The cryptocurrency craze has grown exponentially over the past few years. With dozens of coins surpassing $1 billion in market cap and bitcoin in the hundreds of billions, there’s a lot of money flying around. And wherever there’s lots of money, there are plenty of criminals ready to pounce. Scammers and hackers see the cryptocurrency market as ripe for the picking and we’re seeing lots of bitcoin scams pop up.
What’s more, users are extra keen to get in on the action so they don’t miss out on the next big thing. With crazy volatility in the markets, promises of large returns don’t seem that far-fetched. Combined, these factors can lead to some poor decision-making and people falling for scams more easily.
As such, it’s hugely important to keep your wits about you when dealing with any bitcoin transactions. For example, you wouldn’t open up a bank account with an institution you’ve never heard of. Similarly, you shouldn’t hand over money to an exchange that just happened to pop up in your Facebook feed.
With a little savvy and a lot of common sense, you can navigate the cryptocurrency field as safely and securely as possible. In this post, we’ll delve into the types of scams we’ve been seeing, including plenty of real examples. This way you’ll know what to look out for to avoid falling into similar traps yourself. We’ll then provide some additional tips to help you stay safe and secure in the cryptocurrency market. Let’s jump in!
Coin exchanges offer a place for people to buy bitcoin and other cryptocurrencies in exchange for fiat currencies or altcoins. Some of the most popular exchanges include Bitstamp, Bitfinex, and Coinbase. Since the cryptocurrency field is so new, all exchanges can pretty much be considered relative newcomers. It’s therefore difficult to know who to trust based on reputation alone.
Even with the most reputable exchanges, bad things happen and people lose a lot of money, often the exchanges themselves. Here are some example situations in which people have lost money through coin exchanges.
Fake or questionable operations
Probably the worst cases are when the people behind the exchanges have negative intentions from the outset.
Igot (now Bitlio)
This exchange was reportedly running some shady operations when users complained that they could not make withdrawals. The company admitted it was struggling to pay customers but refuted scam allegations. Either way, fiat transactions were being held up leading to potential losses for many customers. A Facebook group was set up for burned customers to discuss their woes with Igot.
And when Igot became Bitlio in 2017, potential new users were warned to steer clear.
Internet Coin Exchange
This service, for which the website is still up, simply lists cryptocurrencies along with a ‘Buy’ button for each.
As mentioned, even using reputable exchanges can result in customers being scammed. This often happens when the exchange itself is attacked by cybercriminals. There have been some very high profile cases fitting this bill, but they’re not isolated situations. Unlike banks, customer deposits at bitcoin exchanges typically are not insured against theft.
Japanese-based exchange Mt. Gox was reportedly the victim of a massive hack announced in 2014. The exchange suffered reported losses of around 650,000 bitcoin and filed for bankruptcy shortly after the announcement. More than 24,000 customers lost access to their bitcoin and haven’t received anything since.
Indeed, with the mass of litigation surrounding the case, it’s unclear if and when anyone will receive anything.
More recently, another Japan-based exchange, Coincheck, fell victim to hackers. This loss involved 500 million NEM tokens. The dollar equivalent was larger than that of the Mt. Gox hack with the tokens thought to be worth almost $500 million at the time.
The EtherDelta coin exchange had to suspend its services after it was hacked and its website was taken over by a fake version. There was no bitcoin involved in this scam, but at least 308 ether tokens were stolen.
Other large exchange hacks involved Bitfloor (24,000 bitcoin), Bitstamp (19,000 bitcoin), and Bitfinex (120,000 bitcoin).
Pump and dump scams
The ‘pump and dump’ scam doesn’t necessarily involve exchanges themselves, but rather customers of particular exchanges. These schemes have long been used in the stock market and involve organized stock promotion followed by a dumping once it has reached a desired target value.
A Business Insider investigation reportedly uncovered these scams taking place on two exchanges in particular, Bittrex and Yobit. Typically a group of users will select a relatively unknown coin and agree to invest in it. The hope is that others will see the resulting spike in value and follow suit, driving up the price of the coin even further. The ‘pumpers’ then dump their tokens, leaving the second wave of investors with losses.
Bittrex issued a warning to users in December 2017 to be wary of such scams. Groups with names like “Crypto4pumps and Bigcryptopumps” apparently use private Telegram apps to facilitate the schemes. Bittrex lists almost 300 different coins and tokens, some of which could be easily manipulated with enough investors on board.
The Business Insider article mentioned above reported that it found pump and dump schemes for five coins in two weeks alone. All of them were orchestrated on the Bittrex and Yobit exchanges. Indeed, a quick Google search of “pump and dump yobit” will lead to a plethora of forums where more people are looking to get in on the action. You’ll even find bots being marketed for Bittrex, Yobit, and other exchanges, that supposedly enable people to participate in schemes automatically.
Cloud mining companies
Bitcoin mining is the process by which bitcoin transactions are verified and new bitcoins are released into the network. It is carried out by miners who contribute their computational power to the network in the hopes of earning the newly released bitcoin as a reward.
These days, mining requires a lot of computational power and energy input. As such, it’s fairly difficult for the average person to get started with (and make profitable). Instead, people are investing in large mining companies, or using cloud mining services in an attempt to turn a profit.
There are definitely reputable companies in the mining industry, but others have been exposed as fraudulent. What’s more, even the good guys aren’t immune to scammers themselves.
Fraudulent mining companies
Investing in mining operations or cloud mining involves putting a huge amount of trust into those running the show. Unfortunately, there are plenty of people out there willing to cash in on this trust.
US-based firm, Mining Max raised around $250 million from investors for an ethereum mining operation.
Korean prosecutors reportedly filed charges against individuals involved with the company including fraud and embezzlement. This has prompted the company to post this popup on their site:
It’s alleged that most of the $250 million raised was pocketed, with only around $70 million actually having been spent on the operation.
Josh Garza, CEO of GAW Miners and other troubled mining companies pleaded guilty to $9 million in fraud in July of 2017. His companies reportedly routinely made false claims about their products and business dealings, including selling more hashing power to cloud mining customers than was actually available.
Hacked mining services
Coin exchanges certainly aren’t the only entities vulnerable to hackers. Legitimate mining companies have felt the weight of losses due to breaches in their systems.
NiceHash enables users to sell computer power or buy hashing power.
A December 2017 security breach saw hackers steal around 4,700 bitcoin, worth almost $70 million at the time.
Since computational power is the main resource involved in cryptocurrency mining, it makes sense that it’s now a hot commodity for thieves to get their hands on. Enter malicious crypto-mining, or “cryptojacking,” where hackers exploit users’ computational power through malware. The malware is typically spread by a trojan virus, making a user’s computer part of a larger botnet that combines the computational resources of several victims to mine bitcoin.
The “Digmine” malware is designed to mine monero (a private alternative to bitcoin) for its creators. It spreads via the desktop version of Facebook Messenger within the Chrome browser and is disguised as a video file.
WannaMine uses the leaked NSA exploit, EternalBlue, to hijack computers for mining cryptocurrency. It can infect systems in various ways, including through a clickable link or targeted remote access. While it can be hard to detect since it’s fileless, it has been reported to make some computers inoperable for days.
In talking about bitcoin scams, we’ve mentioned scams involving various other cryptocurrencies. Indeed, there are currently more than 1,500 different cryptocurrencies in circulation, many having been introduced in Initial Coin Offerings (ICOs).
An ICO is a bit like crowdfunding for new coins. The main difference here is investors typically expect a return when funding an ICO. An ICO can also be compared to a company’s Initial Public Offering (IPO) , with the big difference being that the coin isn’t actually worth anything until people start perceiving its value.
Investors are persuaded with whitepapers detailing things like the security features of the network and the potential application of the cryptocurrency. They’ll then hand over fiat or cryptocurrency in exchange for coins (often referred to as tokens).
With $3.5 billion raised from ICOs last year, this is big business. There has been a lot of somewhat negative press surrounding ICOs, including news of China banning them completely and other countries regulating them. Despite this, ICOs don’t seem to be going away.
The biggest one to date is underway right now, with Telegram reportedly on its way to raising more than $1 billion for an ICO. Forbes is actually calling the Telegram ICO a scam, orchestrated to help the company cover its bills, but this doesn’t seem to be deterring investors.
One of the most well-known scams in the world of ICOs is the exit scam. It is similar to the pump and dump scam we talked about earlier, but in this case, it’s usually the creators manipulating the value for the sole purpose of off-loading. Startups create a lot of hype around their new cryptocurrency, driving up the value of the tokens. The creators typically hold a large portion of the tokens and simply dump it when the value is up. The value then plummets, leaving investors with worthless tokens.
During the period between its launch in August 2017 and its suspension in December 2017, the Plexcoin ICO accrued $15 million in investments. However, assets were frozen and founder Dominic Lacroix was charged after being accused of defrauding investors by making false claims and promises than could not be delivered upon.
The Benebit ICO platform made promises of creating a currency for customer loyalty. In reality, creators took off with somewhere between $2.7 million and $4 million. An estimated $500,000 was put into marketing the ICO. So it’s not surprising that investors were fooled, as well as ICO review sites that had lots of positive things to say about Benebit.
This just goes to show that no matter how professional a platform looks, it could still be a scam.
The creators of ICOs are not always the ones at fault during a scam. There have been reports of investors being robbed by hackers impersonating admins for ICO sales.
While the Seele ICO is reportedly legitimate, scammers capitalized on its reputation to steal nearly $2 million worth of ether.
The scheme involved the scammers posing as admins on the Seele Telegram channel. They got investors to “buy” tokens in exchange for ether before the sale had actually begun, and walked away with the resulting stash.
Beenest is a commission-free home-sharing platform targeting market share from Airbnb and VRBO. Its Bee Token ICO unsurprisingly garnered huge interest. Scammers took note of this and executed a scheme to dupe unsuspecting investors out of ether.
The Telegram-based phishing scam swindled would-be Bee Token investors out of an estimated $1 million worth of ether. Even after Bee Token warned users of the scam, people continued to be duped by it.
Bitcoin investment schemes
If you’ve owned bitcoin and have watched the volatility in the market, you know it would be nice to have the simple promise of guaranteed monthly returns. Indeed, this is what some investment schemes have offered customers.
While there might be some legitimate bitcoin investment funds available, there are definitely some some scam ones too. Notably, many companies have been accused of utilizing business models that resemble classic pyramid or Ponzi schemes.
One in particular was Austrian investment scheme, Optioment which reportedly stole 12,000 bitcoins from more than 10,000 victims.
This bitcoin investment fund promised customers up to 4% in weekly returns on their bitcoin inputs. In addition, it promised varying levels of commission when you referred other customers to the scheme. Unsurprisingly, the case is being investigated as a suspected pyramid play.
From its January 2017 beginnings, BitConnect’s operations were considered suspicious. The exchange and lending service was thought by many critics to resemble a Ponzi scheme. It offered seemingly undeliverable interest rates as well as a referral system. Users would have to buy BitConnect’s own currency in exchange for bitcoin and then use this within the platform.
The company shut down at the beginning of 2018 after receiving several cease and desist orders from regulators.
OneLife is a cryptocurrency investment scheme that is widely believed to be a Ponzi scheme. It has amassed a large following with promises of apparently bogus returns. Officials and regulators worldwide have been attempting to crack down on this scheme, including in India, Italy, Bulgaria, and Germany.
It is unclear how much has been invested in the scheme in total but during a related investigation, Indian authorities uncovered more than $3 million, although a further sum of over $11 million was transferred before it could be seized.
South Korean ponzi scheme
In November 2017, seven individuals were arrested in South Korea for a $38 million bitcoin ponzi scheme that targeted beginner investors. With promised monthly returns of 200%, the scammers managed to take bitcoin payments from a reported 3,900 victims.
Anyone who owns any bitcoin or other cryptocurrency has to keep the keys to their stash somewhere. This is usually done by way of a wallet and as such, scams surrounding bitcoin and general cryptocurrency wallets are not uncommon.
A prime opportunity for wallet scammers is during a fork, when holders of a cryptocurrency might be issued coins of the forked currency and in need a place to keep them.
Bitcoin Gold wallet
When bitcoin gold was released in October 2017, scammers took advantage of the fact that users would be looking for somewhere to place their tokens of this new cryptocurrency. Through a website called mybtgwallet.com, they prompted users to give up their private keys for this and other coins in order to generate bitcoin gold wallets.
You can see from this snapshot from Wayback Machine that this website did not look legit, complete with spelling and grammatical errors and a questionable overall design. Nonetheless, unsuspecting users were robbed of an estimated $3.3 million worth of bitcoin, bitcoin gold, litecoin, and ethereum.
We mentioned coin ICO impersonators earlier and indeed it has happened with wallets too. Slightly altered URLs can be used to trick users into thinking a site is the real deal.
Ukrainian hacker group, Coinhoarder, used Google ads to direct people to domains impersonating legitimate wallet site, Blockchain.info. It seems like something that should have been picked up on sooner, but according to a Cisco report, hackers have stolen more than $50 million worth of cryptocurrency through the scheme.
These are not so much scams, but they are becoming more prevalent and are definitely worth being aware of, especially if you own a lot of cryptocurrency. Many people have been attacked, mugged, and even kidnapped, so that thieves can gain access to a wallet and steal some cryptocurrency. Some of these recent cases might shock you.
Moscow investor attacked
The latest major case of an attack involving bitcoin allegedly happened in Moscow. Assailants reportedly attacked a cryptocurrency investor with a knife and forced him to hand over around 100 bitcoin, worth about $1 million at the time.
UK traders attacked
It is reported that husband and wife traders were recently met with an armed gang at their Oxfordshire home. The door was kicked down and the couple were forced to transfer over their bitcoin fortune. Perhaps the most frightening aspect is that gang members reportedly kept the couple’s baby outside while the robbery took place.
US investor kidnapped
Louis Mezza was recently charged for the kidnap and robbery of his friend in an alleged case of cryptocurrency theft. Reports state that after luring his victim into a minivan, Mezza used stolen keys to enter an apartment, obtain a digital wallet, and transfer $1.8 million worth of ether.
Coin mixing services
Bitcoin transactions lack anonymity which means coins can be traced back to their original owner. One way to get around this is to use a coin mixing service. The process of coin mixing, also known as tumbling or laundering, involves the funds of multiple parties being mixed. The result is that the connection between the sender and receiver of the coins is no longer traceable.
Coin mixing services can be used legitimately to improve privacy, but they tend to be popular with criminals looking to hide illegally obtained funds. Some have been at the centre of scams.
Helix by Grams and Bitcoin Blender
These mixing services were not actually involved in this scam, but fake versions of their websites were. A site called Darknet Markets included phishing links to fake websites for Helix by Grams and Bitcoin Blender in a bitcoin mixing tutorial.
When readers went to the sites and handed over bitcoin to be mixed, they were simply putting it straight in the hands of the scammers.
The alleged BitPetite scam is more along the lines of the Ponzi schemes we talked about earlier, through the guise of a mixing service.
In September 2017, ScamBitcoin called out the scam, reporting that the company was promising unattainable daily returns of 4% to bitcoin investors, supposedly funded by its mixing operation. The Bitpetite site was gone by November 2017, but it’s unclear how much money was lost by investors during the time it was running.
Finally, let’s not forget about traditional extortion schemes. The improved privacy that bitcoin transactions offer over fiat transaction mean that it, along with other cryptocurrencies, are ideal for extortion. It has become increasingly common for criminals to request related payments in bitcoin or even more private coins, such as monero.
The infamous WannaCry ransomware attack launched in July 2017 and infected computers across the globe. Files were encrypted and hackers would only give them back in exchange for bitcoin payments. The amounts victims were charged were reportedly hundreds of dollars at a time, and hackers were thought to have walked away with more than $140,000 worth of bitcoin.
This scam is based on older techniques and even uses snail mail, but payment is requested in the form of bitcoin. The criminals involved send letters to allegedly unfaithful spouses threatening to reveal secrets if payments are not made. It’s unclear how much bitcoin, if any, perpetrators have made via this scam.
General tips for avoiding scams
As you can see, scams involving bitcoin and other cryptocurrencies are many and varied. And it’s not just beginner investors that get duped. Some of these scams are extremely well thought out and executed, to the point that anyone is vulnerable.
Even Apple co-founder, Steve Wozniak, was reportedly the victim of a bitcoin scam. He says that he sold seven bitcoin to a buyer who turned out to be using a stolen credit card, only for the transaction to be cancelled later. So, it can happen to the best of us.
Many of the scams we’ve discussed in this article are very recent and many more similar scams came before them. As long as there is perceived value in the cryptocurrency market, there will be new and likely more advanced scams popping up.
Whether you’re considering investing in some bitcoin or other cryptocurrency, or are holding onto some for now, it’s important to ensure your funds are safe and secure. Here are some tips to help you avoid being the next victim of a scam.
- Guard your private keys
- Always do your research
- Look out for common warning signs
- Don’t disclose how much bitcoin you own
- Use a VPN
- Trust your gut instinct
Guard your private keys
If someone has access to your private keys, they have access to your bitcoin. As such, those keys need to be guarded with utmost care. Yes, when it comes to using third-party wallets, you need to entrust someone else with your keys. Which is why these services should be chosen with intense scrutiny.
Always do your research
Chances are if you’re about to get get scammed, someone has been there before you. Check for authentic positive reviews about any services you’re going to use. Admittedly, it can be difficult to spot a fake review. Plus, if a scam hasn’t been exposed yet, you won’t hear anything negative. Even so, it’s worth doing as much research as you can by delving into reputable review sites and forums to see if you can spot anything amiss.
Look out for common warning signs
Some of the scams we’ve mentioned have used sophisticated and professional-looking marketing techniques. Although, if you know what to look out for, many scam sites can be simple to spot. Spelling and grammatical errors, the lack of an about page or contact information, and a fake social media presence are all red flags. Also double check links including specific spelling, as they could easily be fakes. Even if they appear at the top of a Google search, they may have simply paid to get there.
If you’re considering investing in cryptocurrencies, you need to be in-the-know. Some investors falling for the pump and dump and exit scams we mentioned earlier often go off social media tips or read price spikes as signs to get in. Learning a little more about the market before jumping in will likely save you a lot of money and stress.
Don’t disclose how much bitcoin you own
This is especially important if you happen to hold a large amount of bitcoin, or any other cryptocurrency for that matter. After all, no amount of guarding can prevent you from being held at gunpoint to hand over your keys.
Use a VPN
Using a Virtual Private Network (VPN) can help you browse privately so that no one, not even your ISP, can snoop on your activity. This prevents anyone from finding out which exchanges you use and where you keep your cryptocurrency, and keeps your credentials safe. This is especially important if you use public wifi networks to access your accounts, as these are easy targets for hackers to steal your info or use your computer for mining. A VPN is ideal for securing any wifi connection.
Trust your gut instinct
If something doesn’t feel right, just don’t do it. If it’s too good to be true, it probably is. For example, if something sounds like a pyramid scheme, it could well be a pyramid scheme, even if others are investing in it. With the skyrocketing values of bitcoin we saw last year, it’s now more believable that you can make 10% or even 100% monthly returns. But, in reality, anyone who guarantees large returns is probably doing something shady.
Disclaimer: The information in this article should not be interpreted as a recommendation to invest in cryptocurrencies. This is a risky and volatile market and anyone thinking about investing should complete their own due diligence beforehand.
“Bitcoin” by Pete Linforth licensed under 2.0 BY CCO.