Scams are an unfortunate reality in the cryptocurrency community. Every few months, there’s a new way to scam someone into giving up their valuable funds or act as a third party to scam exchanges out of their funds when they aren’t careful.
While the first cryptocurrency mining scams used fake or contaminated links on popular video sites to download rogue cryptocurrency mining software, scammers are becoming creative and capable of creating fake versions of popular apps in the App Store and Google Play Store.
But one of the hardest scams to identify is the liquidity mining scam.
Liquidity is essential for traders, as trading with insufficient liquidity can incur significant slippage. Liquidity mining is a process that allows users to contribute to new block production in exchange for rewards. Through this process, liquidity mining allows those with excess cryptocurrencies to provide that liquid currency to those who need or want it at better rates than would usually be available on centralized exchanges.
According to Sean Gallagher, a senior threat researcher at Sophos, liquidity mining scammers use constructed profiles and give unsolicited offers via direct messaging.
In Sean’s experience, a Twitter account claiming to be a young woman in America invited him to study liquidity mining and asked him to continue the conversation on WhatsApp or Telegram. The fraudster tried to guide him to set up a Coinbase wallet and deposit Tether (USDT), an altcoin that’s allegedly pegged to the value of the USD.
The profile timeline is filled with selfies and videos of the woman, who appears to be Russian based on the content of some images and posts. However, when Sean persuaded the fraudster to open a canary link — a URL tied to a server he had set up — logs showed the person’s IP address was in Hong Kong.
Moreover, the account was created just a few weeks before the initial direct message. The woman’s images are used on several Twitter accounts with identical content on liquidity mining.
The scam directs potential victims to a web address where they are told to create an account on the “official block.” It presents a mobile-friendly website with a QR code containing a link specifically for crypto wallets compatible with the WalletConnect protocol.
To join, users must pay a “blockchain miner’s fee” to receive a “blockchain certificate” for their wallet to be configured. When the user has registered, however, the scammers can withdraw the contents of their wallets at any time.
The user is lured into depositing more and more money into a wallet but eventually discovers that he or she can’t withdraw any crypto or cash out any rewards.
Most scams reported have been relatively small-scale operations, so analysts think it’s likely that there will be more of them in the future. However, cryptocurrency news outlets and social media communities have spotted most of them, even if the local authorities didn’t catch them. According to experts, this is a clear sign that the cryptocurrency community wants trustworthy investment opportunities and will work to identify situations that do not meet this standard if there are no other safeguards available.
Image credit: iStockphoto/fizkes