Tag: Crypto Scams

In the face of a rising tide of scams and exploits, even CertiK, a security firm that specializes in comprehensive security for blockchains, smart contracts, and Web3, is not immune. Scammers are targeting users by fraudulently latching on the company’s brand, which is dedicated to ensuring the security of digital assets and decentralized technologies.

In the latest blog post, CertiK revealed that it is facing a myriad of challenges beyond its primary focus on auditing. Among these challenges are scams that exploit the CertiK brand to spread misinformation and defraud users.

CertiK’s Struggle Against Brand Exploitation

One prevalent scam involves phishing sites falsely claiming to have undergone CertiK audits. These fraudulent certifications are used to deceive users into investing in schemes like Wixpool, a fraudulent crypto-mining site. CertiK said it actively reports such sites to hosting providers for takedown, safeguarding users from financial losses.

Scammers perpetrate exit scams by falsely claiming to be audited by CertiK. The Lymex scam is a notable example, resulting in approximately $300,000 in losses. In its new report, CertiK emphasized the importance of verifying audit claims, as in the Lymex case, where no services were rendered due to failed KYC verification.

The rise of social media also gave scammers a platform to create fake profiles impersonating CertiK employees. Platforms like LinkedIn witness scammers brokering fake deals, presenting fraudulent investment opportunities, and even offering fake job positions. CertiK warns users to verify the legitimacy of interactions, citing an incident where a scammer on Telegram duped a project owner into transferring funds.

Bad actors target victims of investment fraud with recovery scams, offering to retrieve lost funds for an upfront fee. CertiK cautions users to be wary of such frauds, emphasizing that its genuine communication is through certik.com. The recovery service, while not guaranteed, involves engaging with relevant parties to retrieve assets potentially.

Bots on X

Misinformation and bot activity on Twitter have wreaked havoc for several years, including until Elon Musk took over in October 2022. The subsequent rebranding to ‘X’ has done little to curb the scam bot activity that continues to be a major pain point.

CertiK also revealed observing instances of brand misuse on X, ranging from harmless inquiries to outright scams. The report highlighted the use of bots interacting with posts related to CertiK’s services, clarifying that the project is not affiliated with these posts and does not endorse them.

OneCoin’s head of legal and compliance Irina Dilkinska has pleaded guilty this week to wire fraud and money laundering charges in connection to the crypto scam that deceived and resulted in a $4 billion fraud.

The DOJ said that the US District Judge Edgardo Ramos accepted Dilkinska’s guilty plea.

• According to the official press release, the 42-year old Bulgarian citizen pled guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit laundering. Each charge carries a maximum potential sentence of five years of imprisonment.
• The scam dates back to 2014, when Ruja Ignatova, known as “the Cryptoqueen,” and Karl Sebastian Greenwood co-founded OneCoin, a Bulgarian-based company that promoted a cryptocurrency bearing the same name.
• However, it turned out to be a fraudulent pyramid scheme operating as a multi-level marketing (MLM) network.
• OneCoin attracted over three million investors, generating $4.3 billion in sales revenue and claiming $2.91 billion in profits between Q4 2014 and Q4 2016.
• Dilkinska, purported Head of Legal and Compliance for OneCoin, instead of ensuring legal compliance, actively participated in its operations and facilitated money laundering, including transferring $110 million in fraudulently obtained proceeds to a Cayman Islands entity.
• Greenwood was sentenced to 20 years imprisonment for his involvement in September.
• Meanwhile, Ignatova faced charges related to OneCoin fraud and money laundering in the Southern District of New York in 2017.
• She disappeared after traveling from Sofia to Athens on October 25, 2017, and was added to the FBI’s Top Ten Most Wanted List in June 2022, with a $100,000 reward for information leading to her arrest.
• Ignatova has not been seen publicly since her disappearance, but it was speculated by certain Bulgarian sources that she may have been brutally killed in 2018 at the directive of a local drug lord.

Research by blockchain security firm Hacken has found that most of the crypto projects rug-pulled in the third quarter of 2023 had no audit reports.

According to the Q3 2023 Security Insights report, only 12 out of 78 examined rug pulls conducted and reported audits.

Most Rugpulled Projects Are Not Audited

An independent third-party audit offers a detailed review of a token, identifies the project’s vulnerabilities, and alerts investors. Hacken noted that rug pulls are one of the simplest scams to prevent, as investors can understand their anatomy by taking note of certain patterns. One of them is the presence or absence of an audit.

Although an independent third-party audit may validate a project’s authenticity, it does not guarantee protection from a sudden withdrawal of liquidity. A project can undergo an audit, publish a report, and still make malicious changes to its tokenomics and smart contract, thereby defrauding users.

Among the projects rug-pulled last quarter, some were audited but had poor scores. Unfortunately, users ignored the audit results as they believed the fact that the projects were audited was enough. Such was the case with Magnate Finance, a lending protocol based on crypto exchange Coinbase’s Base network, which had an audit that stated that the project’s deployer could manipulate the token. However, users did not heed the findings.

“Token owners continued to participate in the protocol for almost three months after the audit results. And by the end of August, the deployer had removed liquidity from LPs in multiple transactions. As a result, we got the 2nd largest rug pull this quarter with over $5 million stolen,” Hacken said.

A Common Pattern

Users of the decentralized crypto staking platform DeFiLabs had a similar experience to those of Magnate Finance. Blockchain security firm CertiK revealed in an audit that the project had a centralization risk within its contracts, but the warnings raised no concern among users. The platform eventually pulled the rug and vanished with $1.4 million worth of users’ assets.

Meanwhile, Hacken found a common pattern among rug pulls. Developers of malicious projects usually follow the same five steps: create the tokens, aggressively market them, inflate the tokens’ supply when liquidity accumulates, vanish with drained funds, and leave investors with worthless assets.