Crypto Scams: How They Work & What to Look For
What are crypto scams?
Common crypto scams include phishing for credentials for cryptocurrency storage wallets, cybercriminals posing as cryptocurrency exchange personnel to have victims transfer them cryptocurrency and payment scams.
AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>
Are crypto scams on the rise?
With so many people working, socializing and consuming media online, scammers had ample opportunity to fleece victims. Criminals stole $3.2 billion worth of cryptocurrency in 2021.
What percentage of crypto are scams?
The U.S. Federal Trade Commission (FTC) reported that in 2021, instances of crypto scams were 12 times higher than in 2020, and the total amount of losses was up nearly 1,000%, while this January’s FTC report found that crypto scams now make up the majority of all investment-related fraud online.
How much crypto has been scammed?
As of 2022, Chainalysis estimated that at least $10 billion worth of cryptocurrency is in wallets held by bad actors involved with cybercrime, crypto theft and dark web transactions.
See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>
How do crypto scams work?
Most crypto scams prey on the emotions of the target using social engineering to persuade the target to take the criminal’s desired action like transferring cryptocurrency or giving scammers access to the victim’s coin wallet.
These crypto scams follow more traditional lines of stock manipulation, theft, or malice for profit.
- Pump and Dump Scams: A pump and dump scam is when a group of traders works to inflate the hype (and price) of a cryptocurrency, then spreads misleading or false information to inflate the price before selling off their shares unethically at the top of the market and bolting.
- Blackmail & Extortion Scams: Bad actors contact victims by email or direct message and tell them that they’re about to make the victim’s sensitive videos, pictures or compromising information public. They demand payment (a ransom) in crypto to make the problem go away.
- Fake App & Website Scams: Bad actors make fake apps that phish victims by faking an error that directs the victim to type in their recovery seed/code or visit a website to reset their login. As soon as the victim enters the information, the contents of their wallet are snatched by the attacker.
These scams prey on those looking to take advantage of an opportunity. They target more eager, naïve investors that fail to notice when something is too good to be true.
- ICO Scams: An exit scam or, initial coin offering (ICO) scam, is common. In this crypto scam, bad actors claim to have created a new type of crypto coin, and they whip up excitement, claiming this coin will generate big returns for investors. As soon as they draw in some marks, they vanish with their victims’ money.
- Rug Pull Scams: There are three main types of “rug pulls” in crypto: liquidity stealing, limiting sell orders and dumping (pump and dump as described above). Liquidity stealing occurs when token creators withdraw all the coins from the liquidity (or available currency) pool, removing the value injected into the currency by investors and driving its price down to zero. Limiting sell orders is a way for a malicious developer to defraud investors by drumming up interest then making it very difficult for investors to sell. Rug pulls accounted for 37% of all cryptocurrency scam revenue in 2021, totaling $2.8 billion – up from just 1% in 2020.
- Investment Scams: Cryptocurrency investment scammers might post or advertise links to fraudulent investment sites, DeFi platforms and wallets or giveaways with claims of multiplying any cryptocurrency you send. Scammers also love to hand out “investment tips” while posing as legitimate experts or traders. The median loss on this scam is $1,900 for victims.
- Employment Scams: This scam advertises a fictitious job opportunity and asks victims to provide a deposit in cryptocurrency before beginning their fake employment, which is then stolen. Scammers may also instruct “new employees” to purchase cryptocurrency in a “client’s” name and transfer it to a digital wallet with the promise of reimbursement. Of course, the reimbursement never materializes.
- Giveaway Scams: In a common giveaway scam, victims are persuaded to enter a giveaway and lured into sending cryptocurrency to a giveaway address to verify their wallets. But there’s no giveaway and bad actors make off with it.
These scams take advantage of trusting individuals by assuming false identities in a number of ways.
- Imposter Scams: Scammers contact the victims claiming to be celebrities, tax officials, government agencies, friends or even family members, telling the victims that they must transfer cryptocurrency to the scammer’s wallet to pay a bill, avoid a fine, win a prize or help someone.
- Romance Scams: Romance scammers (catfishers) create fake social profiles using pictures taken from the internet and then trick victims into sending them money. Romance scammers made off with a total of $139 million in cryptocurrency last year.
- Phishing Scams: Cryptocurrency phishing scams work just like other phishing scams: bad actors attempt to persuade their victims to supply their credentials, in this case the login information needed to access the victim’s crypto wallet, or give them money, in this case cryptocurrency.
Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>
Crypto Scam Examples
Here are a few real-life examples of crypto scams.
Social Media Scams
Social media has become a common hunting ground for bad actors to do a little phishing, run fraudulent ads and execute crypto scams.
- Instagram: Instagram scams are commonly imposter or romance scams. Sometimes bad actors also perform account takeovers and post malicious links or send messages to new victims from legitimate stolen accounts.
- Tinder: Bad actors will make fake profiles to lure in marks. Once they “match” with someone, they’ll ask to take the conversation to a texting app, where they persuade the mark to “take advantage” of fraudulent cryptocurrency investment opportunities.
- WhatsApp: There are hundreds of WhatsApp groups that falsely promise big returns with names like BTC Fortune VIP, BTC Get Rich VIP, and BTC Contract VIP that bilk victims out of crypto, sometimes to the tune of $400-$500 every day.
These scams involve one type of cryptocurrency and made headlines when they crashed and burned.
- OneCoin: OneCoin was a Ponzi scheme described by The Times as “one of the biggest scams in history“. The company behind the cryptocurrency sold spurious crypto education packages for 100 euros to 225,500 euros that included “tokens” which could be assigned to “mine” OneCoins, a currency that could only be exchanged or cashed in on the company’s proprietary exchange. That marketplace had daily selling limits and complex rules for withdrawals. In March 2016, OneCoin issued a notice that the market would be closed for two weeks for maintenance. It never reopened, and investors lost their money.
- FaZe Clan & SaveTheKids: Esports organization FaZe Clan and other social media influencers promoted a “charitable” crypto coin that promised to donate to Save The Kids ($KIDS), claiming 1% of the 3% tax on selling transactions would be donated to children in need. Influencers easily tapped into their millions of followers, including minors, to sell the coin, driving prices up, followed by a quick, massive sell-off by those in the know – the founder of the coin abandoned the project, taking all the funds with him.
- Squid Game Crypto: Inspired by the Netflix series Squid Game a new coin became a hot property in November 2021. It quickly became the most hyped digital token when its valuation shot up to $2,861 per coin before plummeting to $0, when the creators of the crypto quickly cashed out their coins for real money, draining the liquidity pool from the exchange.
These scams were all carried out in light of an exchange or crypto wallet platform.
- Quadriga: One of the most notorious “exit scams” involved QuadrigaCX, Canada’s largest cryptocurrency exchange. Founder Gerald Cotton was found to have used fake accounts on his exchange to buy customers’ bitcoin using Canadian dollars that didn’t exist, then using those stolen tokens to take risky bets on other exchanges. It ceased operations in 2019.
- Binance: A famous Binance scam involves sending users a text message with a link to cancel withdrawals, leading users to a malicious website claiming to be an official Binance page promising an extra 12% profit when they send crypto to the Binance blockchain (which is actually cybercriminals).
- Coinbase: A common Coinbase scam includes an email that claims the user’s account has been locked, providing a fake recovery URL that captures user login information. Once the attackers stole the victim’s Coinbase login details they could then steal their funds.
Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>
How do you spot a crypto scam?
Most crypto scams are phishing scams at heart. Here are some red flags that indicate a crypto phishing scam.
- Consider any unexpected tweet, text, email, call, or social media message — particularly from someone you don’t know — asking you to pay them in advance for something, including with cryptocurrency, a scam.
- Scammers guarantee that you’ll make money fast. If they promise you’ll make a profit, that’s a scam.
- Even if there’s a celebrity endorsement or testimonials it may be a scam.
- Scammers promise free money. They’ll promise it in cash or cryptocurrency, but free money promises are always fake.
- Beware of any entity that states they can only accept cryptocurrency and identifies as the government, law enforcement, a legal office, or a utility company.
- Do not follow instructions from someone you have never met to scan a QR code and send payment via a physical cryptocurrency ATM.
What is crypto phishing?
Crypto phishing scams are tricks used by bad actors to steal cryptocurrency and obtain access to crypto wallets. Specifically, scammers are interested in obtaining login information, credentials and crypto wallet private keys and codes. When the hackers have acquired this information, they can steal the cryptocurrency contained in those wallets.
How do you prevent crypto phishing?
Don’t hand out your crypto wallet information. Cryptocurrency platforms like Binance and Coinbase warn users that they will never ask them to share their password, 2-step verification codes or private keys in any message.
Always check every link carefully by hovering your mouse over it to ensure that it goes to an official domain.
Beware of language errors and obvious misspellings in emails, social media posts or direct messages.
Phishing Protection with Graphus
Humans fall for email scams, but Graphus doesn’t. Graphus is powered by a patented AI algorithm that uses more than 50 points of comparison to detect malicious messages. Machine learning ensures that your protection only gets better over time. Stop phishing from bringing dangerous risks to your company’s inboxes by stopping malicious emails before they ever get to the users with Graphus.