Back to all stories
Blogs
Educational
Social Media Crypto Scams
4/13/2023

The United States Federal Trade Commission (FTC) released a report in June of 2022 highlighting that over $1 billion was lost to crypto scams since the beginning of 2021. A large majority of these scams started on social media platforms such as Instagram, Facebook, WhatsApp, Discord, Twitter, and Telegram. The FTC reported that in 2022, 32% of the scams took place on Instagram, 26% on Facebook, 9% on WhatsApp, and 7% on Telegram.

More than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. The FTC’s report did not mention Twitter or Discord in their data despite being two of the biggest platforms where spam and scam bots promote fake crypto giveaways.

Inexperienced crypto users are often targeted on social media platforms through the use of copycat websites, URLs, accounts, hacked verified accounts, fake projects, fake airdrops, malware, and plenty of other scams. The FTC said “the top cryptocurrencies used to pay scammers were Bitcoin (70%), Tether (10%), and Ether (9%).

Social Media Crypto Scams

Investment Scams

The most common type of crypto scams recorded by the FTC were investment-related frauds, which make up $575 million, or a little over 50%, of all the money lost to scams from the start of 2021 to March 2022. Investment scams often promise a user that they can make a lot of money at no risk. Cryptocurrency is very attractive for scammers, as it can be both an investment and a payment medium. Unlike cash where you can not invest in it or stocks where you can not pay with it, crypto offers both of those insofar as consumers can pay and invest. These scammers tend to promote giveaways that promise to double the users' crypto assets that they deposit into a designated wallet address. This alleged ‘once-in-a-lifetime’ opportunity incentivizes users to transfer funds quickly in the hope of an instant return. Instead, the funds are drained out of the wallet and never given back.

Romance Scams

Romance scams, also known as pig butchering, are the second largest monetary scam type to happen after investment scams. Romance scams account for $185 million in reported crypto losses between January 1, 2021 through March 31, 2022, or nearly one in every three dollars reportedly lost in these type of scams. Romance scammers first engage their victims on social media and then tend to move the conversation to an encrypted messaging app as soon as possible to protect their anonymity. These con-artists aim at romancing their target quickly by overwhelming them with compliments and expressing their love and care. This is commonly referred to as the “love bombing” tactic. According to the FTC’s report, the median reported crypto lost to romance scammers is about $10,000 per individual. The Global Anti-Scam Organization reported that 67% of victims of these scams are women between the ages of 25-40. Similar studies conducted in Australia and China reflected this, with approximately 69% of reported victims being women.

Business and Government Impersonation

Clever messaging from what appears to be valid social media accounts can create a sense of legitimacy, and scammers use that to spark a sense of urgency when it comes to locking in their target. Business and government impersonation scams are the third most common type of scam, resulting in losses of $133 million in 2021. Scammers use social media platforms to send pictures of real and doctored law enforcement credentials to prove they are legitimate and scam people out of money. Scammers may change the picture or use a different name, agency, or badge number, but the basic scam remains the same. For example, con-artists target users by claiming that their money is at risk due to fraud or government investigation and pretend to be a representative of the victim’s bank to secure the target's crypto.

In other cases, victims’ reports say that scammers have impersonated border patrol agents and told them that their fiat accounts were frozen as part of a drug trafficking investigation and that the only way to protect their money is to put it in cryptocurrency. The victims are then directed to take out cash and feed it into a cryptocurrency ATM which then sends the assets straight into the scammers’ wallet addresses instead. Users are frequently contacted on social media by scammers posing as representatives of the Social Security Administration, the US Marshals/local police, and the IRS, especially around tax season.

Impersonating Famous People

When celebrities provide links with exceptional deals, most users tend to want to click on it to see what they can gain. Advanced scammers often hack into celebrities accounts or create fake profiles from abandoned accounts to defraud their victims through various phishing schemes. On December 29th, 2022, Kevin O'Leary’s Twitter account (@kevinolearytv) was hacked by crypto scammers. The account sent out multiple now-deleted tweets about a crypto giveaway of 5,000 Bitcoin (BTC) and 15,000 Ethereum (ETH), although the accompanying image listed 5,000 ETH. The links to these giveaways prompted respondents to send their own cryptocurrency funds first to verify their wallet address. The link was actually a phishing site that drained victims’ assets once they connected their wallets. In July 2020 an attack was carried out on Twitter users as a way to try to steal money. A large number of the impacted accounts represented public figures in the US – industry leaders, politicians, and entertainers.

c2fa5b9e-d9b9-4be8-890c-082afb8bc368

Approximately 130 high-profile Twitter accounts were compromised to generate traffic for a Bitcoin scam. Amongst those accounts included: Barack Obama, Joe Biden, Jeff Bezos, Warren Buffet, Kanye West, Kim Kardashian, etc. The tweets scams offered people the opportunity to “double their money” if they sent Bitcoin to a specified wallet, and the Bitcoin would be doubled and returned to them. Over 300 deposits, approximately $118,000, had been deposited to one of the Bitcoin wallets.

Pump and Dump Schemes

“Pump and dump” schemes are extremely prevalent especially in the cryptocurrency world since it is easier to manipulate smaller crypto projects than major exchange-traded stocks. Jordan Belfort, also known as the “Wolf of Wall Street,” used this type of scheme to manipulate stocks in the 1990s. Nowadays, it is extremely easy to create new crypto tokens and raise money through social media, especially if someone famous shills that project. Celebrities promoting these different projects have a certain influence on users buying certain tokens.

Some scammers buy small cap cryptocurrencies and pay influencers to promote the project on their social media platforms in order to increase investors’ interest. The value of the project’s token goes up as people are buying and eventually the scammer sells off all of their token share at a higher value. In turn, people start to see the price drop and start selling their tokens which reduces the token value and leaves other investors with nothing.

There are different types of pump and dump schemes, but having an influencer or someone famous backing that project on their social media platforms seems to be very lucrative for scammers. Crypto scammers use videos of famous entrepreneurs to convince users to visit a promotional website to double their crypto investment by transferring crypto to a designated wallet or giving information about their crypto wallet in exchange for better returns.

The Securities and Exchange Commission (SEC) has recently cracked down on influencers and celebrities shilling risky and unvetted tokens to millions of investors. Celebrities such as Lindsay Lohan, Kim Kardashian, Paris Hilton, Logan Paul amongst many others have been sued for shilling NFTs without disclosing payments. In November 2022, the SEC issued a subpoena to influencers who were shilling cryptocurrencies such as HEX, Pulsechain and PulseX. In March 2023, the SEC filed more charges against celebrities as part of its broader charges filed against crypto entrepreneur Justin Sun and three of his companies for the unregistered offer and sale of the crypto asset securities Tron (TRX) and BitTorrent (BTT).

Fake Verification Ticks

The verification tick on social media platforms such as Twitter, Facebook and Instagram tends to give social media users a sense of trustworthiness in a person, project, or brand, as they have been “verified” by these social media platforms. Scammers will take advantage of the trust signals that social media platforms use to verify an account. There are many ways to get a blue verification tick near your handle. After Elon Musk acquired Twitter, a paid verification for $8 per month was provided and within a day there was a surge in the creation of fake accounts with a blue tick near next to the handle. This led to multiple scams including crypto phishing links as seen below.

ccf6fd6e-05fe-4709-94be-f6d110028476

Since then, Twitter has been shutting down fake accounts promoting scams, but creating a new page with a verified checkmark remains relatively simple.

Another way scammers get the verified tick on their account is that they will create profile pictures that include a blue checkmark or use the wallpaper to incorporate a blue check to look authentic. This “status” allows them to promote scam projects, post-phishing links, or even sway people into investing into cryptocurrency. Scammers often break into smaller verified Twitter accounts and alter them to promote different scams.

CertiK investigated one of these accounts that was promoting different phishing links associated with names such as Tiffany & Co., and high profile art galleries which drained people of their NFTs. The Greg C Bates account @gregcbates, which is still active at time of writing, approaches his targets on Twitter and has them sign a transaction to "prove” their ownership of an NFT, or to "sign a contract" which promises a reward . CertiK researched the @gregcbates profile and noticed that the Twitter account belonged to Nashville country singer Greg Bates, who has not been active on that account since 2019. The team used Wayback machine and investigated the cached of the profile to verify where and when this account was created first. It appears that after 2019, the profile that belonged to the country singer went offline for a while before being picked back up by the scammer.

Below is the original profile of @gregcbates:

4833e02f-2a8e-415d-b6ce-c144e5029596

Profile of the scammer using the official account and posting phishing links to drain victims of their NFTs:

53ba5fdd-a55c-497a-bbfa-341885678049

Fake Free App Downloads

Often, fake free apps ask for personal information and will occasionally download malware onto people’s devices without their knowledge. The latest FBI fraud report claims that fraudsters are using fake crypto apps to steal money from unsuspecting crypto investors. It highlights that American investors have lost approximately $42.7 million to swindlers through fake apps. Some of these fake apps are designed to collect users' information that is then used to access crypto accounts.

6a75aec2-fff6-44ea-ad34-41bf2dcdfcf9

Others claim to offer secure wallet solutions that can be used to store a diverse range of crypto assets but steal the funds once a deposit is made. The fraudsters usually befriend the victims through social platforms and then trick them into downloading what appears to be functional cryptocurrency/trading apps. The scammers then convince users to transfer funds to the app. The funds are “locked in” once the transfer is made, and the victims are prevented from withdrawing the money. Fake crypto app scammers also use official app stores such as the Apple App Store and Google Play Store to distribute their applications.

Quizzes

Online questionnaires are popular among social media users. Malicious examples of these quizzes may start with questions such as, “What car did you pass your driver’s test with?” and other common security questions for online accounts. Obtaining this information can give attackers the opportunity to access an individual’s accounts. Scammers take advantage of these quizzes by including terms and conditions which allow the data entered to be sold. It also means the developer can obtain a lot of information about a users’ profile, friends, and IP address. There are also a lot of quizzes about smart contracts that are scams. Users are asked to take a quiz with the promise of a high reward if they answer the questions right. The idea is to test users’ crypto knowledge and incentivize them to deposit ETH in a wallet controlled by the scammer. Etherscan does not show extensive information about internal transactions with smart contracts, which in turn allows scammers to take advantage of people who look at external transactions only.

See here for a more detailed look at phishing quizzes.

Conclusion

Overall, more than one in four people who reported losing money to all types of fraud in 2021 reported that it started on social media with an ad, post, or a message. The amount lost to social media scams in 2021 was five times that of 2020, and six times from 2018. The FTC described social media and cryptocurrency’s relationship as “a combustible combination for fraud.”

Users need to be very careful of messages they receive on social media platforms, especially when that message has a sense of urgency to it. Additionally, users should not click on a link or open messages or reply to a message from an unknown account as it alerts scammers to a working address / account.

Protect yourself and your assets by following @CertiK, @CertiKCommunity, and @CertiKAlert on Twitter to stay up to date on all the latest Web3 security news.