How to protect cryptocurrency from criminals. New crypto-fraud schemes

. According to Chainalysis, in 2021, criminals stole more than $7,7 billion in cryptocurrency. 37% of this amount was brought by a new type of crypto-investor scam when fraudsters issue their own token that cannot be sold. Here we describe this and other fraud schemes in detail, as well as provide recommendations on how not to become a victim of cybercriminals.

Pump-and-Dump on smart contracts

The pump-and-dump scheme has been around since the birth of the securities market. Its essence is to buy cheap assets, create a false demand for them, and then sell them at an inflated price. Fraudsters are actively using this scheme to this day, and have also created more sophisticated ways to defraud crypto investors based on it.

Attackers create their own tokens instead of buying securities. When developing such a digital asset, a condition is written into the smart contract in advance that prohibits the resale of the cryptocurrency. This gives full control over the price of the coin.

To increase the value of their cryptocurrency, developers buy it at an artificially rising price. Because of this, platforms like CoinMarketCap or CoinGecko put tokens in various asset tops - easy marketing for fraudsters. Criminals can also advertise their projects on social media and buy ads from celebrities. Their main goal is to sell as many tokens as possible, withdraw investors' money, and disappear forever.

This is exactly what happened with the Squid cryptocurrency. The creators of the token took advantage of the popularity of the South Korean TV series “Squid Game.” Despite the lack of official references to the showrunners, the token generated a lot of excitement, especially when its price reached $2850. Those who bought Squid did not immediately realize that they could not sell the token, so within a few days the coin was actively traded on the PancakeSwap exchange. The criminals managed to make $3,38 million with this scheme, and there are more than 41 000 people affected by the scam project.

In some cases, as with the fake Nike token, attackers send unsellable cryptocurrency to random addresses. They then contact the recipients and ask for access to the wallet, under the pretext that they know how to sell the fake tokens. If the victim agrees, the attackers simply withdraw all available assets and disappear.

The main target of scammers is newcomers in the cryptocurrency sphere, criminals take advantage of the victim's ignorance and gullibility. To protect against such scams, it is necessary to study whether the project has undergone code auditing. There are analytics companies that scrutinize smart contracts and evaluate their security. Most large and successful crypto projects have undergone such audits and published their results in the public domain. However, the existence of such verification also does not guarantee security.

Cryptocurrencies with hidden fees

As in the first scheme, scammers create their own assets, but do not prohibit their exchange, but put up huge fees. That is, the developers can prescribe a condition in the smart contract, according to which a specified part of the fee from transactions with the asset will be sent to its creator.

One such token was MetaMoonMars (M3). A few days after the launch, the developers set the fee at 99%. Users who bought the token found that almost all of their assets went to pay for the transaction. After that, the developers withdrew all the funds and closed the project.

Detecting such projects is problematic because such tokens are no different from other digital currencies.

Malicious NFTs

NFT marketplaces are less secure than cryptocurrency exchanges, so they are of great interest to fraudsters. According to research by analytics company PrivacyHQ, half of NFT collectors have lost access to their tokens, and 16% have been hacked.

Scam projects are common among non-fungible tokens, where creators promise community support, integration into the metaverse, and other features, but after selling all the NFTs, they close the project and disappear with investors' money. The Frosites collection is a recent example, its creators sold out all 8 888 tokens and shut down the site. However, law enforcers managed to detain the attackers before they created a new scam project.

There are other, more cunning ways to cheat in this area. Some hackers learned how to circumvent marketplace security systems and started distributing NFTs with malicious code. If users accepted such a token “as a gift”, their balance was immediately emptied, as it contained a hidden code to gain access to the victim's wallet.

To protect against malicious code, you can use the Token Sniffer platform. The service collects data on new tokens and scans their source code and smart contracts. In fact, Token Sniffer works as an antivirus that searches for malicious code patterns. During its existence, the platform has identified more than 99 000 scam projects.

How to protect yourself from scammers

Understanding how the most common crypto scams work and what methods scammers use is the first step to protecting your assets. There are some precautions that all cryptocurrency users should follow:

1. Avoid cryptocurrency projects that are aggressively promoted on social media;
2. Never click on suspicious links in emails. Often, scammers can pass themselves off as a major exchange and offer “bonuses,” but it will most likely turn out to be phishing;
3. Any project should be carefully studied before buying. It is important to learn more about the developers, roadmap, and community;
4. Invest in proven projects that have been around for a long time;
5. Never share wallet information and encryption keys with third parties.