'How I lost £25,000 when my cryptocurrency was stolen'
- Published
It's bad enough realising that somebody's nicked £25,000 of your hard-earned cash. It's even worse when you realise there's little chance of getting it back.
This is the story of how I got my fingers burned in the murky of world of cryptocurrency investment.
Be warned.
After a decade as a tech journalist, I liked to describe myself as a "lunchtime-adopter", somebody who acted faster than many, but would never be as smart as the early adopters.
So it was with cryptocurrencies. I had heard about Bitcoin, but it was one of those technologies where I nodded my head sagely whenever I was in the same room with those talking about it.
As for investing or speculating, I had absolutely no intention of doing so.
But as the Bitcoin price made its merry way to a peak of nearly $20,000 (£16,500) at the end of 2017 - a rise of more than 100,000% in seven years - my curiosity got the better of me.
And it wasn't just Bitcoin, other cryptocurrencies interested me, such as Ethereum. I chose it not for any other reason than it was second to Bitcoin by valuation and looked like it could emulate that 100,000% rise.
So in the middle of 2017, I made some investments, figuring that it was a long-term plan and might even become a nest egg for a pension.
But doing so was utterly terrifying.
Even after a lot of tutorials from very patient friends, I pulled out three times from completing my initial transaction. One wrong press of the key and I thought I'd lose my money.
How prophetic that turned out to be.
There seemed to be two options: to store my crypto on an exchange, or in an encrypted digital storage wallet.
When I researched the subject, there were stories of exchanges being hacked for millions of pounds and going bust, so I decided to store it in a wallet - myetherwallet.com.
I was given two keys, one private and one public, both of 40 random numbers and letters. If I wanted to transfer money to my wallet, I used the public key; to access my wallet I used my private key.
I was told to write down my private key and store it securely with other financial documents. I was never to reveal it to anyone, or lose it.
So I printed it out, but also made the fateful decision to store it in my Gmail drafts, so I could copy and paste it when I needed to make a transaction rather than laboriously typing it out each time.
I deleted my internet history after every check of my wallet for extra security.
When the price of Ethereum rocketed, I was soon sitting on a decent pile of money.
Then that decent pile of money disappeared.
I hadn't used my private key to access my account for some time and was getting the jitters when the price of all cryptocurrencies began to fall in 2018. Maybe it was time to take some out.
But when I tried to do so, I saw with horror that all of my Ethereum - about £25,000's worth - had already been taken out; the cupboard was bare.
It had been moved to another private key address and there was absolutely nothing I could do about it. There seemed to be no-one to complain to.
A transaction on Ethereum cannot be reversed and there is no safety net - nothing like the Financial Services Compensation Scheme (FSCS) that guarantees up to £85,000 on UK bank accounts.
After contacting people in my extensive crypto network, I found out that my Ether money had been taken to the Binance cryptocurrency exchange and, according to Binance, moved again within 60 minutes.
Trying to get information from Binance was a Kafkaesque nightmare - just an automated message saying it would respond within 72 hours when 72 seconds would have been more useful.
Binance wouldn't disclose anything anyway until it has been contacted by law enforcement, so I went to the Action Fraud website, external, reported my case, and obtained a crime number.
But six months passed with no news on my stolen investments, so I went on the offensive and contacted US bounty-hunters CipherBlade who work with the FBI in Philadelphia to pinpoint thieves and track them down - in exchange for a percentage of the bounty.
They discovered that my money had been deposited by the thief (or thieves) in a "consolidation wallet" then divided up in to chunks and sent to four different deposit addresses on the Binance exchange.
The police would need to contact Binance, they said, to find out who owned these accounts, using email and IP addresses and any other personal details the thieves may have given.
I sent CipherBlade's report to Action Fraud and things finally began to move.
The following morning I was contacted by Sussex's cybercrime unit, my local force, and within a week they had received useful information from Binance. The unit tracked IP addresses to a telecoms company in the Netherlands, but there weren't any personal identification details to be had - perhaps unsurprisingly.
The investigations continue, and my money remains stolen.
Of course, I should never have stored my password anywhere on my computer.
Malware can scan keystroke movements and sniff out a private key - even if, as I had done, you chop it up into separate blocks and store it in different places.
But writing down a private key on paper can be just as hazardous. A house fire, flood, hungry pet - simply a bad memory - can mean that huge amounts of cryptocurrency are lost forever.
You could hammer out your private key on to a fire and corrosion proof titanium tag - check out Cryptotag, external's solution - and then store it in a bank vault, but this is hardly convenient if you want to access your crypto wallet regularly.
So I'm left with my fingers burned, feeling like I wandered in to a savage bazaar where criminals can pick your pocket at will. And get away with it.
Please learn from my mistakes.
Follow Technology of Business editor Matthew Wall on Twitter, external and Facebook, external
- Published8 May 2019
- Published23 January 2019
- Published17 January 2019