The Past, Present and Future of Fraud in Crypto
This piece was inspired by a tweet by Maya Zehavi that noted:
I agree. Crypto is simply too easy a place to enact fraudulent schemes, providing access to a global audience the vast majority of whom do not understand what they are investing in. Regulatory controls are weak, the number of trusted voices low and greed is high.
However, there is nothing new about the scams that have plagued crypto. Nor I believe will there be any difference when more intricate fraudulent activities invariably hit crypto as the space matures.
These scams follow the same pattern as those run many times throughout history. Recognising the basic patterns such frauds take is useful to avoiding falling prey yourself, but is also instructive in understanding the sort of fraud we will see in future.
Fraud, not theft
Before going further, it is important to note the distinction between theft and fraud. Although both are similar, and often result in the same outcome, theft is more a means of taking without consent. Fraud, on the other hand, is a means of taking advantage through deception.
Furthermore, theft is usually noticed as soon as the act is completed while fraud is often either an ongoing scheme or can be concealed for longer. As an example, Bernie Madoff was able to conceal his fraud for decades, while the Hatton Garden jewelry heist was noticed as soon as staff returned to work. Fraud also does not necessarily involve monetary gain; it could be producing faked documents, credentials or goods for example.
In general, crypto represents a prime target for fraud because:
- It has hitherto not been covered by the same regulation that affects stocks/securities (which is far more stringent) and therefore engenders reduced chance of repercussions as well as increased leeway in marketing activities
- There a large number of unsophisticated investors, and an equally large number of investors sophisticated or otherwise with a poor level of understanding of the base technology
- It is a high value space with billions exchanging hands daily
Although there are plenty of examples of crypto thefts, the below is only interested in fraud. There are a number of types of fraud, such as:
- Long firms, the act of running up credit from vendors or raising money from investors with no intention of repayment/delivering upon promises
- Pyramid schemes, similar to 1 but which take advantage of creating a distribution network that often feels akin to a cult
- Counterfeiting, or the act of producing false documents or products
- Control fraud, in which a weak point of a firm is exploited to defraud a company from the inside (e.g. Nick Leeson at Barings). This is not analogous to hacks or ‘normal’ theft, but rather is where a deep knowledge of processes or sign off procedures can be taken advantage to conceal the ongoing wrongdoing
- Market fraud, which is where fraud affects the market itself through cartels, insider trading or other forms of market manipulation
Thus far we have seen scams concentrate in 1, 2 and 5, with elements in 3. We can isolate the reasons behind each strand:
Crypto lends itself well to what are termed as ‘exit scams’ because of the inherent greed in the space (which attracts many due to its highly speculative nature) and the inability of market participants to distinguish between good prospects and scams due to a lack of knowledge.
This is concentrated on funds raising money from investors, rather than running up credit from vendors but is far easier in crypto than other industries. This is because most industries require a lot of proof of capability for fundraising. The burden in crypto, on the other hand, has been very low to date with ICOs raising millions with no proof of capability. However, that has admittedly reduced recently as the space has matured and investor expectations have changed.
There are numerous examples of long firms in crypto, with one of the more infamous being that of Confido which raised $350k in 2017 and promptly shut the project down.
One thing to remember about long firms; they are not always easy to spot immediately. Long firms in crypto have been historically harder to spot than most industries, with anonymity a feature of many teams (making tracking such fraudsters difficult) and thousands of projects raising millions through ICOs.
Again, this is one of the key tenets of fraud. Long firms can operate for years without being noticed and there is almost certainly firms currently operating as such.
This is the most well-publicised of crypto frauds. BitConnect marked the largest crypto pyramid scheme to date, collapsing in 2018 after reaching a high of $2.7bn market cap. However, there have been numerous such schemes to plague the space. What many of them have in common is that they promise that they will always act as a buyer of last resort, enabling investors to sell out their investments whenever they want.
This is again similar to non-crypto pyramid schemes, with the Canadian Pigeon Scheme one of the more interesting frauds described by Dan Davies in his book Lying for Money: How Legendary Frauds Reveal the Workings of Our World. This was a pyramid scheme in which Arlan Galbraith, aka the ‘Pigeon King’, sold pigeons to farmers and promised to buy back the resulting offspring for the next ten years. He took in $42m from investors in Canada and the United States, but ultimately welched on obligations of over $350m (and sadly led to the slaughter of hundreds of thousands of pigeons).
Pyramid schemes are generally easy to spot, with tell-tale warning signs.
Again, owing to the immaturity of the space, credentials are easily faked. Someone new to the space can present themselves as an expert and many projects list advisors who have no connection to the project. Furthermore if we accept forks and copied code as counterfeits, then we can see there are a number of projects which have effectively produced copies. These have then been used as a means to raise funds through.
Despite this, counterfeiting of the underlying assets is somewhat less of a problem than other industries owing to the basic nature of blockchain/DLT. We could potentially include double spend here, but I think this would more likely fall under ‘theft’ as it is usually very quick to be realised. On the other hand, something like the Bitcoin Private debacle (in which two million BTCP were pre-mined instead of the purported zero) could fall under the category of fraud as it was hidden until CoinMetrics published their findings.
Because of the lack of regulation or controls, market manipulation is rife. Pump and dump groups, cartels, wash trading and fake volumes are prevalent, all of which undermines investor confidence in the industry.
As the industry matures, market fraud is likely to reduce significantly. This is primarily because of increased oversight from regulators and governments, combined with existing companies moving into the space who will enforce higher standards. Examples of this can be seen with SIX, Cboe, CME, Intercontinental Exchange and Nasdaq moving into the exchange space. When combined with a wider range of professional investors, this pushes the compliance threshold higher and thus makes it tougher to manipulate the market.
Pyramid schemes and fraudulent fund raising is similarly likely to reduce with government attention, which will increase both the attention paid to circumspect firms and the potential punishment those seeking a quick and easy payoff face.
The effect of this can partially be seen already; the beginning of the end for BitConnect occurred when the Texas State Securities Board issued a cease and desist, which was followed by other states. Similarly, several ICOs have been the target of action from the SEC. Even legitimate companies have more onerous hurdles to clear now and with every such action, more bad actors will be deterred.
Counterfeiting is harder to prevent and affects many industries, but the lower levels of fakes will become increasingly difficult to escape with. Networks will form, easier forms to check credentials will emerge and the industry will shed its opaqueness and become more transparent. And counterfeiting fiat currency is far more likely than being able to counterfeit Bitcoin.
That is the good news; the bad is that fraud is impossible to wholly eradicate. Market fraud continues to exist in far more developed markets; witness the LIBOR scandal or multiple examples of insider trading in the wider financial market. Judging by the continued prevalence of Herbalife gear in the gym (sorry, I forget it’s totally not a pyramid scheme) and anecdotal evidence, MLM is thriving outside of crypto.
The more interesting question to consider is what types of fraud will come next. Again, there are many precedents. I will focus on just three I think will increase in prevalence.
As the industry progresses, demands will be made for more transparency. Companies will be expected to disclose funding and earnings, which will increase the burden on those companies not actually performing well. Of which there will be many.
As such, expect to see a rash of crypto swap sales, in which crypto firms announce partnerships that lets both report higher revenues. This was prevalent during the dotcom era. Companies would swap services — thus achieving no additional profits to either party — yet would then book the sales as revenues. Why? Because startups are usually judged on their revenues, not profits.
Crypto firms will remain — or become — highly vulnerable to such misleading reporting. Witness many blockchains touting their on-chain activity as a signifier of the actual worth being generated, a totally fallacious metric which is easily gamed and essentially worthless. Again, this is similar to the dotcom era in which ‘users’ were reported even if the sole interaction with the company was a one second visit to the website.
It is hard to narrow down the exact form this will take, but all centralised firms — yes, shockingly even those running a decentralised network — are vulnerable to their own processes (or lack thereof). Control fraud is where a company is used to generate often legitimate rewards such as bonuses by exploiting weaknesses in a company’s processes.
This is a particular worry with companies nominally in charge of running networks worth millions. Many start-ups often have low levels of compliance of procedures, making it easy for a fraudster to take advantage (particularly given many companies operate remotely, with little in the way of structures and employees are frequently anonymous or subject to minimal vetting).
Why is control fraud less prevalent currently? Because it paradoxically requires a more mature industry to make worthwhile. We could include in this some internal driven exchange thefts, but these were more often simple thefts than relying upon taking advantage of compliance/audit led procedures.
Changing nature of exit scams
In years past exit scams were easy to define, being when a person(s) raised money for a service they had no intention of providing, instead disappearing with the proceeds. However, the substantial increases in valuation of many cryptoassets has led to a situation in which this is no longer the sole means by which fraudsters are exiting.
Assume a team has raised USD10m at ICO. It then sees its projects token rise to a valuation in excess of USD100m, giving the team a further USD50m in assets (they hold 50% of the supply in this scenario). Then consider these three scenarios in which the team:
- Exit scam immediately, stealing the USD10m + c. USD5m in proceeds from dumping all of its tokens;
- Shuts down after 18 months. It returns all raised and unspent funds to investors, proportional to token holdings. As the team have 50% of the token (generated for free of course at ICO) they return USD5m to themselves;
- Live off the funds while making little tangible progress on the project they raised funds for, instead using investor proceeds to travel to conferences, raise their own profile in the industry and on marketing in order to keep the token price strong enough to sell their allocation. Most projects have vesting periods of 12–36 months. This means in one to three years, the team can have a ”clean” exit where they wind the project down and announce its failure.
An exit scam is disastrous to investors, as it brings with it a sudden and complete loss of funds. But are the actors outlined in 2 or 3 any better? How can a project claim to have acted in good faith when it takes millions in investor funds as a parting gift for 18 months of work in which the team accomplished nothing? What about a team that does not ever deliver upon its promises, but simply squanders raised funds on fulfilling lifestyle ambitions?
There is a case to be made that the third scenario is ultimately the most harmful, as it will likely bring in more investors than the actor in 1) does. It also lets them leave ”clean”, thus making it more likely they will return to raise money again from a new class of unsuspecting investors. It is for this reason that we need to question all those who act in bad faith, regardless of if they are embedded in the community, are friends or acquaintances.
Don’t trust. Verify (as much as you can)
Some frauds are very difficult to spot. There are some individuals who bring to bear the full weight of their ingenuity solely to exploit others. The only protection to such unforeseen circumstances is to practice good risk management, such that even if one project you invest in turns out to be a fraud the investor remains afloat.
However, many frauds are easy to spot through cursory checks and basic analysis. All too often people assume these checks to be googling to see if it is a scam. Do not fall into this trap. Analyse the project yourself, applying critical reasoning. Do not trust others to do it for you.
The incentives to call out a scam are low while the burden for evidence is high, a problem compounded by the frequent impact on a person’s social standing. Calling out a person in authority, such as a CEO or renowned investor, is hard. It is doubly so if said person is connected to your social network in some way, as is frequently the case. Furthermore, even though some analysts will decry frauds, these warnings are usually ignored by most until after the event.
Finally, it should be noted that not all fraudulent schemes are intentional, at least not at the outset. Many are begun by individuals who believe that if they had the money they could achieve what they promise with it. Unfortunately, conviction in one’s ability does not stop a scam from being a scam. This is especially so when it is not matched by competence and when the individual in question often subsequently embarks upon hare-brained and fraudulent schemes, rather than simply admit to investors the initial mistake.
As Dan Davies noted,
[Gold mines are] a magnet for people who, whether or not they started honest but deluded, end up as thieves. Digging a gold mine is much more difficult than pretending to have one and mining for gold in investors’ pockets.
It is not hard to draw the parallels to crypto.