Case Study: Most of the victims of cryptocurrency scams come from these four countries. There are three common ways.

Harry Denley, security director at MyCrypto, said Indonesia, Nigeria, the United States and Vietnam are the countries with the most victims of cryptocurrency scams.

Denley from Southampton, London, began tracking the cryptocurrency scam through the URL in June 2018. This URL will direct the victim to the fraudulent website to defraud their cryptocurrency.


He analyzed potential victims through 118,302 hits and monitored him for identifying fraudulent websites. He said that it is generally the people who are deceived or other security researchers he knows tell him about the scam.

During the course of the study, he tracked a total of 266 ETHs (worth $45,554), but found that many wallet addresses were used at once, and that these funds introduced funds into addresses with larger holdings. Some of these addresses hold more than $100,000 in cryptocurrency. In fact, 34% of the stolen funds analyzed went to an address of about $150,000.

By analyzing network data, Denley found that 14% of victims are in Nigeria; 11% in Indonesia; 9% in the US and 8% in Vietnam.

Denley found that the best way to spoof cryptocurrency holders is the regular trust transaction scam. He wrote in the report:

“Tell them that they will get some tokens through airdrops, which are often advertised as valuable and require them to provide relevant information.”

The most commonly used scam tools are emails, text messages, and direct clicks on the web, so 36% of victims are cheated. 35% of people are caught in the airdrop scam, this scam requires KYC to be made before the empty coin is obtained. In this way, criminals collect identifiable information about the target and attempt to send them to the corresponding Ethereum wallet. In addition, Twitter scams accounted for 4%.

However, Denley admits that his research has some limitations. Google Trends data shows that people's interest in blockchain does not match the analysis data. Denley believes this may indicate that the link is directly to the individual, or that people click on the link to redirect traffic to the most popular fraudulent websites using VPN.

In addition, fraudsters and new types of fraud are always emerging, so Denley's data set is only a small part of the real problem. He said:

“Although we get a lot of very useful information from the ecology, we also track them through various popular channels (eg Twitter, Google ads, forums…), but we can't collect all the information.”

Whether the exchange is responsible for preventing fraudsters from using their services—at least those who have already posted on the public blacklist—is a tricky issue, Denley said.

“Exchanges are private entities that make a profit through trading – they are not security products in nature.”

In addition, the definition of blacklists may be biased, especially because some "public blacklists… may attack people they don't like, and random addresses will be listed without conclusive evidence that they are involved in doing evil. Blacklist," Denley added.

Denley also mentioned:

"From my experience with address and domain name blacklists, there will always be a small number of people who advise you not to be like 'police like' or 'school supervisors' because they are 'adults, you can Decide how to dispose of your own money.'"

Private companies are not good at solving complex ethical issues. But that doesn't mean there is no solution on the market: Denley recommends buying a hardware wallet, such as Ledger or Trezor, "so your private key can be stored offline in the device."