Over the last few years crypto-related scams have surged. 7,000 people reported losses totalling more than $80 million between October 2020 and March 2021. Like they target online banks and loan providers, fraudsters are targeting crypto exchanges because it’s one of the quickest ways they can access the equivalent of digital cash.
What makes cryptocurrency so attractive to fraudsters?
As a sector, crypto is highly volatile and has seen a large amount of public interest. This in itself makes it an attractive and lucrative market for fraudsters. In addition:
Cryptocurrencies are digital by design. This means fraudsters only need access to a computer to leverage attacks such as hacking or phishing.
Transactions are irreversible. They can only be reversed by the person receiving the funds. So if a fraudster takes over an account, or funds are transferred to them, it’s virtually impossible to retrieve those funds.
Cryptocurrencies are decentralized. Cryptocurrencies can be held in custodial or non-custodial exchanges. If a custodial exchange is hacked, the crypto owner risks losing all of their assets, with no payment protection built in. If the owner holds crypto with a non-custodial wallet, it's hard to determine where the responsibility lies when fraud does happen.
Anonymity is built into the process. Crypto regulation is still evolving, and you generally don't need personal information to store or transfer crypto. It’s possible to track transactions on the blockchain, but fraudsters can create multiple wallets to make this harder, and even then it's difficult to identify who owns those wallets.
As a cryptocurrency provider, fraud affects you as much as it affects your customers. Your users might lose their money and assets, but this can cause long-term reputational and monetary damage to your business.
So what fraud scams and trends should your business be aware of?
Three common cryptocurrency scams and fraud trends
At Onfido, we’ve seen that as the price of cryptocurrencies goes up, so does the number of suspected fraudulent cases across our crypto customers. While not a scam in itself, this trend points towards fraudsters’ behavior.
As a crypto provider, you’re more likely to see a rise in fraudulent attacks (such as the ones outlined below) when the price of crypto is higher. Similarly, you might experience spikes in fraudulent activity during promotional campaigns, such as referrals or sign-up bonuses.
Fraudulent account creations
Fraudsters will routinely use fake or fraudulent identities to try and open accounts on crypto exchanges. The crypto regulatory landscape is fragmented, and providers are not always required to follow strict KYC protocols. But without effective KYC safeguards in place, it becomes very difficult to say who is a good or bad actor.
This year, Onfido has noticed an increase in fraudulent sign-up attempts among our crypto clients involving documents sourced from an image search. Fraudsters simply Google ‘passport’ or ‘driving license’ — the results provide a large number of photos of ID documents. They then use these images to create fake documents.
If fraudsters are successful in opening a crypto account with a fake identity they will go on to sell these ‘legitimate’ accounts for profit. Very often, these types of accounts will go undetected until it’s too late.
Cryptocurrency investment scams
Fraudsters often target victims directly with investment scams. This type of attack aims to get unsuspecting people to hand over money. They can be difficult to spot because the investment opportunity will often look legitimate.
Imposter websites and fake mobile apps: This is one way fraudsters try to trick unsuspecting customers into a crypto scam. Fraudsters set up websites to look like the original, or create fake apps available to download via the App or Google Play stores.
Email phishing: Fraudsters email potential crypto investors, often announcing fake initial coin offerings as a way to steal substantial funds.
Social media scams: Fake crypto social media accounts are widespread. Customers should avoid offers that come from Twitter or Facebook, especially if there seems to be an impossible return.
This is a type of fraud where scammers use someone else’s computer to mine cryptocurrency by getting victims to click on a malicious link. This then loads cryptomining code onto the computer. They can then steal cryptocurrency from digital wallets or use the hijacked computers to mine valuable coins.
How to protect against cryptocurrency fraud
Use secure, seamless identity proofing
Onboarding is your first line of defense. Allowing bad actors or possible fraudsters onto your platform is likely to cause problems at a later stage. All it takes is one newsworthy case of fraud to bring down a business. To protect your business in the long term, it’s best to stop fraudsters from signing up in the first place.
But on the flip side, you don’t want to make the sign-up process overly arduous for your genuine customers. This is where digital identity verification comes in. A flexible approach allows you to dial up and down the identity requirements your customers must fulfill in order to buy, sell or trade cryptocurrencies.
For example, you might leverage a document check alone for users that deal with small amounts of crypto, and reserve biometric checks for high-value transactions or more ‘risky’ users.
Educate your customers
In addition to measures you can put in place as a business, you can also educate your customers about what they can do to protect themselves from fraud.
For example, customers should watch for:
Obvious spelling errors in emails, social posts or other forms of communications
When visiting crypto websites, checking for a lock icon indicating security near the URL bar and whether https appears in the site address
Social media crypto schemes that seem too good to be true
Psychological manipulation such as pressure or urgency to transfer funds
For more information about fraud trends, and measures you can put in place to protect your business and customers, read Onfido’s Fraud Identity Report 2022.