With bitcoin and other cryptocurrencies exploding in terms of popularity and market cap over the past few years, it’s no surprise that criminals want to get in on the action. Indeed, there are so many methods for scammers to choose from, and scams and hacks involving bitcoin and altcoins seem to be constantly in the news.
Fake coin exchanges
Since so many cryptocurrency-related businesses are relatively new, it’s difficult to know which ones are legit. Criminals have capitalized on this and simply take people’s money through fake or questionable exchanges. One example of a blatantly fake coin exchange is Internet Coin Exchange which simply lists cryptocurrency price details alongside Buy buttons.
This one still appears to be very much up and running so we won’t be posting the link here.
Other questionable operations include Igot, which later became Bitlio. This exchange appeared to be operated inefficiently as there have been times when it simply can’t pay customers. Again, it’s still in business.
Hacked coin exchanges
Unfortunately, when exchanges are hacked by cybercriminals, both the exchange and its customers tend to lose out. Mt Gox is probably the most famous case in which people are still waiting to find out if they’ll see their money four years on. But there have been other, more recent, high-profile hacks, including that of Coincheck to the tune of $500 million.
Pump and dump scheme
‘Pump and dump’ is a familiar term in the stock market, but it’s hitting cryptocurrencies too. This involves the organized promotion of a particular cryptocurrency, usually a relatively unknown coin. The mass investment causes the value to spike, encouraging other investors to get in on the action. The value of the coin increases even further and when the time’s right, the first round of investors cash out, leaving the second wave with a worthless coin.
Fraudulent cloud mining companies
Mining of bitcoin and other cryptocurrencies typically involves using computational power to support the network in return for a reward. However, mining isn’t the easiest thing to get started with. Enter cloud mining companies, which enable you to invest in mining without having to actually deal with the setup yourself.
When you invest in cloud mining, you’re putting a whole lot of trust in the mining company. Of course, where there are investors, there are scammers ready and waiting. For example, Mining Max raised $250 million for its operation, all but $70 million of which was reportedly pocketed.
In another case, the CEO of GAW Miners pleaded guilty to $9 million in fraud as an outcome of some very dodgy dealings, including selling more hashing power than was available.
Mining requires a huge amount of computational power, and that doesn’t come cheap. As such, criminals have developed mining malware that can enable them to exploit users’ computational power. Known as malicious cryptomining or cryptojacking, the malware is usually spread by a trojan virus. Infected computers then form a larger botnet that mines cryptocurrencies. Examples of mining malware include “Digmine,” spread via Facebook Messenger, and WannaMine, which uses EternalBlue, the leaked NSA exploit.
ICO exit scam
An Initial Coin Offering (ICO) is a little like an Initial Public Offering (IPO) for a company, the major difference being the coin is really worthless until investors perceive value. ICO exit scams are similar to the pump and dump scams we talked about earlier except it’s usually the coin creators doing the heavy promotion followed by a quick sell-off.
Investors are wooed with whitepapers and promises of superior security and broad application potential. They buy coins in exchange for fiat currency, hoping to get a return on their investment. Some of the biggest exit scams we’ve seen so far are Plexcoin, which gathered $15 million in investments before it was suspended, and Benebit, the team behind which ran off with between $2.7 million and $4 million early in 2018.
ICOs in general are viewed as such a problem that China has banned them and other countries are imposing heavy regulation.
Another issue among ICOs is not with the ICOs themselves, but with scammers impersonating them. For example, the legitimate Seele ICO had their Telegram channel hijacked by people posing as admins. Investors were persuaded to pay for tokens before the sale had actually started and the funds were pocketed by the criminals. Other fraudsters used a phishing scam centered around the Bee Token ICO as a means to dupe investors out of $1 million worth of ether.
Cryptocurrency investment schemes
With the cryptocurrency market being so volatile, it’s not uncommon to hear about massive gains over a short period of time. This makes classic pyramid or Ponzi schemes an easier sell to investors as people are less likely to view them as “too good to be true.” Austrian investment scheme Optioment promised a whopping 4% weekly return to some investors and ended up reportedly stealing more than 12,000 bitcoins.
Other suspicious schemes include BitConnect, which shut down after receiving multiple cease and desist letters, and OneCoin, a reported global Ponzi scheme that is still going strong.
Wallet fork scams
Coin wallets are used as “safe” places for people to secure their cryptocurrency, basically somewhere to safeguard the private keys that can enable access to coins. When a cryptocurrency forks and a new coin is created, it can be difficult to find a wallet that can accommodate the new coin. Enter scammers. When Bitcoin Gold was first released, the mybtgwallet.com website popped up, promoting users to hand over their private keys and subsequently lose their coins.
This one wallet scam reportedly resulted in total losses worth over $3 million.
More impersonators are taking advantage of the cryptocurrency market, this time in the form of wallet clones. Criminals make people believe they are depositing their coins into a legitimate wallet but are actually keeping them for themselves. Hacker group, Coinhoarder, used such a scheme to steal more than $50 million worth of bitcoin and other cryptocurrencies. It used domains impersonating the reputable Blockchain.info and even used paid Google ads to attract more victims.
Coin mixing service phishing scam
Coin mixing services are used to mix coins in order to break the connection between the sender and receiver, making transactions more anonymous. While coin mixing services can aid illegal activity, they can have legitimate use cases, too. Popular sites include Bit Blender and the now-defunct Helix by Grams.
These two were involved in a phishing scam on the dark web where a coin mixing tutorial used links to fake websites for both of the services. Users following the steps and visiting the links simply handed over their coin to the thieves.
Coin mixing service Ponzi schemes
It’s not just phishing schemes that affect users of coin mixing services. Bitpetite ran a mixing operation but also asked for investors to hand over money with the promise of 4% daily returns! This was clearly unattainable and the site disappeared in November 2017 after stealing an unknown amount from investors.