Sophos, a global provider of next-generation cybersecurity, published threat research on emerging cybercrime in the article “Liquidity Mining Scams Add Another Layer to Cryptocurrency Crime” today. The article is the first in a series that aims to expose scammers who use the hype surrounding cryptocurrency trading and the vast sums of digital wealth users have made (and lost) in crypto markets to entice and swindle would-be investors.
Sophos explains in the investigative piece how the complexity of cryptocurrency and decentralized finance (DeFi), the foundations of liquidity mining, create an ideal environment for criminals to easily conceal and carry out their malicious intentions. Scammers are not afraid to target their victims; they proactively spam recipients via Direct Message on Twitter, What’s App, Telegram, and other social networking platforms, innocuously discussing liquidity mining to put targets at ease. Scammers then take the swindle to the next level.
Above, a screen shot of an initial stage conversation from a scammer luring in a target. As spammy as this Direct Message seems, people are falling prey to what ensues: liquidity mining CryptoCrime.
“Interactions from a single Direct Message on Twitter led to Sophos’ investigation that uncovered several liquidity mining fraud rings. Liquidity mining is a form of cryptocurrency-based investment in DeFi that even when ‘legitimate’ is both dubious and complicated,” said Sean Gallagher, senior threat researcher at Sophos. “The strategies behind the investments themselves are complex, and there’s no regulation beyond the ‘smart contract’ code embedded in the DeFi network’s blockchain — code that many people can’t easily interpret even when it’s publicly published. There’s also a shortage of reliable information for new investors on how these networks work. Despite these risks, liquidity mining is the latest cryptocurrency investment craze, but because of these factors it’s also the perfect platform for scammers to leverage. Unfortunately, we expect liquidity mining CryptoCrime to continue; it hasn’t peaked. Hundreds of millions of dollars are at stake.”
Legitimate liquidity mining enables DeFi networks to process trades automatically using digital currency such as Ethereum, the preferred cryptocurrency for liquidity mining. The DeFi network’s smart contracts must quickly determine the relative value of the currencies being exchanged and execute the trade. Because there is no centralized pool of cryptocurrency from which these distributed exchanges can complete trades, they must rely on crowdsourcing to provide the pool of cryptocurrency capital needed to complete a trade — a liquidity pool.
Investors commit equal amounts of both cryptocurrencies to the liquidity pool, which handles transactions between a single pair of cryptocurrencies such as Ethereum and Tether. In exchange for lending that cryptocurrency to the pool, the investors receive a reward based on a percentage of the DeFi protocol’s trading fees.
Investors also receive liquidity pool tokens (LP tokens), which represent their portion of the pool. These tokens can be “staked,” or linked back to the exchange, committing the original contribution and earning dividends in the form of another cryptocurrency associated with the DeFi project. The worth of these reward tokens varies greatly.
“The mechanics of liquidity mining in its legitimate form provide the perfect cover for old fashioned swindles re-minted for the cryptocurrency age,” said Gallagher. “Criminal liquidity mining schemes, like traditional Ponzi schemes, give targets the illusion that they can pull their money out at any time — even allowing them to make withdrawals early on. But scammers will continuously urge targets to keep investing and to ‘invest big’ by obscuring what’s really happening with fake applications, phony profit reports and the promise of lucrative pay outs. In reality, scammers have gained control of their targets’ cryptocurrency wallets and are withdrawing currency whenever they want. Gradually, scammers empty the wallets, all while continuing to assure targets that everything is fine, and finally cut off communications.”