The life of crypto traders in India is not looking easy by any means. First of all RBI played big brother in April 2018, and now a new form of menace is making life difficult for many of us. The P2P exchange mechanism devised by the cryptocurrency exchanges has got some serious vulnerabilities, and those vulnerabilities are now being exploited by some hacker(s) to execute a special type of fraud. Many crypto traders in the country have become victims of such fraud, and the exchanges are also quite responsible for this menace that we’re going to elaborate in this article.
First of all let me tell you about the source of this information. The information regarding these frauds has come from Crypto Kanoon, who often remain among the leaders in reporting many developments related to cryptocurrency space. Mohammed Danish, the legal advisor of Crypto Kanoon team, has recently received at 8 – 10 cases of this new crypto fraud being executed nowadays. According to him, the hackers behind this fraud is pulling it off something like this:
- First of all the hacker hacks someone’s bank account – internet banking account, you can say. Or a PayTM account in some cases.
- Then the hacker makes a fake ID on any of the Indian crypto exchanges. The account is created by using fake identity proofs created with the help of Photoshop.
- Once his account is approved, he buys some BTC from any of the users available on exchange via P2P mechanism. The user sends him BTC, and he sends the payment to user’s bank account or PayTM account.
- It’s at this point where the key element of fraud exists. The payment made to user for BTC purchase is made not from hacker’s own account but from the account of someone else that he compromised in step #1.
- The owner of that compromised bank or PayTM account comes to know about his account being hacked only after some payments from his account have been made. So he goes to the police station and lodges an FIR. Once the FIR has been lodged, police officers begin their proceedings and the bank account or PayTM account of BTC seller is frozen. A case is also registered against the seller for bank fraud.
Now the seller comes to know about the fraud when his account is frozen and FIR is lodged against him. The hacker, in the meantime, starts working on his next target. This raises serious questions regarding the procedures followed by Indian cryptocurrency exchanges. How do they allow creation of fake user accounts without properly verifying the details of submitted ID proofs? They take two days to approve an account… and act as if they’re following so many tedious procedures to protect us, but the way how users are being duped in this latest episode raises serious doubts about the systems of exchanges!
It’s also worth noting that all of them have till date not submitted to any 3rd party audits too. So we can’t say about any of the Indian exchanges that they’re reporting with utmost transparency. In such a situation it’s completely upon us to ensure our security. And here are some steps that you can follow to protect yourself from this new form of fraud:
- Use only those P2P platforms which allow users to be rated (i.e. LocalBitcoins).
- Deal only with highly rated peers. If possible, try to trade with some of your trusted trading partners only. Trusted means traders with whom you’ve been trading safely for last few months at least.
If you still become a victim of this fraud and your account is frozen, get legal help as soon as possible from a lawyer competent in cryptocurrencies. Also file a reverse FIR against the unknown person who bought your Bitcoins (yes, you can do that as your account has also been frozen because of him). And most importantly, don’t lie to the authorities. Say whatever is true, and say it after taking opinion from your lawyer. Unfortunately, these are the only things we can do right now.