Ever since its introduction more than a decade ago, Bitcoin has attracted the attention of investors and hucksters alike, more of the latter than the former. The cryptocurrency's ecosystem is characterized by thin liquidity and few institutional investors. But it is rife with criminals and scammers.
Bitcoin scams have followed the ebb and flow of the cryptocurrency’s price patterns. As Bitcoin price crested, the number and frequency of such scams increased and more criminals used it for transactions. Their numbers fell as prices cratered, number of transactions on its network declined, and it became an unattractive investment option.
The nature of scams occurring on Bitcoin’s network has also paralleled development of its infrastructure. Bitcoin’s earlier blockchain infrastructure was primitive; it frequently broke as the number of transactions on its network multiplied. At that time, illicit activities in Bitcoin’s ecosystem reflected its use cases, with the cryptocurrency mostly being used for transactions such as drug purchases on the dark web.
- The nature of Bitcoin scams has changed as the cryptocurrency's infrastructure and investor base has evolved.
- Bitcoin investors can increase their odds for success by identifying common scams, such as Ponzi schemes, fake ICOs, and fraudulent exchanges.
- Some scams, such as ICO scams, remain the same but there are other, novel forms, such as social media and social engineering scams.
The 2017 rise in prices changed the nature of scams occurring within Bitcoin. Initial Coin Offerings (ICOs) were the latest craze and ICO scams mostly levered off mainstream media conversation about Bitcoin. They provided prospective investors a chance to invest in a new industry that promised exponential returns. What they didn’t mention was that such offerings were largely unregulated by the Securities and Exchange Commission (SEC).
In recent years, as Bitcoin has become more mainstream and attracted the attention of institutional investors, hackers have shifted strategy to targeting cryptocurrency wallets. For example, crypto wallet theft scams have become more common. Phishing is an especially popular method for hackers to steal user key information for cryptocurrency wallets.
As counter-intuitive as it may sound, scams in Bitcoin's network are necessary for its evolution because they identify vulnerabilities in its system. The continued attention of investors on Bitcoin means that it is likely that scams and frauds associated with Bitcoin and the larger cryptocurrency ecosystem will likely become more sophisticated in the future.
Here is a rundown of important Bitcoin scams that have dotted its ecosystem in recent years.
Exchange and Wallet Hacks
Previously cryptocurrency exchanges were the main sources of crypto wealth for hackers. Now hackers have directed their attention to other places, such as online crypto wallets, as well. One of the biggest such hacks occurred in June 2020, when hackers stole 1 million customer email addresses by breaching the email and marketing databases for Ledger, a France-based crypto wallet company. They also stole personal details for 9,500 customers and published 242,000 of the customer email addresses on a website for hacked databases. At the end of 2019, cryptocurrency exchange Poloniex suffered a similar breach and had to email its customers asking them to reset their passwords.
Social Media Scams
Social media has become a potent and powerful force in mainstream society. Its rise has paralleled Bitcoin’s increased visibility in media conversations. And so, it is not surprising that hackers are using social media's reach to target Bitcoin holders. They have taken to creating fake social media accounts to solicit Bitcoin from followers or directly hacking popular Twitter accounts.
Perhaps the most famous instance of this occurred in July 2020 when Twitter accounts belonging to famous individuals and companies were hacked. Some of the accounts that were compromised were those belonging to tech entrepreneurs Elon Musk and Bill Gates, investor Warren Buffett, boxer Floyd Mayweather Jr., and companies like Apple and Uber.
Hackers gained access to Twitter’s administrative console and posted tweets from these accounts, asking their followers to send money to the specified blockchain address. They promised that user funds would be doubled and sent back as a charitable gesture. According to reports, 320 transactions occurred within minutes of the tweets being posted.
Twitter is not the only social media platform afflicted with Bitcoin scams. Video sharing platform YouTube has a similar problem. In July 2020, Apple co-founder Steve Wozniak filed a lawsuit against Google because his conversations regarding Bitcoin were being featured in cryptocurrency giveaway scam videos. Such videos also promised to double crypto amounts for users who promised to send their coins to a blockchain address mentioned in the video. Seventeen other individuals have also filed a lawsuit against YouTube because they were duped by cryptocurrency giveaway videos.
Social Engineering Scams
Social engineering scams are scams in which hackers use psychological manipulation and deceit to gain control of vital information relating to user accounts. Phishing is widely used in social engineering scams. In phishing, hackers send an email to targets with fraudulent links to a website specially created to solicit important details, such as bank account information and personal details, from their targets.
Within the context of the cryptocurrency industry, phishing scams target information pertaining to online wallets. Specifically, hackers are interested in crypto wallet private keys, or keys required to access funds within the wallet. Their method of working is similar to that of standard scams. An email is sent to wallet holders that leads to a fake website specially created to ask users to enter private key information.Once the hackers have this information, they can steal Bitcoin and other cryptocurrencies contained in those wallets.
Another popular social engineering method used by hackers is to send Bitcoin blackmail emails. In such emails, hackers claim to have a record of adult websites visited by the user and threaten to expose them unless they share private keys.
The best way to stay safe from phishing scams is to avoid clicking on site links in such emails or verify whether the email address actually belongs to the said company by calling them up or checking the email syntax. For example, users should check whether the linked web address is encrypted (i.e., it contains the https syntax). Visiting unsecured websites is a bad idea.
ICO scams proliferated at the height of cryptocurrency mania in 2017 and 2018. After an intense SEC crackdown, the numbers of such scams have decreased. However, they refuse to die out completely. As recently as late 2019, the federal agency was still continuing its crackdown against such scams.
There are several ways in which scammers can separate investors from their bitcoin in an ICO scam. One popular method is to create fake websites that resemble initial coin offerings and instruct users to deposit coins into a compromised wallet. In other instances, the ICO itself may be at fault. For example, founders could distribute tokens that flout U.S. securities laws or mislead investors about their products through false advertising.
The most famous example is that of Centra Tech – an offering that was backed by several celebrities, including boxer Floyd Mayweather and musician DJ Khaled. Once the agency catches hold of them, the promoters and founders of such offerings are penalized. Some may even face prison time.
DeFi Rug Pulls
DeFi Rug Pulls are the latest type of scams to hit the cryptocurrency markets. Decentralized Finance or DeFi aims to decentralize finance by removing gatekeepers for financial transactions. In recent times, it has become a magnet for innovation in the crypto ecosystem.
But the development of DeFi platforms is beset with its own set of problems. Bad actors have made away with investor funds at such venues. This practice, known as a rug pull, has become especially prevalent as DeFi protocols have become popular with crypto investors interested in magnifying returns by hunting down yield-bearing crypto instruments.
Smart contracts that lock in funds for a specified period of time are the most popular method for programmers to steal funds. Once the contract expires or reaches a previously-set threshold limit, developers generally use programming functions to steal Bitcoin from it.
In December 2020, a group of pseudonymous developers stole $750,000 worth of Wrapped Bitcoin (WBTC), ether, and a bunch of other cryptocurrencies from Compounder Finance, a DeFi platform. The project promised compounded returns to investors for depositing their crypto into a time-locked smart contract or a smart contract that would be executed only after a pre-specified time. But investors allege that developers had built a "back door" into the system and made away with funds before the smart contract expired.