Cryptocurrency Attacks Exposing SMSFs To Fraud Risks

SMSFs that are invested in bitcoin have been warned that through co-ordinated attacks on cryptocurrency, hackers may be able to access sensitive information and potentially defraud an SMSF of its assets.

Hayes Knight director of SMSF services Ray Itaoui said while hacking a blockchain is extremely challenging for cyber criminals, the rewards are substantial due to the information that is attached to them.

Researchers at the Institute of Electrical and Electronics Engineers have already demonstrated how hackers could spend the same bitcoins twice, undermining the entire decentralised ledger system, warned Mr Itaoui.

“Soft ‘forks’ can create windows for hackers. These soft forks are the result of software updates or other software incompatibilities that can lead to a disruption of the decentralised ledgers, potentially creating a new ledger if the bugs are not eradicated,” he explained.

“Co-ordinated attacks by hackers, such as a balance attack, can capitalise on these forks, potentially leading to the doubling up of transactions, and could result in [an] SMSF’s investment being adversely impacted, or even becoming worthless.”

Millions of dollars of bitcoin and other types of cryptocurrencies have already been stolen by hackers, he said. SMSF Adviser’s sister title Nest Egg reported on a significant attack on cryptocurrency exchange CoinCheck that occurred just last month.

“Another contentious issue, which we hope to never see in a fund, is the theft of information,” said Mr Itaoui.

“Hackers can potentially exploit the decentralised ledger to access sensitive data about existing accounts, and once this data is in the wrong hands, it can potentially be used to defraud the SMSF of its assets.”

SMSF auditors he said need to be prudent in establishing existence, and if a SMSF has been defrauded of its Bitcoin assets, then the auditor needs to ensure that this is accurately reflected in the financial statements. "Furthermore, the auditor needs to be aware of the risk areas, and advise the trustees accordingly. For example, minimising the amount of bitcoin stored in hot wallets which are susceptible to hacking."

By Miranda Brownlee

SMSF Adviser

2 February 2018

Recent Posts

See All

ASIC Should Withdraw Its SMSF Factsheet

The Australian Securities and Investments Commission (ASIC) should withdraw its Self-Managed Superannuation Fund (SMSF) factsheet because it contains “an array of seemingly deliberate inaccuracies”, a

SMSFA Points To ASIC Fact Sheet Inconsistencies

The SMSF Association has criticised the corporate regulator’s focus on the risks of SMSFs in its mailout campaign targeting new trustees, saying the data sources used in its fact sheet are inconsisten