The DeFi realm is huge, with thousands of digital assets in existence and hundreds of financial services available to users. But when an industry begins to grow, cybercriminals will always try to capitalize on its popularity. DeFi is no exception to this rule, and scams have become commonplace in the industry in recent years. But what, exactly, are DeFi scams, and how do they work?
What Is DeFi?
Before delving into DeFi scams, it’s important to understand what DeFi is, at least on a basic level. DeFi, or decentralized finance, is the term used for financial assets and services that operate in a decentralized manner.
In our modern world, the majority of financial services and institutions operate on a centralized basis. There is a small group of decision makers existing within every organization that hold the majority of power. Banks, hedge funds, stock exchanges, accounting firms, and many other financial services operate in this way, but there are many reasons why this is problematic.
In short, organizations controlled by a small number of individuals are far more subject to corruption and malicious attacks. When power is shared unevenly, and data stored in an undistributed fashion, things can go wrong easily. For example, an organization that stores all their data on one central server could be an easy target for cybercriminals. On the other hand, a company with just a handful of authority figures at the top is undoubtedly exposed to corruption and poor decision-making.
DeFi tackles these issues by offering you financial services that operate solely on a decentralized basis. This means that the assets used are decentralized (i.e cryptocurrencies) and the platforms themselves are decentralized, with data being spread across network members (also known as nodes).
DeFi also gives members the chance to have their say in how platforms progress, via a mechanism known as governance. In governance, users can put forward some of their tokens to vote on proposals, such as adding or removing a feature.
For many, DeFi is a great alternative to traditional finance. But cybercriminals are targeting this industry to make a profit.
Why Cybercriminals Conduct DeFi Scams
There are many things about decentralized finance that make it secure. For one, DeFi uses blockchain technology, a super secure form of data storage that uses cryptography to make information safe and immutable. The use of a decentralized structure also lowers the chance of malicious attacks, as data is spread across a network, not kept in one central location.
However, DeFi platforms are not airtight, and users can also be easily tricked into divulging sensitive data to criminals. So, what’s so alluring about DeFi here?
Firstly, DeFi offers users an elevated level of privacy. Because DeFi platforms use cryptocurrency, the identities of users behind transactions can be kept private. On a typical blockchain, the only information given about senders and receivers is the wallet address. While this can technically be used to find one’s identity, this isn’t a simple process, and many do not know how to do it.
What’s more, cryptocurrency transactions are irreversible, meaning once assets leave your account, there’s no “undo” button. So, if a cybercriminal were to con you into sending them money, or managed to access your wallet, you wouldn’t be able to retrieve the stolen funds without the intervention of the platform you’re using or law enforcement.
Another aspect that cybercriminals tend to capitalize on is the fact that many people are new to DeFi. DeFi in and of itself is a somewhat emerging industry, and was only popularized in the early 2020s. So, there are still a lot of people using these services that don’t fully understand the technology, or the risks involved.
The 5 Most Common DeFi Scams
There are numerous scams you need to be aware of on DeFi platforms.
1. Rug Pulls
Rug pulls (not to be confused with pump and dump schemes) are unfortunately native to the DeFi space, as they can rake in huge profits.
DeFi rug pull schemes usually start with a new project or token. In such cases, developers will promote their new service or asset, marketing it as useful, innovative, or the next big thing. Then, if all goes to plan, DeFi users will begin investing, and the project’s native token will begin to increase in price as demand for the asset surges.
Once the token reaches a certain point, the malicious actors behind the scheme will sell off all the tokens they hold—usually a vast chunk of the circulating supply. At this point, the demand plummets, and the price of the token goes with it. As a consequence, those who invested in the token have now lost money, while the malicious actors have made a hefty profit.
2. Honeypot Schemes
Honeypot schemes are particularly effective in the DeFi realm, as there are lots of investors hoping to make big bucks. As the name suggests, honeypot schemes are designed to lure in unsuspecting victims, but how do they really work?
In a honeypot scheme, a scammer will use a smart contract that appears to be able to make investors a sizable profit. In DeFi, smart contracts are used to automatically execute agreements, so long as certain, pre-defined conditions are met on either side. A cybercriminal can set up a smart contract that looks like it can be used to make a profit.
This smart contract may appear similar to others, but are designed specifically to lure in victims. In fact, the contract design tricks the victim into thinking they can drain crypto from it with a small initial investment. But, in reality, the user is investing money to never see any kind of return, only a loss of the initial sum.
On the other hand, crypto honeypot scams can simply involve scammers getting in touch with other DeFi users to inform them of a seemingly lucrative investment opportunity. If successful, the target will invest money into the phony scheme, believing that they are putting their funds to good use. However, in reality, they are simply handing their money over to a cybercriminal.
3. Wallet Dusting
When using DeFi services, you’ll need to have one or more cryptocurrency wallets to hold your assets. Because there are so many crypto wallets out there holding vast sums of money, cybercriminals have unsurprisingly set their sights on this element of the DeFi realm.
There are many crypto wallet scams out there, including dusting. Wallet dusting refers to the process of sending tiny amounts of cryptocurrency (or “dust”) to hundreds, or even thousands of wallets. By doing so, the cybercriminal can uncover the identity of the recipient addresses. Crypto wallets holding large amounts of assets are particularly at risk of this cybercrime method, but anyone can be targeted.
Once a suitable target is identified, the attacker will make it a focus for their scams.
4. Phony NFTs
NFTs (non-fungible tokens) have sold for huge amounts in the past. In fact, some NFTs have been purchased for tens of millions of dollars. Again, cybercriminals were quick to notice this money-making opportunity. Today, NFT scams are rife, with people losing huge sums to scammers. But how do they work?
The most common kind of NFT scam involves selling a buyer a fake NFT. Fake NFTs are common, as, on the surface, a legitimate and phony NFT can look identical, and less experienced buyers can easily spend a large amount on something that, in reality, is worth nothing.
Even the most well-known NFT marketplaces, such as OpenSea and Rarible, are used by cybercriminals to sell fake NFTs. This is why it’s important to check the properties and transaction history of any given NFT to see if there are any red flags. That’s why it’s so important you know how to spot phony NFTs and similar scams.
5. Phishing
The DeFi industry is also no stranger to phishing. There are so many ways through which phishing can be used to scam DeFi users, starting with urgent emails and texts.
SMS and email phishing scams are commonly used to access victims’ cryptocurrency exchange accounts, where asset holdings can be stolen. In this process, the malicious actor will usually message a crypto exchange user pretending to be the exchange itself. In the message, the target will be urged to take action in order to resolve an account issue, such as unusual activity.
The attacker will also provide a link to a phony exchange login page that looks almost identical to the legitimate site. Once the user enters their login details, the phishing page will grab them for the attacker. Now, they can access the victim’s account.
DeFi Scams Are Frighteningly Common
If you’re an avid DeFi user, it’s crucial to be aware of the risks posed by malicious actors. So, keep our list of DeFi scams in mind next time you’re handling your decentralized assets, as there may be cybercriminal looking to target you with a dangerous scam.