Fraud in Cryptocurrency
In the past decade, the majority of worldwide financial transactions have moved online, including the use of cryptocurrency. Cryptocurrency is a type of digital currency that generally exists only electronically. One of the most common cryptocurrencies is Bitcoin, which can be obtained through an app, website or through a cryptocurrency ATM (an Internet-connected kiosk). Once purchased, cryptocurrency is generally stored in a digital wallet on a phone or computer.
Volatility surrounding the constantly changing values of cryptocurrencies has proven them to be valuable and desired assets for both investors and fraudsters. There are several key facts that potential investors and users should be aware of that make cryptocurrencies such sought after assets by fraudsters:
- Cryptocurrency payments do not come with legal protections and are typically not reversible;
- Cryptocurrency accounts are not backed by the government; and
- Cryptocurrency can often not be recovered if stolen, i.e., if your private key or password for external wallet services becomes compromised.
With the above-mentioned factors considered, here are some of the more common types of cryptocurrency fraud:
1. “Rug Pull” Scams
Did you know there are over 1,600 different types of cryptocurrencies? This scam largely surrounds NFTs (non-fungible tokens) and the creation of new cryptocurrency coins in which fraudsters will “pump up” a new project to drive interest in investment. This is done through fabricated team member bios, fake technical backgrounds about the project and false information about current investors and public interest. They will request funding for the project and issue their investors NFTs and crypto coins, generally promoting them as “one-of-a-kind” digital assets. However, the coding for these investments prevents people from actually selling the NFTs and coins after purchase. Eventually, once trading and public interest halts, the NFTs and coins are revealed to be worthless; meanwhile, the fraudsters have been long gone along with the investment funds.
Preventative measures: Be aware of investments where there are minimal details about money movement and promises of free money or large gains. Do your due diligence before investing your money with outside parties.
2. Man-In-The-Middle Attack
Using a computer in a public location on a public network can put your sensitive information at risk. Fraudsters can intercept information sent over a public network and steal your business’s information, including passwords and other account information. This can generally only happen when you are in close proximity to the fraudster and is performed through intercepting Wi-Fi signals. Once the Wi-Fi signals are intercepted, the fraudster intercepts and relays communication between two parties that believe they are communicating with each other but are actually with the fraudster. Digital wallets, credit cards and bank account information are common objectives for fraudsters in these scenarios.
Preventative measures: The best way to avoid these attacks is by using a virtual private network (VPN) when logging into your computer network.
Fraudsters will impersonate well-known companies or government agencies. They will send out emails warning about password breaches or fraudulent account activity. These emails contain malicious links to fake websites where personal information is requested. Private keys to digital wallets are different from passwords in that they are unique to their users and, once it is stolen, it is extremely difficult to change them. It is also difficult to recover the assets in the digital wallet once they are stolen.
Preventative measures: Phishing scams can always be avoided by never clicking on the link in an email and always opening up your Internet browser and going to the website directly, no matter how legitimate the link appears.
Cryptocurrencies are becoming more prevalent and accessible in our everyday society, and they may have many benefits to increasing your investment value. However, it is important to understand that there are many potential fraudsters on the Internet looking to steal your wealth. Be aware of transactions where only cryptocurrency is accepted as payment. Make sure your digital assets are properly secured whether they are hardware-based or web-based.
As of right now, a lot of cryptocurrencies are considered commodities. However, there is an argument that the U.S. Securities and Exchange Commission (SEC) should consider cryptocurrencies as securities and regulate them as such. In 2022, several high-profile instances of cryptocurrency fraud have come to the attention of regulators and lawmakers, such as the BlockFi and Celsius scandals, putting cryptocurrencies in the crosshairs of increased scrutiny. For now, investors and users of cryptocurrencies should move forward with continued caution.
Contributing author: Robert Reeves, CPA, is an audit manager with over seven years of experience providing audit, review, compilation and consulting services to a variety of clients with a focus in the fraud, manufacturing, construction and architectural and engineering industries. Bob also specializes in providing auditing services to a variety of employee benefit plans and working with clients to help identify and resolve accounting issues.