It’s no secret that scams that involve cryptocurrency are rife and something cryptocurrency users very regularly encounter. Lots of cryptocurrency users have at some point lost some of their cryptocurrency to a scam. There’s no single solution to the plague of scams in the industry. Exchanges, Bitcoin ATM companies, and wallet providers need to educate their customers. Users critically need to take initiative to educate themselves about cryptocurrency scam prevention to avoid becoming a victim themselves.
However, the desire to push further education does not fully tackle the issues involving scams for a key reason; not all crypto scams target cryptocurrency users. Simply put, we can divide cryptocurrency scams into two categories:
- Scams that target current or even prospective cryptocurrency investors users e.g. phishing, many investment scams, giveaway scams, airdrop scams, rugpulls, malicious/fake wallet applications.
- Scams that don’t target cryptocurrency users but whereby the scammers get the prospective victim to obtain cryptocurrency (often by ‘educating’ the victim), and the cryptocurrency is merely used as a conduit to defraud the victim, who might have no genuine interest in cryptocurrency at all. e.g. many romance scams, pig butchering, and impersonation scams.
The education initiative makes sense to help prevent users in this first category from being scammed but isn’t fully adequate for this second category since these victims aren’t really cryptocurrency investors at all, thus naturally wouldn’t be seeking to educate themselves about cryptocurrency. What little education these users get are instructions from the scammer on how to acquire and send cryptocurrency to the fraudsters.
In this article, we focus more on the fraud victims in this second category who have effectively no cryptocurrency education. We look at cryptocurrency scam prevention measures that exchanges are implementing and what additional steps they could take to better prevent losses for users with almost no prior crypto education. Cryptocurrency exchanges and ATM companies have critical roles to play to help prevent these losses.
Types of Cryptocurrency Scams That Exchanges Can Help Prevent
There are a few specific categories of scams that tend to specifically target prospective victims that have zero or almost no cryptocurrency experience or knowledge. In these scams, the fraudster always directs the victim to a legitimate cryptocurrency exchange or ATM that serves as a fiat ‘on-ramp’. In the United States, the most common fiat on-ramps currently include Coinbase, Gemini, Kraken, Crypto.com and Binace US. From there, funds are usually sent to the fraudster – often, but not always, by the victim themselves.
Pig Butchering
A pig butchering scam is a type of scam whereby a fraudster initiates contact with a prospective victim that they ‘meet’ online and works to slowly build up rapport and trust with the victim before financially ‘butchering’ them. This is almost always invariably done by the fraudster ‘recommending’ some little-known and seemingly random website, platform or app.
Because the victim ‘the pig’ wholeheartedly trusts the scammer given the rapport they have built over weeks or even months, the victim proceeds to acquire cryptocurrency on a real exchange (i.e. Kraken, crypto.com), which the scammer may even direct them to, and from there they will usually withdraw/send the crypto to the fake investing platform that the scammer ‘recommended’ or to a compromised wallet.
One common theme amongst pig butchering victims is that they’ve never heard of a ‘pig butchering scam’ before. As soon as they read the red flags of pig butchering scams, it is common for them to realize that what has been happening to them checks all the boxes.
Another common theme is that almost no pig butchering victims have knowledge much less investing experience involving cryptocurrency at all, before the scammer convinces them to invest in some crypto and immediately direct that purchased cryptocurrency to the fake investing platform.
The sheer scale of pig butchering operations is insane, as they can comprise thousands of staff operating in a corporate-like hierarchy that each defraud victims of hundreds of millions of dollars. It is not uncommon for the ‘hosts’ that are the ones in direct contact with the victims to be misled into the scamming role they now find themselves in, and some are even human trafficking victims.
A large portion of the connections that the fraudsters establish are romantic in nature, obtained through dating apps like Hinge and Tinder. But not all; some are platonic, and others come about through victims seeking help from someone with investment experience.
Romance Scams
While pig butchering scams dominate the number of scam inquiries we received, there are some more traditional romance scams that don’t involve a fake/fraudulent exchange platform at all, and instead involve a victim establishing a relationship with someone who isn’t who they say they are.
Then, suddenly the person needs money for an “emergency surgery”, or because they’re stuck on an oil rig without access to their bank account, or because they’re on a trip and had their wallet stolen, or whatever other excuse the scammer can come up with to ‘borrow’ money.
Scammers convince victims that cryptocurrency is the easiest way to send money overseas, and thus cryptocurrency is simply used as a conduit for the transfer of money, not because the victim has any real interest in cryptocurrency.
Elder Fraud
Elderly people, even those who know very little about technology, much less cryptocurrency, are also frequent targets in cryptocurrency scams. It’s common to target elderly in vishing (voice phishing) scams, and impersonation scams (pretending to be ‘tech support’, or with a government agency) but elderly people who are looking for a romantic partner are also targeted in romance scams too.
In our experience, there is a higher preponderance for scammers to direct elderly people to send money to them via Bitcoin ATM’s, at least for those that are not comfortable with using technology. The Bitcoin ATM represents an easier-to-understand route that has similarities to withdrawing banknotes at an ATM.
Other Impersonation Scams
There are plenty of other impersonation scams that specifically target non-crypto users. In particular, it is not uncommon for scammers to impersonate a tax agency (e.g. IRS) claiming the prospective victim has an unpaid tax bill that they need to pay quickly… or else they will be in big trouble or go to jail.
In other cases, scammers will impersonate an immigration enforcement agency e.g. ICE, CBSA, threatening to have the prospective victim with deportation if they don’t pay whatever bogus fees the scammer pretends the victim owes.
In other cases, scammers are even more brazen and try targeted extortion attempts. For example, they may play the role of a police officer and pretend the victim’s son/daughter has been arrested and payment for bail is required immediately, in crypto… or else. Or they suggest that their son/daughter is kidnapped and being held hostage for ransom. Meanwhile, the son/daughter is perfectly safe and sound. These scams are more targeted as they require the scammer to know more details about the victim including their family members and where they live.
In each of these cases, cryptocurrency is merely being used as a conduit to transfer money since it is a very quick, efficient, irreversible, and pseudonymous way to transfer money anywhere in the world, to anyone in the world.
What Measures Are Exchanges Currently Taking?
Most exchanges already take some measures to help prevent or mitigate the money their customers lose to scams. But the measures they take can vary considerably from one exchange to another, their jurisdiction, and regulatory requirements and oversight (or lack thereof). Such measures often include:
- Asking their customers about the source of funds they intend to invest and how they acquired it
- Asking their customers if someone else is directing them to invest
- Hiring dedicated and professional AML/Compliance personnel
- Conducting Know Your Customer (KYC) on their customers
- Cross-referencing customer names and email addresses in databases to check for red flags, sanctions, and blacklists
- Providing some basic education about cryptocurrency, indicating transactions are not reversible, and to be careful about sending cryptocurrency anywhere outside of the exchange
- Asking customers about how long they’ve been trading cryptocurrency, and whether they consider themselves a knowledgeable or sophisticated investor, or more beginner
- Utilizing transaction monitoring tools to detect higher-risk transactions
- Using the above information, and other information, as part of a Risk-based Approach (RBA)
- In the case of Bitcoin ATM’s specifically, including warning labels on the ATM about common scams, impersonations, and instructions not to send Bitcoin to anyone else.
This doesn’t mean all exchanges are doing the above – indeed there are many do not, but most *major* exchanges that operate as fiat on-ramps and off-ramps in most developed countries do the majority if not all of the above.
Compliance Limitations Involving Cryptocurrency
Although there are analogies that can be drawn between a cryptocurrency exchange and a bank, the reality is that cryptocurrency exchanges do not, and to some degree cannot take all the same types of measures that traditional financial institutions like banks would take as part of their AML/Compliance program. There are numerous reasons for this.
One is that cryptocurrency, by its very nature is designed to be sent to pseudonymous addresses that can be owned by anyone in the world, meaning that cryptocurrency can easily be sent across borders to anyone. For example a large wire transfer to a bank in Cambodia, if out of the norm, is relatively easy for a bank to catch and flag, but a large cryptocurrency transfer to an address controlled by scammers residing in Cambodia may not be so easy to identify since the exchange doesn’t know the owner of the address, or that the recipient resides in Cambodia.
Cryptocurrency transactions are designed to not be reversible, whereas users have some protection with wire transfers, if such a transfer can be ‘recalled’ quickly enough, and with credit cards, transactions can be reversed through chargebacks. These types of protections don’t exist for cryptocurrency users, because cryptocurrency transactions are designed to not be reversible, and offer finality.
Furthermore, cryptocurrency is inherently designed to be self-custodied by users who wish to self-custody. This of course makes cryptocurrency much harder to freeze and ultimately seize since there may be no custodial institution that such orders can be sent to if the scammer is self-custodying the fraudulently obtained cryptocurrency.
What’s Preventing Exchanges from Taking More Measures?
When an exchange suspects their customer might be being defrauded, one might think it’s normal for exchanges to inform their customer of the suspected fraud, but this is very much false. Rather, it’s standard operating procedure to block or restrict the account and keep their customer in the dark about why their account has been restricted, if they even tell their customer about the restriction at all.
The reason that exchanges don’t, as a matter of policy, tell customers when they suspect they may have been scammed relates to legal liability. Specifically, the ability to identify when their clients might be getting scammed potentially, should they choose to notify some customers, would in turn create an obligation for them to notify all customers when they suspect they may be getting defrauded.
Naturally, an exchange will not be able to identify all instances when their customers are being defrauded, so this would in turn cause those customers who weren’t notified by the exchange to seek to recover funds by suing the exchanges (or taking them to arbitration) for failing to notify them of suspected fraudulent activity, that they will argue the exchange should have been able to catch. Thus, the best solution for exchanges to avoid litigation from customers, is unfortunately to not inform their customers at all when they suspect their customers have been defrauded and instead take action to restrict accounts without giving a clear reason.
Unfortunately, what will often happen is when a customer’s exchange account stops working, the scammers will direct them to a new exchange on-ramp to use instead, where they proceed to lose more money. If the customer had been notified that the reason for closing the account was that compliance personnel with the exchange suspected the victim was being scammed, this would lead many customers to think twice and would have prevented further losses.
Another factor preventing exchanges from taking more action is costs. Simply put, an effective AML program costs money to staff and run. The more that an exchange is able to cut corners, the less money they need to spend on it, and the higher their profit. Thus, it is fair to say that not all exchanges want to take more measures due to increased costs, and potential friction it could cause with some users that could result in lower trading volume.
What Measures Can Exchanges and ATMs Take To Prevent Their Users From Falling Victim to Scams?
Solutions to prevent and mitigate losses due to these frauds are multi-faceted. There are a variety of things that exchanges can do, which many aren’t, to mitigate such frauds with minimal costs, while not exposing themselves to legal risks.
- Reporting and labelling frauds and applicable cryptocurrency addresses in transaction monitoring tools they use
Usage of professional transaction monitoring tools such as Chainalysis KYT, TRM Forensics, and Crystal Blockchain is industry standard. While some exchanges report user-reported frauds in their tools, a good portion do not. Recording user-reported fraud in transaction monitoring tools helps other exchanges know when their customers are sending money to the same scammers or when the same customer switches from using one exchange on-ramp to another. - Better usage of transaction monitoring tools and identifying high risk destinations
Exchanges can do a lot better job to identify high-risk destinations, even if addresses that customers are sending funds to aren’t blacklisted or labelled in their transaction monitoring tool. Looking where the funds are ultimately going can absolutely be an indicator of potential fraud.
A textbook example is when funds are indirectly going to Asian DEX called Tokenlon – this is generally a prime indicator that the exchange customer is the victim of a pig butchering scam, and it should be triaged accordingly. Also, identifying funds going directly or indirectly to foreign exchanges where the customer clearly wouldn’t have an account, such as Nigerian exchanges, or even major exchanges that don’t allow users from the customers country to register accounts on the exchange e.g. Kucoin doesn’t allow US persons, can be indicia of fraud. - Asking Customers more Targeted Questions about the Source of Funds and Destination they are sending funds to, and Verifying
Consider the following example an exchange could ask it’s customer when they perform a withdrawal.
Question: Where and Who are you Sending Funds to?
a) “To a self-custodial wallet of mine.”
Follow-up question: What is the name of the wallet, and did anyone help you set up this wallet, and if so, who?
b) “To another exchange account of mine.”
Follow-up question: What exchange?
c) “To someone else.”
Follow-up question: Who are you sending the funds to, how did you meet them, and what’s the reason for sending this person money?
In many cases it is possible for exchanges to analyze and assess the customer’s answers to see whether it is accurate or not. For example, if someone says they are sending money to another exchange account of their called ‘Topcoins’ that is not the name of a real exchange and can be a red flag. Furthermore, it is fairly easy for an exchange to identify and distinguish a real cryptocurrency address under the control of another exchange while differentiating that from a self-custodial wallet. - Quizzing customers about cryptocurrency knowledge
While some exchanges ask customers some basic questions about cryptocurrency, if customers are required to pass a brief ‘quiz’ before sending any transactions, this can help prevent fraud. Requiring customers to pass a basic quiz to help ensure they aren’t be defrauded can be of a slight annoyance to customers, but can also help prevent and mitigate a lot of fraud.Key points that should be answered in this quiz are that:
- Users should never send cryptocurrency to another person that they don’t know and haven’t met in person
- Cryptocurrency users should be aware the industry is rife with fraud and scams, and fraudulent transactions are not reversible
- Users should be wary of an exchange or platform that was recommended to them as there are many fake and fraudulent trading platforms and purported exchanges that can look real, but are very much fraudulent.
- Information sharing with industry parties
Sharing and utilizing information with other exchanges… in both directions, can help mitigate and prevent fraud since there are only so many major fiat on-ramps victims use. Additionally utilizing information found in the Crypto Defenders Alliance group, which many exchanges are apart of, can also play a critical role.
But there are other industry partners that can be worth sharing information with as well. At Cryptoforensic Investigators, we get a lot of inquiries on a daily basis from victims and industry partners that refer victims to us. We want to use this information to help mitigate fraud, which is why after analyzing and conducting due diligence on each inquiry manually for accuracy and authenticity, we anonymously categorize data associated with these types of scams.
As part of this, we label wallets belonging to scammers as well as highly suspicious wallets, and we make this data available to relevant exchanges free of charge (without any personal data from reported victims, for privacy reasons), so that when exchanges are requested by their clients to perform withdrawals to addresses that we’ve flagged, or to addresses closely connected to flagged addresses, the exchange can internally flag the transaction as higher risk and perform a more thorough review to help ensure their client isn’t being defrauded. This is just one of the things we are doing, for free, help mitigate these frauds, with the information coming directly from user reports, after we do our own preliminary analysis on it ourselves.
There are also companies like Scamsniffer that offer large up-to-date databases of scam/suspect addresses, for a reasonable monthly fee, that exchanges can then use to identify potentially fraudulent transactions, either directly or indirectly.
- Utilizing Demographic and customer information more thoroughly as part of a risk-based assessment
The reality is that certain demographics and information exchanges regularly gather about their customers can identify the likelihood of potential fraudulent transactions. Those that are new or inexperienced with cryptocurrency are vastly more likely to fall victim to a scam than someone more experienced (who should be more concerned with falling victim to different types of attackers and frauds than the ones listed here).
Elderly people are more likely to be defrauded as well. For example, how many elderly women do you know that are cryptocurrency investors? Probably not many, if you know any at all. The likelihood that an elderly woman new to cryptocurrency is the subject of a romance scam is simply higher than another random user. Exchanges can use this information to their advantage as part of their Risk Based Approach.
Concluding Thoughts
While individual cryptocurrency users need to take individual responsibility, and to properly educate themselves regarding fraud prevention and security, exchanges have a role to play in cryptocurrency scam prevention as well. Exchanges are already taking measures to help mitigate the overwhelming amount of fraud, but there’s still room for improvement.