This is...not realistic on any level. I've been professionally investigating cryptocurrency scams/thefts/fraud since 2017.
This is at least twice as convoluted a process as is necessary to separate people from millions and millions of dollars in cryptocurrencies if the site stays up for a week. People don't bother spinning up stuff like this when the easy stuff works just fine.
As a counterpoint it is very realistic. If you ever launch a token and run your own telegram channel, all sorts of specialists come out the woodwork with extremely convoluted schemes
The sad thing is that the legitimate ones look just like the illegitimate ones
My first top exchange listing was through a DM
I’ve done partnerships with no name exchanges that turned out fine, also initiated over unsolicited DM
been scammed a few times by people that didnt deliver, and had no intention to
both the legit and illegit ones have no references because their clients are all other token projects whose community needs to feel everything happened organically
scammers take advantage of this desire for secrecy
it’s really just all about niche and specialization
TFA isn't talking about a scam targeting creators of tokens. This is a scam targeting random people by text message who don't know enough about the crypto space to know what USDT is, but would somehow research and figure out how to jump through hoop after hoop to try to steal someone else's money.
> both the legit and illegit ones have no references because their clients are all other token projects whose community needs to feel everything happened organically
I realize that you probably have no clue how this sounds, so I'm going to translate this sentence into how it sounds to those of us outside the crypto world:
> Both the scammers-of-normal-people and the scammers-of-the-scammers have no references because their clients are all scammers who don't want their marks to know that it's a scam
Please do correct me if I'm somehow misinterpreting the reason why it is so important to these "legit" contacts that secrecy be maintained lest their "community" find out.
Its not important and I didn't say the reasoning was good, you’ll just be hard pressed to get that level of validation from any provider until that intermediary space gets more regulated
In the mean time there are a separate category of people that take advantage of that structure, resulting in a high cost low trust environment, where people are willing to take gambles anyway, as the upside is always additional liquidity
I think you're missing my point, which is that in the middle of describing an environment where you can't be confident of anyone's honesty, you acknowledged that even the "legit" actors who aren't trying to scam you are trying to keep things a secret from their "community" so that it can appear to them that everything is happening organically.
What that says to me is that you're in a community of scammers, so it's hard to tell the difference between someone who's out to scam you and someone who's just out to scam some plebs.
I understood your point was that all participants including the token creators are scammers, and I didn't entertain you on it, shifting away from the semantics of that word as its an impossible standard for people that want to navigate that space
There is more nuance to it than that. The exchanges themselves will revoke a listing if it leaks in advance, turning the entire community against the founders for failing to get a listing and the door to that exchange being closed forever. The founders dont want it to leak that they paid or merely engaged a consultant, as a well done marketing campaign and “organic” results are what attracts people. The consultants therefore wont reveal who they worked with. and even if they did the founders will deny.
Many immature economies and sectors are like this. Crypto consultancy scams are not different enough for me to treat it differently.
> shifting away from the semantics of that word as its an impossible standard for people that want to navigate that space
It's not about semantics, it's about the facts of what you're describing:
> The founders dont want it to leak that they paid or merely engaged a consultant, as a well done marketing campaign and “organic” results are what attracts people.
This is fraud. It's probably fraud in the legal sense, but it's absolutely fraud in the ethical sense.
"Organic" results attract people to a crypto project not just as some kind of personal preference, they attract people because a truly organic result is evidence of a project that isn't going to just be a money sink. Faking results in order to attract people is fraud (ask Elizabeth Holmes) and individuals who can persuade themselves that it's not will tend to be dishonest.
You can't distinguish between the scammers and the "legit" consultants because you exist in a world where dishonesty is the norm. They're all behaving dishonestly, it's just difficult to tell which ones are out to get you.
yes and its really great that exchanges have been disintermediated by liquidity pooling systems. a lot of these extortionate practices were because projects use to need exchanges for any liquidity, so exchanges gatekept that. and now thats not necessary. anybody can spin up a permanent liquidity pool within 1 second.
regardless, purchasers should be more discerning as the technology provides the necessary transparency. many are discerning. many arent and those purchasers and the people they are influenced by have created a culture of strange metrics to judge a project by - such as growth of members in a chat channel, or mentions, or exchange listings. Playing along with that isn't fraudulent unless saying something happened for a reason it didnt. What you are describing to me is analogous to suggesting an organization directly tell all the technical analysis traders that their charts had nothing to do with anything, and if the organization didn't say that then its fraud.
In any case, crypto assets would work just as well if their creators said “they’re connected to this consultant” but for now thats just an omission thats necessary because the consultants tend to be in a position to harm the projects and its not clear they’ve delivered until the separate exchange moves forward with the listing.
I wouldn't consider that fraud on the project’s side in any sense, but I can see why you think that is - where either Ive created a protective layer of rationale for myself or the entire ecosystem is fraudulent and any individual’s way of navigating that is irrelevant. I don’t agree with that assessment, my contribution is to point out that there is a niche of scammers that absolutely will do meticulous, convoluted fraudulent things reminiscent of what the article has shown. And if you want to know about that niche, then I’ve detailed it. If you dont, this isnt really the thread for generalized crypto sentiment but I’m sure there will eventually be others on hackernews and you’ll find someone to entertain what you actually want to talk about.
> If you dont, this isnt really the thread for generalized crypto sentiment
This isn't generalized crypto sentiment. I actually find the rehashed arguments about crypto on HN rather exhausting and don't tend to participate much.
What this is is a thread about crypto scams, in particular a crypto scam that preys on dishonest people by taking advantage of their dishonesty. You provided a great illustration of a similar type of scam by mentioning how you've seen how many scammers take advantage of the widespread secrecy in the crypto token world, which secrecy you say exists in order to better attract buyers by not letting on the various ways in which the creator is manipulating things behind the scenes with the aid of a paid consultant.
It seems to me that a discussion of pervasive dishonesty creating a hotbed for scammers is totally relevant to TFA and to your original comment.
I'm curious, do you advertise your services to the public? I have a relative who's been victimized by a cryptocurrency scam. Would you mind if I contacted you about it?
Unfortunately, I have no services to provide for the recovery of the resources. After seeing an increase in these kinds of scams in my social circle, I have compiled that book to share my professional knowledge to spread knowledge with everyone.
One of my readers has recently reached out to me about the examples and this has motivated me to start writing these articles for reaching out to more people.
I have no issues to get contacted and I would like to help as much as I can.
That particular scam sounds like the old "binary option" scams out of Israel. Those involved large numbers of people, typically recent immigrants to Israel, working in call centers to con people. The scam binary options brokers were not only rigged, cashing out was next to impossible.
Those were finally shut down, after the Times of Israel published a many-part expose, "Predators work at night"[1] Also, one of the big operations tried spamming Wikipedia really hard, which resulted in so much pushback that it attracted significant negative attention to the scams.
The people behind those scams were not punished much, and pivoted to crypto, "contracts for difference", and other related scams.
For the simple scams, see r/metaverse-blockchain. This is currently full of pump and dump memecoin scams, promoted as such. Get in and out before the dump is the pitch. Of course, the issuers of the coin are guaranteed a gain, while, collectively, everybody else loses.
There is no "metaverse" component to these coins any more. There used to be claims that the money being raised was going to develop a 3D virtual world. A very few of the "metaverse" coins actually got something going, but most just took the money and ran. Even the ones that got something going didn't do a very good job. The result either looked awful or was so expensive to run server side that they could only run it for special events.
There's several new crap memecoins each week. The promotions look like they come from a template.
This looks like a low-effort operation.
Where's the SEC when you need them? (Mostly dealing with higher-dollar scams, actually. They bring the hammer down on one or two crypto scams per month, but there are so many.)
Yeah a fake livestream of Elon Musk or Mike Saylor still makes hundreds of thousands of dollars/day undetected and untraced, no FBI involvement or arrests at all, still going strong to this day. Why waste time with this crap.
I've been reporting fake tesla and space x accounts so often on youtube - that I eventually wrote a script to copy and past into the report.
Most of the time they do get removed - sometimes successfully before the QRcode is displayed. They even bot the streams so it appears like 30-40k people are watching creating 'social proof'
I assume a lack of manpower and lack of concerted attention to specific scams.
Another option is a Kafkaesque reporting mechanism in which a scammer took down their own videos before they could be reviewed by moderators. This is rarer but possible.
This scam is successful because it is predicated on the same appeal that ventures like lotteries, sweepstakes, slot machines, or giveaways have (albeit accentuated with a seemingly guaranteed win, that these other ventures don't have): the belief that you can just luck into a giant treasure chest of money by expanding minimal effort.
Broadly, this is a modern version of what's known as an advance-fee fraud, which has been around for hundreds of years - paying a small amount upfront (hence the 'advance fee') under pretense of receiving a much larger amount later.
The difference is that while lotteries and casinos are out to take your money they're at least honest about it. If you win they'll pay out in real money. They're not rug pull scams.
The dishonesty lies in obfuscating the actual odds of winning, making the honesty about the payout a moot point as it's not particularly applicable for most entrants.
For it to be clear how unrealistic the odds are. They're not exactly broadcasting "you're 40 times more likely to be struck by lightning than to win the jackpot", instead their site screams "Millions Could Be Yours!". That is the dishonesty and obfuscation. Millions _could_ be yours, but they are very unlikely to be yours, in fact realistically approaching zero. While advance fee scams say "millions will definitely be yours", with the odds being absolutely zero. But neither are meaningful odds.
Though regardless, my original point wasn't about odds but about the lure and the appeal of both of these things: the potential for getting a lot of money for doing virtually nothing (other than spending a bit of money up front).
The problem is that no culture/philosophy has (yet?) even found a clean line.
Ex: How different must the fixed menu picture of the "Burger and Fries combo"--designed to manipulate me into feeling hunger--be from the real food before it's fraud? If I tell you "pink elephants", I have created text that placed an idea into your mind against your will, but is that an offense?
If it's not a picture of food cooked by a worker at the company, in the regular kitchen, with the normal ingredients then surely it's fraud (lying to get money)?
Market capitalism needs truth and transparency to have any chance of optimising delivery of goods/services. These should be preeminent goals of Western Capitalism.
Fraud requires purposeful deception. It doesn't need to be 'the not-yet-existing burger', it just needs not to be designed to deceive you.
I'm not arguing the line isn't subjective.
But, if it's not made with the same ingredients, or for example isn't actually food (as with many marketing images for food), then it's deceptive. I hope you agree?
If it wasn't even made in the restaurant you're in, then I'd agree that is more of a blurred line - if it was made with the same equipment, to the same standards, by the same company, that's reasonable.
I think my point still stands that truth is essential if the mechanism of market forces is to be at all effective.
> But, if it's not made with the same ingredients, or for example isn't actually food (as with many marketing images for food), then it's deceptive. I hope you agree?
The point of the image is to give a preview what you’re about to get. It doesn’t have to be the real thing. If I sell screws online and only have CAD drawings and 3D renders of them, is that deceptive? As long as the product is properly described by the image, it doesn’t matter where it comes from. You could also sell burgers with hand-drawn preview images of them if you wanted to.
>As long as the product is properly described by the image, it doesn’t matter where it comes from. You could also sell burgers with hand-drawn preview images of them if you wanted to. //
I think we agree.
The only thing left is to decide what properly described means -- as is so often the case with such matters. Thanks for your comment and pushback.
At a certain point it falls to personal accountability. A would be lottery ticket buyer can get all that info in 30 seconds by googling "How likely am I win to win the lottery?" If they don't do that, that's on them.
Advance fee scams are different because 1) they are telling outright falsehoods and 2) they come cloaked in a broad variety of disguises, which means that a naive web search is not guaranteed to unveil the deception
IMHO, if you don't spend one afternoon out of 365 in the year researching what to do with your money and you lose money as a result, you can't claim victim status. It's analogous to being out of shape because you never go to the gym. Good results take effort. It's not someone else's fault if you never put in the effort. And the effort needed to learn how to make sound financial decisions is actually a lot less than the effort of going to the gym every day.
To draw another analogy, let's say you don't max out the pretax contributions on your 401k even though you have the means to do so. There are tens of millions of people in this situation right now, losing thousands of dollars in potential retirement savings each year. Are these people victims too? What is the difference between them and people who view lottery tickets as an investment vehicle? In both cases it's a financial loss due to lack of research.
In any case, I suspect that most people who buy lottery tickets are doing it for the entertainment value (the thrill of gambling), in which case dropping $20 on a lottery ticket every week isn't much different than dropping $20 on the movies. It's hard to to call them victims from that standpoint as well.
You made it look more prominent by linking directly to the tab that details the odds.
On mobile that tab isn't even visible when you load the page, you have to know that it's possible to scroll to the right in the tab bar. Otherwise what you see is the tag line "Imagine Winning $48 Million", details about when drawing happens, and a button that says "claim a prize" with an ecstatic man on a phone.
I will say that the government-sponsored lotteries tend to be less blatantly abusive than casinos, but I'm still very comfortable saying that they do actively work to inflate people's sense of the odds.
One thing I feel like I have learned from Reddit/ TikTok is the average person is terrible with money. Some VCs argue we should lower the bar to investing to democrative it. I am all for democracy, but maybe we would be better served if the average person didn't try to be a tycoon.
I think the tricky thing is the distinction between:
(A) Democratization: Let everyone participate as individuals on a freshly equalized playing field that was previously so slanted they couldn't even try.
(B) Democratization: Encourage lots of small disorganized weaker players into the market as unwitting prey for existing interests that have already established themselves with regulatory or competitive edges that they retain/maintain indefinitely.
P.S.: A closely-related rant over another situation involving market-access and devil-in-the-details: Various attempts to "privatize social security" often with the pitch of "giving individuals more control."
In this case I'm not focused on whether individuals can act wisely, but rather that such plans often means replacing an insurance policy with an investment account. Those two kinds of financial instruments have extremely different features, benefits, and risks!
So even if believe that's a great idea, be be suspicious of anybody who seems to be trying to hide that aspect of their plan from the public, since it means they're trying to get voters to make an uninformed choice.
Well, if the privatized version doesn't allow other people to take my money away from me at the point of a gun and give it to other people, using the state's proverbial "monopoly on violence" it doesnt seem like a very fair comparison. Apples and oranges. Maybe that was your implicit point?
> Well, if the privatized version doesn't [risk loss because of] the point of a gun
Except it does. A soldier with a gun in your face can take your insurance payout just as easily as they can take your bank balance.
With respect to a kleptocracy, neither option protects you.
> take my money away from me
Ah, this is the place where you've confused an apple for an orange: The premiums collected for "destitute in a ditch" insurance is not "your money", because that's not how insurance works.
Similarly if you buy "house burns down" insurance and your house is fine until the day you sell it, then you get zero dollars back from the insurance company and nobody blinks an eye. Your payout is potential, conditional, and generally non-transferable, and that's normal, because an insurance policy is not an investment account.
There was never a discrete "your money" pile sitting around in the insurance-company vault waiting for you to reclaim it. (Well, aside from in the minds of criminals plotting insurance fraud.)
Perhaps it is actually myself that's confused. I was not thinking in terms of "destitute in a ditch" money but rather the money that's currently being provided the the vast majority of American seniors. Sounds like you're talking SSI (dissbility) not social security (retirement). My bad.
There isn't really a distinction between the two; they are the same sentence with different frames.
However, if you don't let smaller players into the market then they'll be fleeced using some other mechanism (for example, taxed and then handouts given to the wealthy). If access to markets is expensive then small players won't be able to save at all since any method that lets people invest exposes them to risk, and once risk is involved larger players will outmanouver smaller ones.
Damned if you do, damned if you don't but giving people easy access gives people the best shot at achieving prosperity.
One of workplace tragedy in America is how we moved from professionally managed pensions to individual 401k retirement plans. Most folks have no business deciding asset allocation, managing risk, etc.
Most 401ks will just default to a target date fund, which is usually a total market stock ETF + bonds. That will certainly perform better than most actively managed pension funds.
Yeah, I wish we'd at least have tried scaling the benefits based on company's ability to pay. Or if they were guaranteed yet more realistic.
Ultimately maybe only something market-based is realistic. Yet if we must do that then I'd prefer gov workers be forced to use the same system. Also 401Ks being born out of a carve out for executives feels like an awkward fit for regular employees. Perhaps a unified system not tied to employment could be the best of both worlds.
I've also heard things that sound like they tend to have sharp eligibility cutoffs or amount calculations. There aren't issues with a 401k if I keep changing employers every few years. And you can't play stupid games with taking lots of overtime for your final year to boost retirement benefits beyond what they "should" be.
As it turns out, the accredited investor rule (>$1M liquid assets) isn't to filter for savvy investors, it's to make sure you can still land on your feet after your investment disappears.
I suggest you the following exercise to see it with your own eyes: enter a Telegram channel on a top 100 cryptocurrency, say that you are trying to recover your wallet and...
Suddenly a lot of scammer will contact you in less than 5' with techniques that you cannot imagine are real. For example, telegram handles with the same name as the channel admin but using unicode characters to make tou think it is the same account.
Reminds me of an elaborate reverse scam where the person asking for help have some USDT or other tokens on that ethereum address and a script to immediately swipe the funds the scammer will use for gas.
What is the standard solution to this type of phish? This problem did not exist in the ASCII world, of course. Unicode is useful, but what is the best way to prevent this malicious use of it?
This problem extends beyond character encoding. The average joe (and not so average alike) seems to have a hard time to distinguish official channels from non-official scammy ones, even more so when the official channel doesn't exist on a given platform ("we don't offer support via Telegram" kind of situations). Cue in some greed as well and you got a perfect recipe for disaster.
The root issue is the lack of skepticism and verification. At the same time humans have limited energy and verifying everything causes significant fatigue over time, so the problem might as well be intractable.
It's not about average Joes, it's about large numbers. If the scam works on 1/100 people in the US, that's 4 million people. If you're automating pitching it to 500 people a day, that's 5 wins a day. If your average haul is $500, that's $2500 a day. That's $900K a year.
For web URLs, browsers will sometimes display "punycode" where for example "домен" would be represented as "xn--d1abbgf6aiiy"
I believe different browsers have different heuristics about when to switch to that representation - suspicious characters, mixing scripts in the same URL, and so on.
I do think it's good for certain things to be ASCII-only. People will say it's Americentrism or Anglo-Saxon-centrism. Ok so be it. Make the account handles and email addresses not inclusive and ASCII-only.
> What is the standard solution to this type of phish?
For domain names I use a "corporate" setting in Firefox, disallowing the use of DoH/DoT: to make sure that every single domain name resolution goes through my own local DNS resolver.
And my firewall inspects every packet on port 53 and rejects any packet containing "xn--" (the way they encode Unicode chars in ascii URLs).
For text: my editor is configured to display in bold, fluo, on a dark background any character that is no a visible ASCII char (except newlines and spaces) and "zero width" char are forced to have a width.
But it's a losing battle: too many people don't understand the security implication of using Unicode everywhere.
The most enraging in all this is how stupid these homoglyph/homograph attacks are to pull off: any dumbfuck can pull it off. The bar is insanely low.
It reminds me of a scam they tried with my mom: and old person that apparently cannot read asks you about a lottery ticket, another “random” person comes and checks the lottery results from their phone, and you have a winning ticket for millions in your hand. Old person says it is hard for them to do cash it and asks for help, the random person pulls you in a corner and says you could offer some money to buy the ticket and cash it.
Well, mom was naive enough to believe it but honest enough to reject it.
It flips the who is scamming and who is the scammer around so that you think you are the one getting an advantage, much like here where you would withdraw some money that clearly is not yours. Much less likely to report.
Also makes the scammers feel less guilty when you also tries to scam another person.
Best crypto scam I see right now is the (MEV) bot scam. There are a bunch of promoted videos like below. Just download some code, connect it to your ETH wallet and you'll make 20-50-100% profits daily. I reported some over a month ago but still up. Has nearly half a million views.
lots of scams are able to continue by getting the victim to do things they wouldn't report to the police, or even to their relatives out of embarrassment
although I think it is an interesting idea that scammers intentionally make typos and absurdities, just to weed out discerning people in favor of easier victims, I think there is a larger market for meticulous more legitimate looking scams as well
> I think it is an interesting idea that scammers intentionally make typos and absurdities, just to weed out discerning people in favor of easier victims
This is an apocryphal anecdote or theory that gets passed around, but I'm not sure how true it actually is, and certainly not universally true. In that, I think scammers are way more likely to just make typos than to setup an elaborate low-level target filter. Regardless, I've also never actually seen scammers admit to this.
This is exactly the kind of thing I was talking about, taken to an extreme. A lot of theorizing about ROC curves and optimal operating point formulae, and absolutely no empirical, qualitative evidence (such as any interviews with actual scammers).
For example, there is no actual sample data provided to substantiate even the premise, let alone the conclusion of this claim:
> In choosing a wording to dissuade all but the likeliest prospects the scammer reveals a great sensitivity to false positives.
Thanks for being more eloquent about critiquing that paper than I could be. But that leaves the observation about grammar and spelling in spams and scams unexplained. How should we explain scams terrible presentation?
Occam's razor: the messages are created by the uneducated dregs of society in countries where English is not a first language, and that's the best they can do.
Although sometimes, rarely, the victim confesses their embarrassing actions as a warning to others in a well-written firsthand perspective in a national newsmagazine [0]
I recently watched John Oliver's video[1] about the "pig butchering" scam. It's a brutal scheme where scammers invest months in building fake relationships, gain a ton of trust, and then rob all of their money.
Even though I'm pretty tech-savvy, I'm not sure I could totally avoid falling for this. These scammers don't ask for money directly; they casually mention how they're making big bucks through crypto trading on some app. Naturally, you get curious about the app, but you're still cautious. Then you see it's got a ton of good reviews on the app store, so your trust increases a little.
You install the app, and it looks legit - like it was made by a solid dev team. It offers some limited-time crypto deals where you can't withdraw for a while. The victim invests a little, watches the crypto value climb, and sees their "money" grow on paper. So they put in more. When they finally try to cash out, they realize they can't. They panic and turn to their "romantic partner" for help. That's when the scammers and the fake app squeeze out the last bit of cash, claiming it's for taxes or fees, and they need to put some money. And the victim loses everything.
It's not unreasonable for the victim to think the relationship is real if they've spent months chatting and calling, sharing really personal stuff. Plus, the app seems totally legit, both from the store reviews and how it looks and works. I really hope these scams will disappear soon.
I watched the video but I wasn't fully sure what the scam was. Where it became unclear to me was where it transitioned from a chat to an app.
The app mentioned in his video (MetaTrader 5) is still up - and seems actually legit... at least I think?
So is the scam that they send links to fake versions of the app? How'd the reviews look legit then? Or is there some sort of scam they run on the app where they actually have control of your account?
EDIT: nevermind, I found this[1] post that explains it - the app connects to brokers and is not one itself. So they basically just make a fake brokerage and convince you to use it. So John Oliver's explanation was a bit lacking on that part, and misleading/incorrect about MetaTrader 5 itself.
Go file an email complaint to ( support (@) deftrecoup (.) com ) to know your chances of getting back your loss to any scam. Get your finances and sanity restored.
PS. This is not an advert, they helped me on a different case but they are credible.
This is at least twice as convoluted a process as is necessary to separate people from millions and millions of dollars in cryptocurrencies if the site stays up for a week. People don't bother spinning up stuff like this when the easy stuff works just fine.