A Brief Rundown of Crypto Scams
The web3 industry has been subject to scrutiny due to the growing number of scams and amount of money that has been stolen. In 2020, $7.8 billion was lost through scams; this number has skyrocketed to nearly $14 billion in 2021. But, why are these scams happening? This article explores this question, and introduces you to the types of scams in the crypto industry. We also look at how specific crypto scams happened (Bored Bunnies NFTs for instance), and hopefully we can avoid these problems in the future.
Introduction
Cryptocurrency has been a whirlwind of rapid innovation, opportunities to improve transparency and democracy within an economy, and…scam artists making away with billions of dollars at once. Everyone remembers the infamous OneCoin scam (estimated to be $25 billion!), and the most recent case of a couple that laundered $4.5 billion worth of Bitcoin. Unfortunately, this perplexing number of thefts is something that web3 enthusiasts have just one answer for: “only time will tell”. Everyone involved in the space counts on growth in the infrastructure, and involvement of regulation, to make the industry much safer than it is currently.
While hacks have a lot to do with bugs in smart contract architecture, the instability associated with emerging technologies, and sometimes just human error, the scams occurring in the cryptocurrency industry are a genuine cause for concern.
One of the major reasons for this was easy deployability of dApps in the web3 space. Anyone can release a project as there aren’t any restrictions involved, regulatory or otherwise. Unfortunately, this has also allowed multiple scam projects to be released along the revolutionary ones. But, what else?
Why Do Crypto Scams Happen?
There are a multitude of reasons as to why crypto scams are so prevalent. I believe that there could be three overarching ones that have led to this kind of explosive growth – anonymity/pseudonymity of founders, a lack of clarity on the technical infrastructure behind protocols (for the general user), and a market steeped in FOMO.
Firstly, scams often happen because successful protocols can often be created without needing a real name or face behind them! We’ve arrived in a world where the person behind the protocol doesn’t matter as much as the brains behind the protocol – a true meritocracy. I consider it to be one of the greatest aspects of crypto – your race, gender, and sexuality doesn’t matter, you just need to be passionate! A growing number of creators are just an NFT profile photo and “Cryptojesus”-esque usernames. Everyone from twitter experts to discord moderators don’t always have a real name/face attached to their online personality! And, how can we not mention that the very person who’s allowed us to have this conversation – a Mr. Satoshi Nakamoto – is completely unknown! However, scam artists misuse this niche as an opportunity to hide their real identity without compromising their trustworthiness. It’s unfortunate that a push for equality makes crypto scams easier to accomplish, and hopefully this becomes less prevalent over time.
Secondly, there is a growing number of protocols with very intricate architecture that cannot be understood by a general user. I can honestly say that a majority of Anchor users don’t fully comprehend how Anchor works, but simply take advantage of the ~20% APR. So, if another protocol comes out with ridiculously high APR, but outlines some incomprehensible architecture, this would still attract the crowd – the users who just want to enjoy high returns.
Thirdly, this problem of illegible architecture is compounded by the FOMO effect we’ve seen across capital markets over the last few years – everyone wants to beat the curve. People could compromise their lack of understanding of a protocol, base their investment solely off of a Tweet or an outrageous promise by the protocol, and then invest in scam projects.
Aside from these three reasons, I also believe that the growing number of scams is also a consequence of the number of ways in which scams can be designed! The lack of federal involvement and a structured market has led to a certain free-for-all, where intelligence and technical know-how hasn’t always been used for good. Let’s look through the most popular types of scams that currently exist in this mad world of web3.
Types of Scams
Pump-and-dump
Pump-and-dump schemes have been around ever since securities trading started nearly a century ago. This is how it works:
A scam artist buys a large volume of a security
This injection of large amounts of capital slightly appreciates the price
The artist begins a form of social engineering where this security is subtly marketed (sometimes through anonymous accounts!) and positive news is spread amongst communities
Some investors who see these “signals” invest in this security
The artist waits for the price to consequently appreciate
Then, they sell off their enormous position at the peak of the price and crash the security entirely.
They do it all over again.
While the SEC, FINRA, and other financial regulators across the world have put several measures in place to curb market manipulation like this, crypto is still the Wild West.
Cryptocurrency pump-and-dumps are typically organized on private discord servers. A community comes together and highlights a certain crypto to carry out their scam. A large amount of capital is then collectively invested into the crypto, which results in a certain amount of price inflation. The members of this server use their social media influence, anonymous accounts in other Discord servers, and so on, to market this crypto as an investment opportunity. After more money pours in from other users and the price appreciates even further, the scam artists sell off their positions – making profit from the price appreciation but crashing the crypto in the process.
The most recent pump-and-dump scheme that was exposed was a community created by @blockchainedbb on Twitter (over 116K followers!). Here’s a thread outlining how they conducted their scam:
One of the most influential pump-and-dump schemes was that of Gamestop (GME) and AMC, conducted by the Reddit forum r/wallstreetbets. Over 2021, the biggest crypto pump-and-dump schemes were that of LUNA, Shiba Inu, and GALA.
Unfortunately, these kinds of scams are hard to curb. This isn’t just one user with a large amount of capital that’s influencing the market, it’s a whole community. Hopefully, as more regulation enters the market these kinds of schemes can decrease in their prominence, but again: only time will tell!
Rug Pulls
A rug pull is an umbrella term used for scams where a team essentially defrauds its own investors by “pulling the rug underneath from them”. There are several ways a team can accomplish this. By liquidating all the currency that users placed in their protocol (perhaps as collateral), by creating a backdoor (where users don’t have custody of the tokens they were meant to receive), or by simply creating a pump-and-dump scheme of their own token!
An example of liquidation rug pull occurred recently through a project called BNB42. The project promised investors 20% daily ROI, and a profit margin of 200% to investors who’d lock their funds (in BNB) for 10 days. The project claimed to be 100% decentralized, and amassed a large following. PeckShield (an organization that monitors rug pulls) then announced that BNB42 liquidated 6400 BNB ($2.7 million) from an unverified contract where it held funds from its investors, leaving them with nothing. The attackers made off with this money, and haven’t yet been found.
A huge liquidation rug pull occurred in the form of a centralized entity, where a chief executive of Thodex (a Turkish exchange) stole nearly $2 billion from its investors!
One of the most prominent examples of a hard rug pull (where the protocol adds certain clauses to its smart contracts) occurred with the $SQUID token. The hype generated by the immensely successful Korean show Squid Games resulted in a massive price rally for the $SQUID token, slowly climbing up 100%, 200% and so on. However, users realized that they couldn’t sell their SQUID token! There was a segment of code added to the $SQUID contract that only allowed the protocol to sell the token, not the users. Most traders didn’t spot this until much later, but the $SQUID founders had stolen all holdings by that time.
Two things matter here: the trust of a protocol by the web3 community (Uniswap: high trust; Squid Games: probably, low trust), and the fine print in smart contracts. But, this is where my previous point of why these scams occur comes into picture: how many regular traders can break down Solidity contracts and understand the entire underlying mechanism? Definitely not the majority. This is where malicious actors count on the complexity of web3 and crypto to scam investors and traders – they count on the knowledge gap between tech and finance, and steal the funds before users realize what happened.
Celebrity Hype
This is probably the scam that irks me the most – truly. As a web3 fanatic, I can understand rug pulls and pump-and-dump schemes; they will hopefully be curbed by regulation, smart contract auditing, and improving technical infrastructure. But all these NFTs projects that celebrities like David Dobrik and Lana Rhoades advertise, only for a rug-pull – it’s really a punch in the gut.
In this type of scam, projects count on the hype generated by celebrities and their fandom to sell NFTs, then steal the money over time. Bored Bunnies, CryptoSis, and BoredPunks are all projects that have ripped off users as a result of misinformed celebrities who knowingly or unknowingly take a massive chunk from the stolen funds
For this, celebrities just need to be more aware. They need to understand the responsibility they hold, and conduct adequate research before agreeing to get paid for a sponsorship. Understandably, this entire space is in its infancy and people need time to adapt – we just need to adapt quicker.
How to Avoid Scams
Read, read, and read
They key to guiding through this Wild West of crypto is to learn – read through the whitepaper, understand how smart contracts work, stay up-to-date with crypto twitter and experts in the space. Don’t fall for what your favorite celebrity tells you, don’t worry about FOMO – just make sure you understand a token/protocol through and through before investing in it. If you lack the technical know-how and don’t want to learn, then get a trusted source to ELI5 the protocol for you before you invest.
If you can, it’s also helpful to understand smart contract architecture and make sure that there is no risk to your funds. Hopefully the growing number of smart contract auditing companies, as well as scam trackers like Cetrik, will result in a lot more safety in terms of hard rug pulling. But, it’s always beneficial to break down smart contracts by yourself!
I’m not here to tell you how to conduct your research – just never invest in a crypto project based off of hype. Hype-generated projects are always, always, ngmi. Invest in the technology and the value its architecture will create in the future, not in tokens that you think will earn you a quick buck.
Protect Your Seed Phrase & Don’t Trust DMs
WARNING: Never disclose your backup phrase. Anyone with this phrase can take your Ether forever.
This warning is given by Metamask the moment you open your account – you should not share your seed phrase with anyone.
Never, ever, ever, ever, ever, ever, ever, ever share your seed phrase with anyone. It’s for you, and you alone, and many investors have lost money in social engineering schemes in which they’ve shared their seed phrase. No one needs your seed phrase for anything else other than to access your account – please don’t share it.
Oftentimes, a lot of users receive DMs from bots or scammers requiring their seed phrase. No one needs your seed phrase for anything else other than to directly access your account – please don’t share it.
Sometimes these DMs involve promises of high APRs and risk-free returns; these claims are outlandish and definitely not true.
Just “Block” & “Report as Spam”.
Verify the Creators & Cross-check the “Investors”
While the anonymity of web3 is great – in terms of creating a meritocracy where your age, gender, race, and sexuality don’t matter – it is always a risk unless a trusted source says otherwise. Essentially, do not invest in a project whose founders are anonymous and that has not been discussed by trusted and established sources within web3.
It is also important to verify that any VC-backing is real – and that the VC firms aren’t elaborate scams themselves!
The Threat of Scams to the Future of Web3
My biggest fear when considering this, especially upon writing this article, is that scams will prevent institutional DeFi from entering the space. ICOs and IDOs are still unregulated, there are way too many hacks and rug pulls for institutions to place large amounts of capital in DeFi – and this really poses threats to the future of web3.
Another major aspect of the threat of scams is simple – public perception. I’m a firm believer that anybody who spends a few hours understanding web3 and crypto will understand its impact on the future. Any FUDder of crypto are those who don’t read through the underlying technology, and instead draw negative attention to Bitcoin’s proof-of-work, overpriced NFTs, and of course – scams and hacks.
Regulation has to enter the space, there needs to be a universal acceptance of smart contract auditing before tokens are onboarded to prominent DEXes, and the FOMO factor needs to stop – that’s the only way wagmi.
Author is a Decentralized Finance (DeFi) intern at Polygon, highly interested in synthetics, web3 derivatives, and blockchain applicability in the real world. They’re a student at New York University – Stern School of Business, studying finance and accounting with a joint minor in computers and math. Other interests range from sports to Seinfeld, and they can be reached on Twitter @AkhilVajjhala