Cryptocurrency is going mainstream, so are the scams

Seems every day there is another headline about cryptocurrency and the hold it’s now rapidly taking on Wall Street and Main Street. Take for example this recent assessment of Bitcoin (BTC-USD) by investment bank Citi—“With the recent embrace of the likes of Tesla Inc and Mastercard Inc, Bitcoin could be at the start of a ‘massive transformation’ into the mainstream.” (article link)

As one might expect though, while increasingly attractive to investors and speculators, cryptocurrency is also an attractive target for fraudsters and scammers. Gary Gensler, President Joe Biden’s pick to head the Securities and Exchange Commission (SEC) and current professor at the Massachusetts Institute of Technology focusing on blockchain technology and digital currencies told congress just this week “that the ‘greater challenge’ in Bitcoin and cryptocurrencies is protecting investors.” He added during his nomination hearing that “some markets have been really rife with fraud and scams.” (article link)

Just how rife? Well, according to our most recent research, we witnessed a 40% year-over-year increase in crypto-related scams to over 400,000. And looking ahead we anticipate a more than 75% increase in 2021! And it’s this fraudulent activity, manifesting itself in various forms, that threatens cryptocurrency’s waltz to Main Street.

Fraudsters are targeting unsuspecting investors with everything from fake sites designed to steal credentials to scams that require a small investment with the promise of a guaranteed return. Some are even promoting outright sweepstakes type scams by announcing giveaways.

Broadly there are four types of cryptocurrency scams that are proliferating:

• Fake prizes, giveaways, or sweepstakes
• Investment related scams
• Advance fee schemes
• Celebrity impersonations

Here’s an example of a cryptowallet validation/giveaway using Elon Musk and Tesla. It might look legit, but examining our CheckPhish Insights page reveals it’s a scam site:

Example: Cryptowallet validation/giveaway scam
Scam URL: hxxps://emuskgiveaway[.]com/en/btc/index[.]html
View CheckPhish Insights page

Here’s another great example using the Winklevoss’ personalities and their crypto exchange company, Gemini Exchange.

Example: Crypto Giveaway Scam
https://telegra[.]ph/Gemini-Foundation-5000-Bitcoin--50000-Ethereum-Giveaway-01-27
View CheckPhish Insights page

At first glance, the scam page could be mistaken for a real philanthropic campaign. The URL includes the “Gemini Foundation,” and the visuals used include real pictures of the Winklevoss brothers and official Gemini logo.  It’s only when you start looking into the details of the site that you notice that this clearly cannot be authentic. Some tell-tale signs are:

• Top level domain used is “.ph” which belongs to the Philippines
• Site is hosted in the UK (see CheckPhish insights)
• Domain is registered through GoDaddy—a consumer service
• Multiple cryptocurrency foundation sites are hosted on the same domain

CheckPhish Insights also reveals that there are at least 10 different crypto sites being hosted on the primary domain “telegra.ph.”  The list of domains indicate that the same domain and IP address are also hosting scams targeting Cardano (ADA) & Ripple (XRP) users and targeting other famous personalities like Elon Musk. Major red flag!

Cryptocurrency value and hype fuel scams…and they happen fast!

Perhaps the starkest condition we’ve observed is the correlation between cryptocurrency value, hype and fraud. Across virtually all the major cryptocurrencies that we monitored, we observed a direct correlation between increases in individual cryptocurrency trade volumes and value and phishing and scam related activity. Our system monitors both early indicators of phishing and scam activity, namely suspicious domain registrations in advance of scam sites being launched, as well as active phishing and scam sites. Both of these metrics demonstrated tight correlations to cryptocurrency value and hype.

Take a look at Bitcoin, the leading cryptocurrency in terms of market capitalization. You can see from the chart below a direct correlation between Bitcoin value and number of Bitcoin scams during 2020 and the start of 2021. Particularly in the second half of 2020, the rapid uptick in currency value was matched by an equally alarming uptick in scam related activity.

Figure 1: Bitcoin (BTC-USD) currency value vs. scam activity

Cryptocurrency Ethereum (ETH-USD) also experienced a similar correlation with its currency value and related scam activity. Here’s a snapshot for 2020:

Figure 2: Ethereum (ETH-USD) currency value vs. scam activity

And then there’s Dogecoin. Here, the cryptocurrency experienced an 800% runup in value in less than 24 hours in late January of this year driven by a spike in speculative investors and over-activity on the Reddit messaging board. The currency value run-up wasn’t lost on scammers. As you can see in the chart below, the run-up and ensuing hype triggered a tightly correlated spike in suspicious domain registrations, a leading indicator for phishing and scam attacks.

Figure 3: DOGE cryptocurrency hype vs. suspicious domain registrations

Critical next steps to keep your brand, your business and yourself safe

Our data confirms the overwhelming volume of fraud and scams that threaten the cryptocurrency industry. And based on our preliminary 2021 data, fraudsters are only getting faster and smarter. So here are a few tips and recommendations for your brand, your business and yourself.

  1. For foundations and businesses that operate directly in the cryptocurrency industry, know that you are increasingly a target. Thieves will attack your brand, mercilessly stepping on your domain and putting up fake sites to fool and scam your customers and investors. Be prepared with systems that can detect early on brand infringements, fraud campaigns, and scams, and can help you stop them.
  2. For businesses in general, recognize your employees will increasingly be targets of cryptocurrency scams through emails or through employees innocently sharing links. To stay ahead of this, consider a real-time URL scanning capability to detect and block malicious links traversing your enterprise.
  3. And for yourself, well you’re just as much a target. As always, it’s important to practice safe web browsing and emailing and remain vigilant. Avoid clicking on any URLs sent your way if even slightly suspicious. And for safe measure, if you’re uncertain about a link you’re preparing to click, use a free URL scanner like CheckPhish.ai to scan the URL to get a real-time disposition. As the saying goes, better safe than sorry.

And to learn even more about our recent findings and the latest scam tactics, read our Cryptocurrency Scam Report.

Jeff Baher

Jeff Baher