Cryptocurrency-based scammers and cyber criminals netted a whopping $7.7 billion worth of cryptocurrency from victims in 2021, marking an 81% rise in losses compared to 2020, according to blockchain analysis firm, Chainalysis.
Some $1.1 billion of the $7.7 billion in losses were attributed to a single scheme which allegedly targeted Russia and Ukraine, it said.
"As the largest form of cryptocurrency-based crime and one uniquely targeted toward new users, scamming poses one of the biggest threats to cryptocurrency's continued adoption," said Chainalysis.
At the same time though, the number of deposits to scam addresses fell from just under 10.7 million to 4.1 million, which it said could mean there were fewer individual scam victims – but they are losing more.
A major source of rising cryptocurrency losses in 2021 were so-called "rug pulls", where the developers of a new cryptocurrency vanish and take supporters' funds with them. Rug pulls accounted for 37% of all cryptocurrency scam revenue in 2021, totaling $2.8 billion – up from just 1% in 2020.
"Rug pulls are prevalent in DeFi because with the right technical know-how, it's cheap and easy to create new tokens on the Ethereum blockchain or others and get them listed on decentralized exchanges (DEXes) without a code audit," it warned.
The characteristics of the investment scam networks are changing. Chainaylsis found that the number of active financial scams rose from 2,052 in 2020 to 3,300, while their individual lifespan has decreased from over 500 days in 2016 to 291 days in 2020 and just 70 days in 2021.
"Previously, these scams may have been able to continue operating for longer. As scammers become aware of these actions, they may feel more pressure to close up shop before drawing the attention of regulators and law enforcement," it said.
Unsurprisingly, scams also increase in line with the rise in value of popular cryptocurrencies such as Ethereum and Bitcoin, although that link may have been broken in the last year.
Chainalysis notes: "The most important takeaway is to avoid new tokens that haven't undergone a code audit. Code audits are a process through which a third-party firm analyzes the code of the smart contract behind a new token or other DeFi project, and publicly confirms that the contract's governance rules are iron clad and contain no mechanisms that would allow for the developers to make off with investors' funds."
It added: "Investors may also want to be wary of tokens that lack the public-facing materials one would expect from a legitimate project, such as a website or white paper, as well as tokens created by individuals not using their real names."