Investing
Bybit Learn
Bybit Learn
Beginner
Apr 18, 2022

7 Crypto Scams That Actually Happened (& What You Can Do to Protect Yourself)

Introduction

Decentralized finance (DeFi) has experienced tremendous growth in recent years, with crypto becoming an important part of many investment portfolios.

However, the increase in crypto adoption has also drawn unwanted attention from a malicious group of opportunists: scammers. From 2020 to 2021, losses from crypto-related scams rose 79%, with scammers stealing $14 billion in cryptocurrency in 2021 from users across the globe.

Such scams have caused investors to lose not only billions of dollars, but also their trust in the industry. In addition, these schemes have evoked feelings of doubt and fear, dissuading potential investors from making their first crypto investments.

This article explains the various types of crypto scams and provides examples of each one — with tips on how to avoid getting scammed in the first place.

What Are Crypto Scams?

Crypto “scams” refers to attempts by individuals or companies to access users' private information, such as their security codes, or deceive unsuspecting people into sending their crypto to a compromised digital wallet. They come in many different forms, on which we’ll elaborate below.

Types of Crypto Scams

Crypto scams can be compartmentalized into two main categories:

  • Aiming to acquire access to a target's physical hardware, digital wallet or authentication credentials, such as security codes.

  • Demanding cryptocurrency directly from a target through impersonation, fraudulent investment propositions, fake business opportunities, or other malicious means.

Despite this broad categorization, there are also specific types of scams that cryptocurrency users have been experiencing. The following are the main types of scams in the crypto industry.

Pump-and-Dump

Pump-and-dump scams involve a group of insiders using messaging apps or social media in order to plant rumors that a renowned mogul is supporting the digital currency in question. The aim of this setup is to lure investors into purchasing the crypto, drive up the price, and sell their stake — thus causing the value of the currency to plummet.

When the investing public purchases all of the cryptocurrency (often newly issued, with very little trading history), the insiders start selling —or “dumping” — the crypto at high prices. This move sparks a steep sell-off and a resultant profit at the expense of the duped masses.

Phishing

Phishing is a common scam in cryptocurrency. Just as with pump-and-dump, phishing isn’t restricted to digital currency. In the world of cryptocurrency, phishing means deceiving victims in order to get them to reveal sensitive details like passwords and private crypto wallet keys.

Phishing scams often take place via email, with scammers posing as an authority and asking for users' credentials. These scams are also widespread on various social media platforms.

Pig Butchering (Romance Scams)

As evocative as its name is, the consequences of “pig butchering” are very serious for its victims.

The pig butchering scam usually takes place on online dating websites. The scammer sets an attractive profile picture to attract the "pig” (victim), and then "fattens” them up over a period of time through online messaging. As the victim grows closer to the perpetrator, they begin to trust the scammer more.

Eventually, the scammer informs the victim about huge gains that they’ve supposedly made in the cryptocurrency market, and advises the victim to follow along in some of their investments. Initially, these investments seem to pay off handsomely on paper, but the money's gone as soon as it's sent. The scammer uses phony sites, duping the victim into shelling out bigger sums of money to the perpetrator’s fake account.

When the victim tries to withdraw their money, their efforts are in vain. As the "pig" — who is now fattened for slaughter — they’re left empty-handed.

The pig slaughtering scam is believed to have originated in China, and is known for its relatively long duration.

Ponzi Schemes

Ponzi schemes are named after the notorious 1920s swindler, Charles Ponzi. The basic idea of the scam hasn’t changed for over a century.

Here's how it works: A crooked broker proposes a surefire investment with guaranteed, lavish returns. Their pitch may involve a secretive strategy — or, in this case, a cryptocurrency.

In the beginning, the idea looks legit — your account balance keeps rising, and you might be able to withdraw some amount of cash. In reality, however, the crook pockets most of the money, issues phony paperwork to cover up the ruse, and uses cash from early investors to pay a little to the new ones.

As more investors come on board, the scammer finds it increasingly hard to sustain the ruse. By the time the scheme collapses, your money is long gone.

The late Bernie Madoff collected an estimated $17 billion from nearly 5,000 investors before his fraud fell apart in 2008. Almost $3 billion was never recovered.

Rug Pulls

A rug pull is a crypto scam wherein a cryptocurrency's promoters pump up a new coin to boost its price, after which they disappear with the funds. The investors are then left with a valueless token that has zero fundamentals and no future.

A rug pull often doesn't allow a non-insider owner to sell their token, as it’s coded in a manner that allows only insiders to exit.

Airdrops

Airdrop scams are prominent in decentralized finance (DeFi). They involve a phenomenon in crypto called a token airdrop, which “drops” tokens into your digital wallet as a reward for carrying out specific actions on a given crypto platform or software.

While legitimate airdropping of tokens is typically done to start and grow a grassroots community, airdrop scams are also doing the rounds.

Here's how it works: An entity airdrops a token that appears to have value into your wallet. “When you try to exchange that airdropped token for a more well-known token, you give the protocol more permissions than you realize, allowing the hacker to access all the assets in your wallet," says Alan Eschweiler, COO at Stacked, a crypto investment startup. Once that happens, your wallet is likely to be swept clean within minutes or even seconds.

Celebrity Endorsements

Scammers set up bogus celebrity accounts on Facebook, Twitter and Instagram to deceive devoted fans. These scammers then reach out to the star’s followers and ask for money under various pretexts: 

  • Exclusive tickets to meet-and-greets or private concerts

  • Supposed donations to charity (often for a cause associated with the actual celeb)

  • Processing fees for a reputed big prize giveaway

  • A “surefire investment” in the form of a “cryptocurrency deal,” supposedly from a famous business mogul

Another popular scamming tactic involves the use of a phony livestream. The scammer's fake celebrity account features a video taken from the star’s real social feed, with a message promising a hefty cash prize to the first, say, 500 or 1,000 people who identify something hidden in an optical illusion or comment with a specific phrase. Respondents to such prize offers then receive a direct message requesting their crypto wallet keys and other personal data to facilitate the supposed payment. With the information collected, the scammer accesses and steals the victim's crypto assets.

Wash Trading

Wash trading means a sale in which a trader sells an asset and then repurchases it at or around the time of the sale, in an attempt to influence the price or manipulate trading activity on a particular asset.

There are various motivations for a trader or company to engage in wash trading:

  • To spur buying activity and send prices higher

  • To encourage selling and drive prices lower

  • To lock in a capital loss and purchase the asset on a lower cost basis, seeking a tax rebate

Despite the many possible motivations, the core intent of wash trading is to mislead people and boost perceptions of the price and volume of an asset that’s being traded.

Traditional Hacking and Theft

Most users consider the blockchain to be extremely secure since it’s inherently unalterable. Therefore, many have dubbed it as “unhackable.” Unfortunately, recent incidents have indicated that hackers can access blockchains in some situations.

During verification, “miners” review transactions to ensure that they’re genuine. If one or more hackers gains control over at least half the mining process, the consequences could be dire. For example, scammer miners can create a duplicate version of the blockchain, called a fork, where some transactions aren't reflected. Miners could then create a completely different collection of transactions on the fork, and make it seem like that’s the true version of the blockchain, despite its fraudulent nature. Hackers could also double spend cryptocurrency from the fork.

At times, there may also be errors or security glitches during the creation of the blockchain, especially with larger or more intricate blockchains. In such cases, hackers can identify the vulnerabilities and plan an attack to get in easily. Since the fraudulent activity isn’t reflected, hackers can steal money from users without being detected. Unfortunately, due the unalterable nature of blockchain transactions, the only way to retrieve stolen money is to create a fork that is recognized by all users as the authoritative blockchain.

If the security practices surrounding a cryptocurrency exchange are weak, hackers can steal users' assets, and even perform identity theft.

Why Are Crypto Scams So Common?

According to blockchain data platform Chainalysis, the rapid rise of decentralized finance (DeFi) is (ironically) the main factor behind the increase in cryptocurrency scams.

DeFi proposes the removal of all traditional middlemen from the financial sector, including banks and lawyers. It further suggests replacing them with a piece of code written on a public blockchain which approves and regulates all financial transactions independently.

Since the DeFi sector is still in its infancy, its infrastructure is incomplete and awaiting further development. As a piece of code that is still being refined, DeFi software is currently highly vulnerable to hackers. 21% of all hacks in 2021 took advantage of loopholes in DeFi code. While lack of third-party interference is often perceived as an advantage of DeFi, it can also pose a disadvantage, as it’s harder for regulators to stop fraud in the space.

7 Crypto Scams That Actually Happened

1) FaZe Clan

Type of Crypto Scam: Pump-and-Dump

Year: 2021

Amount Lost: $30,000

In June 2021, influencers with large follower bases like RiceGum, Sommer Ray and other members of FaZe Clan (a successful esports organization and influencer incubator) showed their support online for a new cryptocurrency called “Save the Kids” (KIDS).

The new token's website (which is now defunct) claimed that the crypto venture was helping to build a better world for children, and promised to donate a portion of the token's proceeds to charity. 

Many fans "pumped" money into this charitable crypto scheme, believing that their investment was safeguarded by the high profile of the influencers endorsing it. The result? Their money disappeared almost overnight.

Amid a growing number of online accusations, FaZe Clan fired one member, and suspended three others who were involved with the scam.

Lessons Learned

  • Irrespective of who’s endorsing a new crypto, ensure that you do your own research before investing.

  • Even if it seems to be for a good cause, always be skeptical about new projects for which little or no information is available.

2) Celsius Networks

Type of Crypto Scam: Phishing

Year: 2021

Amount lost: Undetermined

In the early hours of April 14, 2021, many users of Celsius Network, a reward-earning cryptocurrency platform, started reporting that they had received a suspicious email.

The email looked like it was a legitimate one from Celsius. It announced the launch of the much-anticipated "Celsius Web Wallet" with an offer of $500 in CEL for users who followed the included promo link.

However, some attentive users realized that the link led them to "celsiuswallet.network" instead of "celsius.network," the official company domain, indicating that something wasn't right. Celsius has always made it clear that they do not have any other official domain.

Unfortunately, as the destination page looked just like the legitimate company page, many users went ahead to claim the offer and submit sensitive information. Soon after, there were reports of users who had lost their crypto balance, and many others who said they had received the same phishing emails and SMS messages linking to the same fraudulent page.

Lessons Learned

  • Always stay on guard when you receive emails and messages from crypto platforms, as they might not be from the real platform owners.

  • Check the platform’s official site to confirm details of the email or message before deciding to give away any information.

  • Even if the offer is exciting and sounds like a unique opportunity, take a step back and review it from a fresh perspective — something you previously missed might come to light.

  • Pay attention to the finer details and do not proceed if anything seems to be amiss.

3) Tennessee Romance Scam

Type of Crypto Scam: Pig Butchering

Year: 2021

Amount Lost: $390,000

A Tennessee woman reported losing $390,000 that belonged to herself and her father after falling for a crypto dating scam.

24-year-old Nicole Hutchinson sold the house that she had inherited from her mother and split the proceeds with her father. The $280,000 she inherited was meant to go toward building a life in California and helping her family.

In an attempt to make new friends before shifting to California, Nicole started using Hinge, an online dating website. On Hinge, she met a man named "Hao," and they soon became friends. Hao told her that he came from the same town in China from which she had been adopted, leading to a strong connection. He also told her he was into investing in cryptocurrency and suggested that she could also invest. 

Hao suggested that she create an account onCrypto.com, a legitimate site. He then sent her a link and asked her to transfer her money to the new link, which he claimed was a cryptocurrency exchange platform.

Though she started with small amounts, she soon began investing more money. As her account started reflecting the “profits” she had made, she suggested that her father also start investing, so he did. 

By December, their accounts indicated a combined balance of $1.2 million, and Hutchinson decided to cash out. At that point, the site told her that she would have to pay a hefty "tax bill" of roughly $380,000 before she could withdraw her money. That's when she discovered that all her cryptocurrency investments weren't real, and all the funds belonging to her and her father had gone into the scammer's pocket.

Lessons Learned

  • Always check the credentials of anyone providing crypto investment advice online.

  • Do not make financial decisions based on perceived emotional connections — especially over the internet.

  • Do not invest all of your money in crypto assets. Put only 1% of your portfolio and 2–5% of your net worth into crypto. Only invest what you are prepared to lose, as the crypto market is highly volatile, and you won’t feel the pinch as much if ever you fall victim to a scam.

4) OneCoin

Type of Crypto Scam: Ponzi Scheme

Year: 2014—2019

Amount Lost: $5.8 billion

OneCoin is known as the longest-running Ponzi scheme in the crypto industry. It was founded by Ruja Ignatova, aka Cryptoqueen, a Bulgarian fraudster. Between 2014 and 2019, OneCoin lured many investors, defrauding them of $5.8 billion by marketing OneCoin as the hottest innovation in the crypto industry — a "Bitcoin Killer." 

This "business venture" was concealing a multi-level marketing scheme that compensated members with OneCoin and cash for onboarding new investors.

The issue was not the marketing strategy, but rather that Onecoin didn’t even have a blockchain of its own. Therefore, when investors bought or received OneCoin, they were ending up with a worthless coin that wasn't backed by an accepted digital asset technology.

Eventually, the U.S. government cracked down on the company's operations and leveled charges on its leaders after many years of warning investors against investing in Onecoin. By this time, however, Ignatova herself had disappeared. Her whereabouts are currently unknown, while OneCoin’s co-founder, Sebastian Greenwood, is incarcerated in the United States.

Lessons Learned

  • Don’t make an investment until you’ve read up about a project and its founders, and have read real investor reviews.

  • Thoroughly check the technical details of any crypto coin — such as its blockchain and smart contracts — before purchasing it.

  • Even though governments have no regulatory control over cryptocurrencies, pay heed to their warnings — as they might be based on reports from others who have already been scammed. Check the basis of all warnings to help yourself stay safe.

5) Squid Game

Type of Crypto Scam: Rug Pull

Year: 2021

Amount Lost: $3.38 million

SQUID is a cryptocurrency inspired by Squid Game, the South Korean series that took Netflix by storm in 2021. SQUID was said to be a token for playing a new online game inspired by Squid Game. On November 1, 2021, SQUID rose to the top of the crypto charts with a valuation of $2,861 per coin.

The SQUID coin, marketed as a "play-to-earn cryptocurrency," began trading on PancakeSwapand saw its price surging by thousands of percent. It quickly gained traction among users who believed there was an association between the crypto project and the Squid Game series.

According to the website CoinMarketCap, SQUID plummeted to $0 after peaking at $2,861. This phenomenon is commonly called a "rug pull," where crypto creators quickly cash out their coins for real money, thereby draining the liquidity pool from the exchange. Technology website Gizmodo reports that SQUID's developers made off with approximately $3.38 million.

SQUID had shown numerous signs that its initial coin offering (ICO) was a scam, including its (now disappeared) website being rife with spelling errors. CoinMarketCap had also displayed a warning to "exercise extreme caution" when buying SQUID, warning potential investors that it was probably a scam. However, mainstream news outlets like the BBC, Business Insider, CNBC, Fortune and Yahoo News continued running headlines about the new Squid Game cryptocurrency soaring by 83,000% over just a few days.

Lessons Learned

  • The price of a coin is not the only factor that establishes its credibility. One must also check the website — and be alert to seemingly minor red flags, like spelling errors or alternate domain names.

  • Crypto assets are inherently risky, so it’s important to carefully evaluate which risks are worth taking and which ones are not.

  • Choose cautiously if you’re considering an investment in a new crypto asset. If you find vastly conflicting advice about a cryptocurrency, it’s best not to invest in it.

6) OmiseGo Scam

Type of Crypto Scam: Airdrop

Year: 2017

Amount Lost: $56,781

Although the amount involved is small compared to other scams, the OmiseGo scam took place before cryptocurrency became a buzzword among members of the public.

The OmiseGo management team had planned to airdrop its token (OMG) in September 2017, but postponed it for some reason. By then, however, word had spread — the airdrop campaign had already gained a considerable amount of popularity, with interest on Twitter,Telegram, and various crypto forums.

Scammers decided to take advantage of the OMG airdrop's popularity to create fake Twitter handles and websites that would trick unsuspecting users into surrendering their private keys.

This scam was detected after about 300 Ether tokens, valued at $56,781, had already been swiped from participants.

Lessons Learned

  • No matter how exciting a new project may be, remember to wait for notifications and updates from the project’s official site and social media channels.

  • Do not submit your private keys to social media accounts that are not directly linked to the project’s official website.

7) Poly Network

Type of Crypto Scam: Hacking

Year: 2021

Amount Lost: $353 million

In August 2021, hackers stole $613 million in digital coins from PolyNetwork, a token-swapping platform. However, the hackers decided to return $260 million worth of tokens within 24 hours after a plea from the platform to do so.

Customers use the PolyNetwork for various crypto transactions — for example, transferring tokens like Bitcoin and Ethereum to the Binance Smart Chain to access a specific app.

According to Chainalysis, the attackers behind this heist stole funds in over 12 cryptocurrencies, including Ether and a variant of Bitcoin.

The hacker firmly refused to hand over the stolen crypto assets until PolyNetwork coughed up $500,000 as a reward for identifying the system vulnerability and offered him a job. Later, PolyNetwork revealed that the so-called “Mr. White Hat” had given them the private key to retrieve the funds.

Lessons Learned

  • Cryptocurrencies are relatively secure, but DeFi software is still not fully developed. Therefore, investors must only use exchanges that they trust 100%.

What Can I Do If I've Been Scammed?

If you’ve fallen prey to a crypto scam, here are the steps you should take. While there’s no guarantee that you’ll get your money back, timely reporting to authorities could help prevent more people from being scammed.

Find Your Transaction IDs (TXIDs)

Transaction IDs help investigators to “follow the money” and find out exactly where your crypto coins are moving. While investigations can be conducted without transaction IDs, knowing them will expedite any investigation and reduce possible complications.

A transaction ID (TXID) is typically a unique string of numbers and letters that represents a record of crypto movement from one address to another, also referred to as the transaction hash.

A hash identifies the date and time, sending address, receiving address, transaction amounts, fees, and more.

Depending on which exchange or wallet you’ve used, you may need to dig deeper into your transaction information to find the transaction ID.

Write Your Narrative

Preparing a clean and concise narrative of your incident helps give your case real value and color, supporting an investigator’s understanding of the way funds have flowed.

Here's some important information to include in your narrative:

  • All TXIDs

  • The private wallet, and account info (exchange X, etc.) from where you sent your crypto

  • The perpetrator’s private wallet (arbitrage account at XYZ, etc.) to which you believed you were sending your funds

  • Any details you know about the scam or scammers

Law enforcement will also usually ask for proof of ownership of the original source of the funds. You must ensure that you still have access to the accounts you had initially used to send money to the scammers.

Contact Investigators

Frauds and other suspicious activities in the cryptocurrency space should be reported to the following bureaus:

  • The CFTC (Commodity Futures Trading Commission)

  • The FTC (Federal Trade Commission)

  • The U.S. SEC (Securities and Exchange Commission)

  • In case the fraud involves blackmail or extortion, you can also approach ​​the FBI.

When you suspect or have evidence that bad actors are at play, do not forget to report the fraud to the crypto exchange involved as well.

How to Spot a Crypto Scam (Red Flags)

Here are some tell-tale signs of a crypto scam:

  • Promises to multiply your money

  • Promises of free money

  • Vague descriptions about where your money is going

  • Large social media crypto schemes

  • Contractual obligations that demand the locked holding of crypto without the ability to sell

  • Obvious misspellings and typographical errors in emails, social media posts, and other communications

  • Fake influencers, or claims of being (or having the endorsement of) a celebrity

  • Psychological manipulation, such as extortion or blackmail

Protecting Yourself from Crypto Scams

Do Your Own Research

A common mistake is rushing into an investment just because everyone else is doing it. Even if multiple sites suggest investing in a particular crypto asset, it’s always advisable to do your own thorough research (even if it's through simple Google searches), as the risks are typically high.

Don't Trust Anyone Blindly

While investing in crypto, you will encounter official crypto exchanges and projects as well as fake accounts and sites. When it comes to celebrities and influencers, it’s easy to get excited and believe DMs (direct messages) that promise good crypto returns. The golden rule is to always be skeptical about anyone and everyone. After all, it’s your hard-earned money that will be at stake if you trust the wrong person or company.

Secure Your Crypto Wallet

Since your wallet is the main storage unit for all your crypto assets, it’s important to secure your wallet with two-factor authentication (2FA) and complex passwords. It’s also essential to store your keys safely — and to avoid sharing them with anyone.

Check All URLs

While accessing crypto websites and exchanges, remember to check the URL thoroughly — especially if you hold funds on that site or are planning to move funds through that exchange. Even if a single letter or number is out of place, stop right there!

Reject Fee Offers

If a crypto offer requires an up-front fee, reject it immediately ― especially if the "offer" involves a fee to be paid in cryptocurrency. Many seemingly exciting investment opportunities in the crypto space are scams. Before you invest in anything, ensure that you check the company's website to understand how they protect their customers. You can also check reviews from other investors for clearer direction.

Closing Thoughts

The ever-increasing adoption of crypto comes with the challenge of sidestepping scammers and their heists. While there are some truly promising projects in the market, it’s safest to adhere to the old adage: “If it sounds too good to be true, it probably is.” 

If you come across a new project, take the time to do your own research, look for investor reviews, check closely for any inconsistencies or suspicious details — and pay heed to warnings from reputable sites and legal authorities. You must also take the right measures to ensure that your wallet is secured with multi-step authentication, and has strong security keys that are stored safely. Finally, never shares your private key with untrusted parties.