In the 15 years since Bitcoin's launch, the cryptocurrency space has evolved into a diverse and multi-faceted ecosystem, offering many great opportunities. However, non-tech-savvy users often need time to familiarize themselves with blockchain concepts, especially regarding security. Criminals are exploiting this lack of crypto literacy, implementing various forms of social engineering schemes and outright hacking attacks.
In this article, we’ll explore the crypto scam trends in 2024 and will go deeper into two forms of newer scams that are affecting many crypto holders: ‘pig butchering’ and artificial intelligence (AI) crypto scams.
In this article, we’ll delve into the evolving landscape of crypto scams in 2024. We’ll also focus on two newer schemes that have caught many crypto holders off guard: the ‘pig butchering’ scam and advanced artificial intelligence (AI) frauds. These tactics, while new to some, are rapidly becoming the tools of choice for cybercriminals.
Understanding the risks and learning how to safeguard assets is imperative for anyone entering the crypto space.
Crypto Scam Losses Increase in 2024
You might expect scams to diminish as the crypto space matures, but unfortunately, this hasn’t been the case.
A recent Chainalysis report covering the crypto crime in H1 of 2024 found that the amount of stolen funds had nearly doubled to $1.58 billion compared to the first six months of 2023, partially due to an increase in the price of Bitcoin and major altcoins.
Ransomware inflows increased by 2% to nearly $460 million during the same period.
A notable shift from recent years is that criminals are increasingly targeting centralized exchanges (CEXs) rather than focusing on the decentralized finance (DeFi) sector.
The chart below shows that the amount of stolen funds attributed to CEXs has already increased to the highest level since 2018, while DeFi’s share has declined to the lowest since 2021.
CEXs have been strengthening their security by implementing the latest technologies and practices to reduce hacking attempts. However, attackers are now employing more sophisticated social engineering schemes to breach their security walls.
For example, organized cybercrime groups linked to North Korea are applying for IT jobs, infiltrating major exchange platforms, and stealing crypto. A recent United Nations (UN) report claimed that the tech industry in the West had hired over 4,000 North Koreans.
Some of them are part of organized groups that employ tactics to reach crypto business, steal crypto funds, and implement money laundering methods to cash out before the funds can be frozen.
Share of New Scams Hits Record in 2024
Interestingly, Chainalysis findings suggest that 2024 has seen a record number of inflows to new wallets, indicating an increase in new scams.
Specifically, 43% of scam inflows in the first six months of 2024 reached wallets that became active this year, which is a record.
This chart shows the share of stolen funds sent to wallets first observed in the year their respective scams received crypto funds.
Overall, the crypto industry still faces traditional frauds, such as phishing, rug pulls, Ponzi schemes, and ransomware attacks. Nevertheless, criminals have adapted their tactics, now favoring shorter and targeted scam campaigns instead of broader Ponzi schemes.
For example, between 2020 and June 2024, the average number of days of active scams dropped significantly. The gauge indicates 271 days for scams that started in 2020 and 42 days in H1 2024 for year-to-date scams.
Some of the newer forms of social engineering techniques include pig butchering and AI crypto scams.
What Is Pig Butchering?
Pig butchering is one of the newer scams gaining traction in recent years. In fact, the revenue of this type of scam has already hit record levels in 2024.
The scam gets its name from the way criminals 'fatten up' victims to extract the maximum possible value. Pig butchering typically involves some sort of romantic relationship established via social media apps or text messaging to gain the victims’ trust, eventually convincing them to invest crypto or fiat into the scammers' wallets.
It may turn out that the romance scammers themselves are individuals who had been kidnapped and trafficked to Southeast Asia, where they are forced to work in labor camps specifically designed for these types of scams. These well-organized groups run aggressive campaigns and use money laundering schemes to cash out their stolen funds.
One particular Myanmar-based camp that was first spotted on-chain two years ago earned over $100 million in the first six months of 2024. Known as KK Park, the organization buys real Facebook, Tinder, and Match.com profiles from China-based services to be used in their schemes, with prices ranging from $2 to $20 per account.
Sometimes scammers can make the first contact via text messages, pretending to reach a wrong number.
Speaking about KK Park, Eric Heintz, Global Analyst at the Global Fusion Center of the International Justice Mission, told Chainalysis:
The conditions these people face are horrible. They’re forced to work 12 or more hours per day, and if they don’t meet quotas on contacting potential scam victims, the gangs beat them, torture them, and even withhold food.
These scam gangs may ask the families of trafficked workers to pay them ransoms in crypto.
Victims from Western countries can be depleted of hundreds of thousands of US dollars. Kim Casci-Palangio, head of the romance scam recovery group at the Cybercrime Support Network, told CNBC that dollar losses average about $178,000 a person.
In a heartbreaking story shared by Financial Times, a woman lost her husband and then was manipulated by a scammer via a Facebook group called “I Miss My Husband.” She was convinced to send over £500,000 in USDT, with the funds being tracked in South East Asia.
These scams are highly sophisticated and prey on victims’ emotions. They may sometimes combine phishing or ransomware.
In September 2024, the US Securities and Exchange Commission (SEC) took the first-ever enforcement action related to crypto romance scams. Schemers used WhatsApp, LinkedIn, and Instagram to manipulate victims to invest through fake crypto exchanges NanoBit and CoinW6.
The SEC has become more aware of such scams. Gurbir S. Grewal, director of the SEC’s Division of Enforcement, said in a statement:
Relationship investment scams, including those involving crypto asset investments, pose a risk of catastrophic harm to retail investors, and the threat is increasing rapidly as these scams become more popular with fraudsters.
AI Crypto Scams
AI is a revolutionary technology that can automate processes and assist with creation and brainstorming, but it’s also a goldmine for scammers.
According to a recent report by Elliptic, a blockchain analysis firm, AI-related crypto scams have been on the rise this year.
The most popular form of AI used in these scams is deepfakes, which are used to promote crypto projects. Previous fraudulent schemes used the faces of Elon Musk, former Singaporean Prime Minister Lee Hsien Loong, and the current and previous Presidents of Taiwan, Tsai Ing-wen and Lai Ching-te. AI can be used to fake images, videos, and voices.
The fake promotional clips or pictures are often posted on social media sites like X (former Twitter) and TikTok.
Other scams involve the use of AI to simulate a crypto ‘business’ to look more authentic.
While most online consumers can spot deepfakes, many may still be unaware of the manipulation. Meanwhile, AI technology is becoming more advanced and will be able to create more realistic deepfakes.
In mid-August, the Australian Securities and Investments Commission (ASIC) said that it had taken down more than 600 crypto scams in the 12 months to July 2024. The financial watchdog warned that AI may help fraudsters improve their tactics. ASIC stated:
Fake celebrity endorsements, including from people such as Chris Hemsworth and Elon Musk, are used in these scams to entice consumers to enter into investments with low initial costs and unrealistic returns.
Elon Musk is especially popular among fraudsters due to his strong reputation in the crypto community.
Web3 Scams
While the share of DeFi and Web3 scams has declined in 2024, many non-custodial wallet users are still falling victim to scams involving smart contract vulnerabilities or social engineering schemes. Honeypots and address poisoning are some of the most popular Web3 scams:
- Address poisoning attacks involve cybercriminals creating a wallet address similar to the one a user has already interacted with. Then, they send the victim small amounts of tokens to create a fake transaction history. This tricks users into mistakenly sending funds to the attacker’s address, which closely resembles one they trust.
Honeypots are traps set up by attackers, where users are lured into investing in a new cryptocurrency or non-fungible token (NFT). Once engaged, investors can’t return their funds or sell the token on secondary markets because its fraudulent smart contract allows only purchases.
The Final Note
In 2024, crypto scams are more sophisticated than ever, exploiting vulnerabilities in centralized exchanges and leveraging advanced social engineering tactics.
As the crypto market grows, so do the risks, especially with the emergence of AI. By understanding the latest scam trends and security threats, you can better protect your assets and navigate the complex world of Web3 more safely.
To stay away from these scams, consider these practical steps:
- Don’t trust anyone asking for crypto funds to invest in ‘get rich quick’ schemes. If it sounds too good to be true, it probably is. Do your due diligence and invest in products that you choose by yourself.
- Make sure to always enable Two-Factor Authentication (2FA) with all crypto platforms you use.
- Use cold wallets like Trezor or Ledger if you hold significant amounts of crypto. These are the most secure types of digital wallets as they store your crypto offline.
- Do your own research when you deal with new projects, platforms, and crypto products. Also, stay informed by monitoring the latest trends in crypto and cybersecurity.
If you don’t want to unintentionally start a charity for scammers, make sure to keep your private keys to yourself and never share them with anyone.
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.