scammers

Crypto catfishers ditch fake exchanges for approval phishing scams

According to on-chain analytics firm Chainalysis, romance scammers increasingly use this method to steal their victim’s hard-earned crypto.

Crypto romance scammers — a cohort of crypto-stealing smooth-talkers — appear to have a new trick up their sleeves: targeted approval phishing.

In a Dec. 14 report from on-chain analytics firm Chainalysis, the firm noted that the technique has seen explosive growth over the past two years, with at least $374 million in suspected stolen crypto in 2023.

Approval phishing is a crypto scam where victims are tricked into signing transactions that give scammers access to wallets, allowing them to drain funds. While this isn’t new, Chainalysis said the technique is now utilized more often by pig-butchering scammers.

Read more

Beware of fake Arbitrum airdrops, community warns

The community has warned others to stay vigilant after reports of phishing websites and scams offering Arbitrum airdrop tokens.

Ethereum layer-2 scaling solution Arbitrum’s upcoming “ARB” token airdrop appears to have become a popular target for scammers, with the community warning of hundreds of phishing scams aimed at tricking crypto users.

Announced in a March 16 post by the Arbitrum Foundation, the airdrop will send out 10 billion governance tokens via a token airdrop, allowing holders to vote on code changes. The airdrop is set for March 23.

Unfortunately, the development has led to more than a few attempts from scammers to set up fake token airdrops aimed at stealing funds from victims ahead of the official event.

In a March 19 post, blockchain security company, Redefine, said it found a website impersonating an official Arbitrum airdrop website. The screenshots show the website asks a user to allow access to their funds, which would presumably result in the scammers draining their wallet.

Blockchain security company Redefine has found several websites impersonating official Arbitrum airdrop website. Source: Redefine

CertiK, another blockchain security firm, pointed to a fake Arbitrum Twitter account — “arbitrum_launch” — advertising a token airdrop. It has warned users not to interact with it.

Meanwhile, Reddit user u/CryptoMaximalist posted a thread on March 19, warning that “scammers are hoping to capitalize on the complexity of crypto and users excited for free money.“

According to u/CryptoMaximalist, they found fake Arbitrum Twitter profiles with links to fake Arbitrum websites, advising everyone to check a user’s profile and history, and check if they are spamming links across many subreddits before clicking on shared links.

Last week, Web3 anti-scam tool Scam Sniffer told its Twitter followers that it had already detected more than 273 phishing sites related to Arbitrum since the token airdrop was announced, with the number expected to rise before the official drop on March 23.

According to the Arbitrum Foundation, it used a points system to determine who could claim tokens in the Airdrop and how many they could claim.

Related: Navigating the world of crypto: Tips for avoiding scams

Qualifying actions included completing more than four transactions or interacting with at least four smart contracts, bridging funds into the Arbitrum One chain and depositing more than $50,000 of liquidity into Arbitrum.

Blockchain analytics firm Nansen, which helped develop the criteria with Arbitrum, revealed that out of more than 2.3 million wallets bridged on the Arbitrum One chain before Feb. 6, only 625,143 are eligible for the airdrop.

The Arbitrum airdrop had a long list of eligibility criteria. Source: Nansen

“Organic activity earned positive (behaviors to encourage) or negative behaviors to discourage) points. The number of tokens that a wallet received in the airdrop was a function of how many points it collected,” Nansen explained in a tweet on March 16.

Scam alert: $300K stolen by fake Blur airdrop websites

Unsuspecting users looking to claim Blur token airdrops have had funds stolen by a number of fake websites.

Scammers continue to prey on nonfungible token (NFT) users looking to claim Blur (BLUR) token airdrops through numerous scam websites.

According to data from TrustCheck, over $300,000 has been stolen from unsuspecting users that have linked wallets to malicious websites.

The legitimate Blur platform is a newcomer to the NFT marketplace space, making waves in the industry with booming user numbers and trading volume directly resulting from the platform’s three-phase airdrop incentive scheme. 10% of Blur’s total token supply was distributed to users based on their trading activity in its second token airdrop scheme from Feb. 15.

The first airdrop was retroactive, awarding tokens to anybody who traded an NFT on Ethereum in the six months leading up to the platform’s launch in October 2022. The second airdrop awarded tokens to users who listed NFTs before Dec. 6, while the third awarded tokens to users placing bids on the platform after the feature went live.

Related: What is a phishing attack in crypto, and how to prevent it?

Given the incentive program’s mechanics, many users have been looking to claim BLUR tokens across the NFT ecosystem. This created an opportunity for scammers to promote fake airdrop links to malicious websites.

Data shared with Cointelegraph from Ethereum-based Web3 browser security extension TrustCheck, reveals that over $300,000 worth of funds have been stolen from 24 different scam websites since Feb. 15. A handful of these websites are still functional, with users warned to be wary when connecting wallets.

A screenshot of a fake website looking to scam users attempting to claim BLUR token airdrops. Source: TrustCheck

The websites use smart contracts that automatically prompt transactions when users connect their Ether (ETH) wallets. All the ETH from the wallet is then drained to a specific address, which has allowed TrustCheck to keep tabs on the number of funds stolen to date.

Tools like TrustCheck will flag suspicious websites and transactions, warning Web3 users of potential fake websites and smart contracts.

Blur has also been in the spotlight due to reports of users carrying out NFT wash trading in order to cash in on its token airdrop incentive scheme. However, data analytics carried out by data scientist Hildebert Moulié on Dune suggests that Blur’s NFT trading volumes are legitimate.

Fake websites and phishing attacks are commonplace across the internet, while scammers continue attempts to drain funds through Web3 functionality. In February 2023, a URL masquerading as the ETHDenver conference website was linked to a notorious phishing wallet address that has stolen over $300,000 to date.

In late 2022, scammers also preyed on FTX investors by using phishing websites scrambling to recoup funds after the implosion of the failed cryptocurrency exchange.

Bitcoin ATM firm allegedly profited from crypto scams via unlicensed kiosks: Prosecutor

More than 50 crypto kiosks were seized in the investigation led by the U.S. Secret Service’s Cyber Fraud and Money Laundering Task Force.

A Bitcoin (BTC) technology firm and its executives have been indicted for allegedly operating unlicensed crypto kiosks in Ohio thatknowingly benefited from victims of cryptocurrency scams.

S&P Solutions, which operated as Bitcoin of America, along with three of its executives, are facing charges of money laundering, conspiracy and other crimes connected to the operation of more than 50 unlicensed crypto kiosks in the state.

A Cuyahoga County grand jury returned the indictment on March 1 against the firm, the owner and founder, Sonny Meraban, manager Reza Meraban, and company attorney William Suriano. The trio was arrested last week and search warrants were executed on their residences in Florida and Illinois.

According to the prosecuting attorney Andrew Rogalski, romance scammers, law enforcement impersonators, and “robocallers” exploited the lack of Anti-Money Laundering protections in the firm’s systems to transfer funds out of users’ crypto wallets.

Rogalski commented during a press conference that “these ATMs are ready-made for scammers,” adding that they: 

“Direct the victims, which are often elderly or otherwise vulnerable, to specifically go to Bitcoin of American ATMs, take money that they’ve withdrawn from their savings accounts or 401Ks.”

They are then instructed to put the cash into the machine in exchange for BTC in a wallet they think is theirs but have no control over, he explained.

He added that in one instance, an elderly gentleman lost $11,250 in three transactions to one of the dodgy kiosks in under an hour to this scam.

Product image of a Bitcoin of America kiosk. Source: Bitcoin of America

Meanwhile, the company allegedly pocketed a 20% transfer fee each time this occurred and continued to do even after learning they were fraudulent.

The indictment also accuses the company of being able to operate due to “written misrepresentations regarding the nature of their business to government agencies,” helping it run the kiosks without a money transfer license, according to a March 3 report from Law360.

Related: Crypto ATMs emerging as popular method for crypto scam payments — FBI

Authorities seized 52 Bitcoin ATMs last week, but the firm has more in Ohio and other states. Bitcoin of America made $3.5 million in profit from cash deposits at these unlawful kiosks in 2021, Rogalski said.

Officials believe the firm has been operating and evading regulatory safeguards and financial compliance requirements since 2018.

The investigation into the firm and its executives was reportedly spearheaded by the United States Secret Service’s Cyber Fraud and Money Laundering Task Force.

In October, the FBI’s Miami Field Office warned that crypto ATMs were becoming a popular vehicle for scammers to defraud victims in an increasing trend of “pig butchering” scams.

Bitcoin ATM firm profited from crypto scams via unlicensed kiosks: Secret Service

52 crypto kiosks were seized in the investigation led by the U.S. Secret Service’s Cyber Fraud and Money Laundering Task Force.

A Bitcoin (BTC) technology firm and its executives have been indicted for allegedly operating unlicensed crypto kiosks in Ohio which knowingly benefited from victims of cryptocurrency scams.

S&P Solutions, which operated as Bitcoin of America, along with three of its executives are facing charges of money laundering, conspiracy, and other crimes connected to the operation of more than 50 unlicensed crypto kiosks in the state.

A Cuyahoga County grand jury returned the indictment on Mar. 1 against the firm, the owner and founder, Sonny Meraban, manager Reza Meraban, and company attorney William Suriano. The trio was arrested last week and search warrants were executed on their residences in Florida and Illinois.

According to the prosecuting attorney Andrew Rogalski, romance scammers, law enforcement impersonators, and “robocallers” exploited the lack of anti-money laundering protections in the firm’s systems to transfer funds out of users’ crypto wallets.

Rogalski commented during a press conference that “these ATMs are ready-made for scammers,” adding that they: 

“Direct the victims, which are often elderly or otherwise vulnerable, to specifically go to Bitcoin of American ATMs, take money that they’ve withdrawn from their savings accounts or 401Ks,”

They are then instructed to put the cash into the machine in exchange for BTC in a wallet they think is theirs but have no control over, he explained.

He added that in one instance, an elderly gentleman lost $11,250 in three transactions to one of the dodgy kiosks in under an hour to this scam.

Product image of a Bitcoin of America kiosk. Source: Bitcoin of America

Meanwhile, the company allegedly pocketed a 20% transfer fee each time this occurred and continued to do even after learning they were fraudulent.

The indictment also accuses the company of being able to operate due to “written misrepresentations regarding the nature of their business to government agencies,” helping it run the kiosks without a money transfer license, according to a Mar. 3 report from Law360.

Related: Crypto ATMs emerging as popular method for crypto scam payments — FBI

52 Bitcoin ATMs were seized last week, but the firm has more in Ohio and other states. Bitcoin of America made $3.5 million in profits from cash deposits at these unlawful kiosks in 2021, Rogalski said.

Officials believe the firm has been operating and evading regulatory safeguards and financial compliance requirements since 2018.

The investigation into the firm and its executives was reportedly spearheaded by the United States Secret Service’s Cyber Fraud and Money Laundering Task Force.

In October, the FBI’s Miami Field Office warned that crypto ATMs were becoming a popular vehicle for scammers to defraud victims in an increasing trend of “pig butchering” scams.

California regulator launches complaint-based crypto scam tracker

The regulator receives thousands of consumer and investor complaints about possible crypto scams each year, and it appears it’s done something with the information.

The California Department of Financial Protection and Innovation has launched a new crypto scam tracker to help traders and investors spot possible industry threats.

zDFPI launched the tracker on Feb. 16. It’s based on user complaints, with the department compiling a list of crypto-related grievances by victims who claim to have been scammed or have identified attempted scams.

The complaints listed represent descriptions of losses incurred in transactions that victims have identified as part of a fraudulent or deceptive operation. However, the DFPI stated that it had not verified any of the scams listed, but noted that it receives thousands of consumer and investor complaints each year.

The latest scams listed on the new scam tracker. Source: DFPI

“Scammers are in the shadows using the public’s interest in crypto assets to take advantage of the most vulnerable Californians,” said DFPI Commissioner Clothilde Hewlett. She added that the department was taking action to identify them:

“Through the new Crypto Scam Tracker, combined with rigorous enforcement efforts, the DFPI is committed to shining a light on these ruthless predators and protecting consumers and investors.”

The majority of the 36 complaints already listed in the tracker were social media and social engineering scams where users have been duped into taking action via scams on Facebook, WhatsApp, Instagram, TikTok and dating apps.

Four-fifths of them were what the DFPI refers to as “pig-butchering scams,” which are essentially social engineering attempts by scammers trying to establish a relationship and trust with the victim.

DFPI spokeswoman Elizabeth Smith said that “We have heard from consumers that scam alerts help them avoid similar scams.”

Related: Here’s how to quickly spot a deepfake crypto scam

Imposter websites are also one of the most commonly reported scams, according to the DFPI. “When companies or websites (fake or not) have a look- or sound-alike names, the potential confusion created for consumers is real,” it said.

The tracker also has a search function enabling users to look up potentially fraudulent websites or crypto projects in advance.

Crypto scammers feel the chill: Revenue drops 46% in 2022 — Chainalysis

Falling crypto prices caused crypto scam revenue to plummet in 2022, but two scam types managed to persist.

Crypto scam revenue was slashed by almost half in 2022 due mainly to falling crypto asset prices, but two scam types managed to stay immune.

Crypto scam revenue in 2022, which includes investment scams, NFT scams and romance scams, among others, amounted to $5.9 billion in the year — down 46% from 2021.

The data came from a Feb. 16 crime report from Chainalysis, which attributed most of the decline in scam revenue to poor market conditions, as lower crypto prices generally result in lower scam performance.

Yearly crypto scam revenues from 2017-2022. Source: Chainalysis.

Chainalysis however pointed to two different scam types that managed to stay relatively immune to the price falls — romance scams and giveaway scams.

“Scam revenue throughout the year tracks almost perfectly with Bitcoin’s price, consistently maintaining a three-week lag between price moves and changes in revenue. However, not every distinct type of scam follows this pattern — some types of scams see revenue changes increase as crypto asset prices decrease,” explained the firm, adding: 

“For instance, unlike other kinds of scams, romance and giveaway scams don’t show a positive correlation with Bitcoin’s price.”

Romance scams, while having lower overall revenue as a category, racked up the highest average victim deposit size in the year — with the average victim losing just under $16,000, nearly 3x more than the next biggest scam type. 

Average losses for victims throughout 2022 by scam type. Source: Chainalysis.

Romance scams typically involve building a relationship with the victim, with the scammer convincing them that they need their help.

Chainalysis said that these scam types are most likely to persist when crypto prices are down because it’s playing to a victim’s compassion rather than greed. 

“That kind of emotional pitch is probably equally effective regardless of trends in the wider market, because the victim’s primary goal isn’t to get rich quick, but rather to help someone they believe to be a potential romantic partner,” the firm wrote.

Related: Scammers are targeting crypto users with new ‘zero value TransferFrom’ trick

Romance scams, and particularly “pig-butchering” scams, have been seen as a growing area of concern within crypto.

For example, a United Kingdom investigation published on Jan. 29 found that half of all crypto companies involved with scams in the state were linked to pig-butchering scams.

FTX customers warned of scammers baiting them with return of assets

Scammers have been trying to trick customers by offering them the prospective return of their assets.

Bankrupt crypto exchange FTX has acknowledged a recent spate of third-party scams and frauds aimed at swindling its already-embattled customers.

On Feb. 3, FTX issued an alert to its customers regarding recent attempts by fraudsters about scam attempts, including asking them for money, fees, payments or account passwords.

“We are aware of active third-party scams and frauds seeking to take advantage of FTX customers,” the company warned.

FTX added that its debtors and agents will never ask customers to pay fees or provide account passwords in connection with the “return or prospective return of customer assets,” and encouraged potential victims to contact the official FTX debtors email address to confirm the legitimacy of the messages.

Scammers riding on the collapse of FTX have been upping their game for the past couple of months.

In late December, the Oregon Division of Financial Regulation warned that scammers were seeking opportunities to “re-victimize those who have already been harmed and are trying to find ways to recover their losses.”

It cited a fake website claiming to be managed by the U.S. Department of State working on getting FTX customer assets returned to them and asking for their account details.

In November, a deep fake video surfaced online featuring FTX founder Sam Bankman-Fried claiming to double customer crypto compensation. It lured victims into visiting a malicious website offering the crypto giveaway in exchange for tokens sent to the fraudsters.

Related: FTX sister company Alameda Research sues Voyager Digital for $446M

Meanwhile, in a recent development in FTX’s bankruptcy proceedings, the states of California, Texas, and New Jersey have joined calls for for an independent examination of company financial statements.

Another report concerning Bankman-Fried, published by Reuters on Feb. 2, has revealed that the crypto entrepreneur is in talks with federal prosecutors to resolve a dispute over his bail conditions.

Earlier this week, the judge overseeing the case temporarily barred Bankman-Fried from contacting FTX or Alameda employees.

Web3 sees 15 new scam smart contracts an hour — Solidus Labs

Solidus Labs, which has been monitoring 12 leading blockchains, has detected the majority of scam-like tokens originating from Binance’s BNB Smart Chain.

The Web3 and cryptocurrency space is seeing a significant amount of smart contract scams proliferating, with blockchain risk monitoring firm Solidus Labs saying it has detected on average 15 newly deployed scams every hour.

Solidus Labs said on Oct. 27 that it had been monitoring 12 blockchains including Ethereum, Polygon and BNB Chain since Oct. 10, and in that time, had detected 188,525 smart contract scams.

Former United States Consumer Financial Protection Bureau director Kathy Kraninger, who is now Solidus’ vice president of regulatory affairs, said in the statement that “while some of the big rug pulls and scams make the news, […] the full picture stemming from our data shows the vast majority of these scams go unnoticed.”

The firm also shed some light on the number of tokens that are scams, saying 12% of BEP-20 tokens — BNB Smart Chain’s token standard — exhibit fraudulent characteristics marking it as the blockchain with the most cryptocurrency scams.

Ethereum’s native ERC-20 token standard came second, with 8% of the blockchains’ tokens exhibiting scam-like characteristics, according to the company. It also estimated around $910 million worth of Ether (ETH) related to scams had passed through centralized and regulated exchanges.

Solidus said these so-called “scam token smart contracts” are hard-wired to steal investors’ funds and fit alongside other abusive practices such as rug pulls, where the developer steals the invested funds and token impersonations that aim to trick people into investing by mimicking popular cryptocurrencies.

It said these types of contracts are “automatically deployed and easily repeated” with scammers able to quickly complete thousands of low-value attacks with exchanges, regulators and authorities none the wiser.

Related: Google still promoting crypto phishing sites warns Binance boss

It’s not only scamming cryptocurrencies that investors need to watch for, hacks are also on the rise, with October being possibly the biggest month ever for crypto hacking activity, according to analytics firm Chainalysis.

Chainalysis director of research Kim Grauer said in an interview with Cointelegraph that the amount of value stolen in crypto hacks is on track to hit all-time highs in 2022, with a vast majority targeting decentralized finance (DeFi).

The Web3 and cryptocurrency space is seeing a significant amount of smart contract scams proliferating, with blockchain risk monitoring firm Solidus Labs saying it has detected on average 15 newly deployed scams every hour.