Research: Over $11 Million Lost in Bitcoin Scams Since 2011

Scams promising bitcoin riches have netted swindlers at least $11m in the last four years, researchers have found.

Some 13,000 victims handed over their money unwittingly in 42 different scams over that time period, their data suggests.

However, the total amount of funds cheated from victims over this period is almost certainly higher than the estimated $11m the research identified.

A co-author of the research, Marie Vasek, said:

"There are a lot of scams that we couldn't measure at all. There were scams we couldn't find or verify ... We think presenting our findings as they are, a lower bound, makes a lot of room for us and others to further quantify scams in this space."

Vasek, who researches computer security at Southern Methodist University, co-wrote the paper with Tyler Moore, an assistant professor in computer science at the same institution.

Painstaking search

The paper, titled There's No Free Lunch, Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams, has been presented at the Financial Cryptography and Data Security conference taking place in Puerto Rico this week.

Vasek and Moore combed online repositories of scam accusations, including a mega-thread of scams, hacks and heists on the Bitcointalk forum that has been maintained since 2012, as well as the subreddit r/bitcoin, BadBitcoin.org and CryptoHYIPs.com.

This process required the researchers to painstakingly go through forum threads post by post, even translating messages that were written in languages other then English, as well as visiting the websites that scammers created to publicise themselves.

"We went through every single post to determine if the scheme was a scam, any associated bitcoin addresses with the scheme, and any associated scams," Vasek said.

Using this method they found 349 scams, which were then whittled down to 192 deceptions after excluding phishing, malware and pay-for-click websites, which fall outside the scope of the study.

The researchers then extracted bitcoin addresses linked to the frauds, enabling them to look at transactions from victims to fraudsters recorded on the blockchain.

The paper groups scams into four categories: wallet software, exchanges, mining 'vapourware' and 'high-yield' investment programmes that operate as Ponzi schemes.

The authors notably exclude the collapsed bitcoin exchange Mt Gox from their study because it's unclear if the platform was originally set up to defraud users or was simply poorly run.

As Vasek put it:

"Being bad at running a business does not make you a scammer, even if many people accuse you of that on the Internet."

Catching the 'big fish'

The most lucrative scams were Ponzis, which yielded $7.3m to the fraudsters that the researchers were able to track. Mining scams were next, generating $2.9m in ill-gotten gains for the cryptocurrency hustlers. Exchange and wallet scams, by comparison, yielded a paltry $455,000 and $360,000 respectively.

The Ponzi schemes, which are called 'high-yield investment programs' (HYIPs) in the paper, come in three different flavours, ranging from 'traditional' programs to bitcoin-only variants. Moore has previously conducted research into HYIPs.

Notably, it is the schemes that cross over from the traditional HYIP world to the bitcoin realm that are the most successful, the paper finds. Nine scams bagged $6.5m-worth of coins in the 12 months from September 2013. These include schemes like Leancy, Cryptory and Rockwell Partners.

These 'bridge' HYIPs also keep the carousel going the longest, operating on average for 125 days before folding. Bitcoin-only schemes, like First Pirate Savings and Trust, by contrast run for only 37 days on average.

The analysis also produced insights into what makes a scam successful. The deceptions that generated the most money did so by getting a handful of "big fish" victims to pay in the majority of the funds.

"For a scam to be successful, it appears that it must catch the few 'big fish' who will pay the bulk of the money into the scam," the authors write.

Vasek said the opportunity to use the blockchain to quantify the amount of money fraudsters were making was one reason she and Moore conducted their research.

"The blockchain creates an opportunity in that transactions may often be tracked, which could make it easier to assess the true risk posed by scams," the authors write.