Whether it’s multi-million dollar exit scams, Ponzi schemes, or sophisticated networks of remote-controlled Twitter scambots, this year saw some of the most epic cryptocurrency schemes to date.
But we asked ourselves: what were the most brazen cryptocurrency scams of 2018? Which ones left us awestruck by how little amount of fucks the perps gave, as they made off with other people’s money, in one way or another.
Well, here are the most ballsy cryptocurrency scams of the year, ranked in no particular order. They’re just nominated as they really stood out in their cockiness.
1. Ever receive a large utility bill and think about just not paying?
One “business”, the Miami-based NDGC, simply declared bankruptcy and disappeared, leaving behind over $1.5 million in unpaid electricity bills. Curiously, they did pay all of their rent to the local municipality, perhaps a clue as to how they got away with freely mining Bitcoin for so long.
Chasqui Tech, on the other hand, didn’t. The local Norrbotten municipality is seeking $50,000 in unpaid rental fees from these goobers, after they reportedly abandoned plans to expand their Bitcoin mining operations from Latin America to Switzerland.
Norbotten is now chasing Chasqui Tech for over $50,000 in unpaid rental fees, although it at this stage it appears unclear whether they actually mined any Bitcoin.
Still, Norbotten is one county that will surely be giving the cold shoulder to wannabe cryptocurrency “entrepreneurs” in 2019.
2. Hackers infect almost 700K sites with Bitcoin-stealing code
In September, hackers managed to break into one of the internet’s most used traffic analytic services, StatCounter, which webmasters use by adding special code to their sites.
After gaining access to StatCounter’s code, hackers leveraged this aspect of it’s design to simultaneously infect as many domains as possible. At one point, the hack was detected on 680,000 sites.
Curiously, although the attack was so widespread, the hackers had a single target in mind: the Bitcoin traders of a small-time cryptocurrency exchange Gate.io.
ESET, the cybersecurity unit who discovered the attack, noted the malicious code didn’t actually do anything unless it was run on a site using a specific URL string – “myaccount/withdraw/BTC.” ESET identified Gate.io to be the only site using a URL that contained this string.
When sites using this string loaded, any Bitcoin address a user entered into it was replaced with one controlled by the attackers.
To tie it all together, the malicious code smartly generated a new Bitcoin address each time it was run, so there’s no real way of knowing how much the hackers made away with.
3. Incentivizing Bitcoin ransomware with an affiliate scheme
In October, security experts from McAfee and Inskit published a joint investigation which unearthed an intricate Bitcoin-fuelled ransomware scheme, complete with a seemingly lucrative affiliate program.
Dubbed Kraken Cryptor (not linked with the popular cryptocurrency exchange), hackers were encouraged to extort unsuspecting blockchain investors out of their Bitcoin with an underground rewards program.
Would-be ransomers were required pay $50 to receive up-to-date versions of malware, dressed as an innocuous anti-virus tool. When it was installed, it would instantly encrypt the contents of hard drives before demanding a Bitcoin ransom be paid.
Researchers reported users were promised 80 percent of ransoms generated. This kind of scheme is referred to as “Ransomware-as-a-Service.”
To date, the identity of the masterminds remains hidden. Despite most of the business being run on Russian dark web forums, a study noted that those involved spoke both English and Russian, but frequently made mistakes in both. This makes it likely the perps are not native speakers of either language.
Even more curious, the affiliate program had banned targeting victims from a list of countries from the former Soviet bloc, including Armenia, Azerbaijan, Belarus, Estonia, Georgia, Kyrgyzstan, Kazakhstan, Russia, Tajikistan, Ukraine, and Uzbekistan.
4. Thieves use $2.3M in fake money to shake down Bitcoin millionaire
Let’s pour one out for this South Korean cryptocurrency millionaire. He was left holding nothing but stacks of counterfeit money following a peer-to-peer Bitcoin deal gone wrong.
Back in August, a Serbian man and his accomplice lured a successful cryptocurrency entrepreneur from Singapore all the way to the French Riviera, with promises to invest in his business.
In a fancy hotel in Nice, the pair convinced the businessman to send €2 million ($2.3M) in Bitcoin, the deal being they would reimburse him with the equivalent amount in Euros.
Unbeknownst to the South Korean, the millions in “Euros” were counterfeit, made entirely of stacks of poorly Photoshopped €500 notes.
Police ended up arresting the Serbian man on charges of fraud. He was caught in Cannes wearing a $110,000 watch, driving a luxury sports car.
His accomplice was reportedly still at large.
5. Bitcoin scammers and their year-long Twitter rampage
Those pesky Bitcoin scammers are absolutely worthy of a special mention.
For the entirety of 2018, Twitter was lambasted by fraudsters, sharing links to fake cryptocurrency giveaways from hacked verified accounts, borrowing the names and blue checkmarks of prominent industry figures for credibility.
The hackers were indiscriminate with their attacks. Accounts run by government websites, television shows, and small-time celebrities that had nothing to do with blockchain were being roped into promoting the dodgy links.
Most recently, they were found running fake advertisements falsely featuring a television host in New Zealand.
But the target the hackers seemed to flaunt the most was Elon Musk. For whatever reason, Musk was impersonated so relentlessly, he was forced to turn to Dogecoin founder Jameson Lopp for assistance in curbing the scourge.
You can follow the fascinating evolution of the Bitcoin giveaway scam here.
Let’s hope 2019 brings far less success for the world’s cryptocurrency fraudsters, even Satoshi knows they made enough in stolen digital loot this year.
Published December 27, 2018 — 10:00 UTC