ThinkSet Magazine

Understanding Crypto Scams: When It’s Too Good to Be True

Spring 2023
Intelligence That Works

Crypto scams are on the rise. We outline what stakeholders need to know about crypto and social media scams—and offer a solution for better assessing their risk exposure

The past few years have seen an explosion in crypto-related scams: in 2022 alone, crypto investment fraud increased 183%, with losses totaling over $2.5 billion.

That’s a real problem for investors, organizations, and individuals involved with the crypto sector. A recent survey of private fund sponsors, investors, and service advisors, for instance, found that fraud was the number one concern for cryptocurrency funds in 2023—ranking higher than platform collapse, regulatory issues, exchange failures, and liquidity issues.

To fight back against crypto scams, it’s essential to first understand them. To that end, we created two infographics: the first, “Crypto Scams 101” outlines the basics contours of these scams; the second, “Spotlight on Social Media Scams” draws on proprietary BRG data analytics, machine learning models, and natural language processing to illuminate the role platforms like Twitter play in such scams.

The latter exemplifies a valuable use case for insurers and financial institutions in understanding their crypto risk exposure—for while there are relatively mature products to assess “on-chain” risk (e.g., chain and network analysis), little in the market exists to identify “off-chain” risks, like the 50% of scams that originate on social media.

By the Numbers

  • 183%: percentage by which crypto investment fraud increased in 2022
  • $2.57 billion: losses incurred by crypto investment fraud in 2022
  • ~50% of people who reported losing crypto to a scam since 2021 said that it started with an ad, post, or message on a social media platform
  • 30–49: average age of victims of crypto scams

Crypto Scams 101

Investment Scams

  • “Pump and Dump”: The scammer(s) promote a new or niche cryptocurrency that they hold in large amounts to potential investors, promising significant returns. Once the price of the coin rises as more investors buy in, the scammers liquidate their position for substantial gains and crash the price—leaving victims holding the bag.
  • “Rug Pulls”: These tend to be in the nonfungible-token (NFT) space and involve a scammer building an appealing website and putting together sample artwork with promises of a significant roadmap. They then build a community that mints the art—which at this point is “unrevealed”—with a future release date. The scammer then disappears with victims’ crypto.
  • Ponzi Schemes: Scammers use the buy-in of new investors to generate returns for themselves and/or older investors, because the product itself has no real value or cannot generate the promised returns. Eventually, the scam runs out of new members and collapses.

Phishing Scams

  • Fake Identity: The scammer impersonates a trusted figure—ranging from a celebrity to a loved one to an investment manager—to convince the target to transfer the crypto to their wallet for promising returns, then disappears with the assets.
  • Fake Support Teams: Scammers pose as employees of a legitimate cryptocurrency wallet or trading platform company to convince targets to disclose their personal credentials or other sensitive data, which they then use to steal assets.
  • Cloned Websites: These decoys allow scammers to steal credentials and other login info from users, which can then be used to steal assets from real sites—or drain users’ crypto wallets (e.g., by minting a fake NFT contract).
  • Fake Emails: Fake emails that appear to originate from a reputable source allow scammers to install malware or convince unsuspecting targets to reveal sensitive information.
  • Social Media Traps: Fake social media giveaways or personalities encourage targets to either invest in a fake cryptocurrency or click on a phishing link that compromises their personal information.

Malware Scams

  • SIM-Swap Scams: Scammers gain access to a copy of a target’s SIM card to access two-factor authentication codes that allow them to access users’ crypto accounts.
  • “Software Update” Malware: The cryptocurrency ecosystem depends on a wide range of software tools, making it easy for scammers to push a fake update that appears to perform a legitimate function. When users download the update, they actually install malware.
  • Fake Crypto Exchanges and Wallets: These fake cryptocurrency sites offer unrealistically promising crypto deals to entice users to buy through these platforms. Then scammers take the money without providing real coins and/or install malware on the user’s device.

Sources

Federal Bureau of Investigation, Internet Crime Report 2022, Internet Crime Compliant Center.  https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

Emma Fletcher, “Reports show scammers cashing in on crypto craze,” Federal Trade Commission (June 3, 2022). https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2022/06/reports-show-scammers-cashing-crypto-craze

Amanda Hetler, “10 common cryptocurrency scams in 2023,” TechTarget (April 19, 2023). https://www.techtarget.com/whatis/feature/Common-cryptocurrency-scams

Coryanne Hicks and Benjamin Curry, “5 Crypto Scams To Watch Out For,” Forbes (January 3, 2023).
https://www.techtarget.com/whatis/feature/Common-cryptocurrency-scams

Kaspersky, “Common cryptocurrency scams and how to avoid them.”
https://www.kaspersky.com/resource-center/definitions/cryptocurrency-scams