Thanks in part to the advent of the COVID-19 pandemic, cryptocurrencies have gained renewed attention that has led to a significant spike in trading volume.

In 2014, when Bitcoin was trading at roughly $500, venture capitalist Tim Draper predicted it would reach a valuation of $10,000 within three years. By December 2017, Bitcoin had in fact reached an all-time high of almost $20,000.

In April 2018, Draper went on to predict that Bitcoin will top $250,000 by the end of 2022/early 2023, although it was valued only at $8,000 at the time.

It seems the pandemic is bringing this once inapprehensible forecast closer to reality. When the pandemic erupted, Bitcoin could be purchased for around $7,300. Today, the very same Bitcoin costs roughly $60,000—a rise of about 700%. Other cryptocurrencies created just since the start of the pandemic are up millions of percent. Shiba Inu, for instance, was created in August 2020 and has already seen its value skyrocket more than 70 million percent. (Shiba Inu was listed in exchanges during 2021.) Ethereum and other prominent cryptocurrencies showed similar increases.

With thousands of cryptocurrencies in circulation, and new altcoins emerging every week, cybercriminals have developed several schemes to defraud those looking to profit from the phenomenon. By August 2021, cybercriminals stole nearly $3 billion in cryptocurrencies. We will review some of these incredibly profitable scams in this report.

Bitcoin (BTC)

The original cryptocurrency, Bitcoin was created in 2009 by a person who uses the alias “Satoshi Nakomoto”. The maximum number of bitcoins that will ever be in existence is 21 million, and over the years, many bitcoins have been lost and buried in inaccessible hard drives. Bitcoin leverages a global network of computers that maintain a shared ledger called a blockchain that keeps track of who owns Bitcoin. Bitcoin’s market capitalization is the largest among all cryptocurrencies, presently valued at reaching $1.13 trillion.

Ethereum (ETH)

Ethereum was created in 2014, and unlike Bitcoin, has no cap of maximum tokens—meaning more tokens can be created according to demand. The most basic function of programs built on the Ethereum platform is to facilitate smart contracts. The token Ether functions like a digital commodity—you need Ether to run applications on the Ethereum blockchain. Ether is the world’s second-largest virtual currency by market capitalization.

Monero (XMR)

Monero was launched in 2014, and its focus is anonymity. The details of a transaction within the Monero ledger are hidden; the sender is obfuscated, the address of the recipient is hidden using stealth addresses, and there is no way to know the amount of the transaction. Monero is the 41st largest virtual currency in terms of market capitalization. This is a popular cryptocurrency mined by crypto jacking malware.

Shiba Inu (SHIB)

Shiba Inu is an Ethereum-based altcoin that was created in August 2020 by the anonymous “Ryoshi.” Its tokens are the currency of the decentralized exchange ShibaSwap, which lets users trade between Shiba Inu and other crypto tokens. It is the 11th largest virtual currency.


The frenzy surrounding Bitcoin is reminiscent of the gold rush of 1849, when more than 380,000 fortune seekers made their way to California. While modern cryptocurrency investors can earn riches from the comfort of their couches, the two markets bear numerous similarities. The cryptocurrency market cap has recently hit $3 trillion, which is almost a third of gold’s market cap of $11.6 trillion, some predict that it’s only a matter of time until the market cap of cryptocurrencies reaches that of gold.

Another similarity: the frenzy surrounding them, which in both cases had led to all sorts of scams. In the mid-1800s people tried to sell fake (“fool’s”) gold or steal the hard-earned gold of miners. In the 21st century, the cryptocurrency landscape is plagued by comparable dangers, with new schemes emerging by the day.

A recent example is the Squid Game crypto ($SQUID) token created in the wake of hype surrounding the hit Netflix show. It emerged in late October and reached a peak of $2,861, before crashing to near $0. Investors have poured into the token $3.38m, only for it to collapse in an apparent scam.

This scam has become known as a “rug pull”; it occurs when people start investing in a new coin that looks legitimate and receives wide coverage by respected media outlets and social media influencers. Once the coin gains traction, its creators quickly sell their holdings and make off with the money—leaving investors with empty pockets.

Figure 1: Influencer’s post published on Twitter encouraging followers to invest in the MILF token


Cryptojacking occurs when attackers secretly use one’s computer resources to mine cryptocurrencies.

Figure 2: Fraudster shares article describing how to covertly mine cryptocurrencies in Russian Forum

Figure 3: Fraudster sells crypto miner for €60 in leak Forum

Popular since 2017 until it was shut down in 2019, internet browsers, browser extensions, and mobile apps were used to spread “Coinhive”—a Javascript miner for Monero that steals the processing power of users’ devices.

Another example of a malicious cryptocurrency miner is “Crackonosh”, which is hidden in popular cracked games, including pirated versions of the games GTA V and NBA 2K19. The main target of Crackonosh is to install XMRig, a popular and well-known Monero coinminer, on victims’ devices. The malware in question seems to be of Czech origin, and so far, it appears that hackers have made over $2 million by infecting devices.

LemonDuck is another form of Monero crypto-mining malware. It can start with infecting a single computer and spread across an entire organization’s network, turning its entire computer resources into mining slaves. Cryptocurrency campaigns of LemonDuck first surfaced in May 2019.

Outseer FraudAction researchers have analyzed hundreds of samples related to cryptocurrency mining over the past three months, and were able to split the samples into three types:

Almost 60% of samples were malware designed specifically to perform mining, also known as Cryptominers. Notable examples include LemonDuck, Acrux and XMRig. Approximately 20% of the malware samples were malware known as “stealers” which are used to steal crypto wallets but have evolved to possess mining abilities, such as Racoon and L0rdix. The remaining samples were downloaders of miners. Downloaders are used to open the door to additional types of malware, in this case, to allow the ability to mine cryptocurrencies.


Despite frequent swings, the promise of high valuations for cryptocurrencies and expected growth in adoption mean the fraud surrounding them will continue to grow and evolve. Even if you feel like you have seen it all and think this as just another type of online fraud, the reality is that cryptocurrency scams can fool even the savviest among us.

But you can lower your chances of falling victim by following a few basic measures. First and most important, as with any credentials you possess, it’s critically important to keep them to yourself—don’t share them with anyone. Using a reputable ad blocker will help prevent the exploitation of your machines for mining.

Another measure worth the effort: blacklisting domains used by crypto-miners and botnets. Refrain from downloading pirated content that might infect your machine. Additionally, monitor code repositories and paste sites to better protect your organization. Just because a recommendation came from a celebrity or social media influencer, that doesn’t mean it’s a good investment—in some cases, the person may be paid to publish the endorsement.

Those looking to protect organizations from the malware unleashed in these scams should also consider sourcing an all-inclusive cyber-intelligence service. Using our own offering as an example, Outseer FraudAction provides comprehensive, 24/7 protection against Trojans and other malware, as well as expert threat intelligence feeds to help you stay on top of emerging threats to your organization.

While cryptocurrencies may offer plenty of promise, they come with plenty of peril to go around.

To learn more about how Outseer FraudAction can help protect your organization from a growing number of cyber-threats, or to schedule a demo, click here.

Adi Goldshtein-Harel

Product Manager

Adi Goldshtein-Harel is Product Manager and Head of the Cyber-Intelligence team of FraudAction Services for Outseer, an RSA company. Adi is responsible for planning, executing, and leading the product roadmap. In addition, Adi leads the Cyber-Intelligence operation providing service to hundreds of customers. Adi’s work provides her with deep insight and expert knowledge of the cybercrime landscape, particularly in the field of online fraud prevention.