网络威胁不断演变，人工智能引发的加密犯罪不断增加：还有安全的避风港吗？

人工智能（AI）的出现已证明其有潜力催化包括加密资产领域在内的各个行业的有益创新。

然而，与任何新兴技术一样，人们担心恶意行为者可能会利用这些进步进行非法活动，利用炒作、新功能和监管漏洞。

认识到非法活动的早期迹象对于促进可持续创新和应对新兴风险至关重要。

虽然人工智能增强的加密犯罪尚未成为普遍威胁，但区块链分析公司 Elliptic 强调主动识别和减轻潜在的新兴犯罪趋势以促进长期可持续创新的重要性。

人工智能推动加密犯罪的演变

Elliptic 最近发布了一篇综合博客，题为“人工智能加密犯罪的现状：值得关注的新兴类型和趋势”，强调了使用人工智能实施各种加密犯罪的令人担忧的增加。

此外，他们的新地平线扫描报告“加密资产生态系统中的人工智能犯罪”显示，加密货币生态系统中的人工智能犯罪仍处于早期阶段。

人工智能增强型加密犯罪目前尚未被视为主流威胁，但通过监控行为，我们可以领先一步，促进长期可持续创新。

— Elliptic (@elliptic) 2024 年 6 月 10 日

利益相关者的及时和战略干预可以防止这些活动的普遍存在。

Elliptic 高级加密威胁研究员 Arda Akartuna 博士表示：

“[...] 这些趋势目前还处于相对初级阶段，预防的途径确实存在。各行业的利益相关者需要齐心协力，尽早制定最佳实践，以免这些趋势成为主流。”

报告还指出，与 GPT、OpenAI 和 Bard 等人工智能相关关键词相关的代币数量显著增加，其中约有 4,500 个代币位于 BNB 智能链上。

人工智能驱动的加密犯罪的出现预示着网络威胁进入新阶段，因为 Elliptic 的报告揭露了尖端技术如何被滥用于深度伪造诈骗、国家支持的攻击和其他复杂的非法活动。

Crypto Criminals Go AI: Elliptic Warns of Deepfake Scams & MoreBe aware! Crypto criminals are getting smarter with AI. Stay on top of the latest scams to protect your crypto investments. New report by Elliptic warns crypto crime is entering a new era with the rise of AI. From… pic.twitter.com/V3EZUx8OTb

— CRUXX | Crypto News App (@Coin_CRUXX) June 10, 2024

The report identifies five key typologies of how crypto criminals could leverage AI to augment their criminal endeavors, based on current indicators.

It also underscores the increasing use of generative AI in cryptocurrency scams, identifying it as a critical area where crypto professionals and law enforcement can join forces to combat these emerging threats.

Generative AI: A New Tool for Crypto Scammers

Participants in the cryptocurrency industry are likely familiar with investment scams, many of which now employ deepfakes of celebrities and public figures to promote fraudulent schemes.

Notable individuals such as Elon Musk, former Singaporean Prime Minister Lee Hsien Loong, and the current and former Presidents of Taiwan, Tsai Ing-wen and Lai Ching-te, have been impersonated in these scams.

These promotional deepfakes are commonly disseminated on platforms like TikTok and X.

The report noted:

“Crypto giveaway and doubling scams are increasingly using deepfake videos of crypto CEOs and celebrities to encourage victims to send funds to scam crypto addresses.”

Other scams involve the use of AI to fabricate aspects of a crypto 'business' to enhance its credibility.

In 2022, Binance's former Chief Communications Officer, Patrick Hillmann, was the subject of a deepfake scam where his likeness was used to deceive potential victims within the crypto community.

Patrick Hillmann, CCO at Binance, encourages vigilance against scams after scammers made a deepfake and impersonated him on Zoom calls. pic.twitter.com/NRz4TEM2j3

— Morning Brew ️ (@MorningBrew) August 23, 2022

AI can be misused in several ways to make crypto scams and fraudulent activities more persuasive:

-Suggesting celebrity or official endorsement: Deepfakes, as seen with the impersonations of Singaporean and Taiwanese leaders, can falsely suggest that a project has legitimate or official support, thereby increasing its appeal to potential victims.

Former PM Lee warned:

“This is extremely worrying. People watching the video may be fooled into thinking that I really said those words. Please remember, if something sounds too good to be true, do proceed with caution.”

-Streamlining scam operations: Large-scale scams, such as the Sha Zhu Pan ('pig butchering') crypto romance scams originating from Southeast Asia, involve prolonged and intricate communications with victims. There is limited evidence suggesting that these illicit operations are exploring AI to enhance their efficiency.

-Deepfake executive impersonations: A small number of high-profile cases have involved scammers posing as high-level executives during video conferences for corporate espionage or authorising significant transactions. At least one such case targeted the CCO of a major cryptocurrency exchange.

Beware! Crypto scammers hijacked 35+ @YouTube channels, spreading #DeepFake #crypto #scam of @elonmusk. Scammers abuse #SpaceX Starship's 4th flight test, luring victims with double profits. Stay vigilant! pic.twitter.com/SBDpSDDWZ7

— Avast Threat Labs (@AvastThreatLabs) June 6, 2024

-Generating fake marketing materials: AI-generated images and videos can lend an air of legitimacy to scam websites by depicting supposed employees, headquarters, office spaces, and other visuals, creating the illusion of a genuine investment company without revealing the true identities or locations of the scammers.

Fortunately, there are several red flags that can help individuals avoid falling prey to deepfake scams.

To authenticate a video, one can examine the synchronisation of lip movements with speech, the presence of shadows where expected, and the naturalness of facial activities like blinking.

The report stated:

“There are, fortunately, a number of red flag indicators that can help prevent you from falling victim to deepfake scams. To verify the video's authenticity, you can check whether lip movements and voices synchronise, make sure shadows appear where you expect them to, and check that facial activity such as blinking looks natural.”

Spotlight on "AI-Associated" Scams, Tokens, and Market Exploits

Creating a token on many blockchains is a straightforward process, a fact that scammers have exploited to generate hype and inflate token prices before liquidating their holdings for substantial profits.

This action causes prices to plummet, leaving investors with losses and worthless investments in what is known as a "rug-pull."

Additionally, organised groups engage in sudden buying and selling of tokens to profit from market manipulation, commonly referred to as "pump-and-dump" schemes.

Scammers may also hype their tokens by falsely claiming affiliations with major events or companies.

Coin Laundering Process by ChatGPT-related Scammers

AI has been a recent focal point for scam tokens, with hundreds listed on various blockchains containing variations of "GPT" in their names, such as "GPT4 Token," "CryptoGPT," and "GPT Coin."

While some of these tokens may represent legitimate projects, others have been promoted in amateur trading forums by scammers who falsely assert official connections with ChatGPT or other reputable AI entities.

Source: Elliptic

Large Language Models Leveraged in Cyberattacks

Advancements in AI, exemplified by tools like ChatGPT, have sparked a vigorous debate about their potential use in code auditing and bug detection, as well as the risk that malicious hackers could exploit these same capabilities to identify and engineer exploits.

Reports from Microsoft and OpenAI have documented attempts by Russian and North Korean threat actors in this vein, yet white hat hackers argue that the technology is not yet sufficiently advanced for such applications.

ChatGPT and similar mainstream AI tools have improved in recognising and rejecting malicious prompts, prompting cybercriminals to seek out AI services without ethical constraints on dark web forums.

This demand has been met by paid tools such as HackedGPT and WormGPT, which openly advertise their abilities to assist with carding, phishing, malware development, vulnerability scanning, hacking, crafting malicious smart contracts, cyberstalking, harassment, identity theft, disseminating private sensitive material, and other unethical activities for financial gain, whether legal or illegal.

These "unethical GPTs" have garnered mixed reviews from their users, and blockchain analytics platforms possess the capability to trace payments made to their administrators by subscribers.

Increasing Scale of Crypto Scams and Disinformation

Certain crypto scammers may execute a single scam operation and then retire after amassing sufficient illicit funds or once their scheme has been widely exposed.

However, many threat actor groups engage in a pattern of cyclical scamming operations.

They create scam investment, airdrop, or giveaway sites, promote them extensively on social media and messaging apps, and then execute a "rug pull" once the scam nature of their sites becomes a subject of controversy among victims.

The cycle then restarts with a new site and fresh marketing tactics.

Cycling through scam sites can be a resource-intensive process, and some illicit groups are seeking to enhance efficiency through the application of AI.

One scam-as-a-service provider has boasted of using AI to automatically design scam website interfaces, optimised for search engine optimisation (SEO) considerations.

Elliptic investigator shows the cross-chain obfuscation patterns of funds originating from drainer operator wallets

Identity Theft Not Just for Crypto

Identity theft and the creation of false documents are among the most entrenched criminal activities on the dark web.

Cybercrime forums frequently feature advertisements from cybercriminals who pride themselves on their proficiency with photo editing software, offering to produce images of counterfeit passports, ID cards, and utility bills within minutes.

Now, some of these document fabrication services are investigating the use of AI to expand their operations.

One such service, which uses the likeness of Keanu Reeves's John Wick character in its advertising, has both claimed and denied using AI to manipulate images.

Elliptic 已确定用于向该服务付款的加密货币地址，该地址收到的交易足以在短短一个月内生成近 5,000 份虚假文件。

网络威胁不断演变，安全网不断缩小

必须重申的是，人工智能等新兴技术带来的好处远远超过其被犯罪分子利用的可能性。

美国负责网络和新兴技术的副国家安全顾问安妮·纽伯格（Anne Neuberger）深入探讨了围绕人工智能滥用日益加剧的担忧。

她强调，人工智能不仅仅用于常见的诈骗，而且越来越多地被用于复杂的犯罪活动：

“在众多暗网网络犯罪论坛中，Elliptic 发现了一些讨论，探讨如何使用 LLM 对加密钱包种子短语进行逆向工程，绕过 OnlyFans 等服务的身份验证，并提供 DeepNude 等图像‘脱衣’处理服务的替代方案。”

人工智能和加密货币的交汇既带来了巨大的机遇，也带来了巨大的挑战。

虽然人工智能可以增强加密领域的安全性和效率，但其被滥用的可能性凸显了采取战略性和明智应对措施的必要性。

该报告建议采取一套预防措施，统称为“DECODE”，即检测、教育、合作、防御和执行。

大多数威胁仍处于早期阶段，通过负责任的行业合作伙伴采取有分寸的早期应对措施，可以在其蔓延之前得到有效缓解，并确保人工智能等技术能够继续可持续创新。

但随着网络威胁以惊人的速度发展，安全网进一步缩小。

人工智能驱动的加密犯罪最终会不复存在吗？不会。

但我们能做的是，更加了解情况，提高警惕，以减轻风险，获得更好的应对机会。

热点：人工智能 加密 增加 网络