Criminals behind the liquidity mining scams obscure the reality with fake applications and phony profit reporting, leaving gullible victims with empty pockets.
Threat actors are taking advantage of the hype about cryptocurrency trading. Would-be investors looking for a quick profit sometimes turn to liquidity mining, where crypto holders lend their assets to a decentralized exchange in return for rewards.
According to Chainalysis, cryptocurrency crime hit a new all-time high in 2021, with scammers taking $14 billion, up from $7.8 billion in 2020. Given that total transaction volume grew to $15.8 trillion last year, it's no wonder that cybercriminals are in love with cryptocurrency.
Cybersecurity company Sophos uncovered several liquidity mining fraud rings. Cryptocurrency and decentralized finance (DeFi), the foundation of liquidity mining, create the ideal environment for criminals to carry out their malicious activity.
"The mechanics of liquidity mining in its legitimate form provide the perfect cover for old-fashioned swindles re-minted for the cryptocurrency age," said Sean Gallagher, a senior threat researcher at Sophos.
Liquidity mining is a mechanism where crypto holders deposit their assets into the liquidity mining pools in return for rewards – interest payments or share in a cut of the platform's transaction fees. Crypto investors also receive liquidity pool tokens, representing their share of the pool.
According to Gallagher, even legitimate liquidity mining schemes are dubious, complicated, and not without risk.
"The strategies behind the investments themselves are complex, and there's no regulation beyond the 'smart contract' code embedded in the DeFi network's blockchain — code that many people can't easily interpret even when it's publicly published. There's also a shortage of reliable information for new investors on how these networks work," Gallagher said.
Despite the risks, investors dive into the liquidity mining projects, and sometimes, they turn out to be scams designed to leave crypto holders with empty pockets.
Cybercriminals, exploiting any option to rip off victims, lure would-be investors with high yields with non-existent liquidity mining schemes. To get them interested in liquidity mining, they proactively spam crypto-enthusiasts via Twitter, WhatsApp, Telegram, and other social media platforms.
After interacting with scammers via Twitter messages, Sophos' investigation team uncovered several liquidity mining fraud rings, operating primarily from China and using a mixture of fraudulent blockchain contracts, websites, and applications to raid victims’ crypto wallets while making them believe they were making daily profits.
"Criminal liquidity mining schemes, like traditional Ponzi schemes, give targets the illusion that they can pull their money out at any time — even allowing them to make withdrawals early on. But scammers will continuously urge targets to keep investing and to 'invest big' by obscuring what's really happening with fake applications, phony profit reports, and the promise of lucrative pay outs," Gallagher.
In reality, scammers gain control of investors' wallets and withdraw currency whenever they want.
"Gradually, scammers empty the wallets, all while continuing to assure targets that everything is fine, and finally cut off communications."
Sophos predicts that liquidity mining scams will continue to rise.
"It hasn't peaked. Hundreds of millions of dollars are at stake."
More from Cybernews:
Subscribe to our newsletter