Skip to main content

Cracks in the crypto utopia: How a surge of scams is exposing DeFi’s dark side

An onslaught of phishing scams has the cryptocurrency community rattled and questioning the very fundamentals it was built on.

Non-fungible token (NFT) creators and collectors are losing out on hundreds and thousands of dollars to quick-thumbed thieves who are exploiting decentralized finance’s rise in popularity and fragmented customer support infrastructure.

Although phishing scams within the digital finance (DeFi) realm are not new, what’s accelerating recent fraudulent activity is crypto’s new audience. This year, as NFTs have become more valuable (and trendy), many people have promptly hopped on the bandwagon, without any real de-fi education, in hopes of a lucrative payday. But it’s not just newbies getting taken advantage of; it’s crypto veterans, too, leading many to wonder whether one of crypto’s key values, — anonymity — deserves a second glance.

“Cryptocurrency is really just digital cash,” said Cesare Fracassi, professor of finance at the University of Texas at Austin. “When somebody takes your cash, and you don’t know who they are, there is really no recourse for that action.”

A barrier to entry

Here’s a quick breakdown for the unfamiliar: As mentioned, NFT stands for “non-fungible token” — “non-fungible” means it cannot be exchanged for something of similar value. NFTs are bought and sold using cryptocurrency (mostly Ethereum) on popular marketplaces like OpenSea, Rarible, and Foundation. Every cryptocurrency transaction is recorded on the blockchain, a digital ledger anyone can access for transparency purposes. Cryptocurrency is kept in digital wallets, like MetaMask, and holds your “private key” —  essentially a password that allows you to spend the money you have.

Cryptocurrency is deregulated and decentralized, meaning there is no intermediary (like a bank) in charge of a person’s assets, nor is there a regulating authority (like the federal Securities and Exchange Commission) making rules for how users and companies interact using the blockchain. And even though many NFT marketplaces offer ways for customers to receive support when they encounter a problem, most of the customer support NFT collectors and creators receive happens on digital messaging platform Discord’s servers.

NFT $90k Scam alert:

This is very hard for me to tell everyone but I know it’s also important for people to hear.
3 weeks ago I was scammed out of $90,000 in my Blockchain wallet during a supposed NFT deal. I will share a more detailed account of what happened soon

— jacob (@jacobriglin) July 10, 2021

If the process of buying an NFT, and receiving customer support if something were to go awry, seems disjointed and multilayered, it’s because it kind of is. Some of the biggest barriers, and blind spots, for crypto newcomers are the technical, cultural, and educational aspects of the space.

“Engaging with cryptocurrency as a user is a massive mental shift for people who are accustomed to very streamlined experiences where they relinquish control to a central authority,” said Emin Gün Sirer, associate professor of computer science at Cornell University. “That does open a window for bad actors to target new adopters, but the vast majority of crypto users know the next phase of growth for our space is welcoming the masses.”

However, crypto purists (also known as “crypto evangelists”) prefer cryptocurrency to remain this way — anonymous, transparent, and solely within the user’s hands. But so do scammers.

‘The most paralyzing, traumatizing feeling ever’

For Sohrob Farudi, the scammers cornered him quickly. And then he lost nearly everything, all at once.

After making a trade on NFT Trader for a coveted Bored Ape Kennel Club dog, Farudi noticed that the sell button for the item on OpenSea (a popular NFT platform) was deactivated — meaning he couldn’t sell, list, or trade his most recent acquisition.

Curious about what he should do next, Farudi went to the Bored Ape Yacht Club Discord server’s support channel to ask for help. Within seconds, he received a handful of DMs, including one from what looked like the server’s moderator asking him to connect to a separate support server, outside of the main channel. Wanting this issue to be resolved in a timely manner, Farudi followed along, unknowingly, into a scammer’s trap.

Farudi started sharing his screen with the pseudo support staffer, whose Discord nickname and profile image matched that of the actual server’s moderators. On Discord, while a username must be unique, a displayed nickname (which shows up in chats and servers) does not — creating a playground for imitators.

I was scammed / socially manipulated / hacked on @Discord and @OpenSea and lost three @BoredApeYC, four @0n1Force, and three @worldofwomennft totally roughly 250 eth in value by getting tricked into exposing the Metamask QR Code in the Chrome Browser Extension. I’ve never felt

— Sohrob Farudi 🍌 (@sohrobf) August 25, 2021

“These guys are freaking pros,” Farudi said. “They keep you engaged, they keep you distracted, they’re chatting you up, they make you feel really comfortable.”

After walking him through the phony support process, the scammer asked Farudi to resync his mobile MetaMask wallet to his desktop wallet. When a QR code popped up on screen for him to scan on his phone, Farudi realized he was still sharing his screen. At that moment, he knew he had just been scammed.

“It was the most paralyzing, traumatizing feeling ever,” Farudi said. “Right when I did it, I realized it was also on their screen, and then I started refreshing my wallet, and I saw an ape gone, and another ape gone, and then I was like, ‘Oh my god.’”

Farudi lost roughly 250 ETH to the scammers — nearly $800,000 in digital goods and “priceless” art from World of Women, 0n1 Force, and Bored Ape Yacht Club.

Farudi has been involved in the crypto realm since 2018, so right after he noticed what was happening, he got on the phone with friends and reached out to OpenSea’s head of product, who locked down the stolen items. (OpenSea’s head of product Nate Chastain was recently accused of flipping NFTs expected to increase in value using insider information, according to reporting by The Verge).

What happened to Farudi has been happening to crypto newbies and veterans alike at an alarming pace, so much so that OpenSea recently implemented “an account verification system” within its Discord channels and an “SOS” button for when an account’s been compromised, while MetaMask disabled its QR code syncing feature.

Note that 97.5% of this money is going to collectors and creators.

We’ve implemented an account verification system in our Discord, we’ve also shared these stories with MetaMask – they removed the QR code syncing feature today@discord is also working on this with us

— Alex Atallah (alexatallah.eth) (@xanderatallah) August 25, 2021

We've spoken with the MetaMask team and they will be temporarily disabling the mobile QR code sync feature to defend against the phishing attacks that have become more prevalent in recent weeks.

— Nate Chastain (natec.eth) (@natechastain) August 25, 2021

Better products or better DeFi education?

People rely on banks to make them whole if they ever become victims of a scam. Makes sense, right? This idea of financial security is baked into our culture. Yet, in cryptocurrency, there is no bank. There is no centralized figure to take your overdrafted account out of the red.

“NFTs and cryptocurrencies require some level of technical education and understanding, and not everybody has that,” said Fracassi, the UT Austin professor. “There are two ways to solve this: Make sure we educate people, and the alternative is to make products that are resistant to these kinds of hacks.”

One way to do this, Fracassi said, is for more marketplaces, exchanges and wallets to introduce a “multi-signature feature.” For example, say you are interested in buying something on the Ethereum blockchain, not only your signature would be required to do so, but so would that of your partners or the other custodian of your wallet.

Donnie Dinch, founder and CEO of Bitski, an NFT marketplace, agrees. “All wallets need to do two things: They need to protect the wallet owner from bad actors, which I think a lot of them do fairly well, and then most importantly, they need to protect wallet owners from themselves,” he said. But “wallet education” is still sorely lacking for NFT collectors, new and old.

“Wallets just don’t do a really good job of protecting users from themselves, and it’s not like an oversight, it’s sort of a philosophical way that these wallets are created,” Dinch said. “The reality is self-custody comes with quite a bit of responsibility, and so if you’re not willing to put in time as a user to understand that responsibility, there can be a lot of risk.”

“People don’t understand the ramifications, because up until the crypto wallet, everything on the internet was generally reversible via a support request,” he continued.

No easy answers

The answer on how to address the onslaught of scams varies depending on who you ask. Is it a customer support issue? A lack of education? Or does the answer truly lie in regulation? Getting rid of scams outright is impossible (we know that thanks to the current financial system), but how can a burgeoning industry like cryptocurrency rein in fraud while also getting people excited about DeFi’s possibilities?

Dinch believes providing support on third-party platforms like Discord is a “calculated risk” for NFT marketplaces like OpenSea, as well as for crypto exchanges.

“When you’re a project early on, having a Discord community is super helpful to get feedback on things that you’re doing — you have this sort of ongoing dialogue with your customer base that you’ve been able to sort of aggregate,” he said. “But then there comes sort of an inflection point where your community is getting so large that the idea of managing all of the small questions and feedback on Discord can be overwhelming, and that’s the point where you just need to make sure that all support requests move through a very specific channel.”

Fracassi, however, believes in order for cryptocurrency to be more broadly accepted, there has to be a more “regulated environment.”

“At some point, we need to rein the cryptocurrency into the regular financial system,” Fracassi said. “I think the institutions that are more connected with big corporations will benefit from regulation, but it’s going to make it a lot harder for startups to create innovative products.”

Reflecting back on his experience, Farudi sees where he went wrong in his interaction with the scammers. But he also sees where things can be made right.

“Because NFTs are attracting more and more people into the ecosystem, there needs to be a level from the crypto community of acceptance, that everything doesn’t have to be so anonymous, it doesn’t have to be so decentralized,” Farudi said. “The new people coming in are at such a disadvantage and the education gap is still so wide.

“The people coming in don’t care about decentralization, they care about safety and trust.”

Meira Gebel
Meira Gebel is a freelance reporter based in Portland. She writes about tech, social media, and internet culture for Digital…
CES 2022 shows the very convoluted future of video game tech
Asus ROG Flow Z13 gaming laptop.

A lot has changed about the technology we use to play video games. For decades, players needed to have a PC, console, or portable device (whether it be a Game Boy or iPhone) to game. Nowadays, the lines between all three of those categories have blurred. Devices like the Nintendo Switch have sparked a portable console revolution, while cloud gaming is making companies rethink what devices gamers need to play AAA titles.

That philosophical shift has been on full display throughout CES 2022. Manufacturers showed up in full force to unveil incredibly powerful devices that further break the established gaming mold. While there are plenty to ooh and ahh at, but this year's show highlights just how convoluted gaming tech has become.

Read more
Digital Trends’ Tech For Change CES 2022 Awards
CES 2022 Tech for Change Awards Post Feature

CES is more than just a neon-drenched show-and-tell session for the world's biggest tech manufacturers. More and more, it’s also a place where companies showcase innovations that could truly make the world a better place -- and at CES 2022, this type of tech was on full display. We saw everything from water-conserving showers to affordable electric trucks. But of all the world-changing tech on display this year, these four innovations impressed us the most:

Whill Model F
No matter how advanced or capable they might be, most powered wheelchairs available today suffer from the same fundamental flaw: They aren’t easy to transport when they’re not in use.

Read more
The best smart lights of CES 2022
GE Cync lights set up in gaming room.

CES 2022 is rapidly drawing to a close, and in the midst of it all were a few new smart lights that caught our eye. Let's see what's new from the show and what you might want to include in your next smart lighting upgrade.
GE Cync

GE's lighting brand Cync unloaded 11 new smart bulbs, covering all the form factors you could ask for, including filaments, candelabras, and globes. It pledged to support Matter in the future, too, which is good news for playing along with your other smart home devices. Expect to see these on store shelves at Lowe's, Best Buy, Target, and Amazon in March, with price points starting at $12. You can read up more about Cync's other announcements, including smart thermostats and security cameras.

Read more