CertiK faces a number of challenges on a daily basis outside of our primary work of auditing. Among these challenges is dealing with the scams that use the CertiK brand and spread misinformation. Such misuse includes everything from fraudulent claims of audits to scammers reaching out to victims of investments scams with fake recovery services. In this blog we will examine the most common misuses of the CertiK brand in order to keep our community informed and protected.
A prevalent scam we've noticed involves phishing sites falsely claiming to be audited by CertiK. These scammers use counterfeit security audit certifications to deceive users. See Wixpool, the fraudulent crypto mining site displayed in the screenshot below. Its primary objective is to entice users to invest, only to then misappropriate those funds.
We actively report sites falsely claiming to have undergone CertiK audits to their hosting providers for takedown.
Additionally, wallet drainer schemes are exploiting CertiK's reputation with fake audit claims. One notable incident involved a wallet drainer distributed through a privacy app named Sessions, causing losses to those deceived.
There have been a number of cases in which exit scams have falsely claimed to be audited by CertiK. A case in point is the Lymex scam, which led to around $300,000 in losses. Despite listing CertiK as an auditor, Lymex never received our services after failing our KYC verification.
You can verify all CertiK-audited and KYC-verified projects on Skynet.
The rise of social media has also led to an increase in fake profiles. On platforms like LinkedIn, we've seen scammers creating counterfeit profiles. They often attempt to broker deals for audit services, present fraudulent investment opportunities, and even fake job offers and hiring processes.
The following is a screenshot of a fake LinkedIn account profile.
This fake profile uses an AI-generated image and claims to represent a cybersecurity specialist from the United Kingdom. Despite having no activity or posts, it misuses CertiK’s brand to deceive individuals.
In some instances, scammers directly impersonate CertiK employees. For example, a scammer on Telegram impersonated one of our business development representatives, deceiving a project owner into believing they were interacting with a legitimate CertiK employee. The project owner was duped into transferring funds to an address controlled by the scammer.
A particularly malicious scam targeting victims of investment frauds is the recovery scam. These fraudsters contact individuals who have suffered losses in cryptocurrency-related scams, offering them recovery services for an upfront fee. They often scout social media groups and channels, looking for posts about recent losses in cryptocurrency frauds.
These scammers engage in elaborate schemes to build trust, even requesting personal identification from users, which may later be used in other scams. They create a false sense of hope by showing a large recoverable amount, but demand an upfront payment for recovery. These scammers persistently invent excuses to extract multiple payments and ultimately vanish with any funds they've received from the victims.
Below is an example of one such email attempting to scam a user.
When you receive an email claiming to be from CertiK, always verify that the email domain is certik.com. We do offer an investigation service designed to provide clarity in incidents involving loss of funds. This service may include engagement with relevant parties like exchanges, which could potentially lead to asset recovery, though this is not always guaranteed.
We have also launched an Employee Verification tool, which allows you to verify whether an email address, WeChat ID, Twitter account or Telegram ID is associated with an official CertiK employee.
We have encountered numerous instances of our brand being used inauthentically on X. These cases vary from harmless inquiries about CertiK audits to outright scams intending to defraud users. A notable example of this fraudulent activity involved a scammer known as Faint, who we believe is linked to a fake CertiKSkynet account, now suspended. This misuse of our name on X has ranged from simple bots asking about audits to more serious scams targeting user assets.
CertiK has noticed that a number of bots on X have interacted with AMA posts that ask questions related to CertiK’s services. We can confirm that CertiK is not affiliated with such posts and we do not endorse them.
Scammers and malicious actors are likely to persist in making false claims about CertiK's services and impersonating our employees to deceive investors. The most effective way to safeguard against these scams is to visit CertiK's website and verify if a project is listed on Skynet. Additionally, if you're approached by someone claiming to represent CertiK and you have doubts about their legitimacy, we encourage you to use our Employee Verification tool or contact our moderators and admins on Telegram and Discord for assistance.