1. Rugpool
“Rug pull” in English refers to a fraudulent attack where the project’s promoters entice users to invest in their project, only to vanish with all the funds.
One notable example of a rug pull was Thodex, a Turkish crypto exchange that initially operated as a legitimate platform for customer transactions. However, in April 2024, the exchange’s organizers abruptly disappeared, taking over $2 billion in client assets.
The founder of Thodex made statements about the alleged cyberattack on the exchange but then cut off contact. Despite this, law enforcement agencies were able to apprehend all the organizers of Thodex, including its founder, within a year and a half.
Another striking example of a rug pull was AnubisDAO, which managed to steal $60 worth of ETH cryptocurrency without even having a website or whitepaper—a technical document that provides a detailed description of the project and its tokenomics.
Another notable example is the Squid Game project, which gained significant attention due to its indirect connection to the popular 2021 TV series The Squid Game. While the damage caused by the Squid Game rag pool was relatively smaller compared to the other listed examples (approximately $11 million), the fact that the organizers managed to place their fraudulent token, SQUID, on the website of the leading monitoring service CoinMarketCap is indicative of their deceptive actions.
2. Phishing
Phishing, along with rag pooling and Pump & Dump, is one of the most prevalent methods of scamming in the cryptocurrency ecosystem. Scammers frequently target users of wallets or cryptocurrency exchanges.
Scammers impersonate well-known companies like Coinbase, MetaMask, or Ledger in emails to potential victims. These emails claim to be about a supposed hack and provide instructions on saving assets. However, these emails contain a link to a phishing site.
After visiting the fraudulent website, you must enter sensitive information, such as a seed phrase or private key from a cryptocurrency wallet, or login credentials and 2FA code from an exchange account. If you follow the link and provide this information, the funds will be irrevocably lost. According to expert estimates, the damage caused by phishing attacks alone amounted to $500 million to $800 million in 2024.
In addition to phishing emails, attackers often seize control of domains belonging to popular cryptocurrency projects or even celebrities’ social media accounts. For instance, in 2023, scammers hacked into the Twitter account of the Aptos Foundation, the organization behind the Aptos blockchain network. As a result of the hack, the scammers posted a link to a fake website claiming a giveaway of APT cryptocurrency tokens. At the time, Aptos lacked an original token. This phishing attack capitalized on the anticipation surrounding the airdrop, allowing the scammers to successfully exploit the vulnerability. However, the exact extent of the damage remains unknown.
3. Pump & Dump
Pump & Dump is a popular scheme in the crypto industry. Often, its organizers create Telegram channels that provide signals for buying and selling cryptocurrencies, supposedly from professional traders.
The scheme itself works in several stages and consists of the following:
- First, the organizers select some token with low liquidity, the price of which can be significantly increased even with a small trading volume, and then conduct a preliminary purchase for subsequent sale;
- Then the organizers promote the pre-purchased token in various ways (e.g., through channels or chats), which “pampers” its price, i.e., dramatically increases the price;
- After a little time, when the price increases significantly, the organizers sell all their tokens at a profit, causing a sharp drop in the token rate, i.e., “dump.”
One of the most prominent Pump & Dump cases involved the widely recognized decentralized exchange, SushiSwap. As news circulated about the listing of the SUSHI project’s native token on the leading cryptocurrency exchange, Binance, its price surged rapidly, surpassing $1 within a short span.
However, users soon discovered that the project’s creator had sold all his tokens, leading to a substantial dump of the SUSHI token. This incident generated significant attention within the cryptocurrency community, prompting the founder to purchase back the sold tokens.
It’s worth noting that the Squid Game scam project can also be linked to the Pump & Dump scheme. Before orchestrating a rag pool and causing the collapse of the SQUID token’s value, the organizers successfully “pumped up” the price of the cryptocurrency by several thousand percent.
4. Ponzi scheme
The Ponzi scheme, a fraudulent investment opportunity that promises high returns with little risk, has been around since the 1920s. Despite its long history, unscrupulous organizers continue to deceive unsuspecting investors.
The core concept of a Ponzi scheme is that the organizers offer investors the chance to invest in their project, promising regular payments with an exceptionally high yield, often 180% annually or even higher. However, it’s important to note that practically no company, even the most successful, can sustain such payments to its investors. Even for loans, interest rates are significantly lower.
While the influx of funds from new investors ensures payments to existing investors, this inflow inevitably decreases over time. Consequently, the organizers resort to closing the pyramid scheme, concealing the funds with the investors’ money, which can be likened to a rag pool. This practice can occur at any moment, even on the day the project is launched.
One notable example of a successful pyramid scheme was the OneCoin project, which defrauded its depositors in October 2017. The organizers managed to collect approximately $4 billion. Despite the project token’s absence from the CoinMarketCap website, investors remained unperturbed, even though its presence there does not guarantee complete protection against scams.
5. Pig butchering
Many experienced cryptocurrency users have encountered scams in popular messaging platforms. Scammers often act swiftly and directly, getting straight to the point.
Given the popularity of scam schemes like arbitrage and P2P, users became immune. They quickly identified and blocked such scammers. Therefore, scammers had to find new ways to “hook” victims. One such scheme is “pig butchering.”
The essence of “pig butchering” is that the scammer takes a long time to manipulate the potential victim. First, they gain trust by starting a romantic relationship or engaging in other forms of social engineering. Then, they gradually warm up the victim by telling them about a luxurious life and significant passive income.
The scammer often claims to have a friend who successfully trades on the stock exchange and is willing to share deals for a percentage of the profit. They may even provide fake trading platforms or other resources to further entice the victim.
As the scam progresses, the scammer uses social engineering tactics to create a sense of urgency and fear of missing out (FOMO) in the victim. This can lead the victim to make impulsive decisions and deposit funds on fake trading platforms. Eventually, the victim loses their savings, and the scammer disappears without a trace.
