Crypto scamming intensifies as criminals capitalize on market rally


Price rallies in the bitcoin (BTC) and crypto markets typically yield a recurring negative consequence: the intensification of scamming, leading to losses amounting to hundreds of millions for both new and experienced crypto asset users.

According to experts, while scam-detection tools are advancing, so are the tactics of scammers, necessitating constant vigilance.

In the preceding year, data from ScamSniffer reveals that 324,082 individuals fell victim to scams, resulting in a total loss of $295 million worth of crypto assets. Notably, a single victim incurred a loss of $24 million. Moreover, within the initial two months of the current year, nearly 100,000 victims already lost $107 million.

ADVERTISEMENT

Also, in November of last year, criminals compromised an X (formerly Twitter) account belonging to Vitalik Buterin, the co-founder of the Ethereum (ETH) blockchain, and posted a malicious phishing link, which enabled access to victims' wallets, resulting in the theft of over $691,000 worth of crypto assets and non-fungible tokens (NFTs). This year, similar incidents occurred with other prominent X accounts, including the late actor Matthew Perry's account and that of MicroStrategy, a US company holding almost $14 billion in BTC at the time of writing.

Therefore, the prevalence of phishing activities appears to be on the rise.

Change in the number of phishing sites

crypto phishing
Source: ScamSniffer

"The core of most crypto scams involves persuading you to authorize a transaction that transfers your assets to a scammer," Andrew Beal, Ecosystem Lead at Forta Network, a Web3 security specialist, and former Blockchain Lead at EY, told Cybernews.

"Typically, these scams are executed through phishing attacks, where scammers use various methods to lead you to fake decentralized apps (DApps) and trick you into signing a transaction."

Beal reaffirms that as the market becomes more bullish, scam activity is expected to increase, putting unsuspecting users at risk once again.

Exponential increase

ADVERTISEMENT

Christopher Budd, Director of Sophos X-Ops at the cybersecurity company Sophos, states that over the past two years, the company has closely tracked the exponential increase in so-called "pig butchering" scams. These scams involve deceiving investors by promising high returns through fraudulent schemes, with social media platforms being key for scammers to find their victims.

"These scams are highly lucrative for the scammers and devastating for their victims. All signs point to these scams continuing to increase significantly," said Budd. In March, attorneys in the US initiated a civil forfeiture action to recover $2.3 million in crypto assets for 37 “pig butchering” scam victims.

Moreover, scammers are adapting to various trends in the cryptosphere. For example, Beal describes a common scam identified by Forta researchers as "sleepdropping."

"This scheme involves sending a fake airdrop to victims' wallets, redirecting them to a phishing site that promises tokens before draining their wallets completely," explained Beal. An airdrop refers to the distribution of free tokens as a promotional or reward mechanism.

"This scheme alone has deceived thousands of users, amassing tens of millions of dollars," Beal added.

crypto scams category
Source: 2023 October Scam Landscape in Review by Forta

As scammers seemingly run rampant, how can we identify crypto scams and protect ourselves?

According to Budd, pig butchering and liquidity mining scams often have a significant crypto element to them. However, he emphasized that the key to detecting and protecting against these scams is not specific to crypto.

"It is to use tried-and-true techniques such as ignoring unsolicited inbound communications and remembering that something that is too good to be true almost certainly is just that," stated the Director of Sophos X-Ops.

Additionally, the FBI recently published data revealing that impersonation scams are not unique to crypto and defraud thousands of individuals each year. According to the FBI, two categories of fraud reported to the Internet Crime Complaint Center (IC3), Tech/Customer Support and Government Impersonation, are responsible for over $1.3 billion in losses.

ADVERTISEMENT
crypto crime types
Source: IC3

Better detection tools

As awareness of crypto scams grows, scammers must also contend with evolving tools designed to detect their criminal intentions.

"The landscape of scam detection is undergoing significant change. Enhanced by on-chain monitoring, transaction screening may render traditional scamming methods obsolete," explained Beal.

According to him, scammers rely on funds to operate, but with tools that enable persistent tracking and improved detection across chains, they are encountering increasing difficulty in concealing their activities.

"Newly created scammer addresses are swiftly identified and blocked, representing a significant advancement in scam prevention," Beal emphasized.

However, he underscored the importance for internet and crypto users to remain extra vigilant, as the nature of crypto scams continues to evolve, with the emergence of more sophisticated on-chain scams and the prevalence of identity theft scams.

Double-edged AI

Furthermore, scammers are now experimenting with another tool that may assist in concealing their illicit intentions more successfully: artificial intelligence (AI).

According to Budd, their research has revealed that scammers "are pragmatic in their attitudes towards AI and recognize its realistic limitations very clearly." Additionally, they are utilizing AI tools in specific situations where they are most effective, such as constructing lure notes and messages.

ADVERTISEMENT

"We observed a clear example of the latter when a scammer forgot to delete the 'I am just a large language model' text in an AI-generated lure note," the expert added.

However, AI is also being utilized against scammers. Beal explains that in 2022, Forta researchers trained a machine learning model on the opcode of malicious smart contracts, or self-executing programs, enabling the model to predict a contract's potential harm.

Regardless, the responsibility for combating crypto scams on social media platforms also lies with the operators of these platforms.

"In social media, a considerable number of AI scams are undoubtedly infiltrating social networks. Although this is clearly problematic and requires awareness from all users, the solution lies entirely with the owners of these platforms," Beal concluded.