Press
June 18, 2019

Facebook’s Libra cryptocurrency could be a new opportunity for scammers to trick you

The Libra cryptocurrency consortium will allow global developers to create apps that can accept the currency, also decentralizing some control over common security measures. As new consumers, many unfamiliar with cryptocurrency, join the platforms, scammers are likely to try new versions of old confidence schemes.

Facebook’s long-awaited cryptocurrency launch promises to directly impact how people send money around the world, and may allow them to do it more securely using a distributed ledger, replacing wire-based transactions that have been increasingly subject to fraud.

Facebook and its partners in the Libra currency, and the company’s Calibra wallet, have made significant investments in security. But the cryptocurrency will, from its inception, have a target on it by international hackers looking to create new scams to trick senders out of their funds or attempt to steal them.

Security will be a critical component of how new users, many of them unfamiliar with cryptocurrency, shape their view of the product. And while the Facebook-backed consortium has pledged to refund money lost due to a criminal breaking into a wallet, it’s unclear how the Libra consortium will handle other types of common fraud.

“I believe initially, the security may be a bigger issue, but become more and more stable as time goes on,” said Ben Tsai, president and managing partner of blockchain-focused investment firm Wave Financial. “I think there will be a lot of buffer set aside to make sure the clients are having a positive experience, so they will cover clients more even if the mistakes are on the client side, initially.”

New versions of old confidence scams

Wire fraud typically relies on a criminal convincing a victim he or she urgently needs to send money to a relative, friend or business partner. Scammers will undoubtedly try to take advantage of this new format, and the commensurate flood of new cryptocurrency users unfamiliar with the format and transaction protocols.

For wire fraud, clawing back funds is often difficult if the scam isn’t caught immediately. In most cases, banks are not responsible for making a client “whole” if he or she has lost money to wire fraud, by remitting the stolen funds. Also, most cryptocurrency transactions are irreversible, with only the receiver able to remit funds, an unlikely scenario when fraud is involved.

“New and different scams will be created to try to capture Facebook’s users,” Tsai said. “Fundamentally, I believe the Libra Foundation will have the capability to roll back trades if they run this on a centralized blockchain. This means that mistakes, theft or robbery can be rewinded and clients made whole.”

If Facebook had maintained control of the transactions, it may have been easier to reverse sending money by mistake, which may make turning them back more difficult, said Henry Liu, managing partner of cloud-based credit transactions company YGC.

As for other standard security measures, Facebook’s Calibra digital currency wallet will follow a more traditional bank model. Users will have to use a valid, government-issued ID and enable two-factor authentication, which can include Facebook’s FaceID facial recognition product.

But Libra’s interoperable wallets and open-source platform, which allows anyone to build an application that accepts the currency, may also be problematic. Allowing cryptocurrency wallets to proliferate at scale in this way is an untested experiment, and it’s unclear how other wallet providers will verify their users and the security of the new apps.

“It will be a problem if scammers take advantage of it. They won’t get it right the first time, but that’s always been Facebook’s motto, ‘move fast and break things,’” Liu said.

CNBC