Ever since its introduction more than a decade ago, Bitcoin has attracted the attention of investors and hucksters alike, more the latter than the former. The cryptocurrency ecosystem is characterized by thin liquidity and few institutional investors. But it is also rife with criminals and scammers.
Bitcoin scams have followed the ebb and flow of the cryptocurrency’s price patterns. As Bitcoin prices crested, the number and frequency of such scams increased and more criminals used it for transactions. Their numbers fell as prices cratered, the number of transactions on its network declined, and it became an unattractive investment option.
The nature of scams occurring on Bitcoin’s network has also paralleled the development of its infrastructure. Bitcoin’s earlier blockchain infrastructure was primitive; it frequently broke down as the number of transactions on its network multiplied. At that time, illicit activities in Bitcoin’s ecosystem reflected its use cases, with the cryptocurrency mostly used for transactions such as drug purchases on the dark web.
The 2017 rise in prices changed the nature of scams occurring within Bitcoin. Initial coin offerings (ICOs) were the latest craze, and ICO scams mostly levered off mainstream media conversation about Bitcoin. They provided prospective investors with a chance to invest in a new industry that promised exponential returns. What they didn’t mention was that such offerings were largely unregulated by the Securities and Exchange Commission (SEC).
In recent years, as Bitcoin has become more mainstream and attracted the attention of institutional investors, hackers have shifted their strategies to targeting cryptocurrency wallets. For example, crypto wallet theft scams have become more common. Phishing is an especially popular method for hackers to steal user-key information for cryptocurrency wallets.
As counterintuitive as it may sound, scams in Bitcoin’s network are necessary for its evolution because they identify vulnerabilities in its system. The continued attention of investors on Bitcoin means that it is likely that scams and frauds associated with Bitcoin and the larger cryptocurrency ecosystem will likely become more sophisticated in the future.
Here is a rundown of five important Bitcoin scams that have infiltrated its ecosystem in recent years.
Exchange and Wallet Hacks
Previously, cryptocurrency exchanges were the main sources of crypto wealth for hackers. Now, hackers have directed their attention to other areas, such as online crypto wallets, as well. One of the biggest such hacks occurred in June 2020, when hackers stole 1 million customer email addresses by breaching the email and marketing databases for Ledger, a France-based crypto wallet company. They also stole personal details for 9,500 customers and published 242,000 of the customer email addresses on a website for hacked databases. At the end of 2019, cryptocurrency exchange Poloniex suffered a similar breach and had to email its customers asking them to reset their passwords.
Social Media Scams
Social media has become a powerful force in mainstream society. Its rise has paralleled Bitcoin’s increased visibility in the media. And so, it is not surprising that hackers are using social media’s reach to target Bitcoin holders. They have taken to creating fake social media accounts to solicit Bitcoin from followers or directly hacking popular Twitter accounts.
Perhaps the most famous instance of this occurred in July 2020 when Twitter accounts belonging to famous individuals and companies were hacked. Some of the compromised accounts belonged to tech entrepreneurs Elon Musk and Bill Gates, investor Warren Buffett, boxer Floyd Mayweather, and companies such as Apple and Uber.
Hackers gained access to Twitter’s administrative console and posted tweets from these accounts, asking their followers to send money to a specified blockchain address. They promised that user funds would be doubled and sent back as a charitable gesture. According to reports, 320 transactions occurred within minutes of the tweets being posted.
Twitter is not the only social media platform afflicted by Bitcoin scams.
Video-sharing platform YouTube has suffered a similar problem. In July 2020, Apple co-founder Steve Wozniak filed a lawsuit against Google because his conversations regarding Bitcoin were featured in cryptocurrency giveaway scam videos.
Such videos also promised to double crypto amounts for users who promised to send their coins to a blockchain address mentioned in the video.
Seventeen other individuals have also filed a lawsuit against YouTube because they were duped by cryptocurrency giveaway videos.
Social Engineering Scams
Social engineering scams are scams in which hackers use psychological manipulation and deceit to gain control of vital information relating to user accounts.
Phishing, for example, is a widely used social engineering scam by which hackers send emails linking their targets to a fraudulent website specially created to solicit important details, such as bank account information and other personal details.
Within the context of the cryptocurrency industry, phishing scams target information pertaining to online wallets. Specifically, hackers are interested in crypto wallet private keys, which are the keys required to access funds within the wallet. Their method of working is similar to that of many standard scams. An email is sent leading holders to a specially created website that asks them to enter private key information. When the hackers have acquired this information, they can steal the Bitcoin and other cryptocurrencies contained in those wallets.
Another popular social engineering method used by hackers is to send Bitcoin blackmail emails. In such emails, hackers claim to have a record of adult websites visited by the user and threaten to expose them unless they share private keys.
The best way to stay safe from phishing scams is to avoid clicking on links in such emails or verify whether the email address actually belongs to the said company by calling them up or checking the email syntax. For example, users should check whether the linked web address is encrypted (i.e., its URL begins with HTTPS).
Visiting unsecured websites is a bad idea.
ICO scams proliferated at the height of cryptocurrency mania in 2017 and 2018. After an intense SEC crackdown, the frequency of such scams has decreased.
However, they refuse to die out completely. As recently as late 2019, the federal agency was continuing its crackdown against such scams.
There are several ways by which scammers can separate investors from their Bitcoin with an ICO scam. One popular method is to create fake websites that resemble ICOs and instruct users to deposit coins into a compromised wallet.
In other instances, the ICO itself may be at fault. For example, founders could distribute tokens that flout U.S. securities laws or mislead investors about their products through false advertising.
The most famous example is that of Centra Tech—an offering that was backed by several celebrities, including boxer Floyd Mayweather and musician DJ Khaled.
When a regulatory agency catches them, the promoters and founders of such offerings are penalized. Some may even face prison time.
DeFi Rug Pulls
DeFi rug pulls are the latest type of scams to hit the cryptocurrency markets. Decentralized finance or DeFi aims to decentralize finance by removing gatekeepers for financial transactions. In recent times, it has become a magnet for innovation in the crypto ecosystem.
But the development of DeFi platforms is beset with its own problems. Bad actors have made away with investor funds via such avenues.
This practice, known as a rug pull, has become especially prevalent as DeFi protocols have become popular with crypto investors interested in magnifying returns by hunting down yield-bearing crypto instruments.
Smart contracts that lock in funds for a specified period of time are the most popular method for programmers to steal funds.
When the contract expires or reaches a previously set threshold limit, developers generally use programming functions to steal Bitcoin from it.
In December 2020, a group of pseudonymous developers stole $750,000 worth of Wrapped Bitcoin (WBTC), ether, and a bunch of other cryptocurrencies from Compounder Finance, a DeFi platform. The project promised compounded returns to investors for depositing their crypto into a time-locked smart contract, or a smart contract that would be executed only after a specified time.
But investors allege that developers had built a “back door” into the system and made away with funds before the smart contract expired.