The NJCCIC continues to receive reports of cryptocurrency scams in which threat actors convince potential victims to deposit funds on fraudulent platforms with lures of high-yield, quick-return cryptocurrency investments. Weeks or months after a deposit is made, the victim can no longer withdraw their funds from the fraudulent platforms. The threat actors lock the account and demand advance fees to withdraw the funds. They claim specific upfront costs, such as recovery or commission fees, or fabricate an alibi, such as conducting a money laundering investigation. Over the past several months, the reported overall losses of invested funds and advance fees from these fraudulent investment schemes ranged from several thousand to several hundred thousand dollars. More recently, some reports indicated overall losses in the million-dollar range.

In one campaign, threat actors post a “Millionaire Challenge 2.0” on the Threads platform with a link to their Discord Chat server. As the victim invests funds, the threat actors repeatedly post information about the benefits of the cryptocurrency investments over the broader US stock market. After several deposits, the threat actors further hook their victims by announcing a lottery to apply for allotments of cryptocurrency tokens at the original price. They also introduce token unlocks to unlock profits or funds, which means leaving some funds in the investment or withdrawing all the funds. The threat actors claim that the amount needed to unlock the profits or funds is commensurate with the victim’s tax bracket, around 24 percent.

Once the victim deposits additional money to unlock these funds, the account is locked again and is under review, supposedly due to anti-money laundering security measures. The security department requests a security deposit while investigating the account for any fraudulent activity. Once paid, the threat actors unlock the account and advise that tokens remain at the original subscription price with 100 percent tax exemption. If the victim purchases additional tokens, they still cannot withdraw the total amount. Threat actors also impersonate customer service representatives and claim to quickly finalize the process via WhatsApp by advising the victim to send extra funds from their cold wallet storage as “verification” of their identity. The threat actors lock the account again due to fraudulent or suspicious activity and request additional funds to unlock it.

Threat actors also compromise accounts or create fake profiles on social media platforms and dating apps, posing as friendly connections or potential love interests in romance scams. They gain trust and socially engineer their victims to extort funds through fraudulent cryptocurrency platforms. The threat actors show screenshots of their profits and offer to teach them how to invest and withdraw funds. Once invested, the threat actors also pressure the victim to invest more money. Once the victim tries to withdraw funds, the threat actors claim a violation of the rules because a third party made the deposits; therefore, the penalty is to pay additional funds.

Recommendations

• Do your research when purchasing cryptocurrency and look for reputable sources. Check for reviews and performance history.
• Never invest more than you can afford to lose.
• Avoid clicking links, opening attachments, responding to, or acting on unsolicited communications.
• Independently verify unsolicited offers and do not release personally identifying information, financial details, or funds until you have confirmed the offer’s legitimacy.
• Always refrain from sharing your private key or seed phrase with anyone.
• Keep systems and apps up to date.
• Report these scams and malicious cyber activity to the NJCCIC, the FBI’s IC3, and the FTC.
• If victimized, monitor bank accounts, credit profiles, and other online accounts for irregularities or suspicious behavior. 
• Review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources, including credit freezes and enabling MFA on accounts.
• Review the NJCCIC Cryptocurrency Scams webpage for additional information, recommendations, and resources.