HomeCryptoThe two-stage crypto scam: how not to fall for it

The two-stage crypto scam: how not to fall for it

Is there anything more obnoxious than a scam in the crypto world where the victim’s weaknesses are exploited? Well, yes: a scam that hinges on another scam, where the leverage is in convincing the victim, already scammed, that they are being rescued from the previous scam. 

The one we are talking about today is a two-stage scam

In the first stage, the victim falls into some of the most common pitfalls. For example, they are lured on the Internet, through advertisements on various social networks or hooked through messaging applications and, using a variety of strategies, are persuaded to make the most unlikely investments. 

This may involve signing up for phantom trading platforms, or investing in tokens that promise stellar returns. There is something for everyone. The levers of persuasion can be the most diverse and generally aim to establish a relationship of trust between the perpetrators and their victim: sometimes they are of a romantic nature, generating the expectation that a romantic or erotic relationship can be established; other times they are of a more technological nature, and the victim is led to believe that he or she is operating on famous platforms of unquestionable reliability, while in reality one is diverted to clone websites, which reproduce the graphics and functions of the original platforms.

The common element in all of these pseudo-investments is that in reality no investment is made at all: the victim’s money, fiat or crypto is simply pocketed and used to feed the entire supply chain that makes these large-scale frauds work.

Crypto fraud: how to recognize the common elements

For instance, when one thinks they have been trading on a certain platform and, by chance, the trades executed appear to have been successful, once the victim, convinced that they have amassed a decent amount of money, tries to withdraw it in whole or in part, they will be met with an endless series of pretexts (you have to execute a minimum, very large number of trades; an AML verification must be performed, etc.) and, often, they will be made the subject of economic demands to “release the funds”: an amount for non-existent AML or tax charges, and so on.

The bottom line is that the victim, whether by hook or by crook, will never see his or her money again.

When the victim realizes that they have been scammed, the second phase of the scam is triggered, the most obnoxious one: they are contacted (mostly by telephone) by someone who presents himself as an official of some international, European or US investigative organization, who shows that he is aware of the scam they have been subjected to and represents the possibility of succeeding in recovering the ill-gotten gains. 

In this second phase, the victim’s discouragement and desire for revenge is leveraged, and he or she is induced to make a sequence of escalating payments, motivated on the basis of a wide range of seemingly very convincing pretexts: the payment of anti-money laundering charges, the payment of taxes for non-existent withholding on capital that just so happens to magically grow as you go along so that some small difference has to be paid, and so on.

The technique involves moving the goal of obtaining the “release” of funds forward continuously: the illusion is created in the victim that he or she is one step away from that goal and that it takes only a little to reach it and, with great skill, is kept constantly in tension toward the achievement of the coveted goal.

Those who get trapped in this kind of spiral end up suffering the gradual embezzlement of even very large sums of money. We are talking about several tens of thousands of euros, depending on the availability of the victims.

At this point, many of the readers must be wondering how they can be so naive as to fall into such pitfalls.

How is a typical crypto scam set up?

In reality, frauds of this kind are much more insidious than one might believe, and even those who think they are particularly shrewd and prudent can end up falling for them: those who orchestrate them make use of well-structured organizations, technological means by which institutional communications from government agencies, banks and platforms are simulated and counterfeited, which are extremely truthful and credible. Those who make contact with unfortunate victims make extensive use of social engineering techniques, cultivate them with patience and dedication, know well how to identify the weaknesses of their interlocutor, and how to exploit them to direct and persuade them to take the desired actions.

Finally, it is important to keep in mind that this type of fraud is based on a statistical basis: tens of thousands of potential victims are reached through messaging systems or thanks to advertisements. Of these tens of thousands, only a very small percentage responds to the scammers’ call-to-action and ends up being duped. Obviously, these are the most fragile and exposed individuals: the most naive or inexperienced ones. This minimal percentage, however, still translates into hundreds or even a few thousand people who will end up, in one way or another, corresponding to the scammers’ network, with amounts that can even reach several thousand euros. Which, multiplied by the audience of victims, ends up generating substantial volumes of business.

It is no coincidence that a simple Google search turns up dozens of websites of services that promise to recover sums lost in cryptocurrency scams.

These services should be wary of: by examining the websites of many of them, it is easy to get a number of clues about the possible fraudulent nature of many of them.

For example, in many of them it is not possible to identify a clearly recognizable legal entity that assumes to provide these services: no physical addresses, no indication of a business name with certain references, no possibility of telephone contact, a shielded domain that cannot be traced back to an identifiable physical or legal entity, and so on.

And on the other hand, even assuming that such information was available, it would still be prudent to be wary of these services because, beyond the more or less apparent reliability of the entity offering them, what is promised, by appealing to the desperation of the victims, is very difficult to deliver.

In essence, the actual possibility of recovering funds lost in frauds of this kind is, in most cases, almost impossible. And in those cases where even a remote possibility exists, it is not a private company that can get its hands on the funds and brings them back to the victims: this goal cannot be achieved without the intervention of authorities, judicial and investigative, capable of seizing, or accessing information otherwise precluded to private operators.

But then, what remedies are available to those who suffer this kind of fraud? Not many, when the damage is done.

What can one do when falling victim to crypto fraud?

It is true that often these frauds, especially when they are particularly well-articulated, leave scattered around a number of investigative “leads” that in the abstract might appear useful: sometimes bank accounts appear, not just anonymous wallets; other times payments are made with credit cards through payment gateways; and yet other times cryptocurrency funds are found to end up in or pass through accounts of important people who, in theory, should have performed KYC on the relevant holders.

Despite this, tracing the real identities of those who have a stake in these frauds can be equally difficult, if not impossible, between stolen identities, front men who later turn out to be mere blockheads, and the lack of cooperation of authorities in the often opaque jurisdictions from which, not surprisingly, these fraudulent schemes start. 

The best protection, therefore, is preventive in nature and consists in exercising the utmost caution by raising the threshold of attention as much as possible to avoid falling into these kinds of traps.

A first measure to take when being solicited to invest on some platform or in some investment initiative is to do some research on websites that review various platforms and initiatives. One such site is trustpilot.com, where user reviews in various productive sectors are collected. 

It is true that one cannot unconditionally rely on the reviews of private individuals, but the fact that, for example, on a given platform one finds multiple reviews, all consistent with each other, in which many users complain or worse openly denounce a scam can be a sufficient indicator to prudently decide not to take the risk.

A case in point is someone who became entangled in a fraud moving from a trading platform known as CoinEvo.

How to recognize the reliability of a platform a priori? 

On Trustpilot.com there are many posts of people who have chosen to use the services of the platform and, prompted by persistent telephone pressure from people who qualified as “tutors” of the platform, have been induced to invest significant sums, and complain that they have not been able to withdraw the funds from their respective accounts, with the most varied excuses: you have to make a minimum (very high) number of transactions to unlock the funds; you have to pay an amount by way of tax withholding, and so on.

Now, since there would seem to be many users who complain of being victims of fraud related to the platform, and there are quite a few references on the web in very negative terms about this platform, we tried to look into it.

A number of troubling clues have emerged.

The platform is accessed from a multiplicity of domains with multiple extensions. The relevant homepages show that the platform is allegedly traceable to a company, Lilac Group LLC, which is headquartered in St. Vincent, in the state of St. Vincent and the Grenadines. A jurisdiction that is extremely opaque and far from prone to judicial collaboration. Impossible to trace the beneficial owners of the company, which is managed through a local company offering trust services (Euro Caribbean Trustees Ltd) and which advertises the fact that in the small Caribbean state LLCs are not required to make any disclosure about “directors/managers, shareholders/members or beneficial owners.”

If this were not enough of a red flag for people to turn away from such a platform, in 2022 the Italian Consob, in a series of appropriate measures, ordered the blocking in Italy, one after the other, of the various access sites to the platform, on the assumption that Lilac Group LLC was abusively providing trading services in Italy, since it did not have any authorization.

Examples of contrived scams

In one case explored in more detail, an Italian user, having lost sums of significant amount having used (or believing he had used) the platform’s trading services, was called by self-styled FINRA officials who, after confirming to him that he had been a victim of fraud, managed to convince him that his funds had been recovered and induced him to pay an equally considerable amount for the “unlocking” of these sums.

It cannot now be ruled out a priori that Lilac Group, or whoever is part of it, in practice did not have anything to do with the fraud because, perhaps, someone else created a clone website of the original platform: this would deserve to be investigated more thoroughly.

In any case, regardless of whether those responsible for the first phase of the fraud are actually connected to the Caribbean company or not, it is quite clear that those who then pulled off the second part of the fraud were part of the same organization that orchestrated the first part, since they were fully aware of who to target and how.

There are then other possible cautionary measures.

A first golden rule is that since money does not grow on trees, investment proposals with prospects of stellar interest and income (too good to be true) should always be viewed with suspicion.

Then a second golden rule is to be wary of proposals or solicitations through channels such as Telegram, WhatsApp or on social media from unknown users or even those who do not know each other physically and in person. Already this indicator should be enough to not invest a penny in that initiative because these are not the channels and modes that are used to promote a serious initiative.

Aside from that, a careful analysis of the eventual platform or initiative’s website can also yield useful revealing elements: if one does not find clear and verifiable information about the company offering, for example, trading services, or if the company is based in some location known not to impose particular regulatory constraints, licenses, authorizations and the like, or known not to offer information exchange or judicial cooperation, the right thing to do is to turn away, no matter how tempting the investment opportunity may sound.

But that’s still not enough: even in those cases where one is ostensibly dealing with reputable entities, there is the possibility that, especially if the access links are provided by some Telegram or WhatsApp user out of nowhere, one is actually being directed to clone websites: you think you are trading on the platform of the well-known and reliable, duly licensed company “Alfa”, which operates in a super-regulated country, in reality you are registering on the phantom website that faithfully reproduces the appearance of the “Alfa” platform but is actually made and run by the gang of scammers who will simply pocket every penny of the unfortunate person who registers there and take possession of all his personal data.

What else can you do in case you get scammed?

If you start getting phone calls from self-proclaimed officials of investigating authorities, for example, people claiming to be officials of FINRA (financial market regulator in the United States) or any other similar agency, often very authoritative or highfalutin named, offering to help you because you can’t get your money back from XYZ platform.

Consider that it is like the Pope himself calling you to ask why you are not going to Mass on Sundays. 

It simply does not and cannot happen. 

No one will ever call you from a government agency in the United States or Australia to ask if you have been defrauded for investing in such a platform and to tell you that they are ready to recover their funds. If then those who contact us from the United States even speak Italian, the rip-off is certain.

Should this happen, do not believe a word they tell you and above all, no matter how convincing they are: do not send a single penny to any possible official. There are no AML fees to be paid to release funds or hypothetical withholdings.

It is one of many gimmicks that replicate in a modern key the historic Nigerian scam, in which one is contacted by someone who claims to be entitled to receive multimillion-dollar funds locked up in a bank account who knows where, and who claims to be ready to share them with the lucky recipient of the offer, as long as one pays a small amount to unlock those funds.

Same goes for any email communications. These are communications that often appear very credible and seem to come from emblazoned platforms, such as Binance or Coinbase, or from the most disparate government authorities around the globe. 

They usually sound like this: 

“we have your funds here ready for transfer. Please send the amount of x in Bitcoin to wallet xyz for anti-money laundering/tax compliance to proceed with the release of funds.”

If one carefully examines the sending addresses of these emails, with an analysis of the message headers, one finds that they do not come at all from the official accounts of the platforms or agencies from which they claim to come, but from variously disguised and counterfeit accounts that only seemingly come from these official entities.

The suggestion, therefore, is to carefully analyze any (in itself unrealistic) emails that appear to be coming from platforms or government agencies, and in case you are not sure how to do this, get help from someone more experienced to analyze such messages before sending a dime to anyone.

Finally, it is always good to remember a common sense dictum: “if it looks like a duck, swims like a duck, and quacks like a duck, then it is probably a duck.” And so, “if it looks like a scam, swims like a scam, and quacks like a scam, then it’s probably a scam.”

Luciano Quarta - The Crypto Lawyer
Luciano Quarta - The Crypto Lawyer
Luciano Quarta, tax lawyer in Milan, managing partner and founder of the tax law firm QRM&P, has published extensively on the legal and tax aspects of legal tech, artificial intelligence and cryptocurrencies. A speaker at numerous conferences on the subject, he writes the column "Tax & the city" for the daily newspaper "La Verità" and regularly writes for the Economy and Taxes section of "Panorama". He is a member of the Tax Justice Commission of the Milan Bar Association and is the contact person of the Milan office of the interdisciplinary association for the study and application of artificial intelligence GP4AI (Global Professionals for Artificial Intelligence).