As the appeal of cryptocurrency has grown, so has the opportunity for scammers to part naive investors from their money. 2019 has been no exception, with cryptocurrency and blockchain forensics company Ciphertrace dubbing it “the year of the exit scam.”

Exit scams are not a new phenomenon, with a 2018 report conducted by Statis Group revealing over 80% of initial coin offerings (ICOs) in that year to have been fraudulent. Here, Cointelegraph explains exit scams and how to spot them, as well as a look at some of the biggest scams that have been discovered by various researchers.

What are exit scams?

The premise of cryptocurrency is simple, a new ICO launches, claiming to offer lucrative returns for investors. Investors can’t believe their luck and clamor to buy in. The business runs for some time on the back of the invested capital, but, sooner or later, disaster strikes and the company shuts down, often with no explanation.

After a while, it becomes obvious that the company is gone for good, along with the invested funds. The poisoned chalice of crypto’s decentralized nature often means that investors are left in the dark when trying to recoup or trace their pilfered funds.

How to spot an exit scam

Many exit scams have tell-tale signs that investors should look out for. The financial content site Investopedia has a handy list of key characteristics.

First, exit scams often have inconsistent or misleading information about the team behind the project. When scouting potential investment opportunities, investors should scour for information on key members of any ICO.

It’s important to remember that online credibility can be faked by purchasing likes, profiles and followers on social media. Celebrity endorsements with verified accounts could also ring alarm bells for investors. A fake Twitter account purporting to be Elon Musk, with a supposedly verified twitter account, raised over $155,000 as part of a 2018 Bitcoin scam.

Investors should verify the credentials of backers, team leaders and promoters of cryptocurrency projects. Although individuals may seem to be legitimate at first glance, brand new social media profiles and few followers or connections should raise eyebrows.

The most significant characteristic unifying exit scams in cryptocurrency is the promise of a huge return on investment (ROI) — chances are that it’s probably too good to be true. Investors should always look through even the smallest details of what they are required to invest and what the company purports to be able to give back to them.

ICOs usually come with a white paper, setting out the design details of the project along with a business plan and other information. Investors should pursue all available information for ICOs, as any vagueness in the white papers should signal a big red flag.

When investing in an ICO, it’s vital to get an understanding of the business model. Investopdia writes that anything powered by concept alone should be a warning to anyone tempted to buy in. Although cryptocurrency projects can and do launch off the back of technological advances, investors should be wary of projects looking to gather millions of dollars before taking a sober look at the project’s ability to return the investment from the published information.

Heavy promotion of an upcoming ICO can also be a sign of an exit scam. Past scams have employed bloggers to promote via numerous forums. Ads both online and in print media could also be suspicious.

$2.9 billion PlusToken scam could be largest exit scam ever

A 2019 report shared with Cointelegraph by the cryptocurrency and blockchain forensics company Ciphertrace dubbed 2019 the year of the exit scam and highlighted the billions of dollars stolen in multiple scams this year alone.

The report shines a light on what, if confirmed, could be the biggest crypto scam ever, with an estimated loss of around $2.9 billion after Chinese police uncovered an alleged Ponzi scheme involving the South Korean wallet provider and exchange PlusToken. Although more is being uncovered about PlusToken, mystery still surrounds the key events.

Ciphertrace reports that the platform has enshrouded several Chinese nationals, the government of Vanuatu, the Chinese police and the company’s co-founders — a South Korean man operating under the alias of “Kim Jung Un” and a Russian known only as “Leo.” The alleged PlusToken scam centers around an app with which the wallet provider claimed investors could invest in PlusToken (PLUS).

According to the report, the firm claimed that the token, based on the Ethereum blockchain, was developed by a major technology company. PlusToken is also said to have falsely stated that it could deliver wallet holders an ROI of between 8% and 16% per month, with a minimum deposit of $500 in crypto assets.

Ciphertrace also reported that no verifiable source of revenue existed other than the proceeds from new membership. Those were onboarded per the traditional method of a Ponzi scheme, which require a constant stream of new investment in order to support its semblance of growth. Investors were incentivized to recommend new users with an invitation, which was the only way to join.

Although this was enough for some members to dismiss the legitimacy of the project outright, Leo, the company’s co-founder, published a press release that claimed he had met with Prince Charles, the future head of the English royal family, providing photos as proof. Ciphertrust reported that it had contacted the Prince Charles Foundation, which confirmed that Leo had indeed attended the event, but would not provide other information about the individual due to European Union General Data Protection Regulation, or GDPR.

PlusToken’s fate was seemingly sealed on June 28, after members of the Chinese police touched down in Vanuatu, detained six people involved with the project and extradited them back to mainland China. Ciphertrace reported that the so-called “PlusToken Six” were either Vanuatu citizens or applying for citizenship at the time of their arrest.

Soon after, PlusToken members found that they were unable to withdraw funds from their accounts. Customers were informed that withdrawals via the app were frozen due to “technical difficulties.” By June 20, the PlusToken app had ceased operations due to purported system maintenance.

For investors, there seems to be no secure lead on the final resting place of the allegedly billions of dollars of stolen funds. The Chinese government has yet to comment. A July 12 post from PlusToken stated that the six Chinese individuals were simply service users and not actually involved with the running of the company itself, stating that users should ignore the rumors and not try to log in until they receive confirmation that the servers are back online.

Pincoin

On April 9, 2018, two ICOs — iFan and Pincoin — operating under the umbrella of company Modern Tech based in Vietnam, went silent after reports outed them as scams that had scalped 32,000 investors out of an alleged $660 million in tokens, according to Tuoi Tre News.

Victims claim that the damages amount to roughly 15 trillion Vietnamese dong ($660 million) in token sales. Angered investors held a demonstration outside Modern Tech’s Ho Chi Minh City headquarters on April 8.

One of the initial characteristics that could have alarmed investors was the fact that Pincoin offered service users bonuses for successfully bringing other people on board. Pincoin did initially pay out cash until January 2018, when the company switched to iFan tokens, TechCrunch reported.

The owner of Modern Tech’s office building said that the company left its offices in March and that no one knew their current whereabouts. The firm left behind only an incomplete website that is now inactive. Modern Tech initially tried to pass itself off as a mere representative of both coins in Vietnam, prior to media reports confirming that seven of its Vietnamese executives were in fact behind the projects.

TechCrunch reported that the ambiguous mission statement from the then-functional site is typical of the vague and jargon-filled copy used by exit scammers:

“The PIN Project is about building an online collaborative consumption platform for global community, base on principles of Sharing Economy, Blockchain Technology, and Crypto Currency”

Financial scam directory Behindmlm released a report in February 2018 that found its buy-in method was typical of an ROI Ponzi scheme. Pincoin’s website is currently down, though iFan’s is still online.

QuadrigaCX — regulators catch on

The death of 30-year old Gerald Cotten shook the crypto world — not only because Cotten was the co-founder and CEO of Canada’s largest cryptocurrency exchange, QuadrigaCX, but also because his control of the passwords and keys to accounts rendered all the assets on the exchange forever inaccessible after his death. Cotten took over $195 million of stolen cryptocurrency with him to the grave.

Related: QuadrigaCX Users Lose $190M as Speculations Over Cotten’s Death Swirl

Commenting on the May 9 Ernst & Young report, Ciphertrace said Cotten had played fast and loose with customer funds for many years in order to support a lavish lifestyle for both himself and his wife. Cotten allegedly exercised complete control over the exchange and used his position to perform “unsupported deposits” — i.e., fabricated transactions not represented by either fiat or cryptocurrency.

Cotten also used significant volumes of customers’ cryptocurrency via transfers from the platform into other exchanges he controlled. As per the EY report, Cotten shifted significant amounts of fiat and cryptocurrency between alias accounts, although less than 1% of these transfers was supported by documentation. Ciphertrace notes that as the admin, Cotten was in a perfect position to hide his fraudulent activities.

In a pattern that may now seem familiar, Cotten used customer funds to pay for QuadrigaCX operating costs after the company suffered liquidity issues due to his reported fraudulent use of user deposits. As QuadrigaCX began to struggle to stay afloat, EY reported that Cotten gambled customer funds in off-platform margin accounts to meet margin calls.

The report also states that Cotten traded unsupported deposits for legitimate funds thereby generating artificial trading markets, abused his position to override Know Your Customer requirements and hoarded all passwords:

“The Monitor understands passwords were held by a single individual, Mr. Cotten and it appears that Quadriga failed to ensure adequate safeguard procedures were in place to transfer passwords and other critical operating data to other Quadriga representatives should a critical event materialize (such as the death of key management personnel).”

As of April 12, EY estimated that Quadriga held around $20.8 million in assets and around $160 million in liabilities. The debts and assets are spread over three subsidiary companies, 0984750 B.C. LTD. (the “Quadriga Estate”), Quadriga Fintech Solutions and Whiteside Capital Corporation. On July 31, the Supreme Court of Nova Scotia approved over $1.6 million in fees for parties seeking remuneration from the exchange, according to court documents seen by Cointelegraph.

CFTC action launched after $147 million BTC scheme

On June 18, 2019, the United States Commodity Futures Trading Commission (CFTC) initiated a civil enforcement action against now-defunct Control-Finance Limited for a scheme involving $147 million worth in Bitcoin.

It is alleged that Control-Finance Ltd. defrauded over 1,000 investors by laundering around 22,858 Bitcoin. In mid-September 2017, its website was abruptly taken offline, payments to clients were suspended and advertising content from social media accounts was deleted.

The firm initially said that it would reimburse customers by late 2017. However, the company allegedly began transferring laundered Bitcoin by using the crypto wallet service CoinPayments. According to Ciphertrace’s Q2 2019 Anti-Money Laundering (AML) report, the CFTC complaint charges the company and its founder Benjamin Reynolds with:

“Exploiting public enthusiasm for crypto assets by fraudulently obtaining and misappropriating at least 22,858.22 Bitcoin from more than 1,000 customers through a classic high-yield investment (HYIP) Ponzi scheme called the Control-Finance Affiliate Program.”

Per the CFTC, the company claimed that investors who buy Bitcoin through the firm would be guaranteed daily profits thanks to their team of expert cryptocurrency traders. The complaint also stated that the firm falsely claimed market volatility would ensure funds invested through Control-Finance would result in profit.

The CFTC also alleged that Control-Finance misleadingly promised that it could earn customers a 1.5% ROI daily and 45% monthly. Control-Finance is also reported to have sent partial amounts of new clients’ BTC deposits to other customers, which were disguised as profit from trading, a tactic typical of Ponzi schemes. The legal action seeking civil monetary penalties and permanent trading bans continues.

Co-owner of Bitmarket found shot dead after alleged exit scam

On July 8, the Poland-based exchange Bitmarket shut down, citing liquidity issues. According to Ciphertrace’s Q2 2019 AML report, the shutdown cost users around 2,300 Bitcoin, approximately $23 million. Users attempting to log on to the site were met with the following message:

“We regret to inform you that due to the loss of liquidity, since 08/07/2019, Bitmarket.pl/net was forced to cease its operations. We will inform you about further steps.”

Ciphertrace reports that Bitmarket had a history of partners pulling out. In 2015, the firm lost payment processors CashBill and BlueMedia after the companies' banks requested they end their working relationship with Bitmarket. PKO Bank Polski, Bitmarket’s own bank, also terminated its relationship with the firm only six months after Bank BPH had done so earlier in 2015.

Bitmarket’s two founders, Marcin Aszkiełowicz and Tobiasz Niemiro, have contradicting accounts about the misplaced user funds. Aszkiełowicz claimed that the exchange had been hacked for 600 BTC in 2015, an incident from which the company was unable to recover.

Niemiro, however, claimed that he was not responsible for activities on the exchange. Niemiro also purported to have been told that the company was purchased with a deficit of 600 BTC, which he allegedly repaid with his own money. Niemiro said he could not confirm that his partners had indeed used the money to purchase the 600 BTC.

Two weeks after the interview, Niemiro was found dead in a forest near his home with a gunshot wound to the head, which the police deemed to be self-inflicted. The District Attorney’s Office stated that it is not looking into the involvement of third parties in Niemiro’s death, but are still actively investigating the misappropriation of funds.

Disclaimer: Information described above is the analysis of existing reports and court documents relating to the platforms mentioned above. Cointelegraph holds no opinion regarding these projects.