Cryptocurrencies have seen an explosion of popularity in recent years and with good reason.
“These assets aren’t going anywhere,” said Nick Gicinto, who joined the Red Five Security team in September 2022 and brings with him a wealth of experience in blockchain and cryptocurrency. “There were a lot of skeptics who said it was a fad, but these assets have really weathered the storm and demonstrated resiliency.” In addition to offering a stable store of value immune to inflation and bank failures, the blockchain technology underpinning cryptocurrencies is poised to revolutionize several industries, including shipping, banking, and healthcare.
Unfortunately, some of the very features that make cryptocurrencies appealing to investors–pseudo-anonymity, decentralization, and novelty–also make them attractive to cybercriminals and scammers. According to the Chainanalysis 2022 Cryptocrime Report, growth in legitimate uses of cryptocurrency has outpaced the growth of illicit uses, however illicit uses still accounted for $14 billion worth of cryptocurrency transactions in 2021. The two categories of illicit use that grew the most in 2021 were stolen funds and scams, with scams accounting for the lion’s share. In 2021, victims were scammed out of $7.7 billion in cryptocurrency worldwide.
What makes cryptocurrency such an appealing target for scammers?
“The crypto-space is fast,” said Gicinto. “Risk is inherent,” but sometimes investors get caught up in the speed of transactions and end up falling for scams they might otherwise have recognized. The decentralized status and novelty of cryptocurrency also mean that new marketplaces crop up with relative regularity. This makes it very easy for cybercriminals to disguise a scam as a fledgling crypto start-up. “These scams are not novel,” said Gicinto. “They have plagued financial markets for decades,” but while the scams themselves are often variations on well-known real-world cons–Ponzi Schemes, social engineering, misinformation–the novelty of the technology can sometimes make it difficult to recognize them. Knowing what to look for is key, so here are five common cryptocurrency scams to watch out for:
5 Types of Common Cryptocurrency Scams
- Fraudulent ICOs and Pump and Dumps
New cryptocurrencies and cryptocurrency exchanges launch with relative frequency, usually to great fanfare and excitement. Unfortunately, scammers can take advantage of the hype surrounding these launches to mislead potential investors and convince them to send their crypto-coin to the wrong place. This occurred when Experity launched its initial coin offering (ICO) in 2018. Scammers sent an email to would-be investors with a pre-ICO sale announcement, promising Experity tokens to those who signed up for notifications. The wallet address provided in the emails was not affiliated with Experity, and the scammers made off with $150,000 in Ethereum from 71 participants, according to media reporting. In the same vein, ICOs can make perfect vehicles for Pump and Dump scams. These scams use false claims to create excitement about a new cryptocurrency, which increases the demand and inflates the value of the asset. Soon after the roll out, the originators or key investors abruptly pull out, walk away with the huge profits, and leave the asset value to plummet. Celebrity influencer Kim Kardashian was recently fined $1.26 million by the SEC for involvement in a Pump and Dump scam, after she advertised a cryptocurrency on her Instagram page without disclosing that she had been paid to do so.
- Pig Butchering
Much like online romance scams involving traditional currency, “Pig Butchering” scams are cryptocurrency scams that rely on building trust with the victim. The scam usually begins with a text or WhatsApp message written as though it is intended for someone else, usually from an account with an attractive profile picture. The scammer uses this initial message to strike up a conversation with the victim and gradually builds a rapport with them. Then they steer the conversation to cryptocurrency. Using the emotional influence they have cultivated, the scammer convinces the victim to transfer more and more crypto-assets to fraudulent websites. The scam concludes when the scammer cuts off contact with the victim and makes off with their funds. These scams are becoming increasingly popular, with $429 million stolen by pig butchers in 2021 alone, according to the Federal Bureau of Investigation (FBI).
- Rug Pulling
The fastest growing variety of cryptocurrency scam, Rug Pulling, accounted for 37% of cryptocurrency scam revenue in 2021, according to the Chainanalysis 2022 Cryptocrime Report. Rug Pulling occurs when a new cryptocurrency company is launched and then is abruptly abandoned by its creators, making it impossible for victims to withdraw their funds. The largest rug pull to date occurred when the CEO of Thodex, a Turkey-based centralized exchange, vanished shortly after launch, leaving investors unable to reclaim their assets. Thodex users lost a total of $2 billion: 90% of all value stolen in rug pulls, according to the Chainanalysis 2022 Cryptocrime Report. AnubisDAO, the second largest rug pull, cost investors $58 million a mere 20 hours after it launched.
- Ponzi Schemes
Put simply, a Ponzi Scheme is a scam in which victims are convinced to invest in a nonexistent enterprise. Quick, too-good-to-be-true returns are paid out to the first investors using money invested by later victims, but eventually the whole scheme collapses and the orchestrators make off with the majority of the funds. Ponzi schemes are nothing new, but they have proven effective in the cryptosphere, in part because the novelty of cryptocurrency can make them more difficult to recognize. OneCoin, a Bulgarian Ponzi Scheme, swindled investors out of $4 million in 2014, using flashy launches and promotional materials to disguise the intent of the scheme and multi-level marketing tactics to convince customers to get their friends and family involved, according to media reporting. More recently, a Russian Ponzi Scheme called Finiko netted $1.5 billion in stolen assets when it collapsed in July 2021, according to the Chainanalysis 2022 Cryptocrime Report.
- Fraudulent Third-Party Apps
With new cryptocurrency management apps appearing regularly in app stores, it can be very easy for scammers to slip fraudulent ones into the mix. Sometimes these apps are promoted through push ads or pop ups on respectable sites. Another common method is “domain spoofing” or “typo squatting,” using domain names that look like the ones used by reputable sites but are actually a letter or two off (fcebook.com vs. facebook.com, for example). Other times, these apps are disguised using recognized brand names–like YiBit, a fraudulent app designed to look like a respected one. Other apps rely on the veneer of legitimacy that comes with a listing on the Apple or Google Play store–like Trezor, which required users to send the seed phrases to their account keys and then locked them out. All in all, investors have lost an estimated $42.7 million to fraudulent cryptocurrency apps in the past year, according to media reporting.
What can you do to protect yourself?
Cryptocurrency scams are prevalent, but you can take some basic steps to be a smart investor:
- Slow down! “I’ve seen even the savviest investors fall victim to social engineering because they don’t slow down,” said Gicinto. It’s easy to get caught up in the thrill of crypto exchanges, but it pays to think through your investment decisions carefully before you commit.
- Use common sense. Before you invest in a new cryptocurrency product or disclose your information to a third-party app, ask yourself if this is a good idea. Trust your gut. If something feels wrong, chances are you’re right.
- Be careful with your account information. Do not disclose your account credentials to anyone and keep your key secure. Avoid storing it on your computer, as this can leave it vulnerable to hackers.
- Use a strong, unique password, a password manager, and multi-factor authentication to diminish the risk even further. Remember that passwords based on personal information, like pet names, anniversary dates, initials, or dates of birth are very easy to guess, so choose something without any personal information.
- If you get an email talking about your cryptocurrency balance changing or a password reset email that you did not request, verify the identity of the sender before you engage with them.
- Do not click suspicious links in emails, texts, or messages. Go directly to the website rather than clicking a link sent to you.
- Do your due diligence on cryptocurrency products, apps, and marketplaces. To be safe, stick to reputable exchanges.
- Use sites like Token Sniffer, Coinopsy, Bitcoin Who’s Who, Bitcoin Abuse, and Scam Search to flag potential scams before you invest.
Red Five and Cryptocurrency
When an investor’s assets are stolen, time is of the essence. With the right tools, it is possible to track assets as they move from wallet to wallet, and there are established ways to freeze and recover them with the help of law enforcement. According to Gicinto, the biggest roadblock is that victims don’t act quickly enough. If the victim reports the theft within minutes or hours, an organization like Red Five can conduct a quick but thorough investigation and often provide the documentation necessary for law enforcement to seize the assets. Unfortunately, most cryptocurrency scams are only reported after two weeks have passed. There are all sorts of reasons why victims delay reporting scams, but the most common reason is embarrassment: nobody likes to admit they’ve been duped. Fortunately, victims don’t need to provide many details about the scam: just the wallet information will suffice. “What I’m looking for are the facts,” said Gicinto. “My only goal is to help get the funds back.”
If you are concerned that your cryptocurrency assets have been compromised, contact a Red Five Security consultant as soon as possible to discuss next steps.