Wherever there’s money, there are scams – cryptocurrency being no exception.
In February 2022, the cryptocurrency exchange platform Wormhole lost $320 million in the wake of a cyber-attack. Apart from this incident, the Federal Trade Commission estimated that cryptocurrency scams had swindled over a billion dollars since 2021.
Cryptocurrency scams experienced a 23% increase in the U.K during 2023 compared to the previous year, as reported by Lloyds Banking Group. Though the number of such scams noted a decrease during 2023’s first half, they spiked dramatically in the third quarter, as noted by Immunefi’s report. This rise was partly due to a Mixin hack incident that occurred on Sept. 25, resulting in nearly $200 million being stolen.
Cryptocurrency is a more recent form of digital money stored in an electronic wallet, which the owner can transform into real currency by transferring it to a bank account. Unlike traditional currencies, cryptocurrencies like Bitcoin use blockchain for validation and aren’t issued or regulated by a central institution like a bank. This makes theft recovery significantly challenging.
Without further ado, here’s a list of the prevalent cryptocurrency scams you should be wary of.
Contents
- 1 1. Bitcoin-specific investing scams
- 2 2. Rug pull frauds
- 3 3. Romance frauds
- 4 4. Phishing frauds
- 5 5. Man-in-the-Middle (MitM) attacks
- 6 6. Fraudulent social media cryptocurrency giveaways
- 7 7. Ponzi schemes
- 8 8. Fraudulent cryptocurrency exchanges
- 9 9. Crafty job prospects and counterfeit employees
- 10 10. Flash loan fraud
- 11 11. Deception using AI
- 12 Defending bitcoin and cryptocurrency
- 13 Reporting a fraud incident
1. Bitcoin-specific investing scams
These scams typically involve fraudsters posing as experienced “investment managers.” They claim to have amassed millions from investing in cryptocurrency and feed their victims false promises of lucrative returns.
The fraudsters coax their victims into paying an upfront fee, which they then pocket. They may also persuade victims to part with personal identification information under the guise of depositing or transferring funds, effectively gaining control of their victims’ cryptocurrency.
A well-known variant of this scam involves fraudulent celebrity endorsements. Scammers superimpose real celebrity images onto fake accounts, ads, or articles, making it appear as if said celebrities are endorsing an investment promising colossal financial gains. The scammers subsequently steal their victims’ money under this veil of legitimacy provided by fake assertions attributable to trustworthy entities.
2. Rug pull frauds
In these scams, fraudsters inflate the value of a new project, non-fungible token (NFT), or coin. After unsuspecting individuals invest, the perpetrators vanish without a trace, leaving investors with a valueless asset. The scam’s coding prevents investors from selling their Bitcoin after purchase.
The well-known Squid coin scam is an example. Investors bought tokens for online games, promised they could exchange more earned tokens for other cryptocurrencies later. Contrary to expectations, trading abruptly halted, and investors lost their money.
NFTs, unique digital assets, are also not immune to such scams.
3. Romance frauds
The world of dating apps isn’t safe from crypto scams, either. These scams involve trust-building, mostly in long-distance online-only relationships. The scammer eventually persuades their victim to buy or give cryptocurrency. Once victims part with their money, the scammers disappear.
More information about how romance scammers exploit Ukraine war.
4. Phishing frauds
Phishing scams, though long-standing, are still rampant. Scammers trick victims into parting with personal details, such as cryptocurrency wallet keys, by sending emails containing fraudulent website links.
Cybersecurity practices dictate never inputting secure information through an email link, regardless of the perceived legitimacy of the website or link. Always opt to go directly to the site.
5. Man-in-the-Middle (MitM) attacks
When users log into their cryptocurrency accounts in a public location, scammers can intercept and steal their sensitive information, including passwords, cryptocurrency wallet keys, and account information. This information theft happens through a process known as Man-in-the-Middle (MitM) attack.
To prevent these attacks, the use of a virtual private network (VPN) is recommended to encrypt all transmitted data, keeping personal information and cryptocurrency safe from theft.
Fraudulent posts promising Bitcoin giveaways are rampant on social media. Some even include celebrity impersonation accounts promoting the fraudulent giveaways.
However, those who click on the giveaway are redirected to a fraudulent site requesting account verification, including payments. Victims either lose this payment or unknowingly click on malicious links, resulting in personal information and cryptocurrency theft.
7. Ponzi schemes
The hallmark of a Ponzi scheme is using new investors’ money to pay older investors. Cryptocurrency scammers lure new investors with Bitcoin, promising huge profits with little risk. However, these are high-risk investments, and returns are never guaranteed.
8. Fraudulent cryptocurrency exchanges
Fraudsters at times entice investors with false promises of extraordinary cryptocurrency exchanges, going as far as promising additional Bitcoin on transaction completion. Still, in reality, this isn’t the case.In the absence of an issuance and the investor remains oblivious to the fact that it’s a scam until their deposition evaporates.
Sticking to recognized crypto exchange markets, such as Coinbase, Crypto.com, and Cash App, will keep you away from alien exchange platforms. Undertake research and consult industry websites for insights about the reputation and authenticity of the exchange before providing any personal details.
9. Crafty job prospects and counterfeit employees
Swindlers have been known to take on the characters of recruitment agents or job applicants to exploit cryptocurrency accounts. They typically lure victims with an attractive job offer, and then demand cryptocurrency for job-related training.
There are also instances of frauds associated with hiring remote employees. As an example, North Korean IT freelance professionals have been seen making use of remote job spaces by showcasing impressive resumes while falsely claiming to be based in the U.S. The U.S. Department of the Treasury has raised alarms over this North Korean-led scam that specifically targets cryptocurrency businesses. This scamming tactic is known as a shadow workforce.
In 2022, a Sky Mavis engineer was targeted by these shadow workers who posed as LinkedIn recruitment agents. The engineer shared a document with one such shadow worker during a phone interview, who then used the document to infiltrate the system with harmful code. This allowed the North Korean Lazarus group to steal a whopping $600 million through a bridge attack.
These IT freelance professionals engage with projects centered on virtual currencies and exploit the access they get to currency exchanges. They then use this access to hack into systems to raise funds or steal confidential information for the Democratic People’s Republic of Korea (DPRK). These workers also engage in skilled IT tasks, using their expertise to, work from the inside to facilitate the DPRK’s malicious cyber activities. According to Chainalysis, this scam has led to the theft of nearly $3 billion within a year.
Read more about ongoing employee verification processes for securing organizations from such threats.
10. Flash loan fraud
Flash loans are short-duration loans, meant for quick trades. Highly popular in the cryptocurrency domain, they allow traders to buy tokens at a lower price on one platform with loaned funds, and then promptly sell off that asset at a higher price on a different platform. These profit-making trades and loan repayments all happen within the course of a single transaction.
Flash loans lack collateral and don’t require any credit checks, thus making them prime targets for fraudsters. The attackers borrow money and use these funds to manipulate prices on a decentralized finance platform. They create multiple buy-sell orders to convey a sense of high demand. Then, after canceling orders post-price escalation, they cause a immediate price drop, allowing them to buy at a lower price on a different platform and pocket the differential.
In February 2023, Platypus Finance fell prey to such a flash loan attack, leading to a huge loss of $8.5 million.
11. Deception using AI
The emergence of artificial intelligence (AI) has paved the way for fraudsters to dupe the cryptocurrency market in innovative ways. They are now using AI chatbots to converse with users and offer dubious advice while promoting counterfeit tokens. Chatbots are designed to promote high return investment opportunities, which typically end up as pump-and-dump schemes to artifically increase token values prior to sale.
AI can also manipulate the proof of work, overstating the cryptocurrency project and giving the impression of more loyal followers, thereby making the token appear authentic. This inflation of follower count makes it strenuous to verify if a token is genuine.
Another AI-related scam involves high-profile celebrities or business professionals. Fraudsters create deepfakes to promote fake endorsement schemes associated with cryptocurrency projects. Using advanced AI systems, faces of renowned individuals, such as Bill Gates, Mark Zuckerberg, and Elon Musk, are manipulated to make it seem like they are launching a new project. These highly realistic deepfakes succeed in deceiving investors by pretending to use trusted figures for financial advice. A common warning sign in these deepfakes is the pledge of high returns in a short time.
Defending bitcoin and cryptocurrency
To protect yourself from cryptocurrency scams, watch out for these common red flags:
- Pledges of large earnings or doubling of investments.
- Only accepting cryptocurrency payments.
- Contractual requirements.
- Spelling and grammar errors in emails, social media posts, or other communication.
- Manipulative maneuvers, like blackmail or suborning.
- Offers of free money.
- Out-of-place endorsements from fake influencers or celebrities.
- A lack of detailed information about the investment or money movement.
- A flurry of transactions within one day.
Shield your digital wallets from swindlers by adopting good digital security habits. This includes using strong passwords, secure connections and VPNs, and opting for safe storage options. There are two main types of wallets: digital and hardware. Digital wallets, hosted online, are more susceptible to hacking. Hardware wallets, on the other hand, store data offline within a device, this data often includes information on the cryptocurrency wallet and keys.
Cryptocurrency isn’t insured by the Federal Deposit Insurance Corporation, thus making its safety crucial. You should never share your wallet keys or access codes with anyone.
Reporting a fraud incident
Anyone spotting a cryptocurrency scam or falling prey to one should report the incident right away. Here’s a list of some agencies where you can report these scams:
Besides the aforementioned agencies, victims should also report the fraud to the cryptocurrency exchange involved in the transaction without delay.
Amanda Hetler is a senior editor and author for WhatIs, where she writes content explaining technology and collaborates with freelancers.