By Nicholas Larsen, International Banker
On January 10, the North American Securities Administrators Association (NASAA) released its annual list of top investor threats, and, without breaking a sweat, investments tied to cryptocurrencies and digital assets grabbed the top spot. As such, the conversation around the global regulation of this still relatively new asset class continues to become ever more pertinent.
“By far, NASAA’s securities regulators revealed that investments related to cryptocurrencies and digital assets is our top investor threat,” said Joseph P. Borg, Enforcement Section Committee co-chair and Alabama Securities Commission’s director. “Stories of ‘crypto millionaires’ attracted some investors to try their hand at investing in cryptocurrencies or crypto-related investments this year, and with them, many stories of those who bet big and lost big began appearing, and they will continue to appear in 2022.”
This undesirable award also soon came hot on the heels of separate news that cryptocurrency-based crime in 2021 hit a new all-time high, with blockchain-data firm Chainalysis’ annual “Crypto Crime Report” for 2022 noting that $14 billion of funds were estimated to have been illicit over the previous year, almost double the $7.8 billion it had recorded for 2020.
That said, Chainalysis did defend the space on the basis that the growth of legitimate cryptocurrency usage easily outpaced the growth of criminal usage, so the share of illicit activity out of overall cryptocurrency-transaction volume actually declined. “Cryptocurrency usage is growing faster than ever before,” the report explained. “Across all cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8 trillion in 2021, up 567% from 2020’s totals. Given that roaring adoption, it’s no surprise that more cybercriminals are using cryptocurrency. But the fact that the increase was just 79%—nearly an order of magnitude lower than overall adoption—might be the biggest surprise of all.”
Indeed, the report found that transactions involving illicit addresses represented just 0.15 percent of cryptocurrency-transaction volume in 2021, despite the raw value of illicit-transaction volume reaching its highest level ever. And although Chainalysis acknowledged that this figure could well be revised upwards upon ongoing discovery of more illicit activity having taken place last year, it remains much smaller than the 0.34 percent published in its report for 2020 (later revised to 0.62 percent). Nonetheless, $14 billion is still unequivocally a substantial amount, which Chainalysis acknowledged is a significant problem. “Criminal abuse of cryptocurrency creates huge impediments for continued adoption, heightens the likelihood of restrictions being imposed by governments, and worst of all victimizes innocent people around the world,” the report stated.
More recently, the craze over NFTs (non-fungible tokens) has brought with it its fair share of scams. “As more money flows into the metaverse, so do bad actors hoping to extract value at the expense of everyday crypto users,” Georgio Constantinou, who discovers, builds and produces crypto projects, told Rolling Stone magazine on January 24. “Crypto scams have been getting increasingly more sophisticated, and it emphasises the caution that people need to exercise in a decentralised ecosystem.”
So, how exactly are scammers getting away with compromising the unsuspecting investor? Through quite a diverse array of tricks, the evidence suggests. Perhaps the most notorious example was the cryptocurrency project inspired by the hit Netflix series Squid Game. Launched in late October, the price of Squid coin quickly soared to the heavens, surpassing $2,850 by November 1 before collapsing spectacularly when the project’s developers liquidated their substantial holdings—worth more than $3.3 million—draining the token’s exchange liquidity, a practice commonly known within the crypto-community as a “rug pull”. The crash meant that Squid tokens effectively lost all of their value and was swiftly followed by the project’s website disappearing and social-media channels going quiet. As such, those who had invested in the project couldn’t sell their holdings and lost huge sums of money.
DeFi (decentralised finance) is another exciting new area of crypto in which peer-to-peer financial transactions are made possible through programmable smart-contract code that effectively eliminates the need for a banking intermediary. But it has also succumbed to substantial theft over the last year. The Chainalysis report found that DeFi transactions grew by 912 percent in 2021, but with cryptocurrency theft rising by 516 percent to $3.2 billion, a whopping 72 percent of this theft was from DeFi protocols. Speaking to CNBC in early January, Kim Grauer, Chainalysis’s head of research, confirmed that much of the crime in DeFi can be accounted for by hackers exploiting smart-contract code vulnerabilities in new protocols. And while third-party firms are emerging that can perform full code audits and thus publicly declare which protocols are secure, Grauer also noted that many DeFi participants still work with certain risky platforms that don’t necessarily opt to gain this audit seal of approval.
And on the NFT front, hacks through Discord chat servers have become increasingly common and typically occur when hackers acquire administration powers on a server to post fake announcements in the channel. Such an announcement might be of a surprise mint of NFTs, complete with a link that appears to have come from an official, legitimate source. Those who click on the link will inadvertently connect their crypto-wallets and have all their holdings drained. This was the case recently with the NFT collection Monkey Kingdom and the in-game asset marketplace Fractal, both of which used Discord chat servers to interact with their respective communities frequently.
Is there anything that can be done? Russian cybersecurity firm Kaspersky has identified four of the most insidious scams currently pervading the crypto-sphere:
- Imposter websites: A number of fake project websites have been set up that resemble the original, valid crypto projects. “If there isn’t a small lock icon indicating security near the URL bar and no ‘https’ in the site address think twice,” advised Kaspersky, also warning about the possibility of being directed to external payment platforms. As such, it is worth closely checking the web address to ensure it exactly matches the valid project.
- Fake mobile apps: Fake apps are available for download through Google Play and Apple App stores. And although such apps will eventually be flagged and removed, people are still vulnerable to downloading them in the initial phase. “While this is a greater risk for Android users, every investor should be aware of the possibility,” Kaspersky explained. “Are there obvious misspellings in the copy or even the name of the app? Does the branding look inauthentic with strange colouring or an incorrect logo? Take note and reconsider downloading.”
- Bad Tweets and other social-media updates: Malicious bots are ubiquitous within the crypto sector, posting fake offers on social-media sites from fake accounts. “Don’t trust offers that come from Twitter or Facebook, especially if there seems to be an impossible result. Fake accounts are everywhere,” according to Kaspersky. “If someone on these platforms asks for even a small amount of your cryptocurrency, it’s likely you can never get it back. Just because others are replying to the offer, don’t assume they aren’t bots, either. You have to be extra careful.”
- Scamming emails: Such emails can look exactly like those one might receive from a legitimate cryptocurrency project, so it is worth checking the email address, logo and branding. Scammers will use emails to announce fake token sales and steal investor funds. “If you have doubts about an email, ask someone who works there. And never click on a link in a message to get to a site.”
With investments tied to cryptocurrencies and digital assets having recently topped the list of investor threats, the NASAA now urges investors to be wary about popular, unregulated asset classes. “The most common tell-tale sign of an investment scam is an offer of guaranteed high returns with no risk. It is important for investors to understand what they are investing in and with whom they are investing,” according to Melanie Senter Lubin, NASAA president and Maryland Securities commissioner. “Education and information are an investor’s best defense against investment fraud.”
Joseph Rotunda, the NASAA’s Enforcement Section Committee vice-chair and Texas State Securities Board’s Enforcement Division director, also weighed in by stating that investments in cryptocurrency-trading programmes, as well as interest in crypto-mining pools, crypto-depository accounts and securitised tokens, should be considered as extremely speculative with a high risk of loss. “Before you jump into the crypto craze, be mindful that cryptocurrencies and related financial products may be nothing more than public facing fronts for Ponzi schemes and other frauds,” Rotunda warned.