Modern methods of fraud in the crypto space

Published: 18 февраля 2023
9 min

An excursion into history

For the first time money appeared in circulation two and a half thousand years ago. They were used as a means of payment, as they did not take up much space and were convenient to transport. At the same time, the first scammers appeared who wanted to take over other people's money.

For example, in Ancient Rome, fraud and deception were already prohibited during competitions. The ancient Romans were well aware of how dangerous scammers are, and that they need to be dealt with.

In the 21st century, chariot racing is no longer so popular, but scammers continue their activities using all new tricks. In this article, we will look at the most common methods of fraud that are associated with cryptocurrencies.

Fraudulent schemes

Modern methods of fraud in the crypto space Modern methods of fraud in the crypto space

Fraud is the theft of someone else's property or the acquisition of the right to someone else's property by deception or abuse of trust. The purpose of intruders in the digital space are: personal data, access to user accounts/funds, chargebacks, money transfers, etc.

To deceive the identity verification system, scammers use other people's photos, pre-recorded videos and masks. In some cases, scammers put fake photos in real accounts to make the account seem more plausible.

Getting access to user accounts / funds

This type of fraud is based on psychological manipulation and usually occurs on social networks. The attacker turns to the victim with an offer to perform some action in order to get an allegedly profitable result. For example, the victim sells something on a specialized site, and the fraudster is ready to buy the thing, but will be able to pay only if the victim names his bank card details, clicks on a special link to a third-party website and enters the code from the SMS. All communication is conducted using methods of social engineering, NLP and manipulation. As a result, the victim gives the fraudsters passwords from personal accounts, bank card data.

You can counteract this type of fraud without transferring personal data, passwords and other information related to your finances and their management. Even if you are approached by a good friend, invite him to meet in person to discuss his proposal. If your interlocutor really needs some information, he will find time to meet with you in person. Most likely, a fraudster is communicating with you, and the fraudster will refuse the proposed meeting.

Another sign of fraud may be that you do not understand what is required of you. If such suspicions arise, refuse to undergo the procedure and consult with specialists.

Refund of payments / payment fraud

Often, the victims of attackers are employees of sites that exchange cryptocurrencies. Using fake or stolen documents, hacked accounts and fictitious identities, fraudsters are trying to demand a refund of the allegedly spent money.

Since a transaction using cryptocurrencies cannot be canceled, refund fraud can only occur when exchanging fiat for cryptocurrency using a bank card.

In order to avoid the negative impact of such manipulations, employees of cryptocurrency platforms need to carefully check documents, request additional data from those who applied for a refund. If a risky event is detected by monitoring services (Sumsub, Chainanalisis) at the time of the investigation, the client's account is blocked, while it is forbidden to clarify to the client the real reason for blocking the account.

The client is provided with information only at the end of the investigation, the operator delays the time as long as possible, if necessary, seeks advice from a senior operator or an AML officer on further customer advice.

Receiving trading signals

This variant of fraud looks like this. The attacker writes to the victim in Telegram and offers free training in trading cryptocurrencies. After training, the victim will be given signals to buy/sell a particular cryptocurrency.

Scammers give a link to register on a special exchange. At first, the signals make a profit, but when the victim begins to trust the scammers and deposits a large amount of money on the site, the signals stop working and the victim loses funds. As a rule, trading is conducted on a fake exchange, where fraudsters control the behavior of quotations.

The legacy of the "Nigerian Prince"

This scheme is an evolution of emails in which a prince from an African country asked to help him get an inheritance. To receive money, it was necessary to deposit a certain amount to unlock money on blocked accounts.

In the scheme with cryptocurrencies, the attackers offer the victim to get the contents of a certain wallet by paying 10% of the cost, however, after receiving the money, the scammers immediately disappear.


Scammers offer the victim to engage in profitable arbitration to buy coins on one site and sell them on another at a higher price. At least one of the sites will belong to the attackers, and after buying coins, it will not be possible to sell them on another exchange.


The most common fraud scheme is called a "Triangle" - when the fraudster contacts the exchanger and the victim. The attacker appears to the victim as an exchanger, and to the exchanger as a client. A fraudster can provide both parties with any verification information, acting as an intermediary in negotiations.

For example, the attacker informs the exchanger that he wants to exchange rubles from Sberbank for bitcoins, and to the client that he is an exchanger and will change rubles for bitcoins. The fraudster asks the exchanger for details for replenishment and sends them to the victim. The victim can make sure that these are really the details of the exchanger, they are officially posted on the site of the site. The victim makes a transfer and sends the fraudster a bitcoin address for replenishment. The fraudster already gives the exchanger his bitcoin address. The exchanger transfers Bitcoins to the fraudster, and then there is a trial between the exchanger and the victim, who deceived whom.

The second example: a fraudster places a lot on Avito with the sale of something valuable for a very attractive price, but an advance payment is required or the item has already been postponed for another buyer, but if you pay now, you can pick it up. The guarantee for the buyer is a scan of documents (fake) and a chargeback from the bank, the seller provides his card, where the payment will go. The price is favorable, there are a lot of people who want to pay, the first one will get the goods. The victim is given a card number from the exchanger, well, the exchanger is told that this is a payment for the purchase of cryptocurrency, and the address of the scammers' wallet is given for replenishment.

Transfer of dirty currency

Victims can transfer a small amount to the card, after which the attackers will blackmail with a statement to law enforcement agencies. If the victim refuses to transfer funds to fraudsters, a police report may be filed against her, and then a trial will begin. Accounts of legal entities and organizations that trade on the Internet are particularly affected. It is often more profitable to pay than to unblock accounts and sue, since the trial may take place in another part of the country.

A copy of the resource

Attackers create a copy of a media channel that is engaged in cryptocurrency trading. Customers may mistakenly turn to scammers, and not to the employees of this resource. Attackers often file complaints about the original channel and block it.

Transfer of a similar amount

This is the evolution of the gypsy scheme, when a fraudster shows a five-thousandth bill to a seller in a store, but pays with a thousandth and demands change. Attackers buy cryptocurrency, pay with real money, but make a mistake" with the nominal value. For example, the purchase amount was 1,250 rubles, and fraudsters transfer 12.50 rubles. Or they transfer 16.40 rubles and ask to transfer back the change of 390 rubles.

The fact is that with a large number of transactions, the operator may not see the difference between 1250 and 12.50 rubles and send a cryptocurrency in response. It is impossible to return it.

There is another variant of the scheme fraudsters transfer 1 ruble through an online bank, and in the text of the message to the transfer they write, The transfer in the amount of 1,250 rubles was made successfully. The recipient reads the message from his bank and thinks that he has been transferred 1,250 rubles. After receiving the money, it is necessary to log in to the bank's application and check the fact of replenishment of the account

Hacking the smartphone operating system

Smartphones running the Android operating system can get a virus that, at the time of the transfer of cryptocurrency, changes the recipient's address to the address of the fraudsters' wallet. The virus selects the most similar wallet address so that when checking the numbers, it would be difficult for the victim to notice the substitution.

Scam tokens

Scammers create a new token, ostensibly to finance a popular technology and begin to advertise it on forums and chat rooms. Attackers write fake articles, for example, that this coin will soon be sold on all exchanges.

The problem is that the sale of this coin is not a scam and criminals are not breaking the law. It's just that the victim will never be able to sell this slag to anyone, since no one needs it. The price of such coins initially grows rapidly, and then drops sharply to $0.

For example, scammers create a new token called USDT and in chat rooms are offered for purchase at a favorable rate. Beginners cannot distinguish this coin from the world-famous Tether stablecoin. The only protection against such schemes is the purchase of cryptocurrencies only on large sites.

Often people turn to scammers, because they believe that they themselves will not be able to figure out the process of buying a transfer or currency exchange.


Many people believe that by participating in the Ponzi scheme, you can make money and sell coins on time. This is not so, the collapse of the pyramid can happen an hour after the start of sales, it all depends on the greed of scammers. Participation in such schemes with the expectation of selling tokens in time and popping up their schemes makes the sellers of these coins also scammers. In some jurisdictions, such behavior may be regarded as a crime.

Money laundering schemes

Money laundering in cryptocurrency is carried out similarly to fiat, but with a significant level of anonymity. Criminals use the anonymity of the blockchain to legalize their income and convert it into legitimate assets. To do this, criminals can use a number of tools:

Cryptomixers/tumblers allow you to mix your crypto assets together to hide the connection between addresses and real identifiers;

Privacy wallets are designed to hide transactions from the blockchain network. These wallets are equipped with a feature that changes the address every time a user sends funds.

Using the accounts of law-abiding people

Criminals use other people to transfer illegal funds. Money mules", as a rule, are users with a clean banking history and do not have a criminal record. This allows them to transfer criminal money without being noticed. Money mules are recruited through job offers on the Internet, dating sites or darknet forums. Recruiters can lure people by promising easy money. The least protected segments of the population, the elderly, are often deceived.

In order to prevent fraud based on fake and stolen IDs, refunds and money laundering schemes, companies must build effective KYC processes.

Providing a fake payment receipt

An attacker can forge a check for the transfer of funds and provide the document to the seller of the cryptocurrency. If the operator does not check the fact of payment and sends the cryptocurrency to scammers, then he will lose money forever.

How to protect yourself from cryptocurrency fraud

Many fraud schemes are quite complex and look very tempting. To protect against the actions of intruders, it is recommended to take the following measures:

  1. Protect your PC, smartphone and wallet with antivirus software;
  2. Monitor the application for working with the wallet, when transferring, first send a small amount for verification;
  3. Invest only in understandable tools;
  4. Do not fuss, scammers often rush the victim so that she does not have time to understand that she is being deceived;
  5. Don't trust social media ads;
  6. Ignore cold calls;
  7. Download apps only from official platforms;
  8. Independently study the cryptocurrencies of interest;
  9. To refuse too tempting offers, for example, from the return on investments above 3-5% per month;
  10. Do not invest the last money in cryptocurrency that you cannot afford to lose.


We have reviewed the lion's share of fraudulent schemes in cryptocurrencies, the knowledge of which will help investors avoid losing money at the very first stage of investment. However, progress does not stand still, and attackers are constantly upgrading and developing their scams.

For example, schemes are already appearing where, with the help of artificial intelligence, fraudsters fake a phone number, voice and even the face of the interlocutor. When negotiating with an interlocutor, you may not even suspect that you are facing a fraudster in a "digital mask".

Therefore, everyone who deals with cryptocurrencies must necessarily take all necessary measures to protect their funds, and always be in the trend of industry news.

Buy cryptocurrency only on verified cryptocurrency exchanges, as they are interested in the purity of their digital funds and invest a lot of time and effort in the security of personal data and funds of their customers.

Support Chat We are online 24/7 {{ L('CHAT_BTN_TOCHANGE') }} #{{change.cid}}
Request Chat Partner: {{ change.orgName }} {{ L('CHAT_BTN_TOCOMMON') }}
AWEX bot

{{ hellomessage }}

{{ $bui.getLangId()==='RU' ? L( : $bui.toTranslit(L( }} {{ L('CHAT_USER_SUPPORT') }} ({{ L('USER_TYPE_P2P_OPERATOR') }})
{{ $bui.timeToDate(message.moment, 'onlydate') }} {{ $bui.timeToDate(message.moment, 'timewithzone') }}

{{ L(message.message) }} {{ L(message.message) }}

{{ L('CHAT_CLOSED') }}