Create Your Free Account
Take advantage of our low fees, low spreads, low prices, and feature-packed app to unlock your trading & investing potential today.Get started
Although there are many legitimate uses for cryptocurrency, some in the general public associate digital assets like Bitcoin with scams. Bitcoin itself is a completely legitimate crypto – however, that doesn’t mean the coin can’t be used as part of scams. This article will walk you through a history of crypto scams to help investors prepare themselves for the potential pitfalls of investing in digital currencies.
The type of scams used by hackers has evolved over time, taking on many different shapes and sizes. Investors must remain vigilant as even seemingly “trustworthy” platforms have turned out to be fraudulent.
The first ever Bitcoin-related securities fraud case took place in the USA. In September 2015, a 33-year-old American named Trendon Shavers pleaded guilty to running a massive Ponzi scheme. Through a fraudulent financial institution he founded in 2011 called Bitcoin Savings and Trust, Shavers promised investors a 7% return weekly. (For context, most reputable lending services offer a return of about 4% annually on Bitcoin). First red flag.
By September 2012, after just one year in operation, Bitcoin Savings and Trust had amassed over 700,000 BTC in total. However, soon after almost half of the platform’s investors lost all or part of their money, with Shavers running off with approximately 146,000 BTC. At the time, this figure accounted for nearly 7% of Bitcoin’s total supply.
According to a press release from the USA Attorney’s Office in Manhattan, Shavers was “applying a modern spin to an age-old fraud technique utilising a Bitcoin business to run a classic Ponzi scheme. Shavers raised money in the form of Bitcoins by promising spectacular returns and personal guarantees when all he was really doing was paying back old investors with new investors’ Bitcoins.”
Shavers was sentenced in July of 2016 to 18 months in prison with 3 years of supervised release. In addition to the prison sentence, Judge Kaplan ordered Shavers to pay USD$1.23 million in forfeiture, and another $1.23 million in restitution to the scam’s victims.
While Australia is home to some of the most well-known cryptocurrency scammers of all time (e.g. Craig Wright), Australia has been relatively safe from scams when compared to some other countries. This is due to tight legal infrastructure and a relatively small market making it slightly less appealing.
However, that does not make Australian platforms impervious to fraud.
According to an article by CoinDesk, cryptocurrency scams have been on the rise in Australia since 2017. This makes sense as 2017 was a turning point for cryptocurrency’s growth across the globe, especially in Australia.
In that same year, Australians had AU$2.1 million collectively stolen from them through cryptocurrency scams. However, the number of cryptocurrency scams grew even higher in 2018, reaching 674 total. Almost half of the victims of these scams were people between the ages of 25-35.
In 2019, the number of cryptocurrency scams in Australia skyrocketed to over 1,000 for the first time. The total amount stolen via cryptocurrency scams in Australia reached over AU$21.6 million.
This figure continues to increase year-on-year, due to greater market activity, more assets flowing through the industry and more scammers. According to Cointelegraph, in 2022 Australians lost $148 million worth of crypto – the majority coming from investment scams. This occurs when investors put their money into a digital asset that is a pump and dump, rug pull, or an otherwise illegitimate project.
To be clear, this is just a drop in the bucket compared to the investment scam losses for all financial markets in 2022, which cost Australians close to $3 billion dollars.
Of all the cryptocurrency Australia scams, one of the most notorious is the Bitcoin Aussie System. It was part of a series of scams along with Bitcoin Revolution and Bitcoin Evolution. While the exact numbers are difficult to obtain, it is believed that tens of thousands of dollars were stolen from unsuspecting Australians hoping to profit from cryptocurrency investment.
The Bitcoin Aussie System is an online platform that claims to use a cryptocurrency trading bot. This bot is supposedly capable of identifying high-value cryptos at low cost, then executing trades with that information. The website has received several fake celebrity endorsements to further trick investors into believing the practices are legitimate.
According to their own website, with their system, “You get 99 percent accuracy with your trades. This can protect your investment while providing you with significant returns”.
A 99% accuracy rate means that it is impossible to lose money, which should immediately send red flags to anyone considering investing. Not even the most reputable brokerages can promise 99% accuracy. It isn’t possible.
This is a good lesson to take on your investment journey – anything that promises guaranteed returns is likely too good to be true.
Perhaps the most well-known Bitcoin scam in history is the Ponzi scheme Bitconnect. This scam, beginning in 2016, kicked off by using big marketing events to attract investors in the world of crypto. After being a title sponsor and booth sponsor of different crypto events, the team even hosted its own seminar in Thailand.
It was at that event where the famous “BITCONNECT” meme was born on stage through an exciting promotional moment from New York investor Carlos Matos.
Bitconnect promised a 1% compounded daily return, and a 30-31% monthly return (with a possibility of upwards of 40% monthly). Returns of this magnitude are almost always unsustainable long-term, and should not be trusted.
At its peak, Bitconnect had a market cap of nearly $3.4 billion, with $ 2.4 billion stolen from investors.
It was only a matter of time before this cryptocurrency scam built on false promises would break. Eventually, Bitconnect was indicted by several authorities for investment fraud after it was revealed the platform was a Ponzi scheme (e.g., they used new investor’s money to pay off old investors).
To date, only about $17 million has been returned to investors – received about five years after Bitconnect was shut down.
One of the most notable cryptocurrency scams in Australian history was orchestrated by a 25-year-old resident named Kathryn Nguyen. She was arrested and sentenced in June 2020 to 2 years and 3 months in prison for stealing more than 100,000 Ripple (XRP) tokens back in 2018.
According to an August news article, Nguyen and an accomplice hacked into a 56-year-old man’s cryptocurrency account. The pair copied a code for the two-factor authentication from his phone onto hers, giving her total access to the account(s). She managed to loot 100,000 XRP from the man, worth about AU$400,000 at the time. The couple quickly traded the Ripple for Bitcoin and cash. When she was caught, Nguyen had a crypto wallet containing 3.8 BTC and a handbag stuffed with AU$60,000.
One of the more recent crypto scams to hit Australia came from a company known as CryptoMB. An article from The Guardian published earlier this year reports that CryptoMB snatched thousands of dollars from hopeful Australian investors.
Claiming to be a legitimate brokerage registered in the Marshall Islands, CryptoMB operated out of a call center based in Kyiv, Ukraine. The team used a boiler room sales model to lure victims. Eventually, a company whistleblower contacted a Swedish newspaper to break the story to the press.
There are many different types of cryptocurrency scams. Each year since 2017 has seen the prevalence of crypto scams increase, with nearly $4 billion stolen in 2022 and over $6 billion in 2023. From impersonation scams to fake giveaways to malware attacks to ransomware, cryptocurrency scams have taken money from thousands of people.
As a cryptocurrency holder, you must always maintain vigilance. In other words, be careful with the risks you’re potentially exposing yourself to. That can even mean changing the way you use your computer and smartphone. For example, avoiding applications – even important ones – without 2-factor Authentication (2FA) can be a good start. Similarly, using a different password for accounts on different platforms can help avoid a single point of failure for your crypto portfolio.
Simple, everyday mistakes can put thousands of dollars on the line.
Phishing is when a hacker attempts to get personal information from you by disguising themselves as a third party. This usually takes the form of a text message, email, or a website (or all).
Often, phishing websites are duplicates (or close to duplicates) of what a real website that you’re familiar with looks like. They might just have a slightly different suffix (e.g. Google.io instead of Google.com) or a slight variation in spelling. Then, once you login to “your account”, the phony phishing website steals your username and password and may even install ransomware onto your computer.
Phishing emails, on the other hand, are sent by a seemingly trustworthy company – but the email is actually from a malicious scammer trying to steal your credentials. These types of fraudulent emails will supply a link that might trigger a virus download to anyone who clicks on it. Other emails will act as a company you know and trust, and ask you to input some type of personal information in response to the email. Remaining vigilant with each email you reply to and each link you click can help avoid most common phishing scams.
Some crypto scams entice victims with appealing slogans like “industry-leading mining pool.” You’ve probably seen the advertisements. Maybe you’ve even had the pleasure of being invited into such a mining pool by a shady person at a conference or via a Telegram group.
To be clear – not all mining pools are scams. Far from it. However, some scammers use the pretense of a mining scam to promise a return that seems too good to be true. Instead of participating in a mining pool, you will actually just be sacrificing your Bitcoin and other cryptocurrencies to the fake mining pools. Don’t believe the hype. Usually, when something seems too good to be true, it is.
Malware is a type of software that is created to cause damage to a network, server, client, or computer. Generally speaking, malware is a term that can be used in reference to any form of unwanted software, including adware, viruses, and trojans. For example, trojan malware will disguise itself as useful software and lure victims into installation. Once downloaded, the trojan malware can scan the computer and acquire important information like passwords, credit card numbers and so on.
There have been cases of malware programs changing a Bitcoin address by hijacking the copy-and-paste function. In this instance, a hacker attempts to reroute a Bitcoin transaction into a personal account by switching the recipient’s Bitcoin wallet address.
The risk of downloading malware can be diminished by regularly updating an antivirus program, carefully monitoring downloads, and never opening suspicious attachments or links.
Spyware is a specific type of malware that collects info from your computer and then sends it somewhere without your knowledge – hence its name. In particular, spyware will target financial information such as your crypto wallet’s username and password, or even your seed phrase or security question. This makes it possible for hackers to access your crypto accounts on an exchange or even a hot wallet.
Although there have been efforts to crack down on privacy breaches from major tech companies, hackers are creative in thinking of new ways to steal from new people. The only way to guarantee your crypto accounts are safe from spyware is to store digital assets on a hardware wallet. However, vigilance when surfing the internet can go a long way to avoiding spyware.
In 2020, the almost unthinkable happened – a list of the world’s “who’s who” had their private Twitter accounts hacked. The list of celebrities included some of the most well-known people in the world – Jeff Bezos, Elon Musk, Barack Obama, and Joe Biden, for example. Once gaining access to the accounts, the hackers tweeted out a message calling on people to send cryptocurrency to a specific address with the expectation of getting double the crypto back in return.
Can you imagine one of these busy billionaires having the time to send all of this crypto back to the individuals sending them crypto? Why would they give away free money in the first place? Right away it sounds like a scam.
Although it’s not the first time an impersonation attack like this has been used, it was arguably the most high-profile one on Twitter because it involved A-listers.
The attack led to more than US$110,000 in funds being taken. The Twitter attack had unexpected repercussions, like a weather reporter not being able to broadcast a tornado warning and the FBI ended up getting involved. In the aftermath of the attack, Twitter rolled out a brand new API to better protect its ecosystem from these types of impersonation scams.
It’s a well-known secret that the crypto industry is flush with wash trading and fake volume. Many exchanges boost their numbers to give investors the impression that they have excellent liquidity, while some crypto projects trade assets to and from each other to make it look like that coin is performing well.
However, sometimes fake exchanges and wallets can become a little more sinister. Take the founders of South Korean crypto exchange, Komid. The two men were sentenced to five years combined jail time in Seoul for faking trading volume to the tune of five million transactions. They ended up making approximately $45 million due to the inflation of their platform, although were eventually charged with fraud, embezzlement and misconduct.
Komid wasn’t the only culprit in South Korea, with the exchange’s compatriot Coinbit being accused of reporting fake trading volume for 99% of its activity.
Crypto blackmail scams are much like any other blackmail scam, except the criminal is targeting crypto. For example, in 2020 the Federal Trade Commission reported that a data breach had occurred. The breach’s offenders had been emailing unsuspecting people with a message saying that they had information about their visits to “inappropriate” websites. In exchange for not sharing the data, the hackers requested the victims send Bitcoin to a specific wallet address.
Other similar scams involve someone’s personal content. Offenders will claim they have a person’s private videos and images and then request payment in Bitcoin or else they will reveal the damaging personal content.
Fraudulent ICOs and cryptocurrency listings are one of the most notorious and damaging scams in the crypto industry. Essentially, these are new projects that posit themselves as the “next big thing” and promise to make significant disruptions within the crypto industry or other sectors. Such offerings will often build hype and investment through celebrity endorsements and other marketing efforts. However, once the token launches, it often becomes clear the project doesn’t do everything it promises.
In some instances, the fraudulent cryptocurrency won’t do anything at all and become locked with a smart contract code – meaning investors will have their wallets filled with a coin that can’t be traded on an exchange or redeemed for other assets. This scheme is known as a rug pull (which we expand on below).
Recently, famous rapper T.I. was slapped with a US$70,000 fine for promoting the fraudulent FLiK token. The company’s founder has also faced charges alleging he used money from FLiK to buy Ferraris, expensive real estate, jewelry, and other luxury goods.
Other famous stars such as Floyd Mayweather and Paris Hilton have had their names attached to cryptocurrencies that turned out to be less than stellar. In fact, Kim Kardashian and Floyd Mayweather were the subject of a class action lawsuit for artificially inflating the price of the cryptocurrency “EthereumMax”.
A phrase that may be forever famous in the cryptocurrency world, the pump and dump has led to hundreds if not thousands of price crashes across the thousands of coins available today – even some of the prominent ones.
A pumps and dump scheme is typically a coordinated effort within a private group of individuals to inflate the price of a token in the short term. The group raises the token price by a tactic such as distributing biased, forward-looking statements all over social media or manipulating market volume by making mega trades. Smaller cap tokens can be even easier to manipulate, as the fraudsters can simply inflate the coin’s price by strategically buying and selling it.
Then as hype builds, the group lets the market take over. The crypto market is quite susceptible to hype, with tokens easily able to rise 20-100+% in a matter of hours. However, once the coin is inflated to a suitable price, the scammers begin to sell off their holdings for a tidy profit. And so the dump begins.
2022 saw over $4 billion invested into what many suspect to be pump-and-dump schemes – although some of these unnamed digital currencies are still trading and their validity unconfirmed.
The rug pull is a type of fake project and is very similar to a pump and dump. The key difference is in a rug pull, the liquidity (ability to sell a token) is taken away from the investors.
Perhaps the biggest pump-and-dump scheme rode on the coattails of popular Korean drama Squid Game. The crypto project, debuting in 2021, rose a ridiculous 14,300,000% in just a week. So for context, if you put one dollar into the coin, you would’ve made 14 million dollars by selling at its peak. Of course, that’s the whole point of a pump-and-dump scheme – only the scammers will ever know the “peak”.
To make matters worse, the Squid Game token developers included an anti-dump mechanism so investors couldn’t sell their coins until they competed in a game. The catch? The game was never released.
Of course, there was one party where the anti-dumping mechanism wasn’t applied – the scammers. The development team sold off all their Squid Game coins for a sky-high profit, causing the price to plummet from over $2,000 to less than a cent.
Is crypto a scam?
No cryptocurrency itself is not a scam. There are bad actors in any industry and cryptocurrency is no different. Broader financial markets actually experience a significantly higher level of crime and scamming than the crypto industry. So while individuals within the industry have exploited innocent people and taken their money, that does not make crypto a scam.
How to avoid cryptocurrency scams?
To avoid cryptocurrency scams, you must be conservative with the links, emails, and messages you open. You must also be mindful of the security certifications of the websites you browse. Remember that a fake website can be an exact duplicate of a regular website you’re used to visiting, and that website will steal your personal information you and use it to take money from you. Be vigilant of what you’re opening, and where you’re browsing.
How cryptocurrency scams work
Crypto scams all have unique elements depending on the type of scam it is. One of the simplest scams is a phishing email, where you receive a message from an address that looks similar to someone else’s that you know and trust. Then in the email, there could be a link for you to click on, which may inadvertently grant a hacker access to all of the information they could ever dream of.
Other cryptocurrency scams involve hacking into the Twitter account(s) of famous people and requesting that money be sent to an address in exchange for more crypto.
Then there are also crypto scams that work by promising unrealistic returns. Those scams typically charge astronomical fees once the funds are locked in, or worse, disappear off the face of the planet.
Are cryptocurrency scams illegal?
Cryptocurrency scams are considered illegal when they break certain laws. For example, Bitconnect was considered a Ponzi and multi-level marketing (MLM) scheme. Therefore, the department in the state of Texas that overlooks securities issued a cease and desist letter to the admins behind Bitconnect. Even if cryptocurrency scams aren’t illegal themselves, the tactics the scammers deploy are often illegal and draw the attention of law enforcement officials.
How to identify cryptocurrency scams?
The best way to identify cryptocurrency scams is to take extra steps to prepare yourself for potential attacks. One of the simplest habits you can start immediately is to stop opening emails that come from addresses you’re unfamiliar with.
Another way to avoid cryptocurrency scams is to ALWAYS triple-check the wallet address you’re sending crypto to. This will help you avoid any malware that manipulates your copy-and-paste features in order to replace your intended wallet address with a scammer’s wallet instead.
Lastly, one way to decrease your risks is to never respond to emails with your personal information. Hackers often pose as normal entities (like a bank or a crypto exchange) that need your password for whatever reason. Don’t trust emails like this! Never give away your password, as most modern businesses do not request your private information via text.