Crypto scammers have stolen billions of dollars from victims around the world, and they are still active in seeking new victims. We don’t know the true extent of crypto losses as people are reticent to report them.[1] What we do know is that scams and fraud are becoming increasingly commonplace as crypto markets continue to globalize, and less experienced investors choose to enter them.

In the United States alone, the FBI reported that crypto fraud victims lost $2.6 billion in 2022, an amount that more than doubled over such losses in 2021. According to recent reports, North Korean threat actors, singlehandedly accounted for a whopping $1.7 billion in cryptocurrency theft in 2022—which was an order of magnitude higher than that country’s entire economic exports in that year.[2]  

Indeed, fraud is perhaps the most common cause of theft losses with respect to digital assets, and its perpetrators are very skilled in designing increasingly clever and deceptive schemes to stay ahead of law enforcement. Recent digital asset scams include OneCoin, where losses were estimated as $25 billion; BitConnect, where losses were estimated at $4 billion; and FTX Trading Ltd., where losses were estimated at $8 billion.[3] In this article I look at some common crypto scams and fraud.

Extortion/Ransomware

Cryptocurrency adds a new twist to the old crime of extortion. A popular extortion scheme involves scammers who claim they have videos, photos, and embarrassing personal information of the target, and threaten to make that information public unless the target sends them cryptocurrency.[4] Blackmail payoffs are also being demanded in digital assets, and ransomware attacks have been used for some time now to shut down critical aspects of a company’s business until the victim makes a ransom payment in digital assets.[5]

Exit Scams/Rug Pulls

The exit scam or rug pull involves soliciting funds for a digital project, often on social media, to seek some legitimacy—say, the development of a new digital application or a new type of digital token. After funds are raised and tokens are issued, the operator abruptly stops work, withdraws investor funds, and disappears.[6] For example, a fraudster created an NFT project called “Baller Ape Club” (which was a play on the name of the popular Bored Ape NFTs) that sold NFTs of cartoon monkeys. Once the fraudster had collected some $26 million from investors, the project abruptly ended, the fraudster deleted the website, and the fraudster disappeared with the investors’ money. In June 2022, the U.S. Department of Justice charged the perpetrator with conspiracy to commit wire fraud and conspiracy to commit international money laundering.[7]

Phishing

A phishing scammer pretends to be somebody to get the intended victim to share private information. Scammers use fraudulent emails, websites, and messaging to trick victims into revealing personal information, such as private keys, login credentials, and sensitive financial information. Phishing attacks often involve the use of false addresses.[8] For example, a fraudster may send small amounts of cryptocurrency to an intended victim from a website with an address that is similar to one where the victim previously sent funds. The fraudster’s objective is to have the victim send some cryptocurrency to the fraudulent address.[9] If phishing scammers obtain a victim’s private digital wallet key, they use so-called “drainware” or “wallet drainer” tools to quickly and automatically empty the victim’s wallet.[10]

Tech Scams

Cryptocurrency platforms, like all other forms of software, are constantly being upgraded. Scammers can ride on top of legitimate tech upgrades, merges, and migrations to reach out to victims and gain critical account access information.

SIM-swap scams (also known as SIM swapping, SIM jacking, SIM hijacking, or port-out fraud), have become commonplace. They involve the scammer contacting the victim’s mobile carrier and posing as them to access a copy of a victim’s phone SIM card, along with all its associated data. The associated data can include two-step verification codes needed to gain access to the victim’s crypto wallet.

SIM-swap scam victims can be unaware that they are being scammed until their phone stops working. Phone service providers are increasingly knowledgeable about these challenges; indeed, some have entire divisions devoted to countering this kind of fraud. Crypto investors should check their crypto investment accounts following any suspected attacks, and to put in place strong multi-factor authentication methods,[11] especially if they engage in lot of crypto trading activities from their cellphones.[12] The FCC recently announced new rules to help protect consumers.[13]

Misrepresentation/Pig Butchering/Romance Scams

Impersonation scams run rampant in the digital asset space. One common type involves fraudsters pretending to be representatives of exchanges, wallet providers, and other service providers. By offering “assistance” with technical issues or account problems, the fraudsters are often able to persuade victims to share their login credentials, private keys, and sensitive financial information.[14]

Another widely reported popular misrepresentation scam is scam called “pig butchering.” This multibillion-dollar criminal industry relies on a type of impersonation fraud where fraudsters use fake identities to develop personal, often romantic, relationships with their victims. They create elaborate storylines to ‘fatten up’ the victim into believing they are in trusted partnerships.”[15] Also referred to as “confidence scams” and “romance scams,” often they are very successful because the scammers gain the victim’s confidence before tricking them into making fraudulent digital assets investments.[16]

Scammers can pose as an “investment manager,” celebrity, love interest, or online dating site, promising serious investment gains and that the price of some unknown digital asset’s value will “inevitably” go through the roof. The victim invests, the scammer dumps their holding at a higher price, and even a small price movement on a site like CoinMarketCap.com can create a false impression quickly.[17]

A newer form of misrepresentation scam is the recruitment scam, where scammers pose as recruiters or employers with fake job opportunities to entice victims to offer up personal and financial data—with related fraud losses now totaling more than $2 billion a year according to the International Association of Better Business Bureaus.[18] Gig economy high hourly-rate offers to subcontractors for supposedly legitimate consulting provider organizations, with professional referral payments being made in cryptocurrencies is another version of this type of scam.   

Ponzi Schemes

Ponzi schemes rely on obtaining money from new investors to pay existing investors for their purported investment “returns.” Named after Charles Ponzi, a criminal who committed a massive investment fraud in the 1920s, Ponzi schemes involving crypto have become widespread.

Take, for example, Trade Coin Club. According to the Securities and Exchange Commission (SEC), this fraud promised investors profits from the trading activities of a purported “crypto trading bot.” The promoters made false representations that the bot made “millions of micro transactions” every second, and investors would receive a minimum return of 35 percent daily. Trade Coin Club’s sole source for funding to pay investor withdrawals and redemptions, however, was the investment payments it received from new investors. Because the Trade Coin Club “membership packages” constituted “investment contracts,” they were securities for federal securities law purposes, and the SEC was able to step in and shut the operation down in 2022.[19]

Another Ponzi scheme involving digital assets was Forsage, a purportedly decentralized finance (DeFi) cryptocurrency platform that raised $340 million from investors. The scheme involved automatically diverting new investors’ purchases of a “slot” in a Forsage smart contract to other Forsage investors so that earlier investors were paid off with funds received from newer investors. Over 50 percent of the investors never received a payment, and the majority of money invested in Forsage’s supposed “smart contracts” was fraudulently siphoned off into digital asset accounts that were controlled by the scam promoter. The SEC shuttered Forsage in 2022.[20]

Looking back further, the first reported cryptocurrency Ponzi scheme was shut down by the SEC in 2016. Defendant, Trendon Shavers, was sentenced to 18 months in prison and ordered to pay $1.2 million in penalties and $2 million in restitution. Shavers had solicited investors to lend his company their bitcoins in return for which they would be paid 7 percent interest per week. Shavers never implemented the crypto arbitrage strategy that he had promoted. Instead, he used the bitcoins he received from new investors to make the purported “interest” payments and cover withdrawals to older investors.[21]

Ponzi schemes involving cryptocurrency also fall within the jurisdiction of the Commodity Futures Trading Commission (CFTC). In 2022, for example, the CFTC filed civil charges against Mirror Trading International Proprietary Limited (MTI) and its CEO for running a fraudulent commodity pool. MTI solicited bitcoins online, purportedly to trade retail foreign currency contracts over the counter on a leveraged basis. MTI raised $1.7 billion worldwide, including from 23,000 American investors. Instead of trading foreign currency, however, MTI misappropriated pool funds, misrepresented trading and performance, falsified account statements, and lied about the use of a broker. Just a fraction of the pooled bitcoins ever got invested, and in 2023 the CFTC ordered MTI’s CEO to pay $3.4 billion in restitution and penalties.[22]

Conclusion

It is interesting to consider that cryptocurrencies and other digital assets were once touted as “safe” because related investments were not executed through a third-party or intermediary. What we’ve seen, however, is that digital asset investments can prove just as risky and fraught with danger as other investments, if not more so. Our traditional trading frameworks are very closely regulated for very good reason: to protect the interests of all parties. But in the world of crypto, there are no trusted intermediaries to keep an eye on the validity of each transaction—so it is up to investors to protect themselves.

Investors must remain vigilant; confirm the legitimacy of their investments; ignore all unsolicited communications; and always question any promises of high or guaranteed investment returns with low associated risks. Also, chances are that if a crypto scam victim receives communications from a party claiming to be able to recover lost crypto funds, that outreach most likely originates from a scammer as well. All suspicious activities should be reported to law enforcement immediately.[23] In the United States, crypto scams can be reported to the Federal Trade Commission, to the SEC, to the CFTC, and to the FBI Internet Crime Complaint Center (IC3).[24]

[1] “Crypto Scam: Inside the Billion-dollar ‘Pig Butchering’ Industry,” A Reuters Special Report, November 23, 2023, https://www.reuters.com/investigates/special-report/fintech-crypto-fraud-thailand/

[2] “North Korean hackers have pilfered $3B of crypto over past six years: Report” Cointelegraph, December 2, 2023,   https://cointelegraph.com/news/north-korean-hackers-stolen-crypto

[3] “What are the Most Popular Crypto Scams to Watch for in 2023,” Time.com, Nov. 7, 2023, https://time.com/personal-finance/article/popular-crypto-scams/

[4] “Cryptocurrency Blackmail Scam Alert,” Federal Trade Commission, June 26, 2020, https://consumer.ftc.gov/consumer-alerts/2020/06/cryptocurrency-blackmail-scam-alert

[5] “What is Double Extortion Ransomware,” Zscaler, https://www.zscaler.com/resources/security-terms-glossary/what-is-double-extortion-ransomware; “Ransomware Attackers’ New Tactic: Double Extortion.” SecurityIntelligence, December 23, 2021, https://securityintelligence.com/articles/ransomware-double-extortion/.

[6] “Exit Scams in the Cryptocurrency World,” NordVPN, https://nordvpn.com/blog/exit-scam/; “What is a Cryptocurrency Exit Scam?” The Motley Fool, updated December 1, 2023, https://www.fool.com/terms/e/exit-scam/; “What is a Crypto Exit Scam?” Crypto Adventure, https://cryptoadventure.com/community/articles/short-series-what-is-a-crypto-exit-scam/

[7] “DOJ Files Charges Against Baller Ape Club ‘Rug Pull,’” Decrypt, June 30, 2022, https://decrypt.co/104220/dog-files-charges-against-baller-ape-club-rup-pull. See also, “'Mutant Ape Planet' NFT Developer Pleaded Guilty in $3M Fraud,” CoinDesk, November 14, 2023, https://www.coindesk.com/policy/2023/11/14/mutant-ape-planet-nft-developer-pleaded-guilty-in-3m-fraud/

[8] “What is a Phishing Attack in Crypto, and How to Prevent It?” Cointelegraph, https://cointelegraph.com/learn/what-is-a-phishing-attack-in-crypto-and-how-to-prevent-it; “Exit Scam: How to Spot One,” NordVPN, Feb. 20, 2023, https://nordvpn.com/blog/exot-scam#:~:text=Exit%20sccams%20in%20the%20cryptocurrency,with%20their%20investor%20victims’%20money

[9] “The Latest Scam: ‘Zero-value Transactions,’ Fooling Victims Into Sending Their Crypto to Fraudulent Addresses,” Elliptic, Jan. 25, 2023 https://www.elliptic.co/blog/analysis/the-latest-scam-zero-value-transactions-fooling-victims-into-sending-their-crypto-to-fraudulent-addresses

[10] “ELI5—What is a Waller Drainer?” crypto.bi,  https://crypto.bi/wallet-drainer/

[11] See “FBI Public Service Announcement, Alert Number I-020822-PSA,” Federal Bureau of Investigation, February 8, 2022, https://www.ic3.gov/Media/Y2022/PSA220208

[12] “What Is a SIM Swap Scam & How to Stay Protected?” February 23, 2022,  https://news.trendmicro.com/2022/02/23/what-is-a-sim-swap-scam-how-to-stay-protected/

[13] Federal Communications Commission press Release FCC Adopts Rules to Protect Consumers' Cell Phone Accounts, November 15, 2023, https://docs.fcc.gov/public/attachments/DOC-398483A1.pdf

[14] “Digital Wallet Fraud—What It Is and How It’s Prevented,” fraud.com, https://www.fraud.com/post/digital-wallet-fraud

[15] “FinCEN Alert on Prevalent Virtual Currency Investment Scam Commonly Known as ‘Pig Butchering,’” FIN-2023-Alert005, U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), September 8, 2023. https://www.fincen.gov/sites/default/files/shared/FinCEN_Alert_Pig_Butchering_FINAL_508c.pdf

[16] Id. See also, “Cryptocurrency Investment Scams” (USSS Alert), United States Secret Service (USSS),  https://www.secretservice.gov/sites/default/files/reports/2022-11/cryptocurrency-investment-scams-v1.1.pdf. These scams are also called “Sha Zhu Pan,” a Chinese term that loosely translates to pig butchering. See “Justice Dept. Seizes Over $112M in Funds Linked to Cryptocurrency Investment Schemes, With Over Half Seized in Los Angeles Case,” United States Attorney’s Office, Central District of California Press Release, April 3, 2023, https://www.justice.gov/usao-cdca/pr/justice-dept-seizes-over-112m-funds-linked-cryptocurrency-investment-schemes-over-half Id., footnote 2.

[17] “5 Crypto Scams To Watch Out For” Forbes, January 23, 2023, https://www.forbes.com/advisor/investing/cryptocurrency/top-crypto-scams/   

[18] Job Scams Study, International Association of Better Business Bureaus, September 2020, https://www.bbb.org/all/scamstudies/jobscams/jobscamsfullstudy

[19] “SEC Charges Creator of Global Crypto Ponzi Scheme and Three US Promoters in Connection with $295 Million Fraud,” Securities and Exchange Commission, Press Release, November 4, 2022, https://www.sec.gov/news/press-release/2022-201

[20] “Forsage Founders Indicted in $340M DeFi Crypto Scheme,” Department of Justice, Press Release, Feb. 22, 2023, https://www.justice.gov/opa/pr/forsage-founders-indicted-340M-defi-crypto-scheme

[21] “Texas Man Sentenced For Operating Bitcoin Ponzi Scheme,” United States Attorney’s Office, Southern District of New York, July 21, 2016, https://www.justice.gov/usao-sdny/pr/texas-man-sentenced-operating-bitcoin-ponzi-scheme

[22] “Mirror Trading Boss Fined Over $3B in US Over Unlawful Crypto Ponzi Scheme,” CoinGeek, May 2, 2023, https://coingeek.com/mirror-trading-boss-fined-over-3b-in-us-over-unlawful-crypto-ponzi-scheme; “CFTC Slaps Record Fine on Crypto Ponzi Scheme Operator,” crypto.news, April 28, 2023, https://crypto.news/cftc-slaps-record-3-4b-fine-on-crypto-ponzi-scheme-operator/

[23] “Unmasking Pig-Butchering Scams and Protecting Your Financial Future,” Trend Research,  https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/unmasking-pig-butchering-scams-and-protecting-your-financial-future, site visited November 27, 2023.

[24] FBI, “FBI Guidance for Cryptocurrency Scam Victims,” Public Service Announcement, Alert Number I-082423-PSA, August 24, 2023, https://www.ic3.gov/Media/Y2023/PSA230824#