When blockchain technology was conceived in the late 2000s, cryptocurrency was invented alongside it as a tool to aid the functioning and management of blockchain systems. However, discussions on cryptocurrencies quickly shifted to their potential values outside the systems in which they were created. Even now, many national and international governing bodies debate whether to treat cryptocurrencies like fiat money, tradable securities, or something entirely different.
This lack of clarity and regulation has led to volatile cryptocurrency pricing, which is one of the main reasons why crypto fraud is on the rise. Another is how blockchain itself works: transactions are by and large permanent, requiring a majority of system users to approve recording, changing, or erasing them.
This makes cryptocurrencies attractive to criminals for schemes to steal or launder money in ways that can’t easily be undone. Governments and industry agencies are currently struggling with how to address how to handle crypto regulations as cryptocurrencies become more popular.
So what is crypto fraud, and how do criminals pull it off? More importantly, how can individuals and organizations detect, report, and prevent cryptocurrency scams? We’ll discuss the answers in this article.
To start, we’ll give a more specific definition of what crypto fraud is.
Cryptocurrency fraud typically refers to one of two things. One is using deceptive means to gain cryptocurrency illegitimately. The other is creating fake or misleading crypto-based products or crypto-generating operations, then using them to solicit investment in other assets dishonestly.
Crypto fraud recovery is usually very difficult because of how the blockchain technology that makes cryptocurrencies possible works. Recording or altering transactions requires consent from most of a blockchain network’s users. And if changes are forced, users can usually restore the blockchain to how it was before the changes were made.
A cryptocurrency fraud scheme typically has at least one of three objectives. One is to trick a person into transferring cryptocurrency for disingenuous reasons, or in exchange for fake assets. Another is manipulating a person into unintentionally revealing access credentials for their cryptocurrency wallet(s). Yet another is to falsely promise cryptocurrency or related products in exchange for investments consisting of other types of assets.
Here are some common examples of cryptocurrency fraud.
This is where a scammer poses as a trusted entity, such as a friend, family member, or romantic interest. They will make up some phony story about why they need money, and why it has to be in cryptocurrency. In the end, though, they’re just trying to get something for nothing.
Blackmail and Extortion
A scammer contacts someone—sometimes claiming to be from a government agency, law enforcement agency, or well-known business to try to reinforce their credibility. They will claim that a problem has occurred (like a data breach or missed payment deadline) and threaten the person with consequences (like having sensitive information revealed, assets frozen, or an account shut down) unless the person sends them cryptocurrency in short order. However, these threats are fake, and the scammer is just looking to steal crypto.
A criminal once again impersonates an authoritative entity, like a company, government bureau, or law enforcement branch. They will contact people claiming to need identity or access credentials—usually for cryptocurrency wallets—for some purpose, often using an authentic-looking message and/or linking to an authentic-looking website. In reality, they’re trying to get people to willingly give their private information away so it can be used for fraud.
Business Opportunity Scams
Also known as crypto investment fraud, this is where a scammer contacts someone claiming to be an investment manager. They make promises about being able to give guaranteed or extremely high returns if the person invests cryptocurrency with them—preferably as soon as possible. But this is usually just a fake “get rich quick” scheme that amounts to nothing more than crypto theft.
Crypto Exchange Fraud
Crypto exchange fraud usually starts with a criminal contacting someone claiming to be from a cryptocurrency exchange’s customer support team. Like blackmail or phishing, they tell the person there’s a problem with their account (if the person hasn’t already reported one) and say they need the person’s crypto wallet credentials and/or an amount of cryptocurrency to fix the issue. But they’re just trying to trick the person into giving them free crypto or letting them use the person’s crypto wallet fraudulently.
Learn how to keep your crypto exchange safe from cryptocurrency fraud with our in-depth article.
Crypto Giveaway Scams
A scammer broadcasts a message or contacts specific people, often pretending to be a celebrity or a lottery representative. They will claim that they will pick a lucky person to win a cryptocurrency sweepstakes, but entering the contest requires sending them cryptocurrency. Of course, this is just people giving away cryptocurrency to a criminal, and the criminal never reciprocates this to anyone.
Crypto Coin Fraud
In crypto coin fraud (also commonly referred to as rug-pull scams), criminals create a fake or misleading blockchain product. Then they attempt to attract investments with phony promotion materials and other legitimate-looking business activities. When it comes time to put the blockchain’s associated cryptocurrency into circulation, however, the scammers disappear with the raised assets. Meanwhile, investors are left with worthless cryptocurrency for a system that was never what it appeared to be.
Crypto Mining Fraud
Crypto mining fraud is where criminals solicit investments for crypto mining hardware, promising to share some of the cryptocurrency they earn with investors. However, the operation turns out to be a scam in which investors’ returns are much lower than they were led to believe—if they get any returns at all.
Since cryptocurrency is pretty much gone for good if lost to fraud, the best solution is to be aware of how to avoid crypto-related scams altogether. Here are a few crypto fraud detection and prevention tips for individuals and organizations.
Cryptocurrency Protection for Individuals
Cryptocurrency is a relatively new thing. So crypto fraudsters tend to cast a wide net, counting on there being a fair number of people who don’t understand what it is or how it works. So skepticism and knowledge are an individual’s best defenses against crypto scams.
- Beware unsolicited communications: Entities contacting people unexpectedly to discuss crypto jobs or investment opportunities usually aren’t legitimate.
- Be skeptical of promotion: Legitimate cryptocurrencies typically don’t advertise themselves on social media or rely on celebrity endorsements. They’re more often interested in explaining what purpose the cryptocurrency’s corresponding blockchain fulfills, not hyping up the cryptocurrency itself as an investment asset.
- Slow down and do your homework: Don’t fall for lines about needing to send people cryptocurrency quickly to reap investment benefits or prevent bad things from happening. Only invest after talking to qualified financial advisors, and contact a company, law enforcement agency, or government agency through their official contact channels to inquire about potential problems or to report a scam. And never reveal cryptocurrency wallet keys to anyone.
- Only download crypto-related apps from official app aggregators: Most popular and trusted crypto-related applications can be downloaded from official app aggregators, such as the Google Play Store or the Apple App Store. Though some apps can be scams anyway, it’s usually much safer than downloading a crypto-related app directly from the (supposed) developer’s website.
- If it sounds too good to be true, it probably is: If contacted with messaging about getting free cryptocurrency or earning massive profits quickly or guaranteed returns through cryptocurrency investing, consider how realistic such a proposition is. Most people wouldn’t give away a valuable asset without some sort of “catch,” and there are no such things as “guaranteed” returns—especially because the values of cryptocurrencies are unregulated and prone to wild fluctuations. Claims like this are almost always scams.
Cryptocurrency Protection for Organizations
Organizations—especially financial institutions—that manage cryptocurrency have to beware of the risks associated with it as well. Mostly, they need to worry about storing and handling customers’ cryptocurrency securely, as well as monitoring crypto transactions for suspicious activity.
- Research a cryptocurrency before handling it: Most legitimate cryptocurrencies will have white papers that explain how the blockchains they’re built on work and what they’re intended to do. These white papers also typically name the developers and other members of each project (or point to where to find them on open-source code repositories). Fake cryptocurrencies do this very poorly (if at all), often focusing more on the cryptocurrency’s monetary value than how it helps a blockchain function properly.
- Use “cold” cryptocurrency wallets: Some cryptocurrency wallets, known as “cold” wallets, are physical objects such as cards or jump drives. They are typically more secure than web-based, desktop, or mobile app wallets—which are known as “hot” wallets. This is because they aren’t inherently connected to a computer or the internet, so they’re less vulnerable to hackers and other cybercriminals.
- Use trusted cryptocurrency exchanges: Fraud crypto exchanges can usually be avoided with some preliminary research. Exchanges that are popular among the wider crypto community are usually that way for a reason—they typically have strong security protocols and histories of good customer service.
- Require identity verification: Follow standard KYC, KYB, and KYT processes. The more an organization knows about its customers and how they typically deal in crypto, the easier it is to spot or deter sinister activity. But it’s best to Implement a risk-based approach to onboarding and transaction monitoring, as crypto users don’t like giving out too much personal information (it defeats the purpose of using crypto) and may seek alternatives if using a platform involves too much friction.
- Educate customers: Publish informational materials that explain to customers some of the common forms of crypto fraud schemes, as well as tips for protecting themselves.
The currently volatile and unregulated nature of cryptocurrencies has allowed for no shortage of scams involving them, from developer rug-pulls to multi-level marketing schemes and theft by hacking. Here are three of the biggest cryptocurrency frauds of varying types.
OneCoin was invented in Bulgaria in 2014 by Dr. Ruja Ignatova. It was touted as a centralized cryptocurrency that would be used to purchase access to educational materials. Ignatova, dubbed “The Cryptoqueen,” spoke at events all over the world about how OneCoin was going to be bigger than Bitcoin and make investors even more money.
It was later revealed that the “educational materials” were all plagiarized, and OneCoin itself never existed as an actual cryptocurrency. Instead, it was a massive Ponzi scheme: using money from more recent investors in the project to pay off earlier backers.
By 2017, financial regulators had discovered the fraud and begun arresting its ringleaders. But Ignatova herself remains unaccounted for, along with an estimated $4 billion. The scam, in total, is estimated to have been worth almost $25 billion—thought to be the biggest cryptocurrency scam to date.
The lesson here is to be skeptical about cryptocurrency developers who are more concerned with the crypto’s market value than touting what the cryptocurrency’s blockchain is useful for. Poor or lacking documentation—including white papers and development team member contact info—is a sign someone’s looking to make a quick buck rather than solve some sort of problem.
Also started in 2014, Bitclub Network was marketed as a cloud crypto mining operation. Investors could give the company money to buy and maintain cryptocurrency mining equipment. In return, the company guaranteed investors profits through mined cryptocurrencies. Investors could also earn more cryptocurrency by referring others to invest in Bitclub Network.
However, footage of the crypto mining hardware Bitclub Network was purportedly using was actually stolen from another crypto mining group. By 2019, US authorities had exposed Bitclub Network as a Ponzi scheme and arrested the company’s executives. The scam cost investors around $722 million, making this the biggest cryptocurrency mining fraud so far.
While some of these types of operations are legitimate, most of them aren’t. It’s better to err on the side of caution and deal solely with well-established crypto exchanges to acquire, trade, and manage cryptocurrency. Betting on cloud crypto miners—especially untested ones—is a risky proposition.
Axie Infinity is an online game where players can earn cryptocurrency and then spend it to purchase unique units and equipment. In mid-2022, a North Korean hacker group called Lazarus used a phishing scam involving a fake job offer to steal system access credentials from one of the developer’s employees. It then proceeded to steal nearly $600 million worth of cryptocurrency from players and the game system. US authorities recovered about $30 million of this crypto, and the developer compensated players who were stolen from.
A lesson to take from this incident is that while cryptocurrency may be relatively new, deceptive methods of obtaining it aren’t. Tricks to dupe people into giving up cryptocurrency (or the credentials required to access it) are sometimes as old as the internet itself, if not older. So it’s important that both customers and employees are made aware of common schemes to extort money or access credentials, and how to deal with them properly.
As we mentioned earlier, cryptocurrency fraud recovery is nearly impossible for those who fall victim to a scam. However, it’s still a good idea to contact the authorities so other people can be made aware of the fraud and avoid it. It may even lead to a cryptocurrency fraud investigation that results in the scammers being caught.
Some US organizations that can be contacted to report crypto fraud include:
- Federal Bureau of Investigation (FBI)
- Federal Trade Commission (FTC)
- Securities and Exchange Commission (SEC)
- Commodity Futures Trading Commission (CFTC)
- Internet Crime Complaint Center (IC3)
Victims of crypto scams should also contact their financial institutions as immediately as possible. This helps to change valid credentials quickly before they’re used for fraud.
Catch Crypto Fraudsters in the Act with Help from Unit21
Crypto fraud investigation is most effective when it’s proactive rather than reactive. Since fraudulent cryptocurrency transactions can happen very quickly and are difficult to reverse, the best defense against them is using digital anti-fraud tools such as Unit21’s Transaction Monitoring and Case Management solutions.
Track and analyze contextual information that indicates suspicious activity, then intercept crypto scams before they run through to completion. This analysis can be enhanced by using link analysis features that let teams easily visualize the connections to crypto fraud.
Even though crypto currently has a complicated compliance regulatory framework, Regtech tools can significantly help organizations meet all requirements.
Contact us for a demo of how our infrastructure can help your team fight fraud involving crypto.