Ask anyone who has followed the cryptocurrency space for more than a few weeks and they’ll tell you that the industry is rife with scams and frauds everywhere you look. From fake phishing websites to Ponzi Schemes, to fraudulent ICO’s to exchanges disappearing with people’s funds overnight, to Twitter and Telegram impersonation scammers to anonymous trading “gurus” that boast of how much money they’re making trading (and often solicit others ‘in’ before absconding with the funds), the list of scams involving cryptocurrency is a long one.

The word “scam” is also very vague. The term scam typically constitutes most actions by a perpetrator(s) that are outright fraud or allow for theft of the cryptocurrency from the victim. But there are many other scams as well. For example, there are cryptocurrency projects, often ICOs, that may be legitimate and well-intentioned at least at first (without fake ‘team members’), but slowly, over time, the project begins to fade away, before simply closing up shop entirely. This is what we consider to be the Soft Exit Scam. Other people use the term scam to simply describe anything they don’t like. Indeed, some Bitcoin maximalists even consider Ethereum itself to be a scam.

Given the number of investigations we’ve conducted into these types of scams, we feel we’re in an optimal position to help warn the public about the various scams in the cryptocurrency space. In this article, we detail all the types of scams and frauds that involve cryptocurrency, we point out the warning signs and ways you can prevent yourselves from becoming a victim, and we provide some insight on what recourse you have should you ever fall victim and whether or not it’s ever realistic to recover the applicable cryptocurrency. Cryptocurrency theft and hacking incidents are something we tackle in another article, List of Breach Vectors Hackers Exploit to Steal Cryptocurrency.


Phishing involves scammers disguising electronic communication (such as a website) to appear as if it was from the legitimate source they are posing as. Phishing comes in many forms. Fake crypto exchange websites, fake Ledger websites, fake websites to (legitimate) web wallets, fake phone applications, among many others. These fakes tend to do a fairly good job mimicking the real sources.

There are a variety of reasons a victim may click on a phishing link. It may have been posted on Twitter, Reddit, Bitcointalk, or they may have found it in an email, or in a Telegram channel they follow for example. Or they may find it when conducting a Google search as one of the top results if the scammer has properly utilized SEO to get the website or application listed high enough. These scammers also buy ads for their websites so it’s very possible a phishing link may end up being the top result on a Google search of yours!Bittrex phishing site

Look closely at the URL

The scammers often use very similar URLs and links whose differences are imperceptible in many cases. For example an uppercase ‘i’ may be used in place of a lowercase ‘L’. The phishing website isn’t actually dangerous unless you mistakenly believe it’s real, and given how difficult that can be to determine in many cases, it’s very much possible to fall victim to this scam. 

The goal of phishing websites is always the same; fool the victim into believing the source is authentic then get them to enter personal details such as a ‘seed phrase’, or username and password while they secretly record your information, and then utilize it to steal your funds shortly thereafter.

Hard Exit Scams

Hard Exit Scam, as CipherBlade defines it, involves a project that fraudulently obtains investor funds or customer assets and eventually shuts down, running off with the money. More often than not, the project was a ruse from the outset and only existed to garner as much funding from victims as possible. There are quite a few cryptocurrency-related projects that fit this category, some of which include investment schemes, fraudulent ICOs, and some cryptocurrency exchanges. Generally speaking, we feel most ICOs that ‘exit’ better fit the categorization of Soft Exit Scam which we talk about later, but there are some notable exceptions.


Purebit, Centra, ACChain, and CryptoKami are among some of the cryptocurrency projects that decided to raise funding under false pretenses and subsequently tried (or attempted to) run off with customer funds quite quickly. The founders of these projects had malicious intent from the start and never so much as intended on building a real platform or business with investor funds, which is why we consider them to be Hard Exit Scams. There are also a considerable number of less well-known ICOs that fit this categorization that never really had all that much publicity.

With most ICOs however, it’s a long ride to the bottom and the founders at least intended to create a real product, and just failed miserably doing so, allocating themselves healthy salaries and bonuses for their hard work in the process, and thus would be more accurately described as a Soft Exit Scam, which we discuss in more detail later.

Investment Schemes Masquerading as ICOs

Plexcoin, LoopX, Plustoken, Pincoin, Onecoin, and Cloud Token all had “ICOs” but frankly weren’t really ICOs at all. ‘ICO’ was just the descriptive they used to better solicit funding for their investment scheme, which could reasonably be described as Ponzi Schemes. In many cases, these projects didn’t even bother to create a coin or token for their ICO! So it would be hard to describe them as ICOs and they’d be better described as Investment Schemes that ‘Exit Scammed’, as naturally ends up happening with such schemes.

Also, there are no shortage of “Real estate-backed cryptocurrencies”, “gold-backed” and “diamond-backed” cryptocurrencies that conducted “ICOs” that fit this description either. 

What might surprise some people, however, is just how brazen these scammers are with what they do with the ‘investments’ from a forensics perspective. Often times, when conducting forensic investigations, we find fraudsters don’t even both trying to hide from us what they’re doing and elect to send funds directly or almost directly to exchanges like Binance and Huobi.


I want to stress that when an exchange goes bust, it’s not necessarily an ‘Exit scam’. Exchanges fail for a variety of reasons, sometimes taking customer funds with them, but that doesn’t necessarily make it a Hard Exit Scam. It’s extremely rare to find an exchange that was started by founders with the express intent of scamming customers from the outset. There are exchanges that took customer funds with them, but that more often than not that wasn’t the intent from the outset.

Hard Exit Scam from an exchange typically involves a sudden and sustained disappearance from the founders. Sometimes on the way out, they’ll quickly claim (falsely) that the exchange was “hacked” when in reality, any competent forensic investigation will reveal the founders took the customer funds for themselves. Exchanges that we feel meet these criteria include Bitsane, IDAX, and probably QuadrigaCX.

Generally speaking, if the exchange hasn’t falsely claimed that they were “hacked” and lost customer funds, and doesn’t vanish but rather continues to correspond with users on social media, it’s reasonable to presume it’s not a Hard Exit Scam unless solid evidence arises indicating otherwise.

Available Recourse

These actions typically constitute fraud among other crimes such as embezzlement. As scammers’ actions were fraudulent and malicious, recourse and recovery are typically best found with the help of law enforcement. Law enforcement is generally willing to pursue these cases as long as the loss is high enough to make it worth their resources, among a variety of other reasons. The reasons law enforcement neglects to get involved in some cases often boils down to lacking the technical expertise to properly investigate and uncover key information about the scams and frauds to allow for prosecution.

Furthermore, the law enforcement route is typically more effective than the civil route in these cases given the international nature of these cases where suspects are often anonymous; ultimately, the threat of jail time is far more effective at achieving funds recovery than the threat of a lawsuit for such scammers.

Soft Exit Scams

Soft Exit Scam, as CipherBlade defines it was not a blatant scam from the outset. Rather, things likely started out with good intentions on the part of the founding team, but over time things slowly fell into disarray, the business model clearly wasn’t working (if management even ever had one), and no one clearly cared about the project or business anymore, resulting in little or no activity. Incompetence from management and a series of very poor decisions along the way is often involved.

Eventually, it becomes clear to management that no, things are not going to get better and things are not going to “turn around”. There’s clearly no viable way forward, and management sees no point in continuing to invest further time and resources into the project. The problem is that they generally have investor’s funds tied up or invested in the project and/or have customer funds in their custody. In other cases, they may be insolvent.

ICOs, IEOs, and STOs

There are a variety of projects that fit this classification. Many readers will realize that many former ICOs, IEOs, and STOs fit well into this categorization. The founders may have genuinely had an idea they wanted to work on and bring to the market and started the fundraiser with the best of intentions, but sometime after raising customer funds, things just didn’t work out for a variety of reasons (no viable business model, completely unnecessary token, etc…). Their social channels and community fade into nothingness, before disappearing completely, and no one notices when they do.

I could give many examples of particular ICO projects that Soft Exited, but rather than doing so I’ll give an example of a project that actually decided to take what I’d consider reasonable corrective action in light of circumstances that arose; it involves DigixDAO and DGD token. In short, one could have reasonably concluded that there arguably wasn’t a DAO at all given how little governing authority token holders had and how many governing challenges there were. Rather than wasting customer assets, Digix ultimately agreed to refund DGD token holders from the treasury since the DAO clearly wasn’t working out, partially due to legal challenges. This certainly isn’t an endorsement of Digix, but in our opinion, Digix took reasonable corrective action here. If only other projects would do the same.

Investment Funds

But it’s not just ICOs that fit into this categorization. There are actual investment funds that fit into this categorization as well. And I’m not talking about the investment funds run by an anonymous pro trader on Twitter. Actual legally registered investment funds that abscond with customer assets, refusing to return them. The founders of these investment funds are not anonymous but nonetheless aren’t willing to return funds to their customers. In our experience, this is for one of two reasons:

  1. The founders have a considerable amount of customer assets in their possession and they think they can get away with absconding with customer assets, believing there’s little recourse available to their customers. However, what these Investment Funds aren’t aware of is that it’s very much possible to track exactly what they did with customer assets in an investigation.
  2. The founders lost customer assets day-trading or in a similar type of activity, and don’t want to tell their investors, as this would inevitably result in inquiries about how it happened, and into requests for transparency about precisely how it happened, which in turn is inevitably going to result in a lawsuit. Why would the former Investment Fund want to provide evidence of their incompetence on a silver platter to the soon-to-be plaintiffs? It’s far better to keep their customers in the dark about what happened.

Cryptocurrency Exchanges

We would also suggest lumping some Exit Scams by cryptocurrency exchanges into this categorization. Exchanges that disappear with customer assets weren’t always running a scam from the outset. In many cases, they were well-intentioned at least at first. However, there’s an incredibly high amount of competition between cryptocurrency exchanges resulting in very low profit margins. These exchanges have difficulty generating a minimal amount of genuine trading volume to give themselves some actual revenue needed to sustain themselves. At the same time, they’re seeing higher compliance and security costs.

Simply put, cryptocurrency exchanges almost operate in the red, at least until they get a healthy amount of genuine trading volume (which very few exchanges have by the way), and even then, it’s rough. And the question then becomes who funds the additional expenses? Venture Capital financing is one answer, but what if the exchange is unable to obtain VC financing? If they can’t increase revenues or obtain financing, their only option is to borrow against customer assets. When they do this, they become insolvent and operate fractionally. Just as with a Ponzi Scheme, eventually, they have little or no assets left on their books, and they have quite literally forced themselves to ‘Exit’, and have little to no assets to return to customers.

Available Recourse

In these Soft Exits, the founders generally start out with good intentions and aren’t anonymous. When people lose money in their investments with these projects, they sometimes get quite upset, but ultimately chalk it up to a bad investment in most cases, which it was in most cases, and take it as a lesson learned going forward. They generally think they have no recourse since law enforcement generally doesn’t do anything about these types of scams. In reality, there is recourse available in some cases, however, in these Soft Exits, recourse typically involves civil action rather than criminal action. Meaning, victim(s) need to be able to afford legal counsel in order to sue the scammer(s). In order to do so, they’ll typically need to produce ample evidence of the scam or fraud, which is typically best produced in the form of a professional investigation.

Impersonation Scammers

Impersonation scammers are all over the place. In some cases, it’s quite easy to spot them, while in other cases they can be fairly clever and are not easy to recognize, particularly to people who are not used to all the impersonation scams that occur.

Fake Twitter Accounts & Youtube Channels

There are boatloads of fake Twitter account impersonators that often impersonate people like Elon Musk and Vitalik Buterin, who are seemingly always ‘doing a giveaway’; you just have to send 0.1 BTC to address of theirs and you’ll get 1 BTC back. Some of these scammers even take the time to show a series of 0.1 BTC deposits to the wallet address (which they’ve done themselves) to help give legitimacy and show other people are actually doing it. While these impersonation scammers are fairly easy to spot by now, it’s fairly clear that this scam still works, otherwise, the scammers wouldn’t be doing it anymore!

There are also fake Youtube channels running similar scams. They often purport to be well-respected people in the cryptocurrency space and the imposter rebroadcasts a lecture, interview, AMA, or presentation previously given while announcing that ‘they’ are doing a ‘giveaway’ or contest. The Youtube channels the scammers use are filled with fake views, a number of people watching (if it’s a ‘live’ stream), and fake subscriptions to better dupe people into thinking it’s authentic. Youtube does a fairly poor job removing this content when posted.

Telegram Impersonation Accounts

It’s fairly common for cryptocurrency projects to have their own Telegram channel to allow people to find the latest news and updates from a project, get support, ask questions, and to have a community platform through which users can engage with one another. Scammers monitor many channels religiously and are quick to message a prospective victim when the situation arises.

While these messages can be received for no reason other than having recently joined a group, getting messages from accounts that impersonate the admin(s) of that channel is more commonly observed either when an individual:

  1. Mentions they’re considering investing in the project. The scammer is typically quite to message the victim personally with an almost identical account to that of an admin, and subsequently provides a ‘deposit address’.
  2. Requests help or technical support, the scammer will again impersonate an admin and send a DM, trying to ‘troubleshoot’ the problem. It ends with the scammer getting the victim to send or otherwise expose their seed phrase in most cases, allowing the scammer to steal the funds.

Emails, Skype Messages and Other Social Media

Scammers also often contact prospective victims via Email or Skype. Colloquially referred to as a Nigerian Scam or the 419 scam, this advance-fee fraud typically involves the scammer claiming the victim is entitled to a large sum of money, or a portion thereof. Scammers have come up with a range of excuses for why they need help, but it commonly involves banking issues, a monarch typically from a country in Africa, and/or an inheritance, of a very wealthy person with millions of dollars of course.

The victim agrees to help in an exchange for a small percentage of the funds. However, what quickly unfolds is there are some fees the victim would need to pay first. “Legal fees”, “notarization fees”, and fees allegedly to the IRS or equivalent tax agency. Scammers often attempt to continue the ruse and defraud the victim from more and more funds. Throughout the process, they may create multiple personas and identities, and applicable social media profiles, websites, and emails associated with them. Everyone the victim speaks to, from “the notary” to “the lawyer” to the “the secretary” is actually an identity the fraudster has created and is behind it themselves.

Phone Calls

Scammers do frequently contact victims by phone call, often impersonating someone allegedly from the tax agency or law enforcement in the victim’s home country. Eventually, the scammer indicates the victim has to pay a fine or fee, often in the thousands of dollars or more, or else they’ll be arrested and/or prosecuted. They then typically instruct victims to pay in Bitcoin and that the easiest way to do so is to go to their nearest Bitcoin ATM.

This scam almost never fools anyone that has even the slightest bit of experience with cryptocurrency before. But it works, primarily on people who tend to be “technologically illiterate”. More often than not, these people are in their 50’s, 60’s, and 70’s.

Elaborate Impersonation Scams

We’ve also come across a considerable number of impersonation scams which are rather elaborate that involve the scammer building trust with the individual and creating a detailed profile of an individual across multiple platforms. When the scammer is impersonating a real individual, after getting in contact with the victim the scammer proceeds to build trust and rapport with them before getting them to send funds for one reason or another. Excuses continue to be made about why more funds are needed.

In other cases, the scammer is impersonating a person that doesn’t actually exist and has been entirely fabricated. These scams tend to be the most elaborate. Romance fraud is one of the many types of fraud that fit into this categorization. The scammer creates a dating profile on various platforms, fake Linkedin and other social media profiles (using the fake name of course). They’ll create different profiles of their “friends” and “co-workers” which they themselves control. They’ll send the victim pictures of “themselves”, which the scammer has typically obtained through a data breach.

Regardless, the victims are already invested in more ways than one and they fail to see all the warning signs along the way.

Ponzi Schemes & Automated Trading Platforms

Ponzi Schemes are by no means unique to the cryptocurrency industry, but there has been no shortage of such scams involving cryptocurrency. Bitconnect, Plustoken, and Onecoin are the classic examples, but there are many going on right now that we’re aware of, which are all bound to ‘exit’ sooner or later. And many more are popping up. Only a small portion prove to be highly ‘successful’ (for the founders).

These schemes typically promise extremely high rates of return, often offering a return of 1% per day or more, or allegedly offering ludicrous returns like 1800% in 7 days. This sometimes leads prospective ‘investors’ to wonder how they’re able to achieve such monumental returns. One claim the scammers often use is that they’re allegedly able to achieve such high returns through a ‘proprietary trading bot’. And it works, because this spiel is used time and time again, successfully. 

These Ponzi schemes rely on people duping an ever-increasing number of people into the scams so that those who invest later can pay off those who invested ‘earlier’ if they allow those earlier people to ‘cash out’ at all that is. The reality is that the rates of return and ‘account balances’ found on the platform are irrelevant. The Ponzi scheme operator can list whatever ‘account balance’ for their ‘investors’ that they want. The problem, of course, is the Ponzi scheme doesn’t have the assets to back up those balances, so not everyone can withdraw their money – the money doesn’t exist. People then start having difficulty withdrawing their funds, and sooner or later the Ponzi scheme implodes and disappears overnight.bitconnect pyramid

Yes, these schemes use actual pyramids in their marketing material

The solution to not falling victim to such scams is not investing your cryptocurrency with another party period. Anything with a ‘guaranteed return’ in excess of 12% per annum should be assumed to be a Ponzi scheme. Projects and platforms with more modest returns are still often scams as well. There are a small minority of projects that offer people a relatively small amount of interest on their investment, but such investments involve a considerable amount of risk still, and you still risk losing your investment even in these ‘safe’ projects with much more realistic yields. The best option, of course, is not to invest or hold crypto on any platform or exchange at all; the saying Not your keys, not your Bitcoin holds true.

Cloud Mining

Cryptocurrency mining is seen as one of the ways through which crypto enthusiasts can earn money. But as these enthusiasts and prospective miners quickly come to realize, mining “in-house” on their own is not a profitable venture. To be successful, one needs to invest in ASIC mining rigs, needs to have an incredibly cheap source of power, needs a considerable amount of space, and applicable cooling equipment. Furthermore, one needs to do it at a considerable scale to be able to turn a profit which could easily involve thousands or tens of thousands of ASIC rigs, often costing in excess of 10k USD each. Furthermore, one needs to have the technical skills to be able to set up and maintain such an operation. Mining in your home office or basement is of course still possible, but it’s bound to be grossly unprofitable, particularly when mining major cryptocurrencies like Bitcoin.

Enter ‘Cloud Mining’. These cloud mining companies allegedly already have all the necessary ASIC mining rigs, space, technical knowledge, and mine at scale, thus can ensure a steady profit. Cloud mining companies offer to allocate a portion of mining resources to an individual. There’s only one thing you need to do; buy a ‘mining contract’. There are a variety of ‘mining contracts’ available depending on how much you want to spend. Cloud mining companies typically have ‘mining contracts’ that allow you to rent or lease Terrahashes (TH) per second in return for a given investment. The more you’re willing to invest, the more TH/s you’ll be allocated. Some cloud mining companies also provide figures on “estimated payout” or “estimated profit” during the contract period. The projected ROI tends to be much more modest than is found with the other aforementioned Ponzi schemes.

This is where we need to separate cloud mining companies into two categories. First, there are fraudulent cloud mining companies that don’t do any cloud mining whatsoever. These companies are a dime a dozen and the vast, vast majority of cloud mining companies fit this categorization. Sometimes the cloud mining companies don’t even legally exist, but sometimes they do. Regardless, they are nothing more than Ponzi schemes, albeit promising slightly lower payouts so as to seem more realistic to prospective victims. Just like Ponzi schemes, they rely on duping an ever greater number of investors. More often than not, even these fraudulent cloud mining companies process some payouts & withdrawals from victims, but there are occasions where they refuse to process such payments at all and just pocket the ‘investment’ themselves. Regardless, they eventually disappear sooner or later.

Secondly, and more contentiously are the cloud mining companies that actually do some mining. We generally believe the claims made by these companies are misleading at best, and are scams at worst. It has to do with how mining works. For a moment, let’s presume the cloud mining company actually invests the money you give them in mining infrastructure (which is not safe to presume even if they do some mining since there’s a variety of other things they do on the side).

Cryptocurrency mining operations are constantly turning their mining equipment off and on based on a variety of factors: the efficiency of the applicable mining rig (hash power relative to power consumption in conjunction with the applicable cost of power), the current price of Bitcoin, the difficulty target, and the current hash rate. Some mining equipment is inevitably going to be less efficient than others, and depending on the aforementioned factors, mining companies are turning equipment on and off all the time in order to ensure they are as profitable as possible

The notion that they would simply turn on an additional x TH/s of hashing power when an individual “purchases a contract” is ridiculous. Perhaps even more ridiculous is the notion that a mining operation output would have the same hashing power representing all ‘mining contracts’; that would be a sure-fire way to lose money both for themselves and those who purchased ‘contracts’.

What’s actually happening even in these ‘legitimate’ cloud mining companies is an investment scheme that solicits investment from individuals so that they can run their operation, and they pay back contract holders a portion of their profits (if they have any). Given the lack of transparency associated with cloud mining companies, one should not necessarily assume these investment funds are going into mining infrastructure and maintenance. The company could easily generate a modest return on investment through other methods such as lending the ‘investment’ to margin traders.

So even if you have a contract with a legitimate cloud mining company, you’re not mining; you’re participating in an investment scheme, making such ‘mining’ claims is misleading at best. This investment scheme isn’t necessarily going to fail though, so long as payouts are modest, but it’s still highly misleading to suggest a portion of the hashing output produced belongs to the “contract holder”.

Fraudulent Investment Funds

Those who have been involved in the cryptocurrency space for a few years probably remember that back in 2017 and 2018, seemingly every 15-20 year old involved in crypto was launching their own “crypto VC fund” from their parent’s basement under the guise of being a “professional trader” and/or “professional crypto investor”. This may come as a shocker to some people, but what if I told you that not all these funds actually existed? Rather, not only were some of these funds poorly managed but some were ‘started’ with the express intent of defrauding investors. In many cases, scammers don’t actually create the companies they claim to have. While the ‘fund’ claims to be a legally registered company and/or fund, in reality, things couldn’t be further from the truth; the fund is nothing more than a brand.

Plenty of these scammers still exists today. They don’t all quite fit the definition of Ponzi Scheme, since as at least in Ponzi schemes, investors who are able to get in early are able to cash out to some degree, whereas with the fraudulent investment funds I’m referring to, there may only be a small handful of victims or even a single victim (who often invested a significant sum of money) and often the scammer never ended up letting the victim cash out at all. But these investment funds don’t classify as Soft Exit Scams either since at least in those cases, the founder(s) made a legitimate fund and simply proved to be incompetent. Whereas a fraudulent investment fund, it was corrupt from the outset.

The “Professional Traders”

In terms of what these fraudulent Investment funds look like today, one common thing we observe is the self-proclaimed crypto trading experts on Twitter, Telegram and Youtube who always appear to be making the right calls and continually boast about how much money they’re allegedly making. The reality is that many of these trading experts aren’t making nearly the amount of money they’d have you believe and many are actually losing money. But they’re selective about what trades they show you while avoiding showing many of their failures and unsuccessful trades. Sometimes they go as far as altering their trading records in Photoshop.

Many professional traders do this because they seem just to want to be recognized publicly as expert traders, but a portion of them do have ulterior motives. In some cases, it’s just a Pump and Dump group disguised as a trading group, which we discuss more later.

More concerningly, some “traders” publically offer to “allow” people to invest their funds with them. The trader claims he’ll take a cut of course for his services, but investors get to keep the rest of the profits. In reality, this is typically a scam and the trader never actually ever ends up giving the principle back, much less an actual return on investment. The traders are typically anonymous, only using handles, so the victim(s) have no recourse, apart from a professional investigation to track down the scammer.

Even traders that don’t publicly solicit their services, many of the more popular traders do get requests from people requesting them to manage their funds. For a small portion of traders, this is exactly what they want since they always intended on scamming others but just didn’t want to solicit their services publicly as that brings into question their legitimacy. But if the victims come to them, they can appear to victims as ‘doing them a favour’.


Malware comes in many different forms. It could be a keylogger that’s capable of recording the password you enter on an exchange, or it could be an executable file that’s able to scrape your hard drive to see if you’ve stored your seed phrase in a text format anywhere on your computer, which then sends that information to the hacker. There are malicious versions of legitimate software (such as wallet software) that have been altered and corrupted with malware. Or you might be using an arbitrage trading bot where the developer is secretly able to manipulate trades through your exchange API key, as was the case with the Syscoin hack on Binance for example. Or you may end up downloading ransomware that locks your computer until you send the attack the prescribed amount of Bitcoin to unlock it.

Needless to say, there are many forms of malware out there one needs to be cognizant of. In terms what you can do to prevent your computer from getting infected with such malware, the typical response from cybersecurity firms is to keep your computer up to date, avoid visiting sketchy websites, and don’t open files you didn’t download, all of which we agree with, but there are additional things individuals should do as well. 

For one, we strongly recommend using a good AdBlocker as it helps prevent malicious files from being downloaded, some of which are done without your consent. Also, it has become increasingly common for malware to spread through compromised plugins and extensions. Adobe Flash Player is a common target. If for some reason you need to go to a shady website, use a Virtual Machine, so that if your VM gets infected, your actual computer remains safe since the VM is completely segregated.

Malware is also one of the primary reasons why you should never store your backup seed phrases on your computer itself, even when it’s offline. When setting up your cryptocurrency wallets, most software clearly indicates to never store your seed phrase on any electronic device largely for this reason, but time and time again, we keep coming across people who don’t heed this advice.

Pump and Dump Groups

When getting into the cryptocurrency space, many people want to find out how they ‘make money’ with it; they don’t always want to wait for the cryptocurrency they hold to appreciate (or depreciate). One thing people inevitably end up stumbling upon are ‘pump and dump’ groups. These pump and dump schemes are often disguised as “trading groups”.

The proposition is simple. Admins give group members instruction or advice to start buying a given cryptocurrency all at once. Typically, it’s a relatively low-cap cryptocurrency with minimal trading volume, therefore, the ‘pump’ raises the price much higher, relatively speaking, than larger-cap cryptocurrencies. The ‘idea’ is that members ‘get in’ at the bottom, and then non-members see the massive gains that have resulted in a short period of time, and then others try to hop on the bandwagon as well. Meanwhile, after the specified period of time, ‘members’ are allowed to sell (dump) their holdings, at the higher price point, resulting in a profit for everyone. Well, that’s the idea and selling proposition anyways. 

pump and dump group

If it’s too good to be true, it probably is. In reality, there’s always someone higher up buying their position before the rest of the members, and someone selling their position before the rest of the members get to sell. You might think that ‘upgrading’ to ‘premium’ to get earlier news than anyone else on what coin will be pumped next is a way to better ensure profitability because you’d get the opportunity to before everyone else. In reality, the group organizer(s) are always the first ones to buy, and typically to sell. They typically sell their own bags while everyone else, including ‘premium/paid members’ are buying. 

This is why almost everyone that engages in pump and dump schemes ends up losing significant amounts of money, and loses it very quickly as well. It doesn’t matter whether you’re in a paid group or not. You’re almost guaranteed to lose your shirt, and then after victims will ponder how they could have been so gullible. 

There’s really only one way a person might genuinely make money off of pump and dump schemes; by organizing them. But doing so typically violates applicable security laws in many countries; in the US, the SEC does take enforcement action. And make no mistake, it’s very much possible to track down the organizers of these pump and dump schemes. The SEC paid Chainalysis (a software company) $300k USD in 2017, and I’d be willing to bet fees have increased substantially since then as SEC enforcement action has increased considerably since 2017.

Cryptocurrency Recovery ‘Specialists’

The vast, vast majority of cryptocurrency recovery or wealth restore services are only attempting to defraud the victim(s) of more of their money. Any firm that offers to act as a ‘recovery agency’ is at best being deceitful, but more often than not, are outright and intentionally defrauding victims of cybercrime. 

There are ways that cryptocurrency can be recovered but a ‘recovery agency’ is never part of the solution. A professional investigation, in addition to cooperation from law enforcement and/or an attorney, is typically essential, which is why victims who typically lost a very minimal amount of funds are typically out of luck. Furthermore, recovery is never guaranteed and anyone claiming to be able to guarantee funds recovery should be assumed to be a scammer.

Let’s briefly take a look at one example of a fraudulent recovery agency (as of writing, their website is still up, but it’s inevitably going to go down soon enough, hence the archived link). Without even corresponding with the ‘recovery agency’, here are a few of the obvious red flags:

  1. Their address on “40 Baria Street” doesn’t exist. This is kind of embarrassing actually; they could have at least taken the effort to come up with a fake address that at least exists.
  2. Most ‘links’ on the website don’t actually link to anything on their own website.
  3. They claim to have social media profiles on Linkedin, Twitter, and Google Plus (which doesn’t exist anymore of course), and others, but when the logos are clicked on, rather than linking to the profiles, they link back to their own About page. What kind of scammer can’t even be bothered to create social media profiles for their ‘recovery agency’?
  4. At first glance, they appear to have a variety of blog posts related to ‘funds recovery’, but in reality, the blog posts don’t even exist. The blog links can’t be clicked.
  5. Their team members and pictures of people on their website area clearly stock photography. When you hover over the ‘profiles’ of the team members, social media icons pop up, but those icons, when clicked, don’t even lead to the social media profiles of the ‘team members’ (not that these profiles would be hard to create, but the fact they don’t even exist should be a dead giveaway).
  6. The poor grammar and spelling mistakes found throughout the website.
  7. The obvious fake client ‘reviews’.
  8. Authoritative sources, or lack thereof in this case. Looking up ‘Cryptocrimepolice’ on Google you’ll just find Quora answers and forum threads that talk about the service (which are often and easily fabricated by the companies themselves when astroturfing, or in other cases answering questions they’ve asked themselves). The reality is the company doesn’t actually exist. The solution is to utilize authoritative sources to help determine authenticity and legitimacy.

Hopefully, this clears things up; it would be misleading for any cryptocurrency firm that assists in recovery to refer to themselves as a ‘recovery agency’. However, an investigation can be conducted which can lead to funds recovery.

OTC Scams, Broker Fraud, and P2P Fraud

Over-the-counter (OTC) transactions are optimal to be utilized for very large buy and sell orders, or when a market lacks sufficient liquidity and considerable slippage would result if such an order were placed. However, due diligence needs to be conducted on the broker to ensure they’re trustworthy and won’t run off with the funds or send funds to the counterparty before payment has been received in return.

In other cases, individuals will try to conduct in-person OTC transactions without a broker intermediary, and sometimes things go south and one party ends up scamming the other and doesn’t send or provide funds as required in their side of the deal. While in-person transactions are relatively safe to do when smaller amounts are involved when trading with friends and family, it’s generally a bad idea for larger transactions, particularly when the counterparty is not a friend or family member.

P2P Exchanges like LocalBitcoins are a good solution, particularly in markets that lack exchange infrastructure. Just as with an OTC broker, the seller is required to have cryptocurrency in an account allocated to them. The buyer sends funds directly to the seller through a variety of different methods depending on the jurisdiction, which often include local bank transfer.

P2P fraud occurs either when the buyer manages to get the seller to release funds to them before the seller has been able to confirm receipt of funds (because the seller hasn’t really sent it), or when the buyer is able to reverse the transaction of the funds they sent to the seller. The reversibility of a transaction depends on the jurisdiction and method of payment utilized; Paypal transactions are easily reversible, which is one of the reasons that Paypal should never be used in such transactions. Ultimately, conducting smaller P2P trades helps to reduce the risk of the buyer trying to reverse the transaction of the funds they sent.

Hacking and SIM-Swapping

Hacking incidents, including in cases that involve SIM-Swapping are better defined as theft and/or a breach in most instances rather than a scam or fraud, but as such attacks are fairly common we want to briefly touch upon them. What exactly SIM-Swapping is and what to do when it happens is described in far more detail in the SIM-Swapping Bible we wrote. In short, if a hacker can manage to gain access to your email account or accounts on cryptocurrency exchanges, even if you have SMS 2FA enabled, they can easily steal your funds in most cases.

The solution, in brief, is to always use app-based 2FA (not SMS 2FA), never allow SMS 2FA as a backup recovery option, don’t store your funds on cryptocurrency exchanges, and don’t store your seed phrase on the cloud (e.g. your email, google photos) or electronic devices (phone, computer).


The best way to prevent yourself from falling victim to one of these scams is through education. Learning about how they work and the techniques scammers use to get you to send them funds will go a very long way in helping you ensure you aren’t victimized yourself.

One thing victims sometimes tell us after being defrauded is “I can’t believe I was so stupid” or something to that effect. But for those that aren’t aware these scams exist, it understandable why people fall victim to these scams.

Our goal here is to raise awareness that these scams are out there and to help minimize the number of scams in the cryptocurrency and blockchain space. We believe the best way to achieve this is through both education, but also by investigating the scammer and fraudster themselves, which typically involves tracking cryptocurrency involved, in addition to finding and examining off-chain elements such as data found on the websites and social media profiles the scammer(s) utilized.

Many of these scams and frauds will always exist, but we need to do some work to ‘clean up’ the cryptocurrency space. If there are fraudsters and scammers constantly bombarding prospective victims because it’s profitable for them to do so and there are no consequences, that doesn’t exactly bode well for greater adoption, so we all need to take action collectively to stymy these scams.

No comment

Leave a Reply

Your email address will not be published. Required fields are marked *