A few days ago, Bollywood actor Vidya Balan filed a first information report (FIR) against a person who was running a fake Instagram account in her name. According to the police, the person used the account to extort money from people in the film industry. While impersonation or creating fake profiles of celebrities on social media in order to fool and then dupe people is not new, security experts are warning about an increase in counterfeit cryptocurrency tokens.
As in any booming industry, it says the decentralised finance (DeFi) and crypto space have attracted their fair share of scammers and bad actors. "These individuals seek to lure investors into fake projects known as rug pulls, only to abscond with their funds."
A notable example of this deceptive practice is the emergence of a counterfeit token named 'BRICS', recently detected by Resecurity, which exploited the focus on the investment interest and potential expansion of the BRICS intergovernmental organisation, comprising countries like Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates (UAE).
Besides scamming, bad actors also released misinformation about new countries joining the alliance that have not confirmed their membership. Similarly, unverified news reports stated that BRICS countries had adopted gold-backed money to compete with the US dollar and euro. This inspired bad actors with the idea of this scam which later transitioned into a creative crypto scam. It shows how fraudsters capitalise on geopolitical narratives to profit from investment scams.
Leveraging a global international umbrella organisation, fraudsters launched an initial coin offering (ICO) promoting the fake token offering various rewards, Resecurity says, adding, "This type of fraud was prominently observed on platforms such as Lobstr.co, which allows the creation of tokens on the Stellar network. Due to their flexibility in allowing users to offer their own tokens for trading, such platforms are especially susceptible to exploitation by cybercriminals."
"The common fraudulent tactics they employ include 'cryptocurrency counterfeiting', where scammers create tokens with names like those of legitimate ones, and the 'rug pulls'," says the Resecurity report.
In ‘rug pull’ fraudulent developers create a new crypto token, pump up the price and garner as much value out of it as possible. And then they abandon the project and sell or remove all its liquidity, leaving investors and traders hanging with worthless assets.
Resecurity has identified and reported similar counterfeit cryptocurrency tokens promoted on the same platform impersonating major oil corporations, national financial regulators like the Reserve Bank of India (RBI), national fiat currency and major real estate development.
Some of these counterfeit crypto scams are found spreading misleading information referencing the Monetary Authority of Singapore and central banks of one of the countries in the Middle East.
As reported, cryptocurrency-related Ponzi schemes, promising astronomical returns, have gained traction, especially among novice investors eager to capitalise on the digital currency boom. The lure of quick profit is a common tactic employed by fraudsters to trap unsuspecting victims in elaborate financial scams.
According to Solidus Labs, these scams have defrauded over 2mn (million) investors, surpassing the number of victims from major crypto failures like FTX, Celsius, and Voyager.
Wallet drainers, a type of malware related to cryptocurrency, have stolen US$295mn in cryptocurrencies from about 324,000 victims in 2023, says security platform Scam Sniffer. According to reports, the notorious cybercriminal group Monkey Drainer stole about US$16mn worth of digital assets before closing down. Similarly, Inferno Drainer also closed down in 2023 after stealing about US$81mn in digital assets.
Crypto counterfeit scams typically manifest in two forms: DeFi and Exit scams.
DeFi scams involve altering a token's smart contract to defraud investors. Fraudsters use tactics such as making the token unsellable, enabling the creation of an unlimited number of new tokens, or imposing high trading fees.
Exit scams are characterised by extensive token promotion, followed by scammers betraying investors. Methods used by scamsters include creating fake marketing websites, announcing non-existent partnerships, or using bots for wash trading (buying and selling the same instruments simultaneously).
"The low barrier to entry for executing these scams makes them accessible to a broad range of malicious actors, eliminating the need for advanced programming skills. Utilising platforms like Stellar to create misleadingly named tokens is a common strategy in these 'rug pulls'," Resecurity says.
The cryptocurrency landscape faces significant challenges in combating such fraudulent activities, highlighting the urgent need for increased vigilance and more robust regulatory frameworks.
Investments in cryptocurrency trading programmes, interests in crypto mining pools, crypto depository accounts, securitised tokens and the rapidly spreading counterfeit crypto tokens should be seen for what they are: extremely risky speculation with a high risk of loss.
This is why financial experts continue to stress the need for increased awareness and caution among investors. With the economic landscape in India marked by uncertainty and volatility, individuals seeking alternative income sources are easy prey for cybercriminal gangs that are increasingly using social media to lure them toward counterfeit cryptos.
The best way to protect yourself from fraud is to stay informed, be sceptical of unsolicited messages, and follow best practices for online security. Regularly updating apps and software, enabling multi-factor authentication (MFA), and immediately reporting any suspicious activity can help protect you and others.
Regulators like RBI and law enforcement agencies (LEAs) are the best places to contact if you suspect a fraudulent cryptocurrency project or have been a scam victim.
One of the popular scenarios of cryptocurrency counterfeiting is the impersonation of national fiat (government-issued) currencies and their digital alternatives. Very few countries, including India, have released official digital currencies today. This is why you need to do proper due diligence before investing your hard-earned money, especially in cryptocurrencies.
As we keep reiterating, never invest in a product you do not understand. If you have no idea how cryptocurrency or crypto trading works, you had better avoid it.
Also, remember, cryptocurrency is nearly impossible to recover once it is stolen or the intermediary vanishes into thin air. So follow the simple rule of not investing in products you do not understand and save your hard-earned money from fraudsters.
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal http://cybercrime.gov.in or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.
