LaneAxis uncovers sophisticated fraud attempt targeting ConsenSys founder Joseph Lubin
When the Equifax data breach occurred in September 2017, crypto guru and Ethereum co-founder Joseph Lubin was quick to criticize corporate mishandling and monetization of user data, doubling down on his call for heightened digital security via decentralized networks. Lubin stressed the importance of protecting our online identities:
“…hack after hack after hack and the resulting time and resources devoted by government agencies attempting to safeguard identity, how can regulators not be excited about the Ethereum blockchain? An immutable and transparent protocol with products where each individual owns all aspects of their identity. No more widespread hacks.” –There is another way: The Equifax Hack and the Road to Decentralization
But just a year later, Lubin’s own identity and brand were hijacked on the internet.
Burnett, who is currently launching LaneAxis Virtual Freight Management’s Ethereum-based supply chain management ecosystem, was unaware of who exactly Lubin was, but offered to speak with him and share more information about the company and its blockchain and token sale project. After a short call, Lubin said he would mull over the information and take a few days to examine the LaneAxis platform.
Burnett, curious about the mysterious potential investor, Googled Lubin.
Google’s news feed on Lubin pulls up a near constant stream of stories featuring Lubin investing in blockchain-based startups or offering sage advice about the future of crypto.
Burnett was stunned. This could be game-changing for LaneAxis. Companies partnered with ConsenSys often sell out their tokens within minutes of receiving backing from Lubin.
The LaneAxis team immediately went to work researching Lubin and ConsenSys. The first move was to verify that the Telegram messages were actually from Lubin.
Telegram is the preferred communication platform of the cryptocurrency community due to its ability to encrypt messages as well as its robust group chat features. The app allows for the creation of public usernames, helping platform users contact anyone else on the network who has also created a username. Like any other network, usernames must be unique, and personal names are rarely available. However, Telegram does offer users with an “online identity” to secure a username if the same name is used for at least two other different social accounts [Facebook, Twitter, Instagram].
Lubin’s Telegram name is @ethereumJoseph. His verified Twitter handle is also @ethereumJoseph. Based on his Twitter, Burnett and the team concluded ConsenSys and Lubin must have secured his verified Twitter handle for Telegram as well, and this was indeed the real Lubin.
For the next week, Burnett messaged Lubin, receiving blunt responses almost stereotypical of a jet-setting billionaire managing a plethora of business ventures. Finally, Lubin messaged Burnett on September 15th with an offer.
Lubin: “How can I be of help?”
Burnett: “I would love you to be involved at whatever level you want to be involved. Investor? ConsenSys? Team member and let us do a press release that you are involved. You tell me and I’m in.”
Lubin: “How about a partnership with ConsenSys?”
Burnett: “Yes. How do we proceed?”
Lubin: “I’ll send you more information on Monday.”
The LaneAxis team spent the rest of the week preparing for the deal and coordinating with Lubin. Lubin sent a ConsenSys contract to Burnett from his personal email, [a non-ConsenSys email address], which Burnett thought a bit strange and questioned Lubin.
Lubin claimed it was his personal email. Burnett initially found it odd but reasoned that a person of Lubin’s stature might use company-independent emails for correspondence, and, potentially, business deals. Burnett did not want to spook a deal with a seemingly eccentric tech billionaire and pressed on.
The contract centered around a token exchange. Provided ConsenSys passed due diligence and met the terms and conditions of LaneAxis’ token sale, LaneAxis would receive ConsenSys backing and $2.2 million in Ether for $2 million of LaneAxis’ AXIS tokens. Both companies would be required to keep sixty percent of the received tokens as company reserves and forty percent for utilization. Burnett received the signed contract on ConsenSys letterhead with Lubin’s signature. The LaneAxis team celebrated what they thought was a partnership with ConsenSys.
Lubin put Burnett in contact with James Slazas, Head of Capital Markets at ConsenSys, via Telegram to carry out the contract. After receiving a signed contract from Lubin with ConsenSys watermarks, addresses, and information, Slazas provided the transfer details and sent Burnett two crypto wallet addresses for the exchange.
That’s when the red flags went up.
“We still had not received any messages directly from ConsenSys accounts. Slazas was the right guy at ConsenSys to handle this kind of exchange but everything was direct over Telegram and personal email. Lubin’s businesses pioneered smart contracts. They would understand the need for official confirmation before sending tokens to unknown wallet addresses,” Burnett recounted.
The LaneAxis team set out to establish contact with Lubin over verified channels. No response from Lubin’s company email, which they had been copying on email since acquiring it mid-week. No response from Twitter DM’s. Finally, Burnett messaged Lubin over LinkedIn. A few hours later ConsenSys representatives responded to Burnett.
There was no deal.
LaneAxis had not been in correspondence with the real Joseph Lubin.
The LaneAxis team was shocked and frustrated; two weeks were wasted trying to secure what turned out to be a fraudulent deal. This was a multimillion-dollar scheme, reaching far into Lubin’s identity to impersonate both him and his company, and expertly forge executing documents on his behalf. Burnett had identified the scam in the nick of time and wanted to prevent others from falling victim to similar ploys.
LaneAxis set up a call with the real Joseph Lubin and ConsenSys the next day to bring the scam to their attention and encourage them to take control of their online identity.
ConsenSys issued a brief statement, but a week later @ethereumJoseph was still messaging Burnett about the fake deal and @ethereumJoseph still popped up next to the real Joseph Lubin’s Twitter on the first page of a Google search.
The scammers had almost everything they needed to cloak themselves as Lubin: Telegram username, addresses, logos, pictures, schedules, colleagues’ Telegrams, signatures, and legal documents. The only giveaway was a “personal” email.
“Giving our personally identifiable information over and over again to organizations (who usually profit off that information) with centralized data centers is the definition of insanity. The current model is broken and hackable. It’s time to take back our identities.” – Joseph Lubin, after the 2017 Equifax breach
Weeks later, Lubin has yet to claim his Telegram handle. His identity.
ConsenSys has taken no action to respond to the real, sophisticated, and successful attempts to impersonate both their founder and the company. If one of the biggest names in digital security, at the forefront of emerging decentralization tech, can have his identity stolen, who is really safe?
Decentralization and encryption are not worth a whole lot of information if handled carelessly in the first place.
While he is disappointed with ConsenSys’ response, Burnett primarily places blame on Telegram.
“At the end of the day, this is really a Telegram issue. This is about exposing a major scam and preventing others like it from occurring in the future. There needs to be a better verification process if they want to maintain their reputation as the standard in messaging security… if they want to maintain the trust of the crypto community.”
Telegram did not respond to LaneAxis inquiries about the fake account and fraudulent activity on its platform.
It has not been a good few months for the reputation of Telegram’s security protocols.
In late August, its “end-to-end” encryption messaging platform was found to have a bug that leaked the “private” IP addresses of its users during desktop voice calls, subjecting those users to potential hacks. In late July, another Telegram bug also resulted in the release of users’ private IP addresses. Back in April, it was reported that up to 70 million Telegram accounts may have been leaked.
The current blockchain revolution has big promises to keep: disrupting power structures across the globe, democratizing the internet by breaking mammoth corporations’ holds on user data and providing a new age in online security. Blockchain proponents, like Lubin, herald the end of identity theft and large-scale hacks, promising never before seen efficiency in global commerce and collaboration.
In the wake of the scam, Burnett is calling for the entire industry to shore up security,
“I hope everyone involved takes serious steps to improve their online security. Joseph and ConsenSys are ushering in new waves of innovation and it’s alarming to see someone access so much of their information and assume their identity. It is even more alarming when, after being made aware of the situation, there isn’t a swift response to reclaim their identity. As a community, we must actively take control of our online presence and demand that platforms like Telegram do better.”
With the dawn of the “trustless” internet upon us, we cannot solely rely on technology to protect our information, as evidenced by the ConsenSys impersonators and Telegram’s flawed verification systems. As networks become more and more secure due to decentralization, proper and diligent verification, attentive account monitoring, and conscientious handling of information by human beings is more important than ever.
LaneAxis uncovered the fraudulent activity by taking the verification process into its own hands and identifying key vulnerabilities in trusted systems. After carefully examining all the interactions with the scammers, the LaneAxis team discovered a suspect’s name buried in the metadata on one of the contracts. Burnett turned the information over to the Federal Bureau of Investigation [FBI], which the real Joseph Lubin has been made aware of. Burnett hopes his efforts will prevent other startups from falling victim to similar scams and encourage companies like ConsenSys and Telegram to improve their security protocols.
Bitcoin [BTC] is still going to $100,000, claims Heisenberg Capital’s Max Keiser
CNBC’s Crypto Trader Ran NeuNer, spoke to Max Keiser, Co-founder of Heisenberg Capital on the sidelines of the Magical Crypto Conference and discussed Bitcoin’s current trends.
Keiser said that he was bullish on Bitcoin in the long term, adding that he would be sticking by his “$100,000” prediction for Bitcoin. He stated,
“I never stopped make price prediction… I said it [Bitcoin] was going to a hundred thousand dollars and it was only a dollar and I said that all publicly… it is still going to a hundred thousand dollars”
He added that the timing of when Bitcoin would reach the mark was not important, but that it would outperform every other asset over the next 15 years. Additionally, he said that timing was only for people who were waiting to buy crypto at a better price and “that is a bad way to approach crypto.”
Keiser displayed his enthusiasm for crypto, commenting that, “Stack Satoshis… Stack SATs… you should be stacking SATs.” Giving his opinion on Bitcoin’s recent rally, Keiser said,
“I think that it goes back to when Federal Reserve issued a statement saying that they’re moving the policy to permanent quantitative easing… which means money printing without end. As you know Bitcoin is hard money, like gold, and it is going to respond well to hyperinflation and hyper-money printing.”
Further, Keiser claimed that Bitcoin bottomed when the Federal Reserve announced this a few weeks ago and that this was due to a couple of reasons. The first being Bitcoin’s upcoming halving which highlights the scarcity of Bitcoin. According to Keiser, the second reason was that the sellers were exhausted. All the above reasons, in totality, contributed to Bitcoin’s price rise, claimed Keiser.
Since Bitcoin has already proven itself as a store of value, Keiser remarked that it would be best to concentrate on Lightning Network, a layer-two scalability solution for Bitcoin and improve it as a medium of exchange.
Bitcoin [BTC] is still going to $100,000, claims Heisenberg Capital’s Max Keiser
Tether [USDT]’s volume should be seen as a ‘completely irrelevant metric’, says researcher
Tron DApp Weekly Report: Gambling apps leads the surge in Tron DApp numbers
XRP vs Stellar Lumens [XLM] Price Analysis: Bears stall coins’ bullish momentum
Basic Attention Token [BAT] gets Bitpanda boost as cryptocurrency rides development train
Tron [TRX] announces future trading on OKEx platform from May 20
Bitcoin’s [BTC] Lightning Network is awesome, says Blockstream’s Samson Mow
Crypto is replacing the US Dollar and no one seems to be noticing, claims prominent investor Robert Kiyosaki
Bitcoin Cash’s [BCH] Roger Ver adds Coinbase and Binance to his ‘safe list’
XRP skyrockets by 21% in 24 hours as Coinbase activation pushes crypto over the moon
Bitcoin? Bitcoin Cash? Bitcoin Satoshi’s Vision? Will the real Bitcoin please stand up?
XRP: Massive amounts of cryptocurrency moved as Ripple, Nexo come into the picture
Bitcoin SV drops by a massive 24% in an hour after Bitcoin whitepaper patent backlash
Ripple executive elected to United States Faster Payment Council’s Board of Directors