Background
This blog post is regarding an academic paper I submitted for the 18th International Conference on Cyber Warfare and Security (ICCWS) that was held from 9-10 March 2023 at Towson University, Towson, Baltimore County, Maryland, USA. The paper can be found here.
The motivation for writing this paper was the amounts of crypto scams I observed since Covid-19. People went through tough times with job losses and salary cuts and became desperate to invest in alternative methods. Crypto seemed like the perfect solution at the time. However, scammers took advantage of this opportunity.
Personally, I was also a victim of an online investment platform called Mirror Trading International (MTI). A friend who was part of this platform tried to convince me to join the platform. I was very skeptical, and he told me that if I lose my money in the next 3 months, he will refund me the minimum amount that one needs to invest to open an account, which was $200. Luckily, I only invested $200, because the website has shut down not even 2 months after I invested. And yes, my friend paid me the $200 back so I then was not really a victim.
I became a lot more interested in cryptocurrencies and blockchain technology. So much so that I even did a course to program on the Ethereum blockchain, as well as a course to perform crypto crime investigations. My interest grew also in the Open-source Intelligence (OSINT) area. I wanted to be able to investigate on-chain as well as off-chain. In other words, on the blockchain, as well as off the blockchain. When you have found a name or other personal information on a target person, off-chain methods are required.
I work for the CSIR and they encouraged me to do a PhD. I decided to enroll for a PhD and my topic is in line with proposing a process on how to investigate crypto crimes and scams. This paper serves as a background only on some of the worst crypto scams that occurred since the Pandemic.
Introduction
Blockchain adoption has increased significantly in recent years, and so has crypto crime. The rise of cryptocurrency has added to the immense increase in crime rates. Illicit transactions in cryptocurrency have reached a staggering $14-billion in 2021, an 80% increase from 2020 – which constitutes a new record. Scammers have been around long before crypto, but some of the characteristics of crypto are very appealing to them. Crypto has no middleman as in the case with banks. Instead, direct transactions occur between two individuals. This study analysed the most significant crypto-scams since the start of the Covid-19 pandemic. In addition, it aims to raise awareness and contributes towards protection against these attacks.
Types of Crypto Crimes and How to Avoid Them
Giveaway
One of the most common scams is the giveaway scam, where the attacker lures the victim in by announcing to give away certain cryptocurrencies or assets. For example, one instance is where a contribution of one Ethereum coin (sent to a specified address) results in double the amount returned. Normally a target will receive a link to a landing page website, with fake transactions indicating that participants are indeed getting paid. In several cases the website has a timer that is activated with the intent of placing the target under the impression that there is a limited time for the offer to be taken up.
Several social media sites are being used for these scams such as YouTube, Twitter and Instagram. In the case of YouTube, livestreams of interviews with celebrities are available. The stream links are surrounded by text details on how to participate in these schemes. Furthermore, it will also appear as if thousands of people are participating in the livestreams. However, these are generally bots and not real people. The YouTube account will often also appear to have been verified. In these cases, the accounts were hacked, all contents were deleted, and the attackers run their own livestreams.
Rug Pull
A “rug pull” refers to the expression “someone pulls the rug from underneath you” (also referred to as exit scams). This type of scam appears to be an investment company where people can invest funds with very attractive returns. The company will consequently disappear, and victims are robbed of their funds. Back in 2017, this was mostly driven by the Initial Coin Offering (ICO) schemes. Today they are more prevalent in the Non-Fungible Tokens (NFTs) and Decentralised-Finance (DeFi) spaces.
In the case of NFTs, the scammer creates a collection of images, issues them to be minted and promises an exciting roadmap with great returns. Once the mint process is completed and all people have procured their NFTs, the project creators delete the website and all social media linked to the project, thus pulling the rug, and leaving their victims upended.
Two types of rug pulls occur with NFTs, a fast – and a slow rug pull. With a fast rug pull the scammer deletes the website and all social media linked to the project at once – pulling the rug – leaving victims dry. In the case of a slow rug pull, creators slowly extricate themselves from the project over several weeks or months, causing the target to lose interest in the project. This type of rug pull is more common when it comes to NFTs and it leaves no real trace behind of an intend of fraud.
The DeFi space differs from NFTs and ICOs. Instead of sending money to a project or protocol, one needs to supply liquidity. The liquidity is used in a decentralised exchange and investors can get very lucrative returns. The creators will hype the project to increase its demand and to increase the liquidity pool size. After people have staked funds for some time on the DeFi platform, the creators will withdraw all the coins from the liquidity pool, removing all the value injected into the currency by investors, driving the price extremely low or even to down zero in some cases.
Phishing Scam
Scammers are fooling people to log into fake cryptocurrency exchange websites, getting access to their exchange account details and stealing their funds. Attackers have also started to directly target people’s cryptocurrency wallets.
The most damaging scam is when an attacker obtains the user’s wallet private keys. This can happen by making users believe they need to reset their passwords and provide their secret recovery seed phrases. Another method is to ask the user to enter the seed phrase to access a certain website to allow a connection to their wallet. Once the attacker has this seed phrase, he has full access to your wallet.
Impersonation
Scammers try to take advantage of some famous person’s trustworthy reputation on social platforms such as Twitter, Telegram, Discord, Instagram, TikTok, etc.
These scammers will send a direct message (DM) on the platform, pretending to be a celebrity and to offer advice to the victim on some crypto investment. They will provide a number asking the victim to WhatsApp them, where they will act as if they are providing more personal assistance. They will explain how the target can double their money by sharing a link on which the victim will click and send money to the platform or crypto address. This scam continues after the victim has sent the money; the attacker will send fake proof of profits generated. The attacker will then request a withdrawal fee or pay them their cut of the profits first.
Ponzi Scheme
Ponzi schemes are fraudulent investments or scams, promising high rates of returns, which do occur in the initial phases. It is like a pyramid scheme and normally mostly benefits early investors.
Returns are only sustainable by bringing in more investors. These schemes also rely on current members referring their friends and family for additional rewards, which is called multi-level marketing (MLM) schemes.
Pump-and-Dump
A pump-and-dump is when insiders “pump” or increase a token’s price until a point where it creates attention and market interest. The moment others jump in, the initial investors will “dump” or sell their coins, causing a massive decrease in price, leaving late investors at a loss. A pump will be set to happen at a particular date and time. The figure below shows an example of such a pump-and-dump in a timespan of only three hours. Note that by the time the coin to pump is announced, the value has already been increased. These schemes are well coordinated in places such as Telegram groups. As soon as the public buys in, the organisers will do the dump causing losses for late investors.
The Worst Crypto Scams During the Covid-19 Pandemic
Using data consolidated by Moody (2022), the number of Crypto scams has risen annually. Scams such as Ponzi Schemes, impersonations, Rug Pulls, Exit Scams, Phishing and Pump-and-Dumps were considered, whilst money laundering has been excluded. While the data available for 2022 is incomplete (only until August 2022) at the time of writing, the number of scams has already surpassed previous years. By the end of 2022, when bigger scams such as FTX and Terra (Luna) are included, 2022 is the worst year in terms of financial losses. However, the graph below shows the data up until August 2022 as also depicted on the academic published paper.
The table below lists the 15 worst scams in terms of financial losses during 2020-2022 (August). This excludes FTX and Terra (Luna).
The largest of these schemes, PlusToken, was a multinational pyramid scheme whose operators have since been indicted. This scheme promised astronomical returns on investment and incentivised current investors to recruit new members, a trademark Ponzi scheme tactic. The racket owned roughly 1% of the Bitcoin supply at the height of the operation. Closely following PlusToken in losses in 2020 is MTI; The scheme accepted buy-ins in Bitcoin and is the largest fraudulent scheme that has been charged by the CFTC (Commodity Futures Trading Commission). Arbistar 2.0 SL, BitClub (Crypto-Mining-Pool) and Forsage all offered similar returns on investments and were indicted as Ponzi or Pyramid Schemes.
At the start of 2021, the largest scams seemed to diversify, including several high-profile rug-pulls alongside more Ponzi Schemes. The Africrypt rug pull, considered one of the largest-ever crypto heists alongside PlusToken, is currently involved in an ongoing investigation and liquidation approved by South-African courts. Thodex, a cryptocurrency exchange, used aggressive campaigns such as luxury cars to lure investors. In April 2021, Thodex was shut down, having stolen approximately $2 billion. Other Ponzi Schemes in this timeframe include Finiko and EmpiresX, both affecting hundreds to thousands of users by offering too-good-to-be-true returns on investment. In addition, four noteworthy rug-pulls took place; Anubis Decentralised Autonomous Organisation (DAO), DeFi100, Meerkat Finance and Snowdog DAO. All these rug-pulls were DeFi-based offerings that “rugged” investors after draining liquidity pools before delivering a real product. Some (such as Meerkat Finance and Africrypt) initially placed the blame on hacking events that never took place.
During 2022 (August at the time of writing), fewer noteworthy scams have been uncovered. So far, two large rug-pulls are Morris Coin and Ormeus Coin. The former was a fake ICO and the latter a coin purportedly to be used as a mining currency. Both lured investors via social media.
Though some scams are difficult to trace due to anonymity extended via blockchain technologies, the location of origin could be determined for most of the top scams. The distribution of the scams is quite even spread globally, with South-Africa, Russia and the USA being the countries producing multiple of the most significant scams. Notably, South-Africa produced two of the top four crypto scams.
PlusToken, Africrypt and Morris coin affected the most users. Generally, Ponzi Schemes seem to affect more users. This could be due to the business model – investors are incentivised to recruit new members in the hope of increasing their profits. Though the Morris Coin scam did not cause financial losses as large as the Ponzi schemes, it amassed many participants.
Roughly 66% of the discussed cases resulted in arrests. Individuals were charged in various manners, including accounts of fraud, market manipulation, and more.
Protection Against Crypto Scams
Giveaway and Impersonation
The giveaway scam is normally linked to the impersonation scam where the scammer pretends to be a legitimate platform such as Coinbase promoting a 5000 BTC giveaway when you send them, for example, 1 BTC. A legitimate investment platform or exchange will never ask for crypto in exchange for receiving more in return.
The only way to avoid these types of scams is to understand that no-one on the Internet is going to give something away for free, and no one will double an investment amount. If it sounds too good to be true, it normally is. One should think twice before sending crypto funds because all transactions are irreversible and participants will not be able get their money back.
Rug Pull
Rug pulls are more common in new cryptocurrency projects and investors should make sure they are choosing established projects. For example, Bitcoin has been used worldwide and its inner workings have been reviewed thoroughly. Newer projects do not have such a track record and leave room for hiding certain aspects from investors.
One indication, although it is not a guarantee, is to establish whether a new cryptocurrency is listed on well-known exchanges such as Binance or Coinbase. These exchanges do thorough reviews of assets before listing them. However, the trade-off is that the highest rewards may come from projects before they are listed on these exchanges. Scammers normally prey on the fear of missing out (FOMO) on massive gains, luring investors towards projects before being listed on well-known exchanges.
To avoid a crypto project rug pull one would need to perform broad due diligence. Research needs to be done before investing and extremely high annual percentage yield (APY) promises should heighten caution.
Before investing on any DeFi platform, an investor should understand how a product works and not just blindly invest based on hype. Investors should also determine if the company has been registered and does indeed exist. In addition, establishing if a project has been audited.
In the case of NFTs, one should be a lot more discerning when buying or minting. Only 5% of NFT projects will be very profitable and 95% would probably go to zero.
Phishing Scam
An investor should never enter his seed phrase anywhere on a website to access the website or to send any funds. Leaving a seed phrase on your personal computer or in the cloud is a very risky. In addition, enabling two-factor authentication for your crypto wallet is advised. It is also recommended to keep cryptocurrencies in a cold wallet if they are not actively being traded. Keeping investments out of social media would make an individual less of a target as hackers are keeping an eye out for high-value victims.
Ponzi Scheme
To avoid a Ponzi scheme, one needs to be very skeptical and compare the returns to the market average. If the scheme is consistently above that average, it should raise suspicion. The US SEC (Securities and Exchange Commision) released a report detailing “red-flags” to help identify possible crypto Ponzi schemes. These red flags are summarised in the table below.
Pump-and-Dump
Pump-and-dumps are illegal and should always be avoided. Firstly, they occur in low market cap coins because it is easier to move the prices of these coins. Secondly, the coins will mostly be on shady exchanges. Thirdly, if there is no news about a certain coin’s price increase, it is more likely the works of scammers. One can also look at previous trading volumes; if a token has had low trading volumes for the past few months and suddenly a spike occurs, it could be a clear sign of early accumulation. Pump-and-dump schemes are normally more based on hype and speculation than on a business model. They tend to create a heightened sense of urgency to invest. If a company is not yet profitable, common sense should be used as in to why one would invest.
Conclusion
Blockchain adoption continues to increase and so does crypto-crimes and scams, especially since the Covid-19 pandemic. With job losses and salary cuts, people became desperate for a new source of income. The crypto space provided this opportunity, but it also created the perfect playground for scammers. This study highlights the most significant crypto-scams from 2020 to 2022, based on monetary losses and the number of users affected. The scams have been grouped according to type, the year they occurred, financial losses, country of origin, number of affected users and whether any arrests have been made. In addition, the study aims to raise awareness on protection against these scams. Recommendations are provided on identifying a specific scam and how to avoid them. Since there is no official legislation in place for crypto-scams, it remains a very significant international threat that cannot be ignored.
The biggest takeaway is – If it sounds too good to be true, it most probably is.
Recent Comments