- Exit scams account for 81% of cryptocurrency scams.
- 19% of cryptocurrency scams fall into the exploit scams category.
- July is the most popular month for scam attacks.
- February and September are the least popular months for crypto hacks.
- Rugpull is consistently the most popular type of crypto scam.
Over the past 13 years, a whopping $79,561,777,625 ($79.5bn) has been lost to cryptocurrency scams. To put this into context, this is more than the entire GDP of oil-rich Azerbaijan, and it is growing at an exponential rate. In 2021, this figure was much lower, at $27,340,485,261, and an increase of 291% in just over two years is definitely a cause for concern.
The past 12 months, however, have seen a significant turnaround, with just $1,911,723,934 lost last year, so there is hope that the trend may finally be slowing down. That said, with only 8.3% of the total losses having been recovered to date, we would urge cryptocurrency owners to stay vigilant.
We at Bankless Times have investigated which are the most common types of crypto scams and offer some tips on how you can avoid falling victim:
Exit Scams Account for 81% of Cryptocurrency Scams
More than two-thirds of all cryptocurrency hacks are classed as ‘exit scams’, which see cryptocurrency promoters make off with investors’ funds during or after an initial coin offering. As crypto tokens have become easier for individuals or freelancers to launch and develop, these types of scams have grown in notoriety.
Honeypot scams are the most prolific in this category, accounting for 63.6% of all exit scams. A honeypot scam is typically disguised as a smart contract which appears to have a simple design flaw. The design flaw allows a user to drain the pot of Ether, providing they send a particular quantity of Ether into the contract first. Once the user attempts to exploit the flaw, a trapdoor opens to prevent the Ether drain from succeeding. The attacker then leaves, taking both the bait and the victim’s money.
A rugpull scam, on the other hand, sees a victim having a rug metaphorically pulled out from beneath their feet when a notional investment turns bad. To put it simply, once investors have been led to believe that they are investing in a legitimate scheme, the project will often encounter ‘difficulties’, leading to it being abandoned and the perpetrators making off with the money. Rugpull accounts for 34.9% of all exit scams, while a further 0.6% of cryptocurrency schemes are simply classed as ‘abandoned’ because they turn out to be unviable but don’t fall into the rugpull criteria.
0.8% of exit scams fall into the broad ‘other’ category and this term covers a wide range of notorious schemes, where the categories aren’t black and white. An example is the Ackerman Ponzi scheme, which occurred in June 2023 and saw 150 individuals and entities invest at least $33,000,000. While $10,000,000 of this amount was genuinely used for trading, the rest was appropriated for the perpetrator’s own personal use. The term also covers instances in which crypto platforms have filed for bankruptcy while still indebted to clients, such as the Voyager and BlockFi platforms, leaving users with worthless currency.
19% of Cryptocurrency Scams Are Exploit Scams
While exit scams typically involve the user making erroneous investments, exploit scams differ in that they are typically direct and malicious attempts to exploit vulnerabilities in a user’s computer or other device. These account for 19% of all cryptocurrency scams, and while in some cases the user is the target, in others the exploit scam is orchestrated against the lending protocol or smart contract.
The most common hack in the exploit scam category is access control, which accounts for 23% of all exploit scams. This method sees attackers use various techniques to gain control of cryptocurrency wallets or accounts through compromised keys, wallets or security systems.
Flash loan attacks are the most common type of DeFi attacks since they are both the cheapest to pull off and the easiest to get away with. Representing 15% of all exploit scams, they begin when a cyberthief takes out an enormous short term loan from a lending protocol that doesn’t call for any form of collateral. Using the borrowed funds, the attacker manipulates the price of the targeted cryptocurrency or exploits a vulnerability in a DeFi smart contract to depress the value of the funds borrowed, and then repays the loan within the same transaction block, returning the borrowed funds to the lending platform on a less favourable basis.
Phishing is perhaps the best known of all exploit scams and simply involves tricking victims into giving out their private keys or personal information. It accounts for 5% of all such scams, and as a means of prevention users should avoid clicking on any suspicious links, and be wary of any unsolicited messages. While cryptocurrency phishing was once popular, it now appears to be on the decline, having been reported just twice during 2023.
A re-entrancy attack is a method of exploiting a vulnerability in a smart contract that allows an attacker to repeatedly call a function into the contract, causing an infinite loop and potentially stealing funds. Nowadays, however, they are considered to be a little bit old-school and only account for 3% of all exploit scams.
Even less popular and now accounting for just 2% of all exploit scams are attacks simply labelled as ‘oracle issues’. None of these types of attacks occurred during 2023, but the most recent example occurred in 2022, when Scream kept the price of two unpegged stablecoins hardcoded to $1, incurring $35,000,000 of bad debt as a result.
52% of all exploit scams simply fell under the broad ‘other’ category which covered instances where scams were the result of a broad mixture of events and market dynamics.
Most Cryptocurrency Attacks Occur in July
July is the most popular month for cryptocurrency scams, with 13% of all attacks taking place during the seventh month of the year. 69% of all the scams to take place during July were rugpull scams, which were consistently the most common scam in every month of the year, barring January, when ‘other’ scams accounted for 29% of the 21 scams committed.
Rugpulls are particularly prevalent in DeFi as it’s cheap and easy to list new tokens on decentralised exchanges without the need for a code audit. While they’re not always easy to spot, they often lazily imitate features from popular projects, signalling a lack of originality.
September and February are the least popular months for cryptocurrency scammers to operate; each accounting for just 5% of cryptocurrency scams.
Tips to Keep Your Crypto Safe in 2024
To avoid falling victim to scams, remain cautious of any investments offering unrealistic promises, or high returns with little or no risk. The absence of a clear roadmap or a whitepaper indicates a lack of transparency and should also be seen as a red flag. Also be wary of anonymous or unverified promoters as they often do not have the credibility that they claim.
Online wallets can sometimes attract the attention of hackers, so it is a good idea to invest in an offline or physical wallet to store the majority of your cryptocurrency. This physical wallet should be stored in a safe place with the private and public keys held separately. Investing in a hardware wallet can help prevent you falling victim, as it offers an additional layer of security for your cryptocurrency holdings by storing private keys offline on a physical device, which is not exposed to the internet and is therefore much less vulnerable to remote hacking attempts.
Ryan Matthews, expert at Bankless Times“Hardware wallets are the way forward: they provide a highly secure and convenient way to store and manage cryptocurrencies, and this is particularly important for those who wish to invest in the long term or hold significant amounts. It is, however, essential to purchase those hardware wallets from reputable sources and follow the producer’s instructions for setup and security practices in order to ensure that you maximise the security of your crypto storage.”