• cannabiccino

Consumer Protections Cryptocurrency Businesses Can Have, But Don't (Part 1)

Part 1 of X


Note: names have been changed, but stories are real ones GASO has collected from victims of scams.


Blacklisting of Reported Addresses


Martha was pushed by a relationship scammer to send $200,000 to a fake cryptocurrency investment website within 2 months, using a major American Exchange. Upon painfully realizing the scam, she immediately reported the cryptocurrency addresses to American Exchange. In response, American Exchange froze and closed Martha's account.


Meanwhile, Carmen is also being conned into the same fake website. Eventually realizing the scam, she reported to American Exchange. She got the same treatment.


Martha and Carmen later met each other inside GASO and found that Carmen was still allowed to send cryptos to the same address after Martha had already reported it and got "kicked out".




Enhanced Due Diligence with Higher Amounts


Belinda used Kraken Exchange when sending her first few thousand dollars to a scam investment website, recommended to her by an "financial adviser" she's been long talking to online. For her second payment, to pass the scam website's "Pro Verification", she attempted to send $50,000, but Kraken stopped her and asked her to answer a security questionnaire. Kraken wasn't satisfied with her answers and closed her account. Determined, Belinda then opened an account with Another American Exchange, which allowed her to send away $150,000 into the abyss within a couple of months, including 2 transactions around $50,000.



Prompts Upon Entering Smart Contracts


Greg was told by an online friend that he can learn about cryptocurrency by investing in it. He'll need to download the Coinbase Wallet app to participate in a "mining pool". Of course, the more he puts in, the higher the returns. He enters the URL given by the friend into the wallet app's browser bar to check it out. Unwittingly, just by browsing, he just hooked his cryptocurrency wallet to a smart contract that can do unlimited withdrawals. Soon enough, all his cryptos were drained from his wallet, after loading it with so much of his savings as strongly advised by that friend and complying with the mining pool's "customer service".



Could have, should have


1) On Blacklisting of Wallet Addresses


American Exchange could have put a hold on the address either immediately upon suspicion, and definitely once they took action against the user. See below from Gemini Exchange:




2) Enhanced Due Diligence with Higher Amounts


Kraken's internal audit systems did well in preventing Belinda from carrying out a suspicious transaction. But that experience did not really stop her from falling further into the scam. We can say Kraken did a good job in protecting themselves from being party to a crime. But give credit where credit is due. Another American Exchange, and many others, allowed their new users to shove off their entire life savings and loans into the abyss.


Below is from Huobi Exchange, which redirects their users suspected of falling for relationship-investment frauds (a.k.a. pig butchering scams) to a questionnaire and an explanation of how such scams work, since at least mid-2021.

(Yes, Huobi Global Exchange has a thousand other issues, but failing to protect their own users against Pig-Butchering Scam is not one of them.)



3) On Prompts Upon Entering Smart Contracts


It's long been well-known, since 2018, that self-custody cryptocurrency wallet app users can walk into money-draining traps in the wild, wild West of decentralized apps. Many wallet app developers like MetaMask have since taken steps to prevent users from unknowingly getting into smart contacts. For instance, Trust Wallet always lets users know whenever they are about to hand over authentication keys to such contracts. The following pops up before a user can access the scam app eth-kyushu(.)com shown above, or any other decentralized app.


We feel it could still be made better by explicitly saying right there that scam dApps can work this way in getting a user's approval to make unlimited withdrawals. Trust Wallet only does so in another page. Still, this is much better than nothing in Coinbase Wallet app, which makes Coinbase Wallet the favorite wallet app among scammers to lead victims into using. See Coinbase Wallet Has A Major Security Vulnerability




For any questions, comments and concerns, please email press@globalantiscam.org