An email from People’s Bank of China’s domain made false claims of a cryptocurrency ban in mainland China and Hong Kong.
In an apparent security breach, an email address ending in @pbc.gov.cn circulated a message to some US media entities disclosing joint regulatory measures soon to be imposed by the Hong Kong Monetary Authority (HKMA) and People’s Bank of China (PBoC). The domain belongs to the PBoC.
Per an excerpt from the message, recipients were to expect restrictions on “all aspects and services of bitcoin trading in both mainland China and Hong Kong.” It extended an invitation, now established as fraudulent, requesting that press attend a briefing in Beijing on February 14, 2018. It claimed that PBoC deputy governor Pan Gongsheng was to oversee the meeting and supposedly detail the suppression of “all virtual currency services and activities of both individuals and business including market makers, mining operators, trading platforms and wallets.”
However, spokespersons of both Beijing and Hong Kong authorities deny that such a meeting is to take place. Likewise, no event matching the description has been announced on either the HKMA or PBoC official websites.
According to a Chinese source that received the fake email, it came with a registration form for prospective attendees to fill out. The email originated from a Hefei branch bank worker in Anhui, who claims his email address had been hacked and denies knowledge of further details.
Since there has been some degree of uncertainty with regard to how China and regulators worldwide will ultimately rule on cryptocurrency acceptance, polarizing news such as an outright ban would have direct effects on the global marketplace.
This action could have been a direct attempt to influence markets. With foreknowledge that prices would artificially drop due to reports from a seemingly credible source, a malicious actor might have taken an opportunity to sell their cryptocurrencies prior to the drop, buying back into the market for an advantageous price during the dip.
Emails have been a lucrative attack vector for criminals who take advantage of holes in security and either crack the address or access databases that hold account credentials. The PBoC may need to reinforce security measures.