Cryptocurrency was created as an alternative to standard currency to pay for products and services using digital assets. It's gained tremendous popularity in the last decade, but it's also been the target of many scams. Cryptocurrency offers people the opportunity to "be your own bank," where users store their money in digital wallets. Wallets store cryptocurrency, which can be later traded for products. Because individuals are mainly vulnerable to phishing and other scams, cyber-criminals target cryptocurrency users in an attempt to steal their digital money.
The Federal Trade Commission reported that 46,000 people lost over $1 billion in crypto due to scams in 2021. When these scams are successful, transactions cannot be reversed, leaving victims unable to retrieve their money after realizing they've been scammed. This blog will go over the types of cryptocurrency scams and how you can protect yourself.
Types of cryptocurrency scams
Methods used to steal a target's cryptocurrency usually depend on the attacker's motive, but the results are still the same for the victim – their assets are gone. Various methods give attackers direct access to user wallets where malware transfers cryptocurrency, access to a cryptocurrency exchange account, or victims are simply tricked into transferring funds to an attacker.
Here are the seven types of cryptocurrency scams you need to know:
Investment scams
Attackers claim to be high-end brokers or successful traders and convince a targeted user to send cryptocurrency. The scheme usually involves promises of implausible returns on the victim's investment. The victim sends cryptocurrency to the attacker, where it is never returned.
NFT scams
Non-Fungible Tokens (NFTs) are rapidly gaining popularity due to their ability to represent unique digital assets such as art, music, games, and collectibles on the blockchain. Creators and owners of NFTs can sell, trade, or purchase using cryptocurrency. Similarly to cryptocurrency, anonymity is highly valued. Therefore, it is becoming increasingly difficult to separate genuine NFTs from counterfeit ones. Cybercriminals have been able to use NFTs in order to launder cryptocurrency or engage in other forms of fraudulent activity with relative ease.
Rug pulls
The value usually increases as more people purchase a specific cryptocurrency. Some cryptocurrency creators will make purchases to make the specific asset look more valuable. Other users see the increase in value and buy the cryptocurrency, thinking it's popular. The creator quickly pulls the rug out and sells a large amount of the cryptocurrency, leaving the digital asset value much lower than previously reported. These scams are also called "pump and dump" scams. They are mainly popular in NFT (Non-Fungible Token) trading and new cryptocurrencies.
Romance scams
People looking for love should be aware of the romance scams that plague the crypto world. It starts with a dating app profile. The scammer chats with a targeted victim potentially for months before convincing the victim to send the scammer money in the form of cryptocurrency. Some scams involve fake trading apps, and the scammer continually contacts the victim to invest more, promising high rewards and often programming the fraudulent app to show occasional winning trades. This scam is also called "pig butchering" for the scammer's ability to fatten the victim until finally cashing out and disappearing.
If you are interested in learning more about romance scams, watch our webinar with Unit21 and Elliptic as we discuss the evolution of romance fraud, its global impact on financial organizations, and what companies can do to educate customers and keep them safe from falling victim.
Phishing
Phishing is involved in almost every cyber-attack, and cryptocurrency scams are no different. An attacker sends a link to a targeted victim, tricking the victim into divulging their wallet keys. With wallet keys, an attacker can send money to their account. Keys are unique to a wallet and don't often change, so changing them is much more difficult than passwords.
Man-in-the-Middle (MitM)
Cryptocurrency holders should take special precautions when connecting to public networks. Man-in-the-Middle (MitM) attacks are a type of cyber attack where an attacker is able to intercept messages sent between two parties and gain access to private information. The attacker manipulates the communication between two parties in order to steal sensitive data or gain access to accounts.
For example, if you are sending cryptocurrency from your wallet to someone else’s wallet, a MitM attack could be used by an attacker to intercept the payment before it gets to its intended recipient. Using MitM attacks, any keys, passwords, and sensitive data can be collected by an eavesdropper on the same network.
Social media scams
Scammers use multiple accounts on social networks to trick users into thinking that a legitimate celebrity is giving away cryptocurrency. Probably the most popular is using a fraudulent Elon Musk account to trick users into thinking that Elon Musk is giving away cryptocurrency. The scammer asks for "insurance" or an initial payment to receive winnings, and no cryptocurrency is ever returned.
Notable cryptocurrency scams in the news
Several cryptocurrency scams and hacks made the news this year. Some of them are still ongoing, and perpetrators were indicted, charged, and awaiting trial. Cryptocurrency scams cost consumers billions in losses, so they often make the news, along with several people losing their entire savings.
Here are four notable scams in the cryptocurrency world for 2022:
FTX - $10 billion
In November 2022, the FTX exchange ceased withdrawals, leaving anyone with cryptocurrency on the network without funds. FTX filed for bankruptcy, and the founder Sam Bankman-Fried was later arrested in the Bahamas for criminal indictments with several civil lawsuits on the horizon. The FTX fiasco is considered one of the biggest losses in the cryptocurrency world.
Ronin Network - $625 million
Hackers targeted the Axie Infinity blockchain gaming platform and took off with $625 million in Ethereum and USDC. The Lazarus Group, a popular cyber-criminal group in North Korea, was responsible for the exploit and stole over $5 million from Binance soon after.
Binance - $570 million
Using a cross-chain bridge named BSC Token Hub, hackers created an additional two million Binance Coins (BNB) and withdrew them simultaneously. Vulnerabilities in Binance's smart contracts gave attackers their opportunity, which showed that more blockchain security is necessary.
Wormhole - $325 million
A vulnerability from a code deployment to GitHub allowed hackers to exploit the finance platform Wormhole's Solana network, which was poised to be a competitor for the popular Ethereum token. Hackers took off with $325 million from cryptocurrency and NFTs.
How to protect yourself
If you use cryptocurrency and store it in an exchange, it's often suggested that you store it in your wallet. Should an exchange go bankrupt or a hack involves cryptocurrency stored on the exchange, storing your digital currency in your wallet will eliminate you from being a victim. If you store cryptocurrency in your wallet, ensure that you keep keys secure and your wallet stored safely.
Scammers can still get wallet-stored cryptocurrency using several methods, often tricking hapless victims into voluntarily sending digital currency to another wallet. Once a transaction is made, the cryptocurrency can rarely be recovered. Because cryptocurrency is a one-time transaction, attackers prefer it to standard currency, which requires several movements to several bank accounts for victims to be unable to regain access to their money.
Four ways you can avoid cryptocurrency scams:
- Be suspicious of anyone who demands cryptocurrency as payment. Legitimate vendors offer various payment options, which might include cryptocurrency but should also offer standard credit card and bank payments.
- Avoid promises of big monetary rewards in exchange for cryptocurrency deposits. One of the biggest scams is started by hyping a specific coin and tricking people into buying digital assets. Scammers promise significant returns on the victim's investment, but the currency later drops in value, and money is lost.
- Don't take investment advice from dating app connections. "Pig butchering" is much more common than most cryptocurrency scams, allowing scammers to steal thousands of dollars from a single target. Do not download any trading apps or take investment advice from anyone on a dating site.
- Never disclose wallet keys to a third party: Wallet keys should be secured as safely as your banking password. Keep wallet keys safe, and never enter them into a strange site, mainly any site sent as a link in an email. Phishing scams are often used to steal keys. Third-party websites that work with cryptocurrency payments can use bot detection strategies to stop automated attacks against user exchange accounts.
Protect your business with device identification
Cryptocurrencies bring both benefits and risks with them. On the one hand, they provide an easy way for individuals and businesses to make secure transactions without relying on a centralized financial system. However, there’s always a risk of being targeted by malicious actors looking to exploit vulnerabilities within these decentralized networks for personal gain through various forms of fraud, such as identity theft or money laundering schemes. You can protect your business and customers by understanding the basics of cryptocurrency fraud and taking the necessary precautions.
Prevent fraudulent purchases
With Fingerprint’s 99.5% accuracy device fingerprinting technology, you can identify suspicious logins and transactions without requiring additional information from your users. With that identification, you can block suspicious users that have a history of fraudulent activity. Protect your consumers and your reputation by preventing fraudulent purchases before they are processed by building additional checks and balances into your payment flows with Fingerprint’s API.
For businesses that accept cryptocurrency as a form of payment and want to avoid fraudulent transactions, Fingerprint’s highly accurate device identification can help you detect, mitigate, and help you investigate potential fraud. Learn how you can prevent cryptocurrency fraud with Fingerprint and book a demo with our sales team to see our security in action.
