Bitcoin’s public narrative is that it represents a dramatic break with the past. Corporate supporters tout digital currency as a disruptive hotbed of innovation, while ideological advocates claim it will usher in a new age of financial freedom. Detractors argue that it is an unprecedented threat to law and order, and will lead to rampant lawlessness and chaos. When it comes to digital currency scams and fraud, however, the real story is best described up with a quote from 2,000 years ago: there is nothing new under the sun.
It is important to acknowledge upfront that the prevalence of fraud in the digital currency community has been remarkably high. This holds true whether you look at the percent of the currency’s monetary base that has been lost or stolen, the percentage of bitcoin transactions that are related to fraudulent activity, or the amount of turmoil these schemes create in digital currency circles. But while Bitcoin users are getting ripped off in large numbers, Bitcoin technology itself offers scammers little to no benefit over cash or PayPal. It is actually the digital currency’s userbase and the ecosystem’s marginalization by mainstream legal and financial institutions that accounts for the prevalence of scams.
Does anonymity facilitate the fraud?
Many observers assume that Bitcoin’s underlying technology is to blame for the high rate of fraud, primarily its supposedly anonymous, untraceable nature. Many early users of Bitcoin, including criminals, also bought into this misunderstanding, often to their detriment. When it comes to traceability, the nature of bitcoin is that it is a fully transparent ledger, with thousands of copies distributed around the world that can be inspected by victims, security researchers, and law enforcement alike. In the early days of bitcoin, sophisticated tools and techniques for making connections between transactions and tracing economic activity had not yet been developed. Forensically examining the Bitcoin ledger is now a hot space for venture-backed technology companies such as Coinalytics, and because all Bitcoin transactions are preserved in perpetuity, the trail of fraudsters never goes cold.
Bitcoin is also not anonymous. It is true that users of a digital currency network do not provide their name or other identifying information to the network itself, but these disclosures are usually necessary in order to purchase goods and services or trade digital currency for fiat currency. Because multiple transactions by an entity can be linked together through examination of a digital currency’s public ledger, fraud victims or law enforcement can often follow a thread to trace back a transaction with a known individual and trace their other transactions. In order to remain safely anonymous, a user must convert the totality of their ill-gotten gains into goods, services, or another currency without letting anyone know their identity. This is not just conjecture; digital currency ledger forensics are increasingly used in court. “In the Silk Road trial, Bitcoin is a cop’s best friend,” tech publication The Verge trumpeted. Bitcoin forensics carried out by IRS agent Tigran Gambaryan were also key in the indictment against former DEA agent Carl Force, accused of money laundering and wire fraud connected to his investigation of the Silk Road.
Beyond blockchain forensics, the percentage of digital currency operations who practice Know Your Customer (KYC) and comply with investigations is increasing, making it very difficult to cash out anonymously. It was a report to authorities from UK-based digital currency exchange Bitstamp that helped launch the government’s investigation into Carl Force.
Is the technology, itself, the problem?
If Bitcoin technology no longer makes it easier for fraudsters and scammers to get away with their stolen money, does it somehow facilitate the scams themselves? Researchers from Southern Methodist University released the first academic paper monitoring bitcoin scams, where theyidentified four categories of Bitcoin-related scams: “high-yield investment programs, mining investment scams, scam wallet services and scam exchanges”. These categories can be further condensed into fraudulent investments and custodial misconduct, in which a service provider absconds with funds they have agreed to keep safe. In both cases, the scam is perpetrated by convincing the victims to entrust the scammer with their funds, who then does not use the funds for their intended purposes.
Does anything about Bitcoin’s technology or computer code affect the ability of predators to mislead members of the public, or prevent end users from making good decisions about where to store or invest their funds? By and large the answer is no, although the complexity of Bitcoin can be an asset for scammers. Victims without both technological and business expertise are often unable to assess whether a digital currency product on offer is technically feasible or whether a company seeking their investment has a realistic plan to profit by addressing a genuine market need. These same factors apply to other crowdfunding “opportunities,” however, and are not amplified in any way by digital currency technology.
As noted Bitcoin expert Andreas Antonopoulos points out, “humans have used physical security controls for thousands of years. By comparison, our experience with digital security is less than 50 years old.” Lacking the technical ability to keep their own digital currency funds safe, many people have entrusted their holdings to a wallet or exchange site for safekeeping. Without established best practices, industry self-regulation, government licensing, or an effective reputation system, end-users have been on their own to identify trustworthy custodial institutions, and their track record has extremely poor. The vast majority of these companies have historically lost at least some of their users’ funds, either through incompetence or outright theft.
Fortunately digital currency security is a rapidly evolving field. There has been significant progress at a technical level, most notably the rise of multi-signature schemes, which split control over funds between multiple devices and/or entities. New enterprise security providers like BitGo help custodial institutions thwart outside hackers and insider fraud alike, while end-users can now store their own funds on specially-designed hardware devices such as the Trezor or Case.
Fundamentally, custodians running off with funds is nothing new. While innovation may lessen the need for custodians and help well-meaning custodians serve their customers without mishap, no technology can stop the naive from handing their money to a crook. Some combination of education, best practices, reputation, and/or certification will be required if the goal is to prevent custodial misconduct.
Yields Too Good to be True!
High Yield Investment Products (HYIP’s) are a form of ponzi scheme which promise impossibly high rates of return and build their operation by paying back early investors with funds from later investors. This age-old scam, perfected by Bernie Madoff, has now moved online; former nursing-home magician Paul Burks is alleged to have taken in over $850m running Zeek Rewards, the largest online HYIP to date, which was shut down by the SEC in 2012.
The Bitcoin community has seen its fair share of ponzi activity. The SEC filed charges in 2013 against Trendon Shavers, operator of “Bitcoin Savings and Trust,” which allegedly took in $4.5m before collapsing when it could no longer pay investors the 7% weekly interest they had been promised. The largest digital currency-related ponzi, Hong Kong-based MyCoin, took in $8.1m from investors who do not appear to have known much, if anything, about digital currency. Incredibly, many were willing to “invest” money with a website called Ponzi.io, which offered early investors the chance to “get rich off the world’s first open Ponzi scheme!”
Another common form of investment scam involves companies conducting unregistered securities offerings in which they offer strangers online the opportunity to invest in their company and receive a share of future profits. As these offerings grew more popular, digital currency stock markets such as Havelock emerged to facilitate this process. While some of these companies returned profits to their investors, such as gambling site Satoshi Dice, many more simply ran with the money. Neo & Bee went so far as to open physical locations in Cyprus before it emerged that funds were gone and the founder fled the country. These schemes, however, have absolutely nothing to do with Bitcoin technology itself.
A final category of too-good-to-be-true involves digital currency mining companies who claim to rent time on their mining equipment to members of the public. In essence, consumers rent time on a money printing machine they cannot verify exists. As Bitcoin core developer Gavin Andresen correctly predicted, such arrangements “make no sense. I suspect many of them will turn out to be Ponzi schemes.” In fact, the prevalence of these schemes has decreased dramatically over the past year, although mostly due to changes in the economics of mining as a result of the drop in Bitcoin’s price.
In the wake of Bitcoin’s success, hundreds of other digital currencies have been created, often referred to as altcoins. Most of these are simply Bitcoin with a few variables tweaked; the main innovation behind 42coin, for instance, was that it has a maximum of 42 coins as opposed to Bitcoin’s 21 million. Others promise more substantive changes such as faster transaction processing, increased privacy, or an alternative way of allocating decision-making power within the network.
While some coin creators work hard to produce something truly useful, many others turn to deception in search of quick profit. Beyond simply exaggerating the technical capabilities or innovativeness of a coin, altcoin creators have:
- Secretly mined coins for themselves before releasing the coin to the general public
- Released mining software that purposely mines slowly, presumably so the creators can mine more successfully with non-crippled software
- Participated and facilitated in pump-and-dump market manipulation, sometimes abandoning all work on the coin within days or weeks of launch
- Promised to deliver physical goods to early investors and then failed to deliver
- Released mining and/or wallet software that contains malware designed to steal digital currency
- Lied about partnerships with major companies such as Amazon
The complexity of Bitcoin does make it easier for fraudsters to make misleading statements about the technical capabilities of their coin and manipulate the code to benefit themselves in ways that are difficult to detect, but otherwise these behaviors are not significantly different from any other form of investment or consumer fraud.
If not tech, then what?
If digital currency technology is not responsible for the pervasiveness of fraud in the ecosystem, then what is? There are 7 major cultural and historical factors that account for it:
- The lack of clarity and widespread confusion about the legal and regulatory status of Bitcoin from 2009-2013. Many criminals and victims alike believed that because Bitcoin was not “recognized by the government” it was not a crime to steal it or otherwise obtain it dishonestly. Furthermore, there was a widespread perception that law enforcement was not capable of finding and arresting the perpetrators of crimes related to digital currencies. After a string of high profile legal cases involving Bitcoin, these views have changed.
- In the absence of governmental licensing, extensive track records, and effective and independent press organizations, digital currency participants have had to rely exclusively on their own judgement to evaluate investment opportunities and custodial services. Especially in the early days of Bitcoin, they consistently handed their money to bad actors and the incompetent; this pattern may have concluded with the professionalization of the space
- The marginalization of digital currency businesses by mainstream financial institutions and an unclear regulatory environment has made it very unattractive for experienced and honest entrepreneurs to start companies in the space. As a result, even the honest business operators in the space have tended to be amateurish, secretive, and isolated from relationships with trusted institutions that would carry out some of the vetting functions users rely on. Behaviors that would set off drastic red flags in any other industry, such as the use of pseudonyms by a business operator, dishonesty about the physical and jurisdictional location of the business, and inability to work with any established businesses or financial institutions, have been par for the course in the digital currency world. The environment is improving, but as companies like Coinbase and Circle implement more onerous KYC requirements and cancel orders, it pushes more users towards grey and black market companies.
- Historically, the Bitcoin userbase has been extraordinarily risk-tolerant, even risk-seeking. Many discovered bitcoin because they were interested in gambling online, or were willing to risk jail time to order narcotics over the internet. They also made ridiculous profits simply by holding bitcoin. This has two effects; they’re more willing to take a risk with “free money,” and they often have an inflated sense of their own sophistication as investors. Some are simply willing to invest money in 10 companies knowing that 5 of them may be scams, and look at fraud and thefts as the cost of doing business. This is changing as the userbase who bought in during the 2013 price run-up comes to balance out the early adopters of 2009-2012.
- Much of the fraud involves operations that are not legal to begin with. Therefore users expect dishonesty and chaos, making it hard to differentiate between grey market operators and scammers. This may also make users reluctant to cooperate with law enforcement when victimized.
- The ecosystem has historically preserved anonymity and avoided blacklists, making it easier to get away with stolen funds. This is changing as exchanges begin to refuse funds funds and even turn people in. However, as companies like Coinbase and Circle block users sending funds to undesirable destinations such as gambling sites, and the community comes to believe these companies are cooperating more closely with the FBI and other agencies than they are comfortable with, people may move their business back towards grey areas.
- Finally, the incredible spike in price of 2013 attracted bad actors, created a pervasive sense of urgency that paves the way for risky, impulsive decisions, and made many overconfident.
The picture that emerges is not that of a new technology incapable of delivering security and consumer protection, but rather of a young ecosystem moving from its rebellious roots towards a closer alignment with the traditional financial industry. If and when the transition will be completed remains an open question.
Ben Doernberg studies the social and political impact of information technologies in the United States.