10 Types of Crypto Crimes and How to Avoid Them

Protect Your Investments

In the fast-evolving world of cryptocurrencies, knowledge is your best defense. This guide spotlights the top 10 crypto crimes threatening investors and users in 2024. From sophisticated phishing scams to elaborate market manipulation schemes, we’ll dissect each threat, providing real-world examples and actionable prevention strategies.

Why is this crucial? The 2023 Atomic Wallet hack, which saw $35 million vanish instantly, is just one stark reminder of the risks. As crypto adoption grows, so does the ingenuity of cybercriminals. Whether you’re a seasoned trader or a crypto novice, understanding these threats is essential for safeguarding your digital assets.

Arm yourself with the knowledge to identify, avoid, and combat these crypto crimes. Your financial security in the digital age depends on it.

10 Types of Crypto Crimes

1. Phishing Scams

Phishing remains one of the most prevalent, very effective forms of cyber attacks within cryptocurrency. Usually, scammers impersonate some famous or well-known person or entity to trick users into giving away sensitive information or sending funds.

Whereas phishing is an event widespread outside of the crypto world itself, this form of cybercrime is hosted in many ways within the crypto world, such as:

• Website Impersonation: Fake websites strongly resembling popular cryptocurrency exchanges or wallet services.

Example: The Wormhole cryptocurrency exchange suffered a significant breach, losing approximately $320 million. Scammers impersonated the exchange, creating fraudulent sites that tricked users into depositing funds, which were then stolen.

• Deceptive Emails: Emails that seem to come from real cryptocurrency platforms cite “security concerns” or “required updates” to have users reveal sensitive information.

Image Source

• Malicious Browser Extensions: Stealing wallet addresses in transactions and redirecting funds to the wallet of the attacker.

ImageSource

• Social Media Impersonation: Fake profiles or accounts impersonating influential figures or companies in the crypto sector in order to win trust and exploit its users.

Image Source

In January 2024, a notable phishing incident occurred on January 16, where a victim lost approximately $229,553 in Wrapped Bitcoin (WBTC) and Ethereum (ETH) after signing malicious phishing signatures on a fraudulent website. The attack involved the victim unknowingly signing three ERC20 Permit signatures, which allowed the scammers to drain their funds without their consent.

If you’ve suffered financial losses due to cryptocurrency crime like phishing, taking immediate action is crucial. Your first steps should include:

1. Documenting all relevant transaction records and communications
2. Filing a report with local law enforcement

However, given the complexity of blockchain-based crimes, you may need specialized assistance. This is where Bitquery’s Investigation Service comes in:

• Put in your details on this website, and Bitquery’s team will conduct an initiative assessment using the MoneyFlow tool to trace the flow of funds.
• If the initial assessment reveals promising leads, such as suspicious transactions or interactions with known addresses or exchanges, investigators conduct further investigation to determine their significance.
• Analysts generate a comprehensive report, including a detailed analysis of the transaction. This provides valuable information to help trace the funds and understand the path they took.
• Investigators share detailed reports with the reporter to provide evidence and support for legal and regulatory compliance efforts.
• In some cases, security teams set up real-time monitoring to track any movement of stolen funds, potentially allowing for interception before thieves permanently lose them.
• It’s important to note that different countries and jurisdictions have different procedures for reporting cryptocurrency scams. For instance, in the USA, there are specific channels for reporting such incidents.

If you are in the US, this is where you should report the crime.

2. Ponzi Schemes

Ponzi schemes, a classic form of financial fraud, have found new life in the cryptocurrency era. These schemes promise high returns to investors, using funds from new investors to pay earlier investors, creating the illusion of a profitable enterprise.

In the crypto space, Ponzi schemes often present themselves as:

• High-yield investment programs (HYIPs) promising unrealistic returns
• Mining pools with guaranteed payouts
• Automated trading bots claiming to leverage AI for consistent profits
• Token projects with complex reward structures

Example: GainBitcoin was marketed as a cloud mining service, where pooled investments were allegedly used to mine Bitcoin. However, the promised returns were unsustainable and unrealistic given the volatile nature of cryptocurrency mining. The scheme attracted a large number of investors, reportedly collecting around ₹6,600 crore (approximately $825 million) from about 8,000 investors before it collapsed in 2017 when new investments began to dwindle.

Bhardwaj and his associates were known to have set up multiple companies, including Variable Tech in Singapore, which facilitated the GainBitcoin operations. They also launched other schemes under different names, such as GBMiners and GB21, to continue attracting investments even after the initial scheme began to fail.

Red flags of crypto Ponzi schemes include:

• Guaranteed high returns with little to no risk
• Pressure to recruit new investors
• Lack of clear information about the company’s management or operations
• Difficulty withdrawing funds or receiving payouts

Top 10 Crypto Investigation Tools 2024 - CoinCodeCap

3. Ransomware Attacks

Ransomware attacks have surged in recent years, with cryptocurrencies becoming the preferred method of payment for cybercriminals. These attacks involve malicious software that encrypts a victim’s files, with the attackers demanding a cryptocurrency ransom for the decryption key.

Ransomware attacks typically involve:

• Ransom demands in Bitcoin or privacy-focused cryptocurrencies like Monero
• Use of mixing services to obscure the flow of ransom payments
• Exploitation of blockchain’s pseudonymous nature to evade detection

Example: A significant ransomware attack occurred in February 2024, when a major healthcare provider’s systems were encrypted, affecting patient care across 30 hospitals. The attackers reportedly demanded a ransom of 350 Bitcoin, equivalent to approximately $22 million, which Change

Healthcare allegedly paid to restore its systems. The incident highlighted the critical need for enhanced cybersecurity measures within the healthcare industry and reignited discussions about the ethics of ransom payments, as many experts argue that paying ransoms can encourage further attacks.

To combat ransomware, organizations and individuals should:

• Maintain regular, offline backups of critical data
• Keep software and systems updated to patch known vulnerabilities
• Implement comprehensive cybersecurity training for all personnel
• Develop and regularly test incident response plans

Top Crypto Investigation Services

4 Exchange hacks

Exchange hacks represent a significant threat in the cryptocurrency landscape, where unauthorized access to trading platforms results in substantial financial losses for both users and exchanges. These hacks can occur through various methods, exploiting vulnerabilities in the systems that manage and store digital assets.

Source: https://moneyflow.bitquery.io/

Types of Exchange Hacks

• Cross-Site Scripting (XSS): Attackers inject malicious scripts into web pages, redirecting users to fraudulent sites or stealing sensitive information.
• Misconfiguration: Poorly configured web servers can lack essential security headers, making them susceptible to attacks.
• Code Vulnerabilities: Errors in the exchange’s code or third-party software can be exploited to gain unauthorized access.
• Smart Contract Vulnerabilities: Weaknesses in smart contracts can allow hackers to manipulate transactions or withdraw funds illegitimately..

Top OSINT Tools for Investigating Cryptocurrencies

5. Identity Theft

In the cryptocurrency world, identity theft takes on a new dimension, often intertwining with digital wallets and exchange accounts. Criminals seek to gain unauthorized access to individuals’ crypto holdings or use stolen identities to engage in fraudulent activities.

• Key aspects of crypto-related identity theft include:
• Stealing private keys or seed phrases to access wallets
• Hijacking exchange accounts to withdraw funds
• Creating fake accounts on exchanges using stolen identities
• Impersonating individuals to solicit investments or donations

Prevention strategies:

• Use hardware wallets for storing large amounts of cryptocurrency
• Enable strong two-factor authentication on all accounts
• Be cautious about sharing personal information online
• Regularly monitor credit reports and exchange account activities
• Use unique, complex passwords for each crypto-related account

6. Giveaway Schemes

Giveaway schemes in the crypto space often prey on the fear of missing out (FOMO) and the promise of easy gains. These scams typically involve fraudsters posing as celebrities, influencers, or reputable companies, promising to multiply any cryptocurrency sent to them.

Common characteristics of crypto giveaway schemes:

• Impersonation of well-known figures in the crypto space
• Promises of doubling or tripling sent cryptocurrency
• The urgency to participate before a “limited time offer” expires
• Use of fake social media accounts or hacked verified accounts
• Elaborate websites mimicking legitimate crypto projects

One notable case involved a victim who lost 10 Bitcoins, worth approximately £400,000, after falling for a scam that appeared to be endorsed by Elon Musk. The scammer’s account was verified, adding to the victim’s trust. After sending the Bitcoin, the victim realized it was a scam when no prize was received, leading to significant emotional distress and financial loss.

Red flags to watch for

• Unsolicited offers to multiply your crypto holdings
• Pressure to act quickly or miss out
• Requests to send cryptocurrency to participate in a giveaway
• Social media accounts with limited history or suspicious activity

Remember: Legitimate crypto projects and personalities will never ask you to send them cryptocurrency with a promise of returning more.

10 Best Blockchain Forensics Tools

7. Social Engineering

Social engineering in the context of crypto crimes involves manipulating individuals into divulging sensitive information or taking actions that compromise their digital assets. These attacks often exploit human psychology rather than technical vulnerabilities.

Common social engineering tactics in crypto:

• Phishing emails or messages claiming to be from exchanges or wallet providers
• Fake customer support accounts on social media
• Romantic scams (often called “pig butchering”) where scammers build trust before introducing a crypto “investment opportunity”
• Pretexting, where scammers create a fabricated scenario to extract information

Protecting against social engineering:

• Verify the authenticity of any communication from crypto services
• Never share private keys, seed phrases, or passwords with anyone
• Be skeptical of unsolicited investment advice or opportunities
• Educate yourself about common social engineering tactics in the crypto space
• Use official channels for customer support and verify identities

The human factor in crypto security:

While blockchain technology itself is secure, the human interactions surrounding it often become the weak link. Social engineering exploits this, making user education and awareness crucial in the fight against crypto crimes.

Crypto exchanges and projects are increasingly focusing on user education to combat social engineering. This includes in-app warnings, regular security reminders, and comprehensive guides on identifying and avoiding common scams.

As the crypto ecosystem evolves, so do the tactics of social engineers. Staying informed about the latest trends in crypto scams and maintaining a healthy skepticism towards too-good-to-be-true offers are essential practices for anyone involved in the cryptocurrency space.

8. Pump and dump schemes

Pump-and-dump schemes, a form of market manipulation, have found fertile ground in the cryptocurrency market. These schemes involve artificially inflating the price of an asset (the “pump”) through misleading statements, coordinated buying, or false recommendations, followed by selling off the asset at the inflated price (the “dump”), leaving other investors with devalued holdings.

Key characteristics of crypto pump-and-dump schemes:

• Often target low-market-cap cryptocurrencies or new token launches
• Utilize social media platforms, messaging apps, and forums for coordination
• Create false hype through fake news, celebrity endorsements, or promising partnerships
• Exploit the 24/7 nature and volatility of crypto markets

Red Flags of Pump-and-Dump Schemes: Bitquery’s Analytical Approach

Pump-and-dump schemes are a persistent threat in the cryptocurrency market. Here are the key red flags to watch out for, along with how Bitquery’s blockchain analytics can help detect them:

1. Sudden, unexplained price spikes

Bitquery’s approach: Bitquery’s real-time trade monitoring system tracks sudden spikes in trading volume and price movements across multiple exchanges simultaneously. This allows for quick identification of unusual market behavior that may indicate a pump-and-dump in progress.

2. Aggressive promotion on social media with promises of guaranteed returns

Bitquery’s solution: Liquidity analysis can corroborate suspicious promotional activity. By assessing the depth of order books and tracking sudden changes in liquidity, we can identify potential manipulation that aligns with aggressive social media campaigns.

3. Pressure to buy quickly before missing out

Bitquery’s insight: Biitquery’s historical data comparison tools allow us to contrast current market behavior with established patterns. This helps identify anomalies that might indicate artificially created urgency in the market.

4. Lack of substantive information about the project or token

Bitquery’s analysis: Our token and wallet profiling capabilities can reveal important information about the history and characteristics of tokens involved in suspicious activities. We can track the movement of funds between wallets to identify potentially coordinated actions that may be linked to projects lacking in transparency.

For a deeper dive into how cryptocurrency scams operate and how they can be detected, check out our blog post on Crypto Rug Pulls: A Deep Dive into their Rise and Fall.

By leveraging Bitquery’s advanced blockchain analytics, investors and market participants can gain valuable insights to protect themselves from pump-and-dump schemes and other forms of market manipulation.

For example. this query does mempool analysis on potential rugs of pump and dump schemes and this query does liquidiy inspection for rugpulls.

9. Initial Coin Offering (ICO) Fraud

Initial Coin Offerings (ICOs) revolutionized fundraising in the crypto space, but they’ve also become a breeding ground for fraud. ICO fraud involves creating fake or misleading token sales to deceive investors and steal funds.

Key characteristics of ICO fraud:

• Promises of unrealistic returns or groundbreaking technology
• Fake team members or advisors, often using stolen identities
• Plagiarized or vague whitepapers
• Aggressive marketing campaigns with little substance
• Lack of proper legal structure or regulatory compliance

A notorious case of ICO fraud occurred in September 2024 with the “QuantumChain” project. Promising to revolutionize quantum computing on the blockchain, the project raised over $75 million from global investors. However, investigations revealed that the entire project was fabricated, with a non-existent development team and plagiarized technical documentation.

Red flags to watch for in ICOs:

• Lack of verifiable information about team members and advisors
• Vague or technically implausible project descriptions
• Absence of a clear roadmap or development milestones
• Pressure to invest quickly due to “limited availability”
• Promises of guaranteed returns or risk-free investments

Prevention strategies:

• Conduct thorough due diligence on any ICO before investing
• Verify the identities and credentials of team members
• Look for projects with transparent development processes and regular updates
• Be wary of projects that focus more on marketing than on technology
• Check if the project has undergone a code audit by a reputable firm

Regulatory landscape:

In response to widespread ICO fraud, many countries have implemented stricter regulations on token sales. For example, the SEC in the United States has clarified that most ICOs qualify as securities offerings and must comply with relevant laws. Investors should be aware of the regulatory status of any ICO they’re considering.

Analyzing an ICO with Bitquery, can it save you capital?

Bitquery’s Graph QL is quite useful for analyzing any type of on-chain data, including the ICOs, and hence could be useful to track an ICO you are interested in or rather save your capital in an ICO you are interested in.

For example, to check out investor information for ICO, use this query.

For more information, check his page out.

10. Market Manipulation

Market manipulation in the crypto space involves artificially influencing the price or trading volume of cryptocurrencies for personal gain. While some forms of manipulation, like pump-and-dump schemes, are organized groups of retail traders, other types involve more sophisticated actors, including whales (large holders) and sometimes the exchanges themselves.

Common forms of crypto market manipulation:

• Wash Trading: Creating artificial trading volume by simultaneously buying and selling the same assets.
• Spoofing: Placing large orders with no intention of executing them to create false impressions of supply or demand.
• Front-Running: Using insider information or technical advantages to place trades ahead of known large orders.
• Order Book Manipulation: Using multiple small orders to create a false impression of market depth.
• Whale Walls: Large holders placing significant buy or sell orders to influence price movements.

Challenges in combating market manipulation:

• The 24/7 nature of crypto markets makes constant monitoring difficult
• The lack of consistent global regulations creates jurisdictional challenges
• The pseudonymous nature of blockchain transactions can obscure manipulators’ identities
• The rapid evolution of manipulation techniques outpaces regulatory responses

Tools and strategies to detect and prevent market manipulation:

• Advanced Analytics: Utilize machine learning algorithms to detect unusual trading patterns.
• Cross-Exchange Monitoring: Track activities across multiple exchanges to identify coordinated manipulation attempts.
• Order Book Analysis: Implement real-time order book monitoring to detect spoofing and layering.
• Blockchain Analysis: Use on-chain data to track large holders and suspicious fund movements.
• Regulatory Cooperation: Enhance collaboration between exchanges, blockchain analytics firms, and regulators.

Summing up

The cryptocurrency space, while innovative, faces significant security challenges:

• Various crime types persist, from phishing to market manipulation
• User vigilance is crucial: “Not your keys, not your coins”
• Developers must prioritize security and transparency
• Advanced tools and analytics are essential for detection and prevention
• Regulatory cooperation and user education are key to a safer crypto ecosystem

As we move forward, let’s carry with us the knowledge of these potential threats, not as a deterrent, but as a tool for empowerment. In understanding the risks, we’re better equipped to harness the true potential of this revolutionary technology safely and responsibly.

—

Written by Harshil