issue on Ethereum or some smart contract chains (BSC, Heco), this is very simple.
Now that there are many smart contracts, scammers can get a template and change the name. The so-called token issuance is nothing more than adding a trading pair on Uniswap, and then you can have a price. This can also be regarded as an anti-fraud user education with CCTV.
8. In the current blockchain security field, what do you think is the most important problem, and how do we solve it? And give everyone some safety advice
Team Xu: Let me share a word first, the gentleman does not stand under the dangerous wall. The story of people getting rich overnight in the blockchain field is teasing everyone’s greed. The blockchain field can be said to be the field with the most and fastest emergence of new things. Investors must learn more, see and understand, and always be vigilant. No matter how much anti-fraud propaganda our police do, the last point is that everyone should control their greed.
I prefer to say, don’t make money outside of your cognition. Many investors or deceived people actually don’t know the field, nor are they familiar with the value of this thing and whether it can make money. Don’t make money outside of your cognition. This is my advice.
Xiaopang: I think anti-fraud and anti-fraud is never a matter for a single company, but for participants in the entire industry, including users, companies, and even law enforcement agencies, that need to work together.
Users need to take the initiative to learn some knowledge and keep up with the pace of technological development. In fact, scammers are “working hard” to learn related knowledge than ordinary users, because he can only get you into his scam if he knows more. If you can see through these scams, the user will be smarter than him, understand the industry better, and know more.
Practitioners in the industry must have principles and have a bottom line, and don’t make money from the wrong heart. Sooner or later, your actions will be known to others, and then there will be no place in this industry.
Law enforcement agencies have been actively learning blockchain knowledge during this period. When I communicated with the public security authorities in 18 and 19, they still didn’t understand digital assets and believed that the blockchain industry is a fraud industry. However, when I communicated with the police in 20 or 21 years, I found that the police or criminal investigations in some places have a very deep understanding of this industry, and they even follow the hot spots of this industry.
Ordinary users, industry organizations, and law enforcement agencies need to act together to reduce the occurrence of security incidents, rather than relying solely on the supervision and propaganda of a single individual or the public security.
Blue: First of all, there is definitely no free lunch in the world, and no one will give you airdrop tokens for no reason. If you can buy 30% off ETH or 10% off USDT, why don’t scammers make the difference by themselves? If you don’t want to be deceived, watch more anti-fraud videos provided by the police and read more anti-fraud tips provided by imToken.
Secondly, there are huge risks behind the high returns. If a project party you participate in has a return rate of hundreds of thousands of percent, it will be targeted by hackers. Therefore, when participating in the project, you must think about the risk of theft of the principal that you have to bear behind the profit.
Finally, I will talk about protection for personal safety. When you go to airdrops or participate in projects for transfers, it is best to use some safer mnemonic and private key storage methods, such as hardware wallets or well-known digital asset wallets.
9. The police in different places have different standards for filing cases of theft of digital assets. What should users do if they cannot open a case?
Team Xu: Everyone has a misunderstanding about this, and it seems that the police are unwilling to file a case. In fact, from the perspective of public security, this situation is rare. Because we have a strict inspection mechanism for the acceptance and filing of cases. If a case does occur and the police refuse to accept it due to personal reasons, he must bear the corresponding responsibility.
Many people in the live broadcast room said that the case was not filed at their location. On the one hand, the police across the country have inconsistent understanding of the blockchain. The police in developed areas accept more cases of this kind and have some understanding of blockchain and digital assets. When the victim reports the crime, the police will understand the process of his being stolen or deceived better. For police in other regions, it may be more difficult to distinguish the true and false of the victim’s investment behavior.
On the other hand, the police will be more cautious when filing investment cases, and will first determine whether the victim’s own investment failure caused the loss of funds, or because the platform is indeed fraudulent. Therefore, before reporting the case, you must prepare all the evidence materials that can help the case characterize and provide it to the police. For example, the project party initially promised a rate of return, but you did not get the money. From this perspective, it may be more helpful for the police to characterize this case as a fraud case.
