Naked Security Naked Security

Why cryptocoin scams work, and how to avoid them

What are ICOs, why are they so popular and why do crooks love them so much?

Fascinated by cryptocurrencies? Wishing you’d got in on the ground floor for the Bitcoin boom of 2017?

Many people would answer “Yes” to both those questions – and with good reason.

After all, the dramatic roller coaster ride that the Bitcoin (BTC) price has been through from 2017 onwards is kind of unimportant to anyone who mined their own bitcoins in the early days.

Ten years ago, bitcoins were almost worthless, with one historical chart claiming that a user going by the name SmokeTooMuch tried to sell BTC 10,000 for just $50 back in 2010, but couldn’t find a buyer.

Only in 2011 did one bitcoin go above $1, so if you have even a tiny stash of BTC from before that date, the very worst value multiplier you would have seen in the past two years would still be more than 3,000-fold (that’s 300,000% if you prefer percentages).

In other words, the currency’s recent volatility in flapping between a nadir of just over $3,000 and a zenith of just under $20,000 since December 2017 simply doesn’t matter to anyone with BTC 10,000 from back in 2010.

That’s not the difference between rich and poor, it’s the difference between rich and Richie Rich rich.

Simply put, people who got into BTC at the very start and held onto their bitcoins are, in theory at least, extra-super wealthy now as a result.

(The publisher of the system that makes Bitcoin work, the still-anonymous Satoshi Nakamoto, is claimed by one analyst to have mined about one million bitcoins in those heady, early days; all of them apparently remain unspent.)

Enter the ICO

So it’s not surprising that confidence tricksters – crooks with the gift of the gab, and an apparent fluency in the jargon of cryptocoins and blockchains – have found that promising “a brand new cryptocurrency that you can join at the very start” can be a great way to defraud well-meaning people of their hard-earned savings.

Cybercrooks of this sort often pitch what’s called an Initial Coin Offering, or ICO.

That’s a newly-minted term that’s meant to mirror the terminology IPO, short for Initial Public Offering, which stock markets use to describe a private company going public by putting up shares for sale on an open market.

IPOs can give investors a chance to realise rapid gains, for example by selling quickly if immediate demand for the new shares is high, or to make money in the long term by holding onto their early shares in a company that’s already well known.

But even IPOs by big, popular companies don’t guarantee that your investment will go up, and that’s in a market ecosystem that, in most countries, is fairly strictly regulated.

Not just anyone can set up an IPO; there are strict rules about what positives you are allowed to claim about your company, and which potential negatives you are obliged to disclose up front; there are controls on what you can say to the media during the lead up to the IPO, and who can say it, and when… and much more.

In contrast to the rules around IPOs, in many countries, ICOs are either scarcely regulated or not regulated at all.

Loosely speaking, someone who wants to “market” an ICO can promise the world – and can do so without needing any existing products, or prototypes, or stock, or patents, or intellectual property, or indeed anything much at all except a cool-sounding name for their new cryptocoins and a groovy-looking website.

Sadly, that makes it surprisingly easy for a cybercrook to invite “investments” – for example by using a bunch of fake testimonials and some judiciously chosen (and perhaps actually accurate) graphs showing how other cryptocurrency values have shot up to the apparently enormous benefit of those who joined in early on.

Building a pyramid

A wily cybercriminal might run a website that shows their new “currency” steadily gaining in value, based on some sort of unspecified “mining and trading” activity, perhaps with “real time transaction logs”.

The crook might even make regular “dividend” payments to early investors to “prove” that the product is doing well.

For example, you might login and see a page showing that your initial $10,000 investment is already worth $47,578, say – and you might even be encouraged to “withdraw” some of your “gains”, possibly subject to some sort of investment period limit that restricts you getting it all at once.

Of course, if you’ve put in $10,000 and the crook permits you to cash out out, say, $178.56 of “dividend” right now, after just a few weeks, it might feel as though you are living the dream…

…but in the unregulated world of ICOs and cryptocurrency investments, there may be few or no legal safeguards to ensure that the $178.56 you’ve extracted are genuine earnings, rather than just a tiny percentage of your own money back.

Some early adopters might actually get paid back more than they put in – so their delighted and very public claims that “they genuinely made money” might indeed be true, so far as they can tell.

But there may be no legal or operational safeguards by which you can be sure that those lucky few actually made their money because of a genuine increase in value of the cryptocurrency they think they bought.

For all you know, those lucky few might simply have been paid directly out of the money put in by subsequent investors, meaning that the product that they thought they had funded, and that had allegedly grown in value, didn’t exist at all.

That’s a classic pyramid or Ponzi scheme, named after an early perpetrator of the scam called Carlo Pietro Giovanni Guglielmo Tebaldo Ponzi, better known as Charles Ponzi.

A more recent perpetrator is Bernard Lawrence Madoff, who made off with billions of dollars in his own Ponzi scheme before getting a whopping 150-year prison sentence in 2009. According to Wikipedia, Bernie Madoff’s release date is in 2139, assuming 20 years off for good behaviour, and assuming he lives to be more than 200.

So, what can be done to discourage ICO scammers from stealing money from innocent but trusting victims in this comparatively simple yet high-tech-sounding fraud?

One thing is to find, arrest, convict and imprison those who practise this sort of deceit, and the good news is that the US Department of Justice (DOJ) is willing and able to do so.

Indeed, the DOJ this week announced the imprisonment of one Maksim Zaslavskiy for 18 months, with US Attorney Richard P. Donoghue stating that it was “an old-fashioned fraud camouflaged as cutting-edge technology.” The DOJ explained Zaslavskiy’s scam:

In July 2017, Zaslavskiy marketed RECoin as “The First Ever Cryptocurrency Backed by Real Estate,” and subsequently Diamond as an “exclusive and tokenized membership pool” hedged by diamonds. In reality, Zaslavskiy bought neither real estate nor diamonds, and the certificates he sent to investors were worthless. Zaslavskiy also falsely advertised that REcoin had a “team of lawyers, professionals, brokers and accountants” who would invest the proceeds from the REcoin ICO in real estate, and that 2.8 million REcoin tokens had been sold.

Caveat emptor?

Reading back this straighforward description, it feels as though anyone investing in Zasavskiy’s schemes ought to have seen through them at once, given that there wasn’t anything to rely upon except unsubstantiated statements from the crook himself.

But before you criticise the victims of this sort of crime for what might seem like a mixture of gullibility and short-sightedness, remember that successful cryptocurrencies such as Bitcoin are essentially backed by nothing but their blockchains – distributed digital ledgers that are maintained by a network of users who pay for the electrical power needed to perform what amount to verification or validation calculations to “approve” transactions into those blockchains.

With that in mind, the promise of a cryptocurrency that uses the same cryptographic technology for its digital transaction ledger, yet is allegedly backed by the actual purchase of real estate using the money of investors, is an understandably alluring one.

After all, if Bitcoin can (and has) made early adopters rich without any real estate in the equation at all, why shouldn’t a technologically similar scheme that includes some sort of real-world “value backstop” be an even better investment?

Hey, even if the real estate doesn’t go up in value much, or even at all, surely you’re already better off than just buying Bitcoin, because there’s at least something behind it? Not to mention that this time, you get in on the ground floor, just like Mr SmokeTooMuch did with his BTC 10,000 back in 2010.

What to do?

We’re not investment advisors, so we can’t comment on the value, or otherwise, of cryptocurrency investments.

The problem with the RECoin scam that netted Zaslavskiy an 18-month prison term is that it wasn’t an investment at all – it was just a tower of lies, given technological zing through its modern-sounding, blockchain-based, cryptocoin-flavoured description.

So, remember:

  • Beware any online schemes that make promises that a properly regulated investment would not be allowed to do. Investment regulations generally exist to keep the lid on wild and unachievable claims, so be sceptical of any scheme that sets out to sidestep that sort of control in unregulated areas.
  • Don’t be taken in by cryptocoin jargon and a smart-looking website. Anyone can set up a believable-looking website with what look real-time graphs, community endorsement and an online commenting system that seems to be awash with upvotes and positivity. Open source website and blogging tools make it cheap and easy to create professional-looking content – but those tools can’t stop a crook feeding them with fake data.
  • Consider asking someone with an IT background whom you know and trust for advice. Find someone who isn’t already part of the scheme and doesn’t show any particular interest in it. Be wary of advice or endorsement from people who are (or claim to be) already part of the scheme. They could be paid shills, or fake personas, or they could be early winners who’ve been paid with money Ponzied from later investors
  • If it sounds too good to be true, it probably is. That advice applies whether it’s an ICO, a special online offer, a new online service, a survey to win a prize, or even just the good old lure of “free stuff”. Take your time to understand what you’re signing up for.

If in doubt, don’t give it out, and that definitely includes your money!

Watch our video

(Watch directly on YouTube if the video won’t play here.)

Leave a Reply

Your email address will not be published. Required fields are marked *