Man-in-the-middle attack: a Bitcoin OTC fraud method and prevention measures

Chapter 0 Introduction

As OTC trading becomes more popular, scammers and bad guys have also started to pay attention to OTC traders. This article introduces a scam method that has been used to defraud OTC traders of coins in recent days, as well as a defense method. This is not an attack method that requires much computer expertise, but an attack method that uses social engineering to exploit the carelessness of buyers and sellers to defraud coins.

This is a true story.

Chapter 1 OTC Trading Platform Trading Process

Before talking about the fraud methods, we must first understand the transaction process of the OTC trading platform.

Both buyers and sellers must register an account on the OTC trading platform and log in to perform buying and selling operations.

The seller will place a sell order on the platform, and the buyer will accept the seller's order on the platform. For example, the buyer accepts the seller's order of ￥9000/1BTC.

After the buyer accepts the sell order, the platform will lock the handling fee that the seller is going to pay for the Bitcoin transaction. For example, the platform will lock the seller's handling fee of 1BTC+0.003BTC.

Then the buyer enters the payment stage.

The buyer remits money to the bank account or other payment account provided by the seller through bank transfer or other payment methods.

After the buyer completes the remittance, he will return to the platform and operate on the platform to tell the platform that he has completed the remittance and notify the seller to release the locked Bitcoin.

The seller will confirm whether he has received the remittance and release it after confirmation. In this way, the platform will transfer the locked bitcoins to the buyer's account and transfer the locked handling fee to the platform's own account.

The above is the normal transaction process, but abnormal situations may occur.

The first is that the buyer has not actually paid, but notified the platform and the seller that he has paid. In this case, the seller can choose not to release the goods and initiate arbitration with the platform. The platform will make a judgment based on the evidence provided by both parties to the transaction.

The second abnormal situation is that the buyer has indeed paid, but the seller deliberately refuses to release the goods. In this case, the buyer can initiate arbitration with the platform. Generally speaking, the buyer has sufficient evidence to prove that he has transferred the money, because there is a bank statement. But this kind of thing will cause time trouble for the buyer.

The above is the process of the OTC trading platform, and the following is the method used by bad guys to defraud money.

Chapter 2 Man-in-the-Middle Attacks

The first step of the fraud: disguise your identity and broker a deal.

Now there is a scammer who finds a buyer and a seller on the OTC trading platform. He adds the buyer and seller separately using the same WeChat account. The first step the scammer has to do is to introduce the buyer to the seller and match the transaction between the buyer and the seller.

The second step of the fraud: the middleman pretends to be

However, the scammers disguised themselves as sellers to communicate with buyers, and disguised themselves as buyers to trade with sellers.

In order to achieve their goal, the scammers will give the buyer's ID card to the seller and the seller's ID card to the buyer, in order to gain their trust. The ID card information is of course obtained in advance, and it is easy to cheat. You can use an OTC platform account to make a transaction with the buyer and seller respectively, and require real-name authentication to get it. In addition, the scammers must also get at least one of the buyer's communication tools other than WeChat, such as Skype.

The third step of the fraud: Disguise as a seller and negotiate with the buyer

The scammer negotiates with the buyer, asking the amount and price of Bitcoin to be purchased to find out the buyer's needs. For example, the buyer needs to purchase 100 BTC.

Step 4 of the scam: Disguise as a buyer and negotiate with the seller

The scammer applies to the seller to buy Bitcoin, negotiates the price and amount, and requests a platform-guaranteed transaction.

To be more specific, I will use the Bikan APP platform as an example. The scammer WeChat ID 2 negotiated with the seller to buy 100 BTC of Bitcoin at a price of ￥9000/BTC, and agreed that the platform process would guarantee it.

The transaction details of this order will be as follows: the seller will receive RMB 900,000 in payment, and the seller will pay a handling fee of 0.3 BTC (0.03%) to the Bikan platform. The handling fee is 0.3 BTC, which is a considerable amount of money.

Step 5: Disguise as a buyer and use the handling fee as bait to ask for a price reduction

The scammers asked the seller for a discount of 0.15 BTC, which is 1350 RMB. By using a transaction method that does not go through the platform to complete the transaction, the seller can save 0.3 BTC in handling fees, of which 0.15 BTC belongs to the seller and the other 0.15 BTC is given to the buyer.

Step 6: Disguise as a seller and use the handling fee as bait to ask for savings

The scammers asked the buyers to conduct private transactions without using the platform guarantee, in order to save the handling fee and offer a preferential price of 0.15 BTC.

Step 7 of the scam: Change the Bitcoin address of the private transaction buyer

The scammer provides the seller with his own Bitcoin address and gives the buyer the seller's payment method.

Step 8: Bypassing real-name authentication

For transactions of such large amounts, buyers and sellers will definitely require real-name authentication, and the highest standards, such as holding up their ID cards for video.

Scammers are usually exposed in front of videos. This is because WeChat videos cannot be transferred through middlemen. WeChat chat messages can be copied and pasted, but videos cannot. This is also the most critical step in the scam.

The scammer needs to collect another video call tool from the buyer in advance, such as Skype, and provide it to the seller. And ask to use Skype for video verification. For example, some reasons, such as, we foreigners only use Skype, I rarely use WeChat and I am not familiar with it, WeChat does not have a camera on the computer, Skype only has a camera on the phone... and so on. Anyway, the seller and buyer must be deceived to bypass WeChat for video verification.

If the seller makes a video call via Skype, the real buyer can be found. Once both parties verify their identities, they can check the ID number and the headshot. Especially at night when everyone is sleepy, especially for traders who make dozens or hundreds of transactions a day, it is unlikely to spend a lot of time on video communication. This makes it easy to miss the last step of finding the scammer.

The ninth step of the fraud: bypassing the platform guarantee

If the amount is so large, even if the video verification is passed, the real buyer and seller will definitely have some concerns. At this time, the scammer will take further measures to deceive the trust of both parties.

The scammer pretends to be a buyer and tells the seller that in order to prevent the seller from not transferring the coins after receiving the money, the transaction is required to be conducted on the platform and privately at the same time. On the platform, the buyer will place an order for a transaction of 100 BTC, and the platform will lock the seller's coins. After the buyer transfers the money and the seller transfers the coins, the buyer will cancel the guaranteed transaction on the platform, so that the seller's coins will be released and returned to the seller's account, and no handling fees will be incurred.

If the buyer regrets and does not cancel the transaction, the seller can apply for arbitration from the platform and display all WeChat communication information, so that the platform will definitely award the coins to the seller.

This will give sellers more peace of mind.

The scammer will tell the buyer the same thing, so that both the real buyer and the seller can trade with confidence.

Step 10 of the scam: Get away with it

The real buyer placed an order for a 100 BTC transaction with the real seller on the platform. The platform locked the seller's coins. The real buyer paid the seller's payment account. After receiving the payment, the seller sent 100.15 BTC to the address provided by the scammer (the seller mistakenly thought it was the buyer's address). The seller asked the buyer to cancel the transaction on the platform.

For the scammer, the dirty money of 100.15 BTC was taken. Close WeChat and disappear quickly.

Chapter 3 After the Swindler Succeeds

At this time, the buyer will find that his address has not received the seller's coins, and the buyer and seller can discover the entire scam. Even if there is no WeChat account, there are still the previous Skype and platform internal communication tools.

But the seller's coins went to the scammer's address, which is definitely irreversible. And the buyer's money went to the seller's account, which is also irreversible.

The only thing that could be reversed is the coins of that transaction that are locked on the platform.

At this time, the seller will definitely not release the currency. The buyer will initiate arbitration and ask the platform to transfer the currency to him.

Buyers and sellers provide all chat information for the platform to decide.

In this case, it depends on how the platform judges. As far as I understand, the platform will generally award the coins to the buyer, because the buyer has actually paid, and the buyer's Bitcoin address outside the platform has not actually received the seller's coins. Whether the seller leaves the platform and transfers the coins to the scammer's address has nothing to do with the platform.

However, the platform is likely to lock the bitcoins in the buyer's account and prevent them from being transferred out of the platform, waiting for the two parties to further negotiate privately, such as going to court.

The end result is that the buyer paid 900,000 RMB and successfully purchased 100 BTC, while the seller received 900,000 RMB, but paid 100.15 BTC to the scammer, 100 BTC to the buyer, and 0.3 BTC to the platform. The seller suffered a huge loss.

Chapter 4 If the Seller Sues the Buyer

After the scammer succeeds, the seller will certainly take further measures to recover the loss. In law, the seller is not the only one who is liable for this kind of man-in-the-middle attack. This is because both the buyer and the seller have been deceived. The seller can determine that the RMB paid by the buyer does not belong to the locked transaction on the platform. In law, both the buyer and the seller are likely to be required to bear part of the responsibility.

Of course, if you can find the liar, the law will not let him off, and the seller's losses will be compensated. But can you find the liar?

Chapter 5 Man-in-the-Middle Attack Upgrade

This man-in-the-middle attack can be done even better.

One upgrade is that the buyer is a scammer himself, so the scam can be faked more perfectly. The buyer fakes a scammer identity and communicates with the seller through another WeChat account (of course, as the buyer). In this way, the buyer will use one amount of money to buy two bitcoins. This scammer fakes a scammer identity

Another upgrade is that the scammers use two WeChat accounts to change the profile picture and name to those of the buyer and seller respectively, in order to fully falsify their identities.

Chapter 6 How to Prevent Man-in-the-Middle Attacks

It is best for sellers not to leave the platform and reach a transaction with buyers privately, as saving transaction fees can be a significant risk.

Sellers and buyers always use the same communication tool to communicate , including video verification of identity, to ensure that there will be no scammers in the real identity process. For any request to leave the communication tool, you must be extra careful and verify with both parties in another communication tool why you want to change tools. This will leave evidence of fraud and make it easier for both parties to detect it.

When verifying identity through video, in addition to verifying whether the ID card and bank card are the same as the person in the video, there is also an additional verification of the Bitcoin address of the transaction. This is very important, and the Bitcoin address is equally important as the RMB payment account.

Chapter 7 Conclusion

Wish you a happy trading.