There have been few trends in recent years that have captured attention quite like cryptocurrency. The frenzy of jumping on the next big digital currency to make money is reminiscent of the gold rush of 1849, when over 380,000 fortune-seekers made their way to California to earn their riches. While the two markets differ, with cryptocurrency investors being able to mine their fortune from the comfort of their own homes, there are similarities in that they both have created a hotbed for criminal activity.
Both gold and cryptocurrency prove an irresistible lure for fraudsters looking to exploit cash happy investors. The market in the 19th century was riddled with “fool’s gold”, while today, crypto is equally plagued with scam offerings, exchanges, phishing campaigns, and ‘pump and dump’ scams. In 2021, fraudsters around the world even took home a record £10.5bn in stolen cryptocurrency.
Being aware of the methods used by cyber bandits to commit cryptocurrency fraud is critical for investors to avoid finding themselves in an empty gold mine.
Jumping on the crypto bandwagon
With crypto, investors often get caught up in the hype and skip the basics. Some will invest hundreds of thousands of pounds in a currency without really understanding how it works, how their wallet works, what private keys do, and who actually has control over their account. We’re all used to how traditional banks operate, and while there are some similarities, crypto certainly differs.
With cryptocurrency, every wallet has its own unique private key that can be used to transfer coins – similar to the function of a person’s signature. However, not all wallets are created equal, particularly from a security perspective. For many, if your private key is lost or stolen, access to your cryptocurrency could be lost forever as the person who controls the private key has all the power and can spend and move currency digitally. Understanding these basics is of course crucial, but crypto investors must also be aware of the fraud threats they face. With this in mind, here are three of the scams that cybercriminals favour:
1. Scam Initial Coin Offerings
Cryptocurrency projects have Initial Coin Offerings (ICOs) that spin up hype around the launch of a new coin. However, scammers can develop a fake ICO that promises investors substantial rewards, with very little money or effort. For example, SQUID coin was a scam ICO that capitalized on the popular Netflix series Squid Game to gain publicity, allowing the creators to cash in on over £2.3mn.
Creators of fake ICOs promise massive returns but hold the lion’s share of the coins in their own wallets, sit back and watch as people exchange physical money for their currency. As the coin gains traction, the owners of a scam ICO can then sell off all their coins at once and disappear – known as a “rug pull”.
2. ‘Pump and dump’ scams in cryptocurrency
‘Pump and dump’ scams see cybercriminals pull the rug once enough money is invested, causing a market to crash instantly. A group of traders, such as a coin’s founders or collaborators, will hype a coin, using photoshopped images, fake testimonials, and false claims to artificially drive up its price. Once the price has risen sharply enough to reach its peak, the fraudsters sell off their shares all at once, leaving buyers with useless currency.
Just like the dot-com bubble, it can be enticing to get in on the next hot thing, but it’s important to understand exactly what altcoin you’re buying and why.
3. Cryptocurrency exchanges are exploited
Another avenue fraudsters exploit is exchanges. Binance, the world’s largest crypto exchange, processes £58bn worth of cryptocurrencies every day, so it’s clear why exchanges are such huge targets for criminal activity due to the sheer amount of wealth they hold. It’s recommended that users do not keep their cryptocurrency on an exchange – especially if it’s a large amount – as they don’t own the rights to control it. However, many are unaware of this advice.
Billions of pounds of cryptocurrency and thousands of user logins have been stolen from exchanges through brand abuse, rogue mobile apps, phishing scams, and brute-force attacks. Organized crime rings will use these methods to steal credentials and private keys. Once a private key is stolen, the funds are moved into the fraudster’s wallet, leaving the buyer coin-less.
Finding a solution to unregulated cryptocurrency
While cryptocurrency is currently unregulated, the industry is taking steps to prevent fraud. Exchanges are investing in network security and doubling down on identifying brand impersonation. Given the amount of wealth held on exchanges, policing messages, manually reporting fake accounts, and sending takedown requests is a near-impossible task. However, advances in artificial intelligence and machine learning mean that exchanges can now not only detect fraud, but completely stamp it out before it reaches consumers.
There are also steps users can take to keep themselves safe. First and foremost, it’s crucial to keep your private key and login credentials to yourself, no matter how convincing someone may sound. Preparing before any investment is also critical, from coin research to avoid anything that sounds too good to be true or using online forums to get different opinions before buying any currency. To protect against phishing, users can take simple measures like installing anti-virus software, and not keeping large amounts of currency on an exchange.
Finding a gold mine, or leaving empty handed?
With surging prices, unprecedented growth, and a clamor to invest, it’s clear why many are comparing the crypto craze to the gold rush. Now, the boom in crypto has opened the door to financial opportunity for coin buyers and fraudsters alike. With crypto bandits coming from every angle, the industry must support and protect buyers from malicious attacks. These crypto investors must also be wary, do their research, and take sufficient steps to protect their assets – or could see themselves left with nothing but “fool’s gold”.
About the author: Mark Crichton is the Head of Product at Outsider – the California-based fintech on a mission to liberate the world from transactional fraud. He has over 20 years’ experience in architecting, deploying, developing and strategic consulting within the realm of global IT security and payment security solutions.