Cybercriminals are using cryptocurrency scams to cheat tens of thousands of people — and sometimes walk away with their victims’ life savings.
Earlier this year, the FBI released an alert warning about a spike in crypto-related fraud. The estimated loss from crypto investment scams alone topped $2.57 billion in 2022, an increase of 183% from the previous year.
Many of those scams targeted older people. Last year, there was a 350% jump in crypto-related fraud losses suffered by people who are 60 or over.
According to Digital Silence, a boutique cybersecurity firm serving a global clientele, it’s critical for the public to understand how these scams work so they can quickly identify and shut down any attacks they encounter.
Businesses should also invest in a strong cybersecurity presence so they can determine how a loss occurred and how to prevent any recurrences.
Common types of cryptocurrency scams
Victims are typically approached through social media, dating apps, messaging or other online services, though some are contacted by phone or text. Over the following weeks and months, the threat actor tries to build a friendship with them. The scammer might pose as an old acquaintance or even pretend to be a celebrity.
The scammer promises large returns if the victim invests through their platform or service, sometimes in cryptocurrency. Once the victim begins to invest, the scammer may give them access to a fake website that shows the victim how their “investment” is performing.
To build trust, the scammer might suggest the victim invest in small amounts to show it works and then ramp up. But if the victim tries to withdraw their investment, they can’t. They may be asked to pay extra fees first. Eventually, the scammer goes silent, and the victim’s money is lost.
Liquidity mining scams
This is a newer variant of an investment scam. Crypto owners use their coins to create a “liquidity pool” that traders can use. The owners are supposed to get their original funds back, plus a share of the traders’ returns.
There are legitimate operators who offer this type of investment, but threat actors have latched onto the concept and used it to defraud victims. They usually do this by having the victims link their cryptocurrency wallets to a fraudulent app, which allows their wallets to be drained.
In some cases, scammers will pose as a government agency, a large business or the victim’s bank. The threat actors reach out with an alarming story: the victim’s accounts are frozen, they’re under investigation or they owe an outstanding payment.
Whatever the problem, the solution is always cryptocurrency. Victims are urged to send a direct payment to resolve the matter. Or they’re told to put their money into a cryptocurrency wallet (which the scammers help set up) to “keep it safe.”
Like an investment scam, the threat actor will spend time building a relationship with the victim, but the end goal isn’t always for them to invest in cryptocurrency. Sometimes it is, but not always. In some cases, the scammer asks for direct payment.
Tips for avoiding cryptocurrency scams
- Beware of anyone promising massive investment returns quickly.
- No legitimate government agency or business will ever contact you and insist that you send a payment to them in the form of cryptocurrency.
- Don’t invest money on the recommendation of anyone that you’ve only met online. Keep in mind: The scammer may never actually ask you to send money. With investment scams, the bad actor spends so much time talking up the opportunity that victims often ask if they can get involved.
- Don’t share any personal information with people you’ve only met online. These types of scams run on social engineering, so every piece of information you give the threat actors is another tool they can use against you.
- If you’ve already invested in a scam, don’t pay any extra fees to withdraw your money. They have no intention of paying out.
- Beware of services that promise to recover lost funds. These have become a secondary type of scam.
How to respond to cryptocurrency scams and fraud
Alert the authorities
If a crypto-related scam has occurred, victims are encouraged to report the incident to the FBI’s Internet Crime Complaint Center or the nearest FBI field office.
Investigators will ask for transaction details, such as cryptocurrency addresses, the amount and cryptocurrency type involved, date and times, and transaction ID (or hash). Your IT team or cybersecurity contractor should be able to help you gather the necessary information.
Investigators may also want to know any names, emails, websites, applications or phone numbers used by the scammer, as well as the messages they sent. The authorities might ask how you originally connected with the scammer and try to create a timeline of how the crime occurred.
Investigate and remediate
Your cybersecurity team should perform a digital forensics review to determine how the scam happened — for example, maybe one of your computers was breached, allowing for a cryptocurrency wallet to be emptied. Your team can also tell you if bad actors have installed crypto-mining apps on your network.
Your team may also be able to determine where the money went and if it’s connected to any known groups of threat actors. They can provide expert testimony to legal counsel or law enforcement, too, and provide evidence of a loss to your insurer if necessary.
Being victimized by a crypto scam can be frustrating, but you do have options. Contact us today to learn how our digital forensics experts can help.