Blockchain and crypto scams highlight the need for awareness

As the blockchain industry expands and cryptocurrency use goes mainstream, cyber security and employee awareness of this new wave technology has become crucial. And as the total value of crypto hits over $1 trillion, it is now clear that blockchain and crypto is here to stay.

Whilst many are quick to talk about the security benefits of blockchain technology and cryptocurrency, often calling the services tamper-proof or un-hackable, recent events have highlighted that cyber security and awareness is just as key for blockchain and crypto companies as it is for any organisation in any industry.

Cyber criminals do not discriminate … cyber criminals will take advantage of emerging technologies and a lack of security understanding from users to trick and scam their way to a result.

Therefore, we wanted to take this chance to highlight some of the most common scams being perpetrated right now using blockchain technologies or cryptocurrency services, so you know what to look out for and how best to handle dicey cyber situations.

But before we dive into highlighting common blockchain and crypto scams, let us initiate the uninitiated on blockchain technology and cryptocurrencies.

What is blockchain technology?

The blockchain is a shared, supposedly immutable, ledger that records and facilitates transactions whilst also tracking assets included in the transaction. Said asset can be both tangible, such as a car or house, or intangible, such as patents or digital creations. A blockchain network allows any transaction to take place on a decentralised network, reducing the risk of third-party interference.

The booming popularity of blockchain technology comes because of its ability to facilitate immediate transactions, as well as its built-in immutable ledger that only allows access to verified and authorised members. The ledger can also track all transactions tied to a particular asset, which accounts held the asset and much more.

Anytime an asset transaction occurs, the movement of said asset is stored as a block of data, which holds information such as who, what, when, where and how. Each time a transaction occurs, a new block of data is attached to the previous one, linking them. Eventually, after a handful of transactions, you get a chain of blocks … hence, the blockchain.

What is cryptocurrency?

A cryptocurrency is a digital currency that works as an alternative form of payment and is often used in conjunction with blockchain technology. Cryptocurrencies use encryption algorithms, which means all transactions are tracked and accounted for.

To hold and use cryptocurrencies, you need a cryptocurrency wallet. Digital wallets are often cloud-based and can be accessed on a computer or mobile device. Once you have a digital wallet set up, you can link your cryptocurrency to it.

Cryptocurrencies can circulate without a central bank and are maintained using blockchain technology, which keeps a ledger of crypto transactions and who owns what.

Can the blockchain and crypto be hacked?

There was a widely held opinion that blockchain technology and cryptocurrencies are un-hackable – however, we now know that this is not correct at all.

After numerous cyber attacks on existing blockchains, we must become more aware of the cyber threats that come with this technology. Whilst gaps in cyber security are present in the blockchain operations itself, there are gaps in the human security of blockchains and cryptocurrencies. Users can still get phished, spoofed, and socially engineered by cyber criminals who know what they are doing.

Who is being targeted with blockchain/crypto scams?

As younger generations adopt cryptocurrencies and blockchain technologies, they have become the go-to prime target for scammers. According to Norton, those aged 20 to 49 are more than five times as likely to lose money to crypto scams than older age groups.

Examples of blockchain/crypto scams

At the start of 2022, cryptocurrency exchange Wormhole lost a staggering $320 million after a cyber-attack. In fact, according to the FTC (Federal Trade Commission) crypto scammers have stolen more than $1 billion since 2021. Blockchain technology and crypto are not as secure as once thought and inventive scams are proving to be extraordinarily successful.

Giveaway scams: Giveaways and prize draws are quite common in the cryptocurrency space. Often, legitimate organisations will use giveaways to increase popularity or create hype around a new coin or NFT (Nonfungible Token) line. However, giveaway scammers lure victims in using fake social media profiles impersonating celebrities. The most common method is to ask for crypto in return for a multiplied repayment. In most cases, users will not realise they are sending crypto directly to scammers who will never contact them again. According to the FTC, Elon Musk impersonators have stolen more than $2 million in cryptocurrency as a part of giveaway scams.

• Wallet phishing: Cyber criminals will use any platform for social engineering. There have been reports and instances of cyber attackers using phishing emails to pose as legitimate digital wallet providers, to obtain an individual’s wallet encryption key. They can then access their digital wallet and plunder the contents. South Korean cryptocurrency exchange Bithumb was compromised by hackers, who then used the moniker of Bithumb to scam more than 30,000 users out of their authentication details to steal their cryptocurrency.
• Rug pull scams: Rug pull scams are often pulled alongside NFTs (Nonfungible Token). Scammers shill for a new NFT (Nonfungible Token) project to get funding. Once they get significant monetary funding for their illegitimate NFT project, they pull out all the money and dump the NFTs, which also dumps their value. When Netflix released their hit show Squid Game, some scammers created the Squid Coin, knowing the show’s popularity would bring investors and buyers to the new coin/NFT. Instantly, Squid Coin’s value rose from 1 cent per token to $90 per token. The scammers then pulled over $3 million out of the scheme and disappeared.
• 51% attacks: Another common blockchain attack is a network 51% attack. Here, a perpetrator, takes control of more than half of a blockchain network’s power. This then allows them to control the supposedly immutable ledger of transactions. 51% attackers have computational power over the blockchain and can both create new transactions and alter others. Ethereum has suffered a 51% attack in the past, with attackers stealing more than $1 million.
• Romance scams: A peculiar scam that has transferred from traditional platforms to crypto is the romance scam. Using dating apps, crypto scammers catfish unsuspecting users to buy them things using crypto or to outright send them crypto. We have seen a massive increase in romance scams, also known as pig butchering scams, since the Ukraine/Russia war started. Researchers at BitDefender Labs have found that scammers in Turkey are targeting users in the US, UK, Ireland, Sweden, Germany, and Denmark with Romance Scams. Gullible individuals in the aforementioned nations are receiving messages flaunting ‘Ukrainian singles’ in exchange for personal information and access to a ‘dating site.’ Here, the scammers start charging these individuals with massive packages and use crypto transactions to hide their tracks.
• Crypto investment scams: One of the most common schemes scammers attempt is to contact potential investors claiming to be crypto managers. These scammers position themselves as successful cryptocurrency millionaires who promise their target similar returns. Often, these scammers request an upfront fee and are gone before the target knows what has happened. In some cases, the schemers also get a hold of encryption keys and personal information, allowing them to lock their victim out of digital wallets permanently. According to the FTC, 14% of all reported losses to imposter scams involve cryptocurrency.
• Man-in-the-middle attacks: People are still not aware of the dangers of using public wi-fi or surfing online in a public location. Scammers are intercepting cryptocurrency wallet encryption codes and account details before plundering their wallets and leaving them with nothing. A man-in-the-middle attack intercepts wi-fi signals on compromised networks. One can avoid man-in-the-middle attacks by simply avoiding using public networks or using a VPN (Virtual Private Network) service to encrypt your data.

How to spot a blockchain or cryptocurrency scam?

Now that you know the most common and devastating attacks that occur on the blockchain or using crypto, let us look at some warning signs to keep in mind to avoid such schemes. If you think you are potentially getting scammed, ask yourself:

• Is this offer too good to be true?
• Is this a ‘get rich quick’ scheme?
• Does the domain start with “HTTPS”?
• Are they asking for payment in crypto?
• Are you being asked for your account login details?
• Do they have a whitepaper that explains the cryptocurrency/coin?
• Do the team members have names that you can search on social platforms?

If you have asked yourself all these questions, here are a few more things to be aware of:

• Have you researched the investors/coin/exchange thoroughly?
• Are they asking for urgent transactions? (If so, resist)
• Have you verified their promises and guarantees?

What to do if you fall victim to a scam?

Those who lose crypto assets or are scammed on the blockchain can report their case to the FTC (US) or the NCSC (National Cyber Security Centre) (UK) but getting back your money is not a forgone conclusion. You should also contact your bank immediately if a debit/credit card is involved or if any personal information has been shared.

You should also quickly change your usernames and passwords to prevent further damage. If you have been scammed on a social media platform, you should report said scam to the platform so other users do not fall for it as well.

In Conclusion

Blockchain technology and cryptocurrency is ever growing and still evolving at a break-neck pace. With such vast and rapid developments, there is a constant cyber risk. In fact, cryptocurrency scams have risen by a whopping 516% from 2020 to 2022, with scammers stealing $8 billion worth of cryptocurrency in 2021!

Any business owners or employees that are readily using blockchain technology or crypto, need to be aware of the cyber threats they will face and how to spot, avoid and report them.

The blockchain and cryptocurrencies are just as vulnerable as traditional banking and financial platforms despite purporting to be otherwise. The differences come with a lack of knowledge and awareness amongst users and employees who must use crypto or blockchain technology. And the solution is always the same: increase employee awareness and understanding of cyber security.

If you would like more information about how The Security Company can help deliver security awareness training for your employees or how we can run a behavioural research survey to pinpoint gaps in your security culture, please contact  Jenny Mandley.