What Are the Biggest Alleged Crypto Heists and How Much Was Stolen?

As the appeal of cryptocurrency has grown, so has the opportunity for scammers to part naive investors from their money. 2019 has been no exception, with cryptocurrency and blockchain forensics company Ciphertrace dubbing it “the year of the exit scam.” 

Exit scams are not a new phenomenon, with a 2018 report conducted by Statis Group revealing over 80% of initial coin offerings (ICOs) in that year to have been fraudulent. Here, Cointelegraph explains exit scams and how to spot them, as well as a look at some of the biggest scams that have been discovered by various researchers. 

What are exit scams? 

The premise of cryptocurrency is simple, a new ICO launches, claiming to offer lucrative returns for investors. Investors can’t believe their luck and clamor to buy in. The business runs for some time on the back of the invested capital, but, sooner or later, disaster strikes and the company shuts down, often with no explanation. 

After a while, it becomes obvious that the company is gone for good, along with the invested funds. The poisoned chalice of crypto’s decentralized nature often means that investors are left in the dark when trying to recoup or trace their pilfered funds. 

How to spot an exit scam

Many exit scams have tell-tale signs that investors should look out for. The financial content site Investopedia has a handy list of key characteristics. 

First, exit scams often have inconsistent or misleading information about the team behind the project. When scouting potential investment opportunities, investors should scour for information on key members of any ICO. 

It’s important to remember that online credibility can be faked by purchasing likes, profiles and followers on social media. Celebrity endorsements with verified accounts could also ring alarm bells for investors. A fake Twitter account purporting to be Elon Musk, with a supposedly verified twitter account, raised over $155,000 as part of a 2018 Bitcoin scam. 

Investors should verify the credentials of backers, team leaders and promoters of cryptocurrency projects. Although individuals may seem to be legitimate at first glance, brand new social media profiles and few followers or connections should raise eyebrows. 

The most significant characteristic unifying exit scams in cryptocurrency is the promise of a huge return on investment (ROI) — chances are that it’s probably too good to be true. Investors should always look through even the smallest details of what they are required to invest and what the company purports to be able to give back to them. 

ICOs usually come with a white paper, setting out the design details of the project along with a business plan and other information. Investors should pursue all available information for ICOs, as any vagueness in the white papers should signal a big red flag.

When investing in an ICO, it’s vital to get an understanding of the business model. Investopdia writes that anything powered by concept alone should be a warning to anyone tempted to buy in. Although cryptocurrency projects can and do launch off the back of technological advances, investors should be wary of projects looking to gather millions of dollars before taking a sober look at the project’s ability to return the investment from the published information.

Heavy promotion of an upcoming ICO can also be a sign of an exit scam. Past scams have employed bloggers to promote via numerous forums. Ads both online and in print media could also be suspicious. 

$2.9 billion PlusToken scam could be largest exit scam ever

A 2019 report shared with Cointelegraph by the cryptocurrency and blockchain forensics company Ciphertrace dubbed 2019 the year of the exit scam and highlighted the billions of dollars stolen in multiple scams this year alone. 

The report shines a light on what, if confirmed, could be the biggest crypto scam ever, with an estimated loss of around $2.9 billion after Chinese police uncovered an alleged Ponzi scheme involving the South Korean wallet provider and exchange PlusToken. Although more is being uncovered about PlusToken, mystery still surrounds the key events. 

Ciphertrace reports that the platform has enshrouded several Chinese nationals, the government of Vanuatu, the Chinese police and the company’s co-founders — a South Korean man operating under the alias of “Kim Jung Un” and a Russian known only as “Leo.” The alleged PlusToken scam centers around an app with which the wallet provider claimed investors could invest in PlusToken (PLUS). 

According to the report, the firm claimed that the token, based on the Ethereum blockchain, was developed by a major technology company. PlusToken is also said to have falsely stated that it could deliver wallet holders an ROI of between 8% and 16% per month, with a minimum deposit of $500 in crypto assets

Ciphertrace also reported that no verifiable source of revenue existed other than the proceeds from new membership. Those were onboarded per the traditional method of a Ponzi scheme, which require a constant stream of new investment in order to support its semblance of growth. Investors were incentivized to recommend new users with an invitation, which was the only way to join.

Although this was enough for some members to dismiss the legitimacy of the project outright, Leo, the company’s co-founder, published a press release that claimed he had met with Prince Charles, the future head of the English royal family, providing photos as proof. Ciphertrust reported that it had contacted the Prince Charles Foundation, which confirmed that Leo had indeed attended the event, but would not provide other information about the individual due to European Union General Data Protection Regulation, or GDPR.

PlusToken’s fate was seemingly sealed on June 28, after members of the Chinese police touched down in Vanuatu, detained six people involved with the project and extradited them back to mainland China. Ciphertrace reported that the so-called “PlusToken Six” were either Vanuatu citizens or applying for citizenship at the time of their arrest. 

Soon after, PlusToken members found that they were unable to withdraw funds from their accounts. Customers were informed that withdrawals via the app were frozen due to “technical difficulties.” By June 20, the PlusToken app had ceased operations due to purported system maintenance. 

For investors, there seems to be no secure lead on the final resting place of the allegedly billions of dollars of stolen funds. The Chinese government has yet to comment. A July 12 post from PlusToken stated that the six Chinese individuals were simply service users and not actually involved with the running of the company itself, stating that users should ignore the rumors and not try to log in until they receive confirmation that the servers are back online.

Pincoin 

On April 9, 2018, two ICOs — iFan and Pincoin — operating under the umbrella of company Modern Tech based in Vietnam, went silent after reports outed them as scams that had scalped 32,000 investors out of an alleged $660 million in tokens, according to Tuoi Tre News. 

Victims claim that the damages amount to roughly 15 trillion Vietnamese dong ($660 million) in token sales. Angered investors held a demonstration outside Modern Tech’s Ho Chi Minh City headquarters on April 8.

One of the initial characteristics that could have alarmed investors was the fact that Pincoin offered service users bonuses for successfully bringing other people on board. Pincoin did initially pay out cash until January 2018, when the company switched to iFan tokens, TechCrunch reported.

The owner of Modern Tech’s office building said that the company left its offices in March and that no one knew their current whereabouts. The firm left behind only an incomplete website that is now inactive. Modern Tech initially tried to pass itself off as a mere representative of both coins in Vietnam, prior to media reports confirming that seven of its Vietnamese executives were in fact behind the projects. 

TechCrunch reported that the ambiguous mission statement from the then-functional site is typical of the vague and jargon-filled copy used by exit scammers: 

“The PIN Project is about building an online collaborative consumption platform for global community, base on principles of Sharing Economy, Blockchain Technology, and Crypto Currency”

Financial scam directory Behindmlm released a report in February 2018 that found its buy-in method was typical of an ROI Ponzi scheme. Pincoin’s website is currently down, though iFan’s is still online.

QuadrigaCX — regulators catch on 

The death of 30-year old Gerald Cotten shook the crypto world — not only because Cotten was the co-founder and CEO of Canada’s largest cryptocurrency exchange, QuadrigaCX, but also because his control of the passwords and keys to accounts rendered all the assets on the exchange forever inaccessible after his death. Cotten took over $195 million of stolen cryptocurrency with him to the grave.

Related: QuadrigaCX Users Lose $190M as Speculations Over Cotten’s Death Swirl

Commenting on the May 9 Ernst & Young report, Ciphertrace said Cotten had played fast and loose with customer funds for many years in order to support a lavish lifestyle for both himself and his wife. Cotten allegedly exercised complete control over the exchange and used his position to perform “unsupported deposits” — i.e., fabricated transactions not represented by either fiat or cryptocurrency. 

Cotten also used significant volumes of customers’ cryptocurrency via transfers from the platform into other exchanges he controlled. As per the EY report, Cotten shifted significant amounts of fiat and cryptocurrency between alias accounts, although less than 1% of these transfers was supported by documentation. Ciphertrace notes that as the admin, Cotten was in a perfect position to hide his fraudulent activities. 

In a pattern that may now seem familiar, Cotten used customer funds to pay for QuadrigaCX operating costs after the company suffered liquidity issues due to his reported fraudulent use of user deposits. As QuadrigaCX began to struggle to stay afloat, EY reported that Cotten gambled customer funds in off-platform margin accounts to meet margin calls. 

The report also