Hackers stole $4.3 billion worth of cryptocurrency in 2022, making it the worst year on record for crypto fraud. While the government pushes for regulation in the digital coin market, cryptocurrency remains a volatile industry and a risky bet for investors and financial institutions.

While decentralized finance (DeFi) aims to offer greater control to investors, the anonymous nature of banking on the blockchain provides cyber criminals with the smoke and mirrors they need to steal money and vanish without a trace.

But despite the threats, global crypto adoption rates continue to grow — 22% of U.S. adults own cryptocurrency. And so, the onus is on software developers and security teams to step up their efforts to combat cryptocurrency fraud and protect investors. But that’s easier said than done.

How cryptocurrency fraud has grown

Blockchain — the underlying technology behind cryptocurrency — is built on the foundational principles of immutability. The concept is that nobody should be able to steal your money from an encrypted vault. But unfortunately, the reality is an industry riddled with security flaws.

Hackers have a vast arsenal of sophisticated technologies and techniques to infiltrate financial institutions and digital wallets. In its annual Internet Crime Report, the FBI revealed cryptocurrency investment fraud had grown almost three-fold from 2021 to 2022.

Here are five of the most common types of cryptocurrency fraud:

  • Ponzi schemes lure unsuspecting victims by making promises of high returns with little or no risk. But when people stop investing, the scheme collapses and the operators take all the money. The CEO of cryptocurrency platform EminiFX, Eddy Alexandre, was charged with running a Ponzi scheme that duped investors out of $59 million.
  • Fake wallets and exchanges trick many users into making cryptocurrency transfers. The victims believe they are making a savvy investment but end up downloading malware. Once hackers infiltrate your computer or smartphone, they could access your bank account or steal sensitive personal information to use for other forms of identity theft.
  • Fake initial coin offerings (ICOs) work similarly to a Ponzi scheme, as fraudsters create a phony cryptocurrency to attract investors. But once the scammers get enough money, they steal everything. This scheme, known as “pig butchering,” cost a 52-year-old man over $1 million when criminals tricked him into investing in a fraudulent platform.
  • Social engineering combines impersonation scams and emotional manipulation to trick people into revealing sensitive information, such as phone numbers, passwords or digital wallet seed phrases. A Coinbase employee fell for an SMS phishing scam in February 2023, enabling a hacker to access the trading platform’s data temporarily.
  • Ransomware is commonly used in crypto fraud. Hackers take over a device, account or network using malicious software before demanding payment in cryptocurrency. Although more companies are refusing to pay, ransomware attacks still cost over $456 million in 2022.
Check out the Podcast

What can security teams do to prevent cryptocurrency fraud?

While threat actors are the main problem, many breaches and scams could be prevented with better software development and security practices. Weaknesses in platform security and poorly programmed smart contracts can expose user data and leave companies and consumers vulnerable to attack.

Here are some action steps security teams can take to combat crypto fraud:

  1. Verify all users’ identities during onboarding. Onboarding must be flexible enough for new users to join but secure enough to keep fraudsters out.
  2. Use strong authentication methods. Multi-factor authentication (MFA) can prevent unauthorized individuals from accessing sensitive information. With stringent demands for biometric factors before high-value transactions, it will be harder for thieves to steal from wallets.
  3. Improve privacy with zero-knowledge proofs (ZKP). Using ZKP, you can allow users to prove their identity without revealing personal data, such as their login credentials or social security number.
  4. Build a culture of secure network connection protocols. Security teams must do everything possible to protect user data and finances from hackers. Internally, employees must adopt good practices by always using secure devices, HTTPS, password managers and virtual private networks.
  5. Invest in robust cybersecurity solutions. At a minimum, teams must fortify online infrastructure with firewalls, antivirus software and 24/7 threat monitoring to safeguard against malware and potential cyberattacks.
  6. Monitor platforms with blockchain analysis tools. You can use automated systems to monitor activity on your platform. With a focus on detection and response, security teams can isolate threats or anomalies that might indicate fraud patterns — before the theft happens.
  7. Educate users on crypto scams. When people know the warning signs of investment fraud, including romance scams and phishing emails, they’re less likely to fall prey. Security teams and app developers can publish ongoing content about staying safe online, avoiding scams and practicing good cyber hygiene.
  8. Offer white-glove fraud resolution support. Hackers only need to get it right once. When the time comes and a user loses to crypto fraud, that’s another opportunity for security teams to learn. Proactive customer support will help users recover from fraud and give teams the information they need to improve their systems.

Keep fraudsters out by securing the inside

Despite the rise in fraud, cryptocurrency continues to attract investors because of the potential for significant returns. But as the global market cap creeps past $1.25 trillion, cyber criminals circle the DeFi space in search of the ultimate payday.

Offering investors education on cryptocurrency scams will help — but the real battle centers on the operations of trading platforms and wallets. It’s time for developers and security teams to unite and play a crucial role in fighting back against cryptocurrency fraud.

Ready to tighten your defenses against hackers? Get a better understanding of the latest attacker tactics by downloading the IBM Security X-Force Threat Intelligence Index 2023.

More from Fraud Protection

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today