Cryptocurrency has rightfully found its place in the modern financial system, both in the West and in Russia. Advanced users have long been using it for peer-to-peer transactions, payment of services, games, and online shopping. More and more people are getting involved in projects where they can earn various tokens and coins.
However, the simplicity and convenience of dealing with cryptocurrency come with serious risks. People frequently lose access to their wallets, and scammers use sneaky tactics to steal large amounts of money, leaving victims feeling lost and unsure of what to do next.
Recovering stolen cryptocurrency on your own is currently impossible without involving the police. Even companies specializing in exposing crypto fraud and returning funds face difficulties due to the advanced hacking and scamming schemes that have emerged.
In this article, we'll discuss various hacking and scamming methods in the cryptocurrency industry, and Andrey Kutyin, CEO of Match Systems, will share tips on minimizing losses and recovering stolen funds.
What methods do crypto criminals use?
Major companies specializing in investigating fraudulent incidents and cryptocurrency system breaches typically gather their own analytics on the current methods used by criminals.
Match Systems conducted an analysis of incidents in 2024, revealing that criminals employ several commonly used schemes.
Cryptodrainers
These are a special type of malicious software designed for quick, automated access to a cryptocurrency wallet with full control over assets.
Drainers can disguise themselves as seemingly harmless websites and links. There are several types of fake pages:
Phishing refers to a fraudulent scheme where criminals impersonate official, trusted cryptocurrency services or exchanges.
Phishing is the hackers' version of fishing: they cast out fake websites like bait, hoping to "hook" you into giving up your personal information
People who land on a phishing site enter their login credentials or private keys. Confidential information then falls into the hands of criminals.
Links to such pages are often promoted through advertising banners, links on social networks, or fake emails.
Recently, ZachXBT, a well-known on-chain detective in the crypto community, reported a wallet hack of a prominent investor who lost over $55 million in the stablecoin DAI. The hackers used a popular phishing tool called Inferno Drainer to carry out the attack.
Scammers often distribute special software that secretly installs on users' devices and computers. With this, they remotely "read" keystrokes, take screenshots, or simply intercept login data for cryptocurrency wallets.
Such malicious software is typically spread through fake applications, links to unreliable websites, or infected files.
Last year, some Chinese hackers developed and launched a new scheme for stealing digital assets. The scheme involved special software that created banned applications in China (such as fake Skype and WhatsApp) with embedded malware.
After installing and running such applications on victims' devices, criminals gained access to all their internal data. In particular, when detecting messages with cryptocurrency addresses that resemble TRON (TRX) and Ethereum (ETH), the malicious software replaced them with the hackers' credentials.
- Fake cryptocurrency wallets and extensions
Scammers often create fake apps or browser extensions that imitate real cryptocurrency wallets or tools. Unaware users download and install such applications, believing them to be official distributions. Upon installation, malicious applications can request private keys or mnemonic phrases with the aim of stealing funds.
In 2024, Wallet Connect wallets became particularly popular among scammers. Active users of the service receive emails and notifications about an issue with their account. The links in the messages lead to fake phishing pages posing as wallets for login and fake account recovery.
Match Systems recommendations: How to avoid losing assets
— Be cautious of URLs.
Before entering login credentials or private keys, always verify the website address: make sure it's the official page with a secure entry. Special precautions should be taken if the link was received through a banner ad or email.
Knowing what's coming is half the fight
— Stay informed.
Use reliable antivirus software.
Install and regularly update antivirus software to protect against malware and viruses.
— Check the reputation of apps and extensions.
Only download verified official apps and extensions. Before you download, take a moment to read reviews and look up information online. If there's little or no
information available, it's a cause for concern.
Cryptocurrency exchange and platform hacks
Large cryptocurrency exchanges and platforms are often hacked using social engineering methods. This involves manipulative actions aimed at gaining access to confidential information, such as trusted communications, phone calls from non-existent individuals, and more. Employees of companies or cryptocurrency exchanges are not immune to falling victim to social engineering.
During these hacks, criminals can gain access to various types of information, including:
- Security environment overview.
This may include information about how your data and transactions are kept safe during transmission.
This can include names, email addresses, phone numbers, and bank details.
- Login credentials and keys.
Hackers often gain access to internal accounts, administrative panels, and private keys.
- Information about internal processes.
Some criminals aim to learn details about the internal processes of cryptocurrency exchanges, which helps them gather information on transaction processing nuances, security mechanisms, and backup systems.
Annually, hackers gain unauthorized access to dozens of major cryptocurrency platforms
In July, India's largest cryptocurrency exchange, WazirX, was hacked. According to cybersecurity company Cyvers, hackers withdrew over $235 million in various cryptocurrencies from the exchange to crypto mixer addresses. This breach could become the largest in terms of damage caused in 2024.
Fake investment platforms
The scheme used by fake investment platforms is relatively simple. They aggressively spam potential "investors" with promises of high returns, luring them in. Once they've gathered enough funds, the platforms disappear with the invested money.
Match Systems experience: How to distinguish a real investment platform from a fake one
There are several signs to look for when identifying a genuine investment platform from a fake one:
- Check licensing and regulatory certificates.
Legitimate investment platforms operate under licenses issued by various country regulators and adhere to international financial rules for investment business.
- Analyze offers and guarantees.
Beware of unrealistic promises of high returns with a 100% guarantee of funds in case of unforeseen circumstances – this is a red flag indicating a fraudulent financial platform.
- Monitor reputation and reviews.
Before investing in a cryptocurrency investment platform, thoroughly research the project – read reviews from other users and check independent sources.
Clearly fraudulent "investment" cryptocurrency platform interface
- Look for contact information.
Legitimate, fully transparent platforms provide contact information in the open: addresses, phone numbers, email, and social media links. Fake investment platforms make it nearly impossible to contact them, and sometimes the contact information on their websites is fake, too.
In 2024, Indian police busted a fake crypto trading platform that tricked investors using the name "GBE Crypto Trading Company." This name was likely chosen to confuse people into thinking it was related to a legitimate Cypriot brokerage firm, GBE Brokers. And it seems to have worked, as people searching for "GBE Crypto Trading Company" often ended up finding information about the real GBE Brokers.
Thus, the criminals didn't even need to create a separate website – they funneled money to their accounts through a fake app promoted via Telegram and WhatsApp.
Ponzi scheme
This is a specific type of fraud where "investors" are promised high returns through the contributions of new "investors."
The risk of cryptocurrency projects organized using the Ponzi scheme is that eventually, the flow of new "investors" will dry up, and the financial bubble will burst.
Enterprises operating under the Ponzi scheme represent a classic form of financial pyramid
Match Systems clarification: How the Ponzi scheme works
Fraudsters launch a project, promising high returns or guaranteed investment returns to depositors. Typically, these offers have attractive terms, which is natural: scammers need to attract as many people as possible into their Ponzi scheme.
At the initial stage, fraudsters use the funds of new investors to pay dividends to those who invested earlier. These payments create the illusion of a successful and profitable operation, which attracts new participants.
The financial project relies on the enthusiasm of those who invested earlier. It is beneficial for people to attract new "investors" because their income depends on it.
Traditional marketing and PR methods are used to attract new investors.
Ultimately, an enterprise organized under the Ponzi scheme collapses due to the inability to attract new participants. Most "investors" lose their money, and the scammers disappear.
One of the most well-known projects in the crypto industry, organized using the Ponzi scheme, is BitConnect. "Investors" purchased BCC tokens on exchanges or through the official BitConnect platform. They were then offered to invest tokens in the so-called "investment fund," which allegedly generated high returns. At the same time, participants received regular payments funded by new investors' contributions.
BitConnect's founders and active users aggressively promoted the project on social media and online forums
In 2018, the U.S. Securities and Exchange Commission (SEC) shut down BitConnect, accusing it of fraud and illegal securities offerings. By that time, the crypto project had collected over $2.5 billion.
Fake token sales and ICOs
Scam projects that conduct initial coin offerings (ICOs) or token sales usually promise innovative technologies or promising investment opportunities for profit.
Such projects collect funds from investors, promoting their scam as a serious enterprise with development prospects after the ICO for many years. However, at some point, the scammers collect the money and simply disappear.
An example of such a scheme is the Centra Tech project. Its founders raised $25 million in a 2017 token sale by issuing CTR tokens. The fraudsters promised project participants that debit cards would be issued, allowing customers to pay at any store and trading point that accepts Visa and MasterCard.
Shortly after the ICO, the U.S. Securities and Exchange Commission charged the project's leaders with fraud. The founders of Centra Tech were arrested, and major cryptocurrency exchanges delisted the CTR tokens.
How to protect your crypto assets from theft
People interested in cryptocurrency are at risk at almost every stage of acquiring and storing assets. To protect yourself, follow a few simple rules.
Here's what Match Systems advises:
- Choose secure storage methods
When paying or transferring small amounts in cryptocurrency, it's better to use hot wallets like Trust or MetaMask. For storing large sums, use cold wallets like Ledger or Trezor.
MetaMask — one of the most popular crypto wallets
- Keep your seed phrase in a secure location
Avoid using online private key generators; instead, choose a local tool from the official website of the cryptocurrency project you're interested in.
Private keys should not be shared with anyone, and for their control, it's better to use backup copies that should be stored in a safe place.
- Monitor computer and device security
It's crucial to control the security of your PC and any devices where crypto wallets are installed. It's recommended to periodically update antivirus software and operating systems while avoiding downloading programs and software from untrusted sources.
- Use secure internet connections
Use virtual private networks (VPNs) to encrypt internet connections.
When connecting to an open internet connection, there is a risk of intercepting and monitoring confidential payment information by criminals. Therefore, it's strongly advised not to use public Wi-Fi networks in cafes, airports, or hotels.
Computer Cyber hygiene: How to protect yourself from hacking when using cryptocurrency wallets
It's also crucial to monitor your actions when using cryptocurrency.
Match Systems recommends:
- Use two-factor authentication (2FA)
Enable two-factor authentication (2FA) for all accounts related to cryptocurrency. Instead of SMS codes, use authentication apps like Google Authenticator.
Google Authenticator — one of the most reliable 2FA authentication services
Carefully verify the URLs when entering data on cryptocurrency exchanges and wallets. You should also be vigilant when browsing the internet in general: for example, avoid clicking on suspicious links in emails and messages.
- Check the exchanges and platforms you use
Only work with reputable cryptocurrency exchanges and services. You can verify the safety of a platform by reading user comments and reviews on independent industry platforms.
To check cryptocurrency wallets, you can also use a service from Match Systems in Telegram @ms_main_bot.
- Do not scan QR codes without verifying their source
Scanning QR codes can lead to hacking. Since a QR code can lead to a phishing link or a malicious site that automatically downloads a virus stealing confidential data.
Cryptographic "traces" of a hack or scam: what data will be needed when contacting the police
The main challenge in recovering stolen cryptocurrency is not knowing how to properly document the theft.
To recover stolen funds, you need solid evidence of a committed crime. This includes documenting the nuances of the incident with analytical research on the hack or fraud. Without documenting cryptographic "traces" of the crime, the police won't be able to initiate a criminal case or conduct an investigation.
Here's what you'll need to provide:
- Transaction history with the addresses where the cryptocurrency was stolen.
- Screenshots or statements from wallets, exchanges, and other platforms where suspicious transactions occurred.
- Documents confirming ownership of the cryptocurrency. These include blockchain records or confirmations of ownership of funds from exchanges.
Exchange and payment service interfaces can differ, so it's a good idea to get familiar with all their features before using them
- Emails, messages in messengers or forums related to fraud.
- Correspondence with technical support for exchanges or cryptocurrency platforms where transactions took place.
- Logs or software data indicating signs of hacking or fraud.
- Records of access, IP addresses, and other network data that help identify the source of the attack.
- Messages or posts on social media that confirm fraud incidents.
- Official reports from platforms or services confirming the incident.
- Opinions of cybersecurity or forensic specialists who are competent in cryptographic analysis.
Cryptocurrency wallet hacks are not exclusive to unprepared individuals. For example, in 2018, advanced teenage gamers managed to access the cryptocurrency wallets of American businessman and Transform Group CEO Michael Terpin and stole digital currency worth $24 million from him.
Before this, Terpin had already experienced an attempted scam: criminals tried to pull off a SIM card swap trick to gain access to his email accounts, which were tied to his cryptocurrency. Additional security measures did not help Michael Terpin.
Michael Terpin is an American entrepreneur and seasoned cryptocurrency investor, yet even he fell victim to young hackers
How to recover stolen cryptocurrency
If cryptocurrency has been stolen from your account, you need to act quickly and decisively.
Match Systems recommendations: Several steps that may help recover assets
To monitor the movement of blocks in the blockchain and view transactions, people use special services called blockchain explorers. There is no universal blockchain explorer, as different services are used to monitor different cryptocurrencies. For example, blockchain.com helps with Bitcoin, and etherscan.io helps with Ethereum.
If you can track the stolen cryptocurrency to an exchange, immediately contact its representatives and ask them to block the address to which the funds were transferred.
You can view data on transactions, smart contracts, addresses, and other useful information using Etherscan.io
How Match System helps recover stolen cryptocurrency
Match System also has a Telegram bot for responding to hacks: @ms_main_bot.
Using the bot, you can report an incident, view a free step-by-step guide on what actions to take to increase the chances of recovering funds.
The bot's interface is in English, so it's intuitive and easy to understand
The bot also allows you to "tag" the blockchain chain of stolen cryptocurrency, so you'll receive notifications about asset movement.
Through the bot, you can request an analytical report on the movement of funds with a detailed description of the history of all transactions and operations. There's also a template for filing a complaint with law enforcement agencies in case of cryptocurrency theft.
To recover stolen funds, you will also need the help of professionals, experienced people who have been working in this field for years.
Match System specialists help organize the process and work in the following ways:
- We prepare blockchain investigations.
Conduct in-depth analysis of transactions and assets in the blockchain, identifying traces of illegal activity.
- Assist law enforcement agencies.
Prepare requests to be sent to cryptocurrency service providers (VASPs) to obtain information about deposit addresses and asset blocking.
- Establish contacts with VASPs.
Communicate with the support of cryptocurrency platforms and obtain all the necessary information.
- Analyze responses from VASPs.
Process the received data and prepare recommendations for further requests/actions.
Collect, classify, and mark cryptocurrency addresses according to various categories to simplify case analysis during investigations.
- Assist in preparing court decisions.
Legally assist in preparing court decisions to arrest and impose asset seizures on VASP platforms.
- Conduct special investigations.
If necessary, further investigate cases and prepare reports to be attached to the criminal case materials.
Conclusion
Don't underestimate the risks of cryptocurrency wallet theft as a result of hacking or fraud by criminals. Anyone can face this, but minimizing losses or even recovering stolen tokens is more likely for those who are prepared in advance.
Investigating crypto crimes on your own takes a lot of time and specialized knowledge. Without it, you'll probably fail and just waste precious time.
It's best to get in touch with professionals from companies that specialize in blockchain investigations right away. They can quickly and effectively initiate the process of tracking down stolen assets on the blockchain and coordinate with law enforcement agencies. Their swift and coordinated actions often lead to the recovery of all stolen funds.
