Social Engineering in Crypto: Top 5 Fraud Schemes

Ayush Gupta, a developer affiliated with Polygon, BlackRock, and KGeN, became the target of cybercriminals who used social engineering and malware to access his digital wallet and subsequently misuse it.

Ayush was approached on LinkedIn by an individual named Nickolas Donoso, who proposed a freelance collaboration. Donoso requested that Ayush execute a repository file on GitHub and share his insights. The developer noted, the repo looked fine at first glance,” which prompted him to engage with it.

Upon executing the file, Ayush's macOS displayed a system notification: “Security wants to use your confidential info stored in chrome safe storage in your keychain.” This immediately aroused Ayush’s suspicions, leading him to delete the file and restart his system.

He then verified his wallet's balance using Etherscan, reassuring himself that the funds were intact (spoiler—it was not).

The perpetrator had merely convinced Ayush that his assets were safe: “If he had access to my wallet, he would have already stolen my money,” Ayush reasoned, thus he did not move his cryptocurrency from the compromised wallet to a safer location. The scammer was simply biding time: while Ayush was checking Etherscan, the thief already had access to his funds. Within the first five minutes of the attack, the scammer extracted $14,400 in cryptocurrency. He also managed to sell several NFTs and converted some assets to ETH. 

Unauthorized transactions including the withdrawal of NFT#2222, BADGER, and ALI from the victim’s wallet. Source: nansen.ai

As a result of a 5-hour cyber attack, the total damage amounted to $16,970. Ayush lost all of his capital invested in cryptocurrency.

It's important to note that this scam on LinkedIn is not an isolated case. Fake recruiters might also send phishing links, request personal documents for KYC procedures on trading platforms, or ask for payments to cover the “delivery” of corporate equipment.

Victims can encounter virus-infected files under various circumstances: while interacting on dating sites, in crypto community chats, or in comments under Telegram posts. The context varies based on the scamming technique used by the fraudster.

Social Engineering Attacks in Crypto  

This developer's ordeal is not unique. Comparing the first half of 2023 with the same period in 2024, the scale of fraud has escalated: losses categorized as “stolen funds” reached $1.58 billion (up from $857 million the previous year), and losses from “ransomware” amounted to $459.8 million, nearly unchanged from the previous year’s $449.1 million. 

Advanced cybercriminals, including IT workers linked to North Korea, are increasingly leveraging off-chain methods, such as social engineering, to steal funds by infiltrating crypto-related services

according to a report by Chainalysis.

The role a scammer can play is limited only by their imagination. They could pose as a recruiter, a crypto exchange analyst, or even a romantic interest—each disguise is carefully tailored to their scheme. Users need to be vigilant and able to recognize these tactics to avoid falling victim to fraud. 

Scheme #1: The Pity Me Strategy  

To win someone's sympathy and favor, play on their emotions. If you're seeking romance, open up about your personal challenges; if you're aiming for a promotion, let your boss know about your financial struggles; if you're looking to build a large following on X, discuss your financial hardships like bankruptcy.

Icon of Sympathy: Puss in Boots. Source: fandom.com

Posts where authors claim financial ruin, hacks, or being victims of scams quickly amass thousands of views. For many, these narratives significantly boost their media profiles; some even fabricate their own victimhood, such as pretending to be robbed, to draw new followers. For others, it becomes a method to engage in illicit activities.

Scammers often fabricate dramatic stories like liquidating $100,000 on meme coin trades, losing all their funds to a phishing attack, or asset losses due to a hacked cross-chain bridge. Their goals typically include:

• Attracting an audience: The initial, seemingly harmless goal is to gain followers—unsuspecting users subscribe to the “victim” and occasionally see their posts in their feed.
• Generating income through donations: The act of soliciting sympathy donations has reached a new level with statements like, “We only accept crypto.”
• Pushing phishing links and fraudulent projects: Authors of these posts might endorse a “fantastic” service that allegedly helped them recover their funds. In hope of retrieving their losses, users might follow these phishing links, only to end up in a worse situation.

The prevalence of such posts often increases in tandem with unpredictable events in the crypto market, such as the FTX collapse, the Atomic Wallet hack, or the altcoin market downturn in April 2024. These events impact a large number of people, thus increasing the number of users with similar, often fabricated, stories. 

Scheme #2: The Friendly Chat Strategy  

This social engineering tactic frequently targets men, exploiting their weaknesses for easy money and female attention. An unsuspecting victim might start a conversation on a dating site like Badoo or Tinder and, within a few days or weeks, be lured into becoming a “crypto investor.”

The scammer builds trust with the victim and later suggests signing up on a scam-controlled exchange (to steal confidential data), investing in fraudulent tokens, or making a donation. These actions are often motivated by promises of a personal meeting, sharing photos, and continuing the conversation.

Interestingly, the FBI recently recovered $5 million for victims of this very type of scam.  

Scheme #3: The Crypto Mentor Ruse  

It may seem that the era of phone scams is long gone as people increasingly use caller ID services like Getcontact, refrain from disclosing the three digits on the back of their bank cards, and avoid sharing confidential information with strangers. Public awareness of such scams has indeed increased, yet fraudsters have developed more sophisticated schemes.

For example, advertisements promising easy earnings in crypto may entice a victim to leave their phone number for further discussions with a “consultant.” This individual is not a genuine consultant but a well-trained scammer skilled at pressing the right psychological buttons. Even if the victim suspects a scam, this expert manipulator can convince them otherwise.

Incentives for investing could include:

• The launch of a token through an ICO. Between 2019 and 2020, scammers frequently enticed investments with the promise of the Telegram Open Network (TON) ICO.
• The missed surge in cryptocurrency prices. Even seasoned traders can succumb to FOMO (fear of missing out), let alone those without experience.
• The opportunity to join the crypto industry. To many, cryptocurrencies still seem like enigmatic and unattainable assets, which allows scammers to offer their victims the “unique chance” to join an exclusive community.

Once a victim is primed to invest, they are led through a KYC process (naturally, it's a phishing scam) and asked to deposit funds into a fraudster-controlled exchange. This approach allows the criminals to simultaneously obtain both money and the user’s personal data.  

The victim then faces relentless psychological pressure. Phony analysts simulate significant price fluctuations (trading occurs on the manipulated platform), and exploit the investors through various means: they resort to blackmail (for instance, denying the withdrawal of assets from the exchange unless additional fees are paid), manipulate emotions, and create a sense of urgency (“time is running out”), pushing investors to make rushed and ill-considered decisions. All these tactics are designed to maximize the extraction of money.

Scheme #4: The Last Chance to Claim Your Airdrop  

his scam revolves around promoting a phishing link under the guise of receiving or verifying eligibility for an airdrop. Scammers create fake accounts, mimicking the profiles of legitimate projects, and then post links that lead to malicious software or websites.
These posts are often buried in the comments under posts from real projects. For instance, if ZKsync posts details about its tokenomics, a scammer might reply with something like, “Click the link to check your eligibility for the upcoming $ZK airdrop.” Once users click on the link, they are prompted to connect their wallets, grant access to their assets, and so on. Victims who follow these instructions end up handing over all their sensitive information to the scammers.

Scheme #5: Double Your Money Trap  

In 2022-2023, a new trend emerged in the industry—crypto arbitrage. This method involves increasing capital by exploiting price differences for the same assets across different platforms. Arbitrageurs identify discrepancies in token prices between centralized and decentralized exchanges, OTC markets, and offline exchangers, and they capitalize on these differences through quick trades.

The process (for example, converting ETH to USDT on DEX #1 → transferring USDT to CEX #2 → cashing out USDT via exchanger #3) is known as a “loop.” While this method is legitimate, scammers have learned to deceive users by promising to share or sell these loops (revealing the details for a fee).

The mechanics of an arbitrage loop. Source: capital.com

The scam begins with the scammer identifying a target. This is often done through various means: promoting educational courses on arbitrage or advertising a job at a reputed arbitrage firm. The scammer then convinces the victim of the loop's profitability, using fake testimonials, polished social media content, and more.

Here are some additional popular scam schemes:

• Fake loop sale: The scammer offers to sell their “highly secret loop,” but once they receive payment, they disappear without a trace.
• Fund management scam: The victim entrusts their funds to the scammer under the guise of managing the loop's “secrecy” (claiming that the loop can't be sold, but the scammer can easily “turn over” the victim's deposit for a profit). Once the funds are transferred, the scammer vanishes, taking the money with them.
• Profiting from service fees: The scammer proposes a partnership using their loop, asking only for a small commission (typically 5–10% of the profit). The catch lies in the tools the scammer provides to the victim for executing the trades. Let’s delve into this one further.

After agreeing to collaborate, the victim receives the loop and is encouraged to start with a small amount to build trust. A typical loop might involve buying USDT on a centralized exchange (CEX) → exchanging USDT for another token (usually a stablecoin) on a decentralized exchange (DEX) → and then transferring the funds back to the CEX with a profit.

The trick occurs at the DEX stage: the scammer directs the victim to a fake website designed to resemble a legitimate decentralized exchange, but it’s actually controlled by the scammer. Instead of executing a real trade, the victim ends up transferring their funds directly to the scammer’s wallet. This could be the end of the scam, but often the scammer continues to string the victim along.

After stealing the initial amount (say, $100 USDT), the scammer sends it back to the victim, adding an extra $5–$10 to create the illusion of profit. Convinced that the loop is working, the victim increases their investment, perhaps sending $1,000 instead of $100. But this time, the funds stay with the scammer for good.

Social engineering techniques are constantly evolving. As artificial intelligence advances, detecting these scams will become even more difficult; scammers will be able to mimic voices, create realistic faces, gather personal information about you, and more.

Remember, the best defense against scams is awareness. While it’s impossible to remember every trick, common sense is your most reliable tool.