SEC Warns of Fraudulent Cryptocurrency SchemesExperts Say Social Engineering Continues to Drive Illicit Activity
The U.S. Securities and Exchange Commission has issued a new warning that fresh criminal schemes are continuing to target digital assets. Security experts say with social engineering attempts on the rise, individuals and organizations must remain vigilant against crypto-related scams or other "get rich quick" schemes.
See Also: Threat Briefing: Ransomware
In its bulletin, the SEC's Office of Investor Education and Advocacy and Division of Enforcement's Retail Strategy Task Force says, "Fraudsters continue to exploit the rising popularity of digital assets to lure investors into scams, often leading to devastating losses." The regulator warns users to beware of potential phishing or impersonation scams that appear to offer "something new" or "cutting edge."
The SEC adds, "If you are considering a digital asset-related investment, take the time to understand how the investment works and to evaluate its risks. Look for warning signs that it may be a scam."
Similarly, Chris Clements, vice president of solutions architecture at the security firm Cerberus Sentinel, warns, "Individuals and organizations both must stay on guard for any unsolicited inbound communications promising financial windfalls and requiring urgent action."
Especially important, Clements adds, "is to identify 'trusted paths' for any legitimate funds or investment opportunities and to properly research their validity."
Warning Follows BitConnect Charges
The SEC's bulletin comes after the regulator leveled charges against the now-defunct cryptocurrency platform BitConnect over alleged fraud totaling $2 billion.
The SEC called the scam "one of the largest Bitcoin-related Ponzi-like schemes," alleging that defendants took approximately $2 billion worth of investors' funds through a platform - a "technology bot" - it claimed would generate exorbitant returns. The crypto platform allegedly marketed itself through "testimonial"-style YouTube videos and other social media in multiple countries (see: SEC Charges BitConnect on $2 Billion Fraud Scheme).
The SEC alleges that BitConnect conducted a pyramid scheme-like referral program and paid investor withdrawals out of incoming investor funds, and "did not trade investors' Bitcoin consistent with its representations."
Further, last week, the U.S. Department of Justice said BitConnect's top U.S. promoter, Glenn Arcaro, pleaded guilty to related criminal charges. He faces up to 20 years in prison and must repay investors $24 million gained from the offense, officials say.
The SEC says suspicious digital asset operations often:
- Guarantee high investment returns with little or no risk;
- Are unlicensed/unregistered sellers;
- Show depictions of skyrocketing account values;
- Sound too good to be true - and often are;
- Advertise fake testimonials - as fraudsters often pay others to tout an investment via social media or video.
Several security and blockchain experts draw a direct line between this fraudulent activity and increasingly sophisticated social engineering attempts, or blatantly false advertising that may lead to poor or unsafe crypto investments.
James McQuiggan, education director for the Florida Cyber Alliance and security awareness advocate for the firm KnowBe4, says, "Cybercriminals will always find emotional lures to exploit users through social engineering. Asking yourself the question, 'Is this too good to be true?' is the first step to determine if the organization is worthwhile."
Further, Julio Barragan, director of cryptocurrency intelligence at the firm CipherTrace, warns against ongoing scams in which victims are lured by a convincing fraudster sending them direct messages on social media or through a friend's hacked account, promoting massive gains.
Neil Jones, cybersecurity evangelist for the firm Egnyte says: "Significant change [in the space] will only occur when cryptocurrency platforms become subject to the same standardized IT requirements as traditional investment platforms, and when cryptocurrency exchanges no longer represent a safe haven for payments to ransomware attackers."
Tom Robinson, co-founder and chief scientist at the blockchain analytics firm Elliptic, notes, "As the SEC points out, the fraudsters have started to make cryptocurrencies the focus of these [Ponzi] schemes because the value of many legitimate crypto assets has risen dramatically, and because the technology behind them can be difficult to understand - a potent combination that helps them to lure victims."
Nevertheless, Robinson says, "there is no need for new crypto-specific regulation to address [these incidents] - regulators are already using existing laws to prosecute these fraudsters." He says over $2.5 billion in penalties have been imposed by U.S. regulators - primarily for fraud and unregistered securities offerings.
But officials including Sen. Elizabeth Warren, D-Mass., continue to push for comprehensive regulation of the cryptocurrency space. In an interview with The New York Times on Sunday, Warren likened many cryptocurrency operations to "shadow banks" that lack traditional investor protections.
Last week, SEC Chair Gary Gensler echoed previous statements on imminent cryptocurrency regulation, telling The Financial Times that to both secure and ensure the longevity of digital assets, they must fall within a public policy framework. He has previously requested additional congressional authority to reduce investor risks in virtual currencies (see: SEC Charges BitConnect on $2 Billion Fraud Scheme).
Additionally, in speaking with the European Parliament's Committee on Economic and Monetary Affairs last week, Gensler said cryptocurrencies "have no borders or boundaries."
"[And] absent clear investor protection obligations on these platforms, the investing public is left vulnerable," Gensler said. "Unfortunately, this asset class has been rife with fraud, scams, and abuse in certain applications."