Bitcoin Forum
November 14, 2024, 05:39:52 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Heads-Up: Bank Fraud Alert  (Read 7885 times)
Keyur @ Camp BX (OP)
Sr. Member
****
Offline Offline

Activity: 299
Merit: 250



View Profile WWW
April 13, 2012, 08:37:16 PM
 #1

Hi everyone,
          A couple of days ago we noticed some suspicious transfers to CampBX, and reported those to our bank as well as Dwolla.  After talking to bank fraud investigators today, seems like there is a well orchestrated, large-scale bank fraud underway.  This includes very convincing fake passports and utility bills used to open bank accounts and Dwolla accounts, and transferring money to Bitcoin companies.  Bank customers who have been hacked are spread all over geographically: MA, CA, TN, NYC, and WI.

         The old-fashioned practice of processing bank+Dwolla transactions manually mostly saved CampBX: We have lost $2.6K and prevented a loss of $9.8K so far.  I don't have email IDs for newer exchanges so sending out this open heads-up on the forum.  I believe BitInstant does manual processing, so their damage may be limited, but exchanges like Mt.Gox that do automatic processing of Dwolla may be at higher risk.  (Unless the fraudsters are selling their coins on Mt.Gox - in that case they will make a nice profit).

Keyur


Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Keyur @ Camp BX (OP)
Sr. Member
****
Offline Offline

Activity: 299
Merit: 250



View Profile WWW
April 13, 2012, 08:49:38 PM
 #2

PS: All this info is from the bank investigator.  Dwolla so far is reacting like a deer in headlights.

Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 13, 2012, 10:49:00 PM
Last edit: April 13, 2012, 11:00:34 PM by Stephen Gornick
 #3

Sorry to learn of the financial loss incurred by this.  Thank you for being diligent and also for sharing what you've learned.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
April 14, 2012, 12:06:55 AM
 #4

This includes very convincing fake passports and utility bills used to open bank accounts and Dwolla accounts, and transferring money to Bitcoin companies.  

do u mean they're transferring stolen USD's to exchanges to buy Bitcoin?
Keyur @ Camp BX (OP)
Sr. Member
****
Offline Offline

Activity: 299
Merit: 250



View Profile WWW
April 14, 2012, 12:27:02 AM
 #5


do u mean they're transferring stolen USD's to exchanges to buy Bitcoin?

CD,
     Yes - I didn't make that clear in a rush to get the message out.  Just in last couple of hours we received several thousand dollars more from what seems like compromised accounts. 

InterSango and BitInstant are okay, but seems like one other exchange is going to take a big loss on this one.

Keyur

Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1000


Charlie 'Van Bitcoin' Shrem


View Profile WWW
April 14, 2012, 12:28:48 AM
 #6

Essentially, this is what happend to us, MtGox, CampBX, Crypto and to TradeHill

Someone stole the identity of a US citizens, opened up bank accounts.

Use that account to verify Dwolla, (Since they have fake ID's and access to the account) and in small amounts used the exchanges to buy Bitcoin.

Once the account owner realized (Weeks later!) that funds were being taken account of their account, they call the bank and claim fraud. (Most of the compromised accounts were trusts, or lawyer accounts which are rarely checked...ironically)

They sign an affidavit, and the banks reverse all the charges from Dwolla. Dwolla then pulls the money from the merchants...and we get screwed.

Right now, Dwolla is very cooperative, and works with us. They changed their whole system around to deal with these things.

However..this was not always the case.

When it first started happening, mostly to TradeHill, Dwolla would reverse the transactions and change TradeHill's statements to cover their asses. Chargebacks were NEVER in Dwolla's TOS until later on. I told Jered to start downloading the statements after after transaction, and all of a sudden we started noticing transactions disappearing from them! (I've seen ALL the evidence, TradeHill really did get screwed...BAD)

Dwolla then changed their TOS, and started cooperating with merchants, thinking they can get away with it.

Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 14, 2012, 12:33:41 AM
 #7

Just in last couple of hours we received several thousand dollars more from what seems like compromised accounts.  

Ok, Keyur is using "accounts", which is plural.

Someone stole the identity of a US citizen, opened up a bank account.

Use that account to verify Dwolla, (Since they have fake ID's and access to the account) and in small amounts used the exchanges to buy Bitcoin.

Once the account owner realized (Weeks later!) that funds were being taken account of their account, they call the bank and claim fraud.

Ok, Yankee is using "account", which is singular.

(Most of the compromised accounts were trusts, or lawyer accounts which are rarely checked...ironically)

No wait, ... that's plural.

Oh ... so maybe is Yankee bringing in stuff from last July into this conversation?  Or is that referring to today's activity?

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1000


Charlie 'Van Bitcoin' Shrem


View Profile WWW
April 14, 2012, 12:35:50 AM
 #8

Just in last couple of hours we received several thousand dollars more from what seems like compromised accounts.  

Ok, Keyur is using "accounts", which is plural.

Someone stole the identity of a US citizen, opened up a bank account.

Use that account to verify Dwolla, (Since they have fake ID's and access to the account) and in small amounts used the exchanges to buy Bitcoin.

Once the account owner realized (Weeks later!) that funds were being taken account of their account, they call the bank and claim fraud.

Ok, Yankee is using "account", which is singular.

(Most of the compromised accounts were trusts, or lawyer accounts which are rarely checked...ironically)

Plural.

Oh ... so is Yankee bringing in stuff from last July into this conversation or is that referring to today's activity?

Stephen,

Unfortunately, we get 4-5 compromised accounts every month.

If it happend today, I would not be getting notification from Dwolla until Monday.

I changed my text to plural, not sure why you focused on my grammar rather then my text

It's a constant problem thats not going to end, unless we leave Dwolla, there is nothing we can do  Sad

Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
Dutch Merganser
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
April 14, 2012, 12:43:38 AM
 #9

Hi everyone,
          A couple of days ago we noticed some suspicious transfers to CampBX, and reported those to our bank as well as Dwolla.  After talking to bank fraud investigators today, seems like there is a well orchestrated, large-scale bank fraud underway.  This includes very convincing fake passports and utility bills used to open bank accounts and Dwolla accounts, and transferring money to Bitcoin companies.  Bank customers who have been hacked are spread all over geographically: MA, CA, TN, NYC, and WI.

         The old-fashioned practice of processing bank+Dwolla transactions manually mostly saved CampBX: We have lost $2.6K and prevented a loss of $9.8K so far.  I don't have email IDs for newer exchanges so sending out this open heads-up on the forum.  I believe BitInstant does manual processing, so their damage may be limited, but exchanges like Mt.Gox that do automatic processing of Dwolla may be at higher risk.  (Unless the fraudsters are selling their coins on Mt.Gox - in that case they will make a nice profit).

Keyur


So, in talking to the bank investigator, did you get the impression that theft was the operation? I ask because it looks rather like a money laundering set up, and that's been a big feature of bitcoin for some time now, IMO it may possibly be what bitcoin is best used for.

I mostly observe the speculative side, and it seems to me that there has been a lot of ping-pong volume lately with price movement staying in a fairly narrow range. I'm unconvinced that the volume is related to any success bitcoin may be having as an above-ground payment system.
 
Money laundering is costly and lucrative. Back in the 1990s just about every life insurance company in the world was involved in laundering South American drug money via something called single premium life. To the point, customers were willing to surrender 50% or more of their premium spent on an SPL policy to the insurance company for the cleansing benefit they provided. Entities like Cayman Islands banks and such couldn't handle the volume of money involved, hence the involvement of the insurers.

So, this could be pretty significant in impact. Bitcoin stands on a three-legged stool, contraband trade, speculation, and money laundering. Pull out one of those legs and flows could change significantly.

"Science flies you to the Moon, religion flies you into buildings."
 - Victor Stenger

"Religion is regarded by the common people as true, by the wise as false, and the rulers as useful."
 - Seneca the Elder (ca. 54 BCE - ca. 39 CE) Roman rhetorician
Littleshop
Legendary
*
Offline Offline

Activity: 1386
Merit: 1004



View Profile WWW
April 14, 2012, 01:11:27 AM
 #10

So as a heads up....

If you individually deal with someone, most probably a new member of this board, and sell them BTC for Dwolla you could get screwed as well.  While we already knew this, the message again is Dwolla is not cash and can be charged back.

It is unlikely (but possible) that a fraudster buying a physical item with Dwolla would do this because the physical address would be the address of the bank account holder, not the fraudster so the fraudster would get nothing.

Keyur @ Camp BX (OP)
Sr. Member
****
Offline Offline

Activity: 299
Merit: 250



View Profile WWW
April 14, 2012, 01:40:04 AM
 #11

If you individually deal with someone, most probably a new member of this board, and sell them BTC for Dwolla you could get screwed as well.  While we already knew this, the message again is Dwolla is not cash and can be charged back.

LS,
     Not just Dwolla - One exchange that accepts Chase QuickPay also seems to be affected.

Keyur


Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
Steve
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1008



View Profile WWW
April 14, 2012, 02:11:21 AM
 #12

I wonder if this will be the last straw for Dwolla and they simply decide it's too risky to deal with bitcoin related accounts any longer (like paxum).

(gasteve on IRC) Does your website accept cash? https://bitpay.com
zer0
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
April 14, 2012, 02:12:47 AM
 #13

Even a cash deposit can be frauded without taking certain measures, like having people write 'Not for auctions' on the deposit receipt and scanning/sending, or using Trust Cash. If you just have a bare account taking anybody's deposits nothing to stop scammers on ebay with stolen accounts convincing people to go there and drop money thinking they are getting a cheap deal. Banks will unbelievably reverse the transaction later if the victim is loud and persistent enough. Happened to many a LR exchanger over the years

Canadian bitcoin company had ridiculous low EMT limits yet still ended up with their account seized from too many fraudulent transactions recently. Never underestimate the motivation of a scammer with access to the black hole exploit kit and a lot of time to set up accounts to do miniature frauds by the hundreds.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 14, 2012, 02:17:50 AM
 #14

ike having people write 'Not for auctions' on the deposit receipt and scanning/sending, or using Trust Cash.

How does that scam work?

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


zer0
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
April 14, 2012, 02:41:22 AM
 #15

ike having people write 'Not for auctions' on the deposit receipt and scanning/sending, or using Trust Cash.

How does that scam work?

Using phished ebay accounts. or stolen through black hole exploit kit or the other dozens of crime bots, (or just buy them by the hundreds for cheap on crime forums) make listings for crazy discount laptops or electronics and convince your mark to go to Bank of America or wherever the bitcoin exchanger has an account and make a deposit. Or make craigslist ads.

Then go make a buy order on the bitcoin site. They get cash, you run off with bitcoins.

People will go do it because the scammer is excellent at convincing them how much safer bank deposit is and how the laptop will be sold otherwise unless they go drop cash right now. When I worked @ ebay years ago every single day some variation of this scam fooled a buyer.  The bank reverses the charges because none of them respect digital currency exchanges and there will be a 60yr old guy screaming in the bank he was scammed with the cops beside him so they just refund and claw the funds back.

If the buyer has to write 'Not for auctions or craigslist' on the receipt they might think twice about what is going on. Either way the scammer will move on to somebody else's exchange not yours. Trustcash basically eliminates this too

This scam started after western union agents started preventing scams when buyers showed up to wire to Romania or somewhere. "Did you buy something on ebay? Yeah you're being scammed". Bank doesn't ask questions just takes the money.




teflone
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


You're fat, because you dont have any pics on FB


View Profile
April 14, 2012, 03:00:16 AM
 #16

I still dont get why writing somewhere not for auctions works ?

Can you elaborate for retards like me ? Smiley

For Canadians by Canadians: Canada's Bitcoin Community - https://www.coinforum.ca/
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 14, 2012, 03:11:44 AM
 #17

I still dont get why writing somewhere not for auctions works ?

I made the same mistake when I first read that.   Written a different way:
"Even a cash deposit to your bank account could be later reversed by the bank if it is determined the depositor was defrauded.  The bank can help prevent this from occurring by making the depositor write 'Not for auctions' on the deposit receipt."

This way if the person tells the cops they got scammed, too bad -- the receipt shows they were warned and should have known better.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 14, 2012, 03:19:30 AM
 #18

I know fraud is always happening but sheesh, just from today:

 - http://www.wivb.com/dpp/money/4_your_wallet/woman-loses-1000-on-walmart-moneycard
 - http://www.democratandchronicle.com/article/20120413/NEWS01/304130024/brockport-hacking
 - http://krebsonsecurity.com/2012/04/thieves-replacing-money-mules-with-prepaid-cards/

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


zer0
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
April 14, 2012, 03:33:48 AM
 #19

Cryptome.org was hosting black hole exploit kit for 4 days a couple weeks ago before anybody figured it out. Who knows how many thousands of people were backdoored
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
April 14, 2012, 03:44:01 AM
 #20

Cryptome.org was hosting black hole exploit kit for 4 days a couple weeks ago before anybody figured it out. Who knows how many thousands of people were backdoored

Interesting
more details?

Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!