Cryptocurrencies have soared in popularity over the past year, fuelled by celebrity endorsements and eager investors. Unfortunately, the scammers have noticed.
Cryptocurrency scams in the UK have more than doubled over the past year. There were a record 720 identified in January alone, equivalent to about 23 a day, according to Action Fraud, a British reporting centre for fraud and cybercrime.
This is likely just the tip of the iceberg. Between October 2020 and May 2021, the number of bogus investment opportunities grew 12 times over, with almost 1,000% more in reported losses than in the same period one year earlier, the US Federal Trade Commission (FTC) says.
Worse still, a Bank for International Settlements report in 2018 found that a quarter of all initial coin offerings (ICO) could be fraudulent, based on data gleaned from newspapers, white papers and if its website was discontinued after the ICO. So prevalent has the problem become that the UK’s Financial Conduct Authority has told investors buying cryptocurrency that they should be “prepared to lose all their money”, with similar warnings coming from other global regulators.
“There has been exponential growth in cryptocurrency-related fraud in recent years,” says Sam Tate, head of white-collar crime and partner at international law firm RPC. Their freedom of information request to the FCA revealed that investigations into unauthorised cryptocurrency businesses had risen to 52 in 2019/20 from zero in 2016/17.
“It’s the type of risk everybody should be worried about, whether a small investor or a giant bank,” adds Tate.
An international issue
Fraud isn’t confined to one or two countries; it has become a global business, ranging from state-authorised hackers to international criminal gangs.
“National boundaries aren’t respected when it comes to cryptocurrency fraud,” says Tate. “It makes it even more difficult to track and tackle the problem.”
The classic cryptocurrency fraud is the investment scam, where investors are targeted by criminals offering the lure of a get-rich-quick scheme that is in reality a Ponzi scam. Using fake websites, mobile apps, scam emails and social media advertising that enable them to go under the radar, they trick investors into handing over their money with the promise of eye-watering returns, which never transpire.
There are various variations on this common scam. They include fake social media accounts, where scammers impersonate celebrities to encourage investors to participate in fraudulent investment schemes. For example, the accounts of high-profile Twitter users – including those of Barack Obama, Elon Musk and Joe Biden – were recently hacked, offering giveaways aimed at duping followers into investing in a fake Bitcoin scheme. Other examples include two-for-one scams that promise investors they can double their money by sending their cryptocurrency to a wallet, from which it is then stolen.
Then there are exchange hacks – where criminals exploit vulnerabilities on exchange platforms to steal funds – and rug pulls, in which cryptocurrency developers list a token, encourage parties to invest and then run off with and exchange the tokens for a more stable currency like bitcoin or fiat. Other popular tactics employed by fraudsters include setting up an exchange to take investors’ money, which then can’t be withdrawn.
Some even use phishing to access and take over an investor’s wallet before stealing their data and credentials. This could be achieved through a SIM swap attack, “where fraudsters manage to trick the customer support staff of cellphone operators into giving them control of someone else’s phone number”, says Mriganka Pattnaik, CEO and co-founder of blockchain transaction company Merkle Science.
Alternatively, the scammers might turn to fake messages that appear to come from trusted businesses, says Pattnaik: “The messages will convince users to visit a link that they control and enter their login credentials, which are then stolen.”
Fraudsters look to take advantage
In all these scams, the investor will often never see their money again. And by the time they realise what has happened, the fraudsters are long gone.
“Like any new asset class with the potential for high returns, there is the risk that fraudsters will try to take advantage of it,” says Tony Lewis, a partner in the dispute resolution team at law firm Fieldfisher. “At the same time, cryptocurrency is unregulated, so it’s easier for fraudsters to exploit than traditional bank accounts and other authorised investment schemes.”
The problem has been exacerbated by the rise in older investors trying to get a better return on their investment. The number of over-55s buying cryptocurrency tripled between 2019 and 2020, according to the FCA. The elderly and vulnerable are easy prey for old-fashioned telephone scams, too. In total, £113m was lost to cold callers and other criminals promoting fraudulent cryptocurrency investments last year alone, according to data seen by the Investors’ Chronicle.
Even more experienced investors have been stung. Apple cofounder Steve Wozniak lost the equivalent of $70,000 (£50,000) when fraudsters bought seven bitcoins from him using a stolen credit card, which they later cancelled.
Because criminals operate often undetected, law enforcement agencies and financial watchdogs have been largely powerless to prevent many of these scams or otherwise overwhelmed by the sheer volume of cases. And because courts were operating well below capacity during the Covid pandemic, there is a huge backlog of cases waiting to be processed.
Authorities attempt to crack down on crypto fraud
But there have been some successes, notably when the FTC obtained a settlement against a scheme named the Bitcoin Funding Team, recouping almost $500,000 (£355,000) in investors’ money. The scheme’s promoters had falsely promised that participants could earn large sums of money by paying cryptocurrency to enroll in a chain referral scheme, but never delivered.
Tate thinks there needs to be an advertising campaign by authorities on the risk associated with cryptocurrencies. A more joined-up approach between regulators to tackling the problem is also required, he adds.
“They must target the kind of people who are likely to be interested in and invest in these types of schemes,” says Tate. “The UK’s National Crime Agency does a lot of advertising around this on social media, but if there was an internationally recognised kitemark of approval for some of these currencies it would go a long way to tackling the problem.”
Investors can find it difficult to distinguish reputable cryptocurrency providers and schemes from bogus ones, especially given the perception that cryptocurrency is largely safe, with retailers such as Starbucks and Whole Foods accepting bitcoin payments.
This means investors need to do their due diligence on the product and company they are investing with and where their money will be kept, relying on trusted news sources for their information, and using only recognised exchanges that give them full access to their funds.
Specialist software such as Chainalysis KYT can also be used to analyse and verify transactions, identifying illicit activity, suspicious wallets or connections to the dark web, advises Jacob Sever, cofounder and chief procurement officer of Sumsub, a verification specialist. A high risk score also highlights unreliable sources that shouldn’t be accepted, he adds.
Companies are doing their bit. Facebook and Google have both banned bitcoin adverts on their websites, while NatWest directs its mobile app users to a warning screen advising them to beware of cryptocurrency scams after receiving a record number between January and March. But there’s still a long way to go in the fight against cryptocurrency fraud.
“The key message is that investors should do their homework thoroughly beforehand,” says Pattnaik. “The general rule of thumb is if a scheme sounds too good to be true then it probably is.”