How ERMProtect Traced $1.2 Million in Alleged Crypto Scam

By Collin Connors, ERMProtect IT Security Consultant

Some have equated cryptocurrency to the Wild West - a lawless unregulated land where anything can go. However, this analogy frequently breaks down as soon as someone tries to commit a crime using cryptocurrency. For example, many scammers have turned toward cryptocurrencies since there is no centralized party to stop fraudulent transactions. That is, once a victim sends funds there is no possible way to undo that transaction.

However, these criminals forget that a key idea of cryptocurrencies is that the transactions are public. That is, anyone can see how much was sent to them and where they then moved that money.

How ERMProtect Traces Crypto

ERMProtect recently relied on the public nature of the blockchain to help NBC6 investigators better understand an investment scheme that victimized several South Floridians. For the investigation, our certified crypto investigators used Chainalysis, a powerful crypto tracing tool licensed to ERMProtect.

In this case, the alleged scammer had victims send money to him via the Ethereum blockchain, claiming he was launching a new coin and AI-powered digital platform to do crypto trading. ERMProtect was able to trace roughly $1.2 million in various cryptocurrencies that were sent to him. ERMProtect was then able to identify what the alleged scammer did with the funds after receiving them. It was clear that he was simply taking funds from the victims and quickly cashing the funds out at a foreign exchange.

Victims Never Got Their Money

During the course of the scheme, the alleged scammer would repeatedly tell victims that he was sending them funds via cryptocurrency, however, the victims never received the funds. In this case, the victims could have exploited the public nature of the blockchain. If they had checked the Bitcoin mempool, a public list of transactions that have been proposed to the blockchain, they would have seen that the alleged scammer never even created the transactions.

While cheating people using crypto might at first seem easier for the scammer, it often results in an easier investigation for law enforcement. In crypto, scammers like that there is no central bank to stop fraudulent transactions. However, after the victims report the scheme to law enforcement, it is easy to trace all of the scammer's activity and work to recover the funds.

Unfortunately, recovery of funds can be dependent on where the scammer cashed out his crypto for fiat. Law enforcement can subpoena legitimate exchanges to block transactions and even identify scammers. But if the scammer cashes out at a foreign, offshore, unregulated exchange, recovering victims’ money can be difficult.

Click here to watch the NBC6 / ERMProtect investigation.





Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

Cybersecurity Incident

How to Prepare Your Organization for a Cybersecurity Incident

Preparing for a cybersecurity incident substantially decreases damage and costs and helps get companies back to business as quickly as possible …
cloud computing

Regular Penetration Testing Reduces Risks in the Cloud

Cloud penetration testing is a simulated attack to assess the security of an organization’s cloud-based applications and infrastructure, and it is critical in today’s digital world …
Information Technology (IT) risk assessments

Choosing the Right Risk Assessment Protects Against Cyber Threats

IT risk assessments provide invaluable benefits to the security of your organization. This article outlines key factors to consider …