Common Cryptocurrency Scams

Cryptocurrency scams remain a persistent threat, with perpetrators devising increasingly sophisticated methods to exploit unsuspecting users. The staggering figures speak volumes: a cumulative loss of $27 billion across all years, attributed to crypto scams such as rug pulls and heists, underscores the magnitude of the issue. 

While 2023 saw a slight decline in losses, totaling nearly $2 billion, this apparent improvement from 2022 is offset by the collapse of prominent entities such as Terraform Labs, Celsius, and the FTX exchange, amounting to an additional $40 billion. Ethereum, being the largest blockchain by active users and locked value, bore the brunt of these losses, with approximately $1.35 billion vanishing across 170 incidents in 2023 alone. Such statistics underscore the allure of cryptocurrency to malicious actors, with Ethereum’s expansive ecosystem providing fertile ground for exploitation. 

As the market dynamics shift and investor sentiment fluctuates, opportunistic scammers capitalize on the fear of missing out (FOMO) and greed that permeate the community during bullish phases. January and February of 2024 witnessed unprecedented spikes in attacks, with hackers raking in hundreds of millions through access control exploits, flash-loan manipulations, and exit scams. 

Amidst these alarming trends, the true scale of losses remains obscured, as victims often opt not to report incidents out of embarrassment. Compounded by the pseudonymous nature of cryptocurrency transactions and the irreversible nature of blockchain transfers, the industry stands vulnerable to exploitation. 

With the impending Bitcoin halving and potential bull market, heightened market speculation and increased investor activity can be triggered, as individuals seek to capitalize on potential price surges. Scammers adeptly exploit the prevailing euphoria and heightened investor sentiment, rendering users more susceptible to fraudulent schemes. 

In this environment, arming oneself with knowledge becomes paramount. By familiarizing oneself with common scam tactics and recognizing red flags early on, users can mitigate the risk of falling victim to fraudulent schemes.

Cryptocurrency scams to watch out for

Rug pulls

Rug pulls are a fraudulent scheme prevalent in the decentralized finance (DeFi) and cryptocurrency space, particularly with new and often speculative projects. This scam involves project developers creating a seemingly legitimate cryptocurrency project or DeFi service with the intent of absconding with investors’ funds. The term “rug pull” metaphorically refers to the act of abruptly pulling the rug out from under investors, leaving them with worthless tokens.

There are two types of rug pulls, hard and soft. Hard rug pulls occur when developers code a backdoor in the protocol to cash out funds locked up in smart contracts by users. Soft rug pulls happen when developers abandon the project and dump all their tokens, causing a crash in the token price.  

Delving further, some common types of rug pulls include the removal of liquidity from a token pool which causes the token’s value to plunge, fake projects where investors are left with valueless tokens, and team exit where members are left with a failing token.

The operation begins with developers launching a new token, often accompanied by aggressive marketing campaigns to generate hype and attract investors. These projects may promise innovative features, high returns, or solutions to existing problems in the crypto space. Initially, the developers might invest their own funds or lock some liquidity to create a sense of security and legitimacy. As retail investors buy in, the token’s price increases.

Eventually, once a sufficient amount of funds has been invested into the project, the developers withdraw all the liquidity from the trading pools on decentralized exchanges (DEXs) or sell their pre-mined tokens en masse, leading to a sudden and drastic drop in the token’s price. Investors are left with tokens that are either significantly devalued or completely worthless in an instant.

Warning signs of potential rug pulls include lack of transparency about the project’s developers, absence of a clear roadmap or audited smart contract, aggressive marketing tactics with little substantive information, liquidity not being locked or only locked for a short period, and a low concentration of token holders.

To avoid falling victim to rug pulls, investors should conduct thorough due diligence, including reviewing the project’s whitepaper, the credibility and track record of the team, and the project’s code or third-party audits. Analyze the developer token distribution and protocol governance for further information on what developers can do with their tokens, and to find out if a few wallets control a majority of the supply. Participating in community discussions to identify how active and strong it is, and monitoring any sudden changes in liquidity, can also provide early warning signs of a potential rug pull.

Pump and dumps

Pump and dump schemes are manipulative endeavors that aim to artificially inflate the price of a cryptocurrency before selling it off at its peak. This practice, long known in traditional stock markets, has found a fertile ground in the cryptocurrency domain due to its relatively unregulated environment and the anonymity it offers.

There are two main types of schemes. The first is where insiders promote a token and hype it up while gradually selling it off, while the second is when members of a token community are urged to buy the token, and those who don’t sell are left to hold the bag.

The scam begins with organizers, often insiders or large holders of a cryptocurrency, accumulating a significant portion of it quietly. Once they hold a substantial amount, they initiate a “pump” phase by spreading misleading information, rumors, or overly optimistic projections about the cryptocurrency through social media, forums, and even paid advertisements. This creates a FOMO (fear of missing out) effect among retail investors, who start buying the asset, leading to a rapid increase in its price.

At the peak of this artificially induced price inflation, the organizers then initiate the “dump” phase, selling off their holdings at the inflated prices. As they sell, the market becomes saturated with the asset, and the price begins to plummet, often leaving new investors with significant losses as they bought in at the peak.

Observe for sudden, unexplained spikes in the asset’s price without corresponding news or developments, high volume of promotional content within a short period, and anonymous tips or advice urging immediate investment. Another red flag is a lack of liquidity, which makes it easier for scammers to manipulate the price.

To avoid pump and dump schemes, investors should be wary of investments that seem too good to be true, conduct independent research rather than relying on promotional materials, and be skeptical of anonymous tips and the herd mentality. It’s also advisable to look at the long-term potential and fundamentals of an asset rather than short-term price movements.

Phishing

In 2023, over 324,000 crypto users were hit by phishing scams, with around $295 million lost, according to Scam Sniffer. Phishing in the cryptocurrency space is a type of cyber scam where fraudsters deceive individuals into revealing sensitive information, such as private keys or wallet passwords, or directly sending cryptocurrency to a scammer’s address. Unlike traditional phishing, which often targets banking and personal information, crypto phishing is uniquely dangerous due to the irreversible nature of blockchain transactions.

Crypto phishing can take many forms, including fraudulent emails, fake websites, and social media impersonation. Scammers may send emails that mimic legitimate companies, like crypto exchanges or wallet services, asking users to enter their login details on a fake website. Similarly, they might create websites that closely resemble real platforms to trick users into making transactions or revealing private keys.

The scam plays out by firstly gaining the victim’s trust through seemingly legitimate requests or alerts. Once the information is obtained or the transaction is made, scammers gain access to the victim’s assets and transfer them to their own accounts, leaving the victim with no recourse due to the anonymous and irreversible nature of blockchain transactions.

If you receive unsolicited requests for sensitive information, emails or messages with urgent or threatening tones, and URLs that resemble, but do not exactly match, those of legitimate sites, you might be a target of phishing. Spelling and grammar mistakes in communications purporting to be from professional organizations can also be a giveaway.

To protect against phishing, individuals should always verify the legitimacy of messages or websites by directly visiting the official site rather than clicking on links in emails or messages. Utilizing two-factor authentication (2FA) on all accounts, being skeptical of unsolicited messages, and using hardware wallets can also significantly reduce the risk

Approval phishing addresses exploit the mechanism by which users grant permission for smart contracts to interact with their cryptocurrency wallets. In these scams, attackers deceive users into approving transactions that grant the scammer access to the user’s funds. This is a sophisticated form of phishing because it doesn’t just steal login credentials but manipulates the permissions within the blockchain ecosystem itself.

The scam typically unfolds through malicious links sent via email, social media, or even through fake ads. These links lead to counterfeit websites that mimic legitimate DeFi platforms, where users are prompted to connect their wallets. Once connected, the user is tricked into signing a transaction that ostensibly looks harmless but actually grants the attacker permission to access their funds. 

Unexpected requests for wallet connections or transaction approvals, unfamiliar or slightly off URLs, and offers that seem too good to be true, can serve as warning signs. Users should always verify the authenticity of a website before connecting their wallet, and regularly check and revoke unnecessary permissions using blockchain explorers or wallet interfaces.

Airdrop scams

Airdrop scams lure victims with the promise of free cryptocurrency tokens as part of promotional events or token distributions. Scammers exploit the excitement around airdrops to steal assets or personal information by creating fake airdrop campaigns. Participants may be asked to provide private keys, send a small amount of crypto to a specified address to “verify” their wallet, or complete tasks that compromise their security.

The operation of this scam relies on the creation of hype and the exploitation of FOMO (fear of missing out). Scammers advertise their fake airdrops through social media, forums, and even through direct messaging on platforms like Discord or Telegram. 

To identify airdrop scams, watch for red flags like requests for private keys or wallet seed phrases, the requirement to send crypto to participate, and a lack of verifiable information about the airdrop on official project channels. Genuine airdrops rarely, if ever, ask participants to send funds or disclose sensitive information.

Romance Scams (Pig Butchering)

In cryptocurrency romance scams, or “pig butchering,” scammers build fake romantic relationships online and then guide the conversation to cryptocurrency investment opportunities. The scammer “fattens” the victim with promises of wealth and financial freedom through crypto investments, only to “slaughter” by eventually convincing them to transfer funds into fraudulent schemes or directly to the scammer.

These scams are often elaborate, with scammers investing weeks or months into building a believable relationship. They prey on loneliness, the desire for connection, and the allure of easy money. The operation escalates from casual conversation to discussing crypto investments, sharing “tips,” and eventually directing victims to fake platforms or convincing them to make direct transfers.

If you experience a sudden shift from romantic or friendly conversation to financial advice or opportunities, reluctance to meet in person or video call, and the urgency around making immediate investments, take a step back and pause on your communications with the potential scammer. Protecting oneself involves being extra wary towards financial advice from strangers online, never sending money to someone you’ve only met online, and conducting thorough research before investing.

Fake Apps and Sites

Fake apps and sites mimic legitimate cryptocurrency wallets, exchanges, or information services to steal funds or personal information. Scammers design these platforms to look as authentic as possible, enticing users to enter their credentials or make deposits.

The scam plays out by first attracting users through search engine optimization, ads, or phishing emails. Once a user interacts with the fake platform—such as downloading a fraudulent app or entering login information on a bogus website—the scammers can steal assets directly from the user’s wallet or commit identity theft.

Watch out for the absence of HTTPS in the URL, misspellings or grammatical errors in the app or website content, and a lack of legitimate reviews or a verifiable track record. Users should always download apps from official app stores, verify website URLs carefully, and look for reviews or community feedback before interacting with a crypto service.

Giveaway Scams

Giveaway scams falsely promise to multiply cryptocurrency sent to a scammer’s wallet address, often leveraging the names of well-known personalities or companies in the crypto space. Victims are lured with the prospect of receiving a larger return as part of a “giveaway” but end up losing their sent funds.

Scammers promote these schemes through social media, using accounts that appear legitimate or through hacked accounts with large followings. The operation is simple yet effective: promise a lucrative return on a small investment, and once the crypto is sent, cut all communication and disappear.

The key warning sign is the promise of free money, especially requiring an upfront investment. Genuine giveaways from reputable companies or individuals do not require sending crypto to participate. Always verify the authenticity of the giveaway through multiple official channels before participating.

Impersonation Scams

Impersonation scams involve fraudsters pretending to be legitimate entities, such as crypto exchanges, wallet services, celebrities, or influencers, to solicit funds or personal information. Scammers might reach out to individuals through emails, direct messages, or social media posts, to ask for payments, donations, or sensitive information. Fake job offers or investment opportunities in the crypto space are also common fronts. This scam plays on trust and authority, with victims more likely to comply with requests from seemingly reputable sources.

Unsolicited requests for money or personal information, inconsistencies in the communication compared to the official source, and the use of urgency or high-pressure tactics, often hint at something being amiss. Verifying any such requests directly with the entity through official and verified channels can help prevent falling for these scams.

For each type of scam, the overarching protective measures include thorough research, skepticism towards too-good-to-be-true offers, and verifying information through official channels. The crypto space’s anonymity and lack of regulation make it ripe for scams, but awareness and caution can significantly reduce the risk of falling victim.

Blackmail or Extortion Scams

Blackmail or extortion scams in the cryptocurrency world involve threats to reveal sensitive, often personal, information unless a ransom is paid in cryptocurrency. This type of scam capitalizes on the anonymity and irreversibility of crypto transactions, making it a preferred method for scammers seeking to exploit victims under the guise of anonymity.

The modus operandi involves the scammer contacting the victim, usually via email, claiming to have compromising information. This could range from alleged access to personal files, browsing history, or more sensitive content. The scammer then demands payment in cryptocurrency, often Bitcoin, due to its pseudo-anonymous nature, to prevent the release of the information.

Warning signs include receiving unexpected emails that claim to have access to your personal information or devices, and which demand payment to avoid exposure or legal trouble. Often, these messages are marked by a sense of urgency and threats.

To safeguard against these scams, it’s essential never to respond or send payments. Implementing strong, unique passwords, using two-factor authentication, and covering webcams when not in use can also help protect against potential threats.

Investment Scams

Investment scams in the cryptocurrency sphere often promise high returns with little to no risk, leveraging the speculative interest in crypto markets. They may take the form of Ponzi schemes, where returns are paid to earlier investors from the capital of new investors, or fake investment platforms offering non-existent opportunities.

Victims are persuaded to invest large sums of money, which the scammers then appropriate. The operations collapse once the flow of new investors dries up or when the scammers decide to disappear with the funds.

Look out for promises of guaranteed returns, pressure to invest quickly, and requests for investment in obscure or unknown cryptocurrencies. Checking for reviews, regulatory compliance, and the project’s or platform’s legitimacy can help avoid falling victim to such scams.

Fake ICOs

Fake Initial Coin Offerings (ICOs) involve scammers creating a fraudulent ICO to attract investors looking to get in early on a new cryptocurrency or token, promising high returns and revolutionary technology. These scams capitalize on the hype and speculative nature surrounding ICOs and the broader blockchain technology sector.

Scammers typically create a professional-looking website, a whitepaper with technical but vague details, and promotional material promising revolutionary technology and investment returns. Once they collect enough funds from investors, they disappear, leaving investors with worthless tokens or no tokens at all.

If you notice a lack of detailed information about the team behind the ICO, unrealistic promises about the investment’s potential returns, and a whitepaper that lacks substance or is difficult to understand, these might indicate a potential scam. Verifying the credibility of the team, the project’s technical feasibility, and the existence of an actual product or service can help in identifying fraudulent ICOs.

Social Media Ad Scams

Social media ad scams exploit the reach and influence of social media platforms to promote fraudulent cryptocurrency schemes. These ads might link to fake websites or investment platforms, phishing sites, or promote nonexistent or scam products. The scam relies on the perceived legitimacy of appearing on reputable social media platforms to lure victims.

The operation of these scams involves creating ads that promise high returns, free cryptocurrency, or exclusive investment opportunities. Once users click on these ads, they may be asked to enter personal information, make a payment, or download malicious software.

Scam ads often promise quick wealth or guaranteed returns, include requests for payment or personal information, and link to unfamiliar websites. Users should approach ads with skepticism, research offers before clicking, and use ad blockers or adjust privacy settings to limit exposure to potential scams.

Tips to avoid being scammed

  1. Research thoroughly: Before engaging with any cryptocurrency project or investment opportunity, conduct comprehensive research. Review the project’s whitepaper, team members, and community discussions to assess its legitimacy.
  2. Exercise skepticism: Be wary of offers that seem too good to be true, especially promises of guaranteed returns or high profits with little risk. If an opportunity appears overly enticing, it’s likely a scam.
  3. Verify information: Verify information through official channels whenever possible. Don’t rely solely on promotional materials or unsolicited messages, and confirm details independently.
  4. Stay informed: Stay informed about common scam tactics and emerging threats in the cryptocurrency space. Knowledge is your best defense against falling victim to fraudulent schemes.
  5. Protect personal information: Avoid sharing sensitive information, such as private keys or wallet passwords, especially in response to suspicious messages.
  6. Use secure platforms: Only use reputable cryptocurrency exchanges, wallets, and investment platforms. Check for reviews, regulatory compliance, and security features before using or trusting a platform with your assets. 
  7. Implement security measures: Utilize security measures like two-factor authentication (2FA) on all accounts and strong, unique passwords. Regularly monitor and update security settings to safeguard against potential threats.
  8. Remain cautious online: Be cautious when interacting online, especially on social media platforms. Beware of unsolicited messages, phishing attempts, and suspicious advertisements promising quick wealth.
  9. Verify individuals and entities: Verify the identities of individuals and entities claiming to offer investment opportunities or cryptocurrency services. Look for red flags such as anonymous or unverifiable profiles.
  10. Trust your instincts: Trust your instincts and intuition. If something feels off or too risky, it’s better to err on the side of caution to avoid becoming a victim of a scam.