Interest often outpaces understanding in this space; avoid scams by boosting knowledge.
Although the first cryptocurrency launched in 2009, participation and speculation accelerated rapidly over the last two years with terms like NFT and dogecoin entering the daily lexicon. However, interest often outpaces understanding in the cryptocurrency discussion, and people who are just getting involved need to be aware of the security risks. Although most credit unions may not yet be involved in the cryptocurrency sphere, education is essential to avoid dangerous crypto scams.
Designed to unlock new forms of financial operation, cryptocurrency has the potential to ease and expedite payments. Transactions move at the speed of blockchain, typically requiring minutes, unlike the next-business-day timeframes for the automated clearing house network. In addition, payments made via cryptocurrency do not require a credit union or bank account. And, unlike credit and debit card transactions that can be disputed, cryptocurrency transactions are irreversible.
Just as cryptocurrency offers new opportunities for consumers, it opens doors for bad actors. With no credit unions or banks involved, there is no authority to flag suspicious activity. With no ability to dispute transactions, a victim can’t recover his cryptocurrency once it is lost to a scammer.
More than 46,000 people have reported losing over $1 billion in crypto scams since the start of 2021, according to the U.S. Federal Trade Commission. An FBI public service announcement warned that cybercriminals are exploiting vulnerabilities in decentralized financial services platforms to steal cryptocurrency. More recently, the Consumer Financial Protection Bureau released a report analyzing 8,300 complaints related to crypto-assets submitted to the bureau from October 2018 to September 2022. The top issue across all complaints was categorized as “fraud or scam,” which includes romance scams, fraudsters posing as law enforcement and fake prize promoters. Another common category cited in the report was “frozen accounts, platform bankruptcies and consumer losses.”
Scams and Fraud
Now is the time to increase awareness of cryptocurrency’s substantial security risks, including these common crypto scams:
Rug pulls. Using open-source software running on a home server, anyone can create a new coin. In addition to the 100 or so coins sold on Coinbase, the largest cryptocurrency exchange in the U.S., there are thousands of coins globally. Periodically, one of these tokens gains a following—usually due to an influencer in the space like Mark Cuban, Snoop Dogg or Elon Musk “discovering” a coin. This is how dogecoin, originally a joke, skyrocketed to a top 10 spot by market cap.
The rug pull occurs when the issuer shuts down the coin and walks away with investors’ money. Sometimes they will claim that they were hacked; other times the coin’s developers just go silent. A notorious rug pull was the anonymously developed, gamified Squidcoin. As popularity increased, so did the “value” of the coin. Reddit buzz and CNBC coverage aided the coin in ballooning from a value of $0.02 to $2,856.65 within one month. The coin became instantly worthless when the still-anonymous developer shut down the game—and is believed to have walked away with $3.3 million.
Social media scams. Many social media crypto scams involve victims paying an upfront fee either in dollars or in cryptocurrency to “get in on the ground floor.” A common ongoing scam is the “Twitter Crypto Giveaway,” which promises to double the amount of bitcoin or ethereum that users transfer to it. The giveaway link sends the victim to a site asking for verification to receive the bitcoin after making an initial payment to join. Then, the victim is told to send the scammer personal information—and the key to their cryptocurrency.
Phishing scams. In this new twist on an old fraud method, scammers trick the victim into disclosing the password to a crypto exchange account. This allows the cybercriminal to gain access, transfer the digital assets out and disappear before the victim notices. Unfortunately, these transactions cannot be reversed.
Platform bankruptcies and disabling withdrawals. The recent collapse of one of the largest global cryptocurrency exchanges, FTX, has highlighted another form of risk to crypto investors—that of exchanges going bankrupt, with collateral damage as other exchanges freeze customer withdrawals. According to CNBC, the FTX platform was valued by investors at $32 billion before filing for bankruptcy, leaving as many as a million users unable to retrieve their assets. BlockFi, a cryptocurrency platform with $10 billion in assets that is used by more than a million crypto traders, announced via a tweet that it is “not able to operate business as usual” and that it was “pausing client withdrawals.” Genesis Global Capital, an institutional client brokerage, announced that it also is halting customer withdrawals in the wake of the FTX collapse.
Awareness Is Crucial
In the uncharted waters of cryptocurrency, fraudsters prey on a lack of caution and awareness of crypto scams. Credit unions can help provide member education, ranging from glossaries of cryptocurrency terms to lists of the security risks involved. It is also important for staff to understand these threats so they can both answer member questions and protect your organization.
Some fintech credit union service organizations also provide educational materials, like PSCU’s cryptocurrency microsite. By leveraging these resources, your credit union can stay updated on the quickly evolving cryptocurrency sphere—and help defend your members, employees and organization from the threat of crypto scams.
Lou Grilli is a senior innovation strategist at PSCU, tasked with building and shaping a superior payment and member experience capability for PSCU, a CUESolutions provider, and its Owner credit unions. Grilli is currently focused on real-time payments and cryptocurrency. He participates on the U.S. Faster Payments Council and is named on a patent for the use of blockchain for loyalty programs. He holds an MBA from Duke University and a master’s degree in computer engineering from the University of South Florida.