Cryptocurrency crime soared 79% and hit an all-time high in 2021, with bad actors illicitly pilfering $14 billion in funds last year, according to Chainalysis.
Crypto scams easily accounted for the biggest chunk of that total, while stolen funds, mostly taken from cryptocurrency businesses, were the second-leading cause of loss.
With digital assets a growing part of the global financial ecosystem – cryptocurrency transaction volume surged 567% in 2021 to $15.8 trillion – it pays to stay abreast of the various nefarious ways you can be duped, conned or victimized.
Here are some of the top crypto scams to watch for in 2022:
- “Pig butchering” crypto scam.
- “Pump and dump” crypto scam.
- “Rug pull” crypto scam.
- Airdrop crypto scam.
- Phishing crypto scam.
‘Pig Butchering’ Crypto Scam
At least some of the top crypto scams out there have colorful names. For victims of this cruel scam, however, the results are very serious.
This scam typically begins on online dating sites, where the scammer uses an attractive profile picture to lure in the “pig,” then proceeds to “fatten up” the proverbial swine over a period of time via online messaging, with the victim steadily growing closer to and more trusting of the perpetrator.
The scammer eventually tells the victim about some huge gains they’ve made in cryptocurrency markets and gets their mark to follow along in some investments, which initially pay off handsomely on paper. Of course, the money is lost as soon as it’s sent, with the scammer using phony sites to dupe their victim into sending greater and greater sums of money to this fake account.
Withdrawals prove impossible, and the “pig,” now fattened up to the point of slaughter, is left in the wind. This type of scam is thought to have originated in China and is notable for its relatively long duration.
‘Pump and Dump’ Scam
“Pump and dump” scams aren’t unique to cryptocurrency, but without the regulation enjoyed by stocks traded on major U.S. exchanges, for instance, the Wild West of finance suffers with a good degree of fraud, including the pump-and-dump scam.
Such scams, which are also primed to occur in the stock market in penny stocks, are characterized by a small group of insiders who own a given asset – in this case, a digital currency. These thinly traded assets are then hyped up through publicity, whether it be through social media, word of mouth or other forms of promotion.
When the unknowing investing public rabidly buys up the cryptocurrency, which is often newly issued with little trading history, the insiders begin to sell, or dump, the shares at high prices, sparking a steep sell-off and profiting at the expense of the duped masses.
In one case from June 2021, some members of FaZe Clan, one of the world’s most popular esports organizations, were involved in promoting a new cryptocurrency called Save the Kids, with a portion of proceeds promised to charity. It took mere days for the coin to plunge, and the members of FaZe involved with the launch were all either suspended or removed from the group, which distanced itself from their activity.
The team member who was dismissed tweeted that he had “no ill intent” in promoting the cryptocurrency, but some investors accused the group of taking part in a pump-and-dump.
‘Rug Pull’ Scam
“One particular scam to avoid is ‘rug pulls,'” says Vincent D’Agostino, head of cyber forensics and incident response at BlueVoyant. Rug pulls happen “when a cryptocurrency’s promoters pump their new coin to get prices up before disappearing with the funds. Investors are left with a valueless token,” D’Agostino says. “This especially happens with coins with zero fundamentals and no real future.”
One key difference between a pump-and-dump scam and a rug-pull scam is that the latter often doesn’t even allow the non-insider owners to sell, with the token coded in such a way as to allow only insiders to exit. There are several other ways insiders execute these scams, which are specific to cryptocurrency.
The rug-pull scam got a lot of attention in late 2021, when a newly debuted cryptocurrency known as Squid Game – named after the suddenly popular Netflix Inc. (ticker: NFLX) series about a game in which all contestants are killed except one, who emerges with riches – lived up to its name and disallowed selling.
SQUID, the ticker for the coin, began selling at one cent, then rocketed above $90, before immediately plunging back toward zero when the scammers “rugged” the masses.
Airdrop Crypto Scam
Another scam, prominent in the decentralized finance, or DeFi, field, is related to something in crypto called an airdrop.
“More recently popular, nefarious actors have grabbed ahold of the popular trend of airdropping tokens, which is typically done to start and grow a grassroots community,” says Alan Eschweiler, chief revenue officer at Stacked, a simplified crypto investing platform.
The scam works like this: “An entity will airdrop you a token that appears to have value, and when you go to exchange that airdrop for another more well-known token, you give a protocol more permissions than you realize,” Eschweiler explains. This “allows the hacker to access all of the assets in your wallet,” he says.
The simplest way to avoid this scam? “Never give an unknown user permission to your decentralized wallets,” Eschweiler says, “without understanding the abilities you are granting this person.”
One of the most common scams in cryptocurrency is the phishing scam, which, like the classic pump-and-dump, is not specific to digital currency. “Simply put, it means tricking the victims into revealing sensitive details like passwords, keys, etc.,” says Marie Tatibouet, chief marketing officer at Gate.io, a digital cryptocurrency trading platform.
Keys refer to the “private keys” needed to open any secure crypto wallet. It’s equivalent to your password and is the only thing that gives you exclusive access to your funds. Phishing scams, which are also used in run-of-the-mill identity theft and various types of corporate fraud, often come via email, with scammers posing as some authority and asking for credentials. These schemes also proliferate on social media.
“Please do not click any random link that you see on Twitter,” Tatibouet says. Often, “attackers promise riches and ‘yields’ in return for” sensitive information, Tatibouet warns.
“Double-check the Twitter handles or the Discord ID,” Tatibouet says, referencing another popular communication platform. “Make sure that you are sourcing links from real and verified” accounts.
“It takes a bit of time, but it is extremely worth it,” Tatibouet says.