Australia's financial regulator, ASIC, has taken down more than 600 crypto scams in the past year. Despite this, scams are still running rampant in the crypto space, which was made very clear after the hacking of Ava Labs COO's X account to promote a fraudulent meme coin, and the rise of new malware like Styx Stealer. Meanwhile, Indian crypto exchange WazirX has restored investor balances after its July hack, but is still facing a lot of criticism for the continued suspension of fund withdrawals.
ASIC Takes Down Over 600 Crypto Scams
Australia's financial markets regulator, the Australian Securities and Investments Commission (ASIC), reported that it removed more than 600 crypto scams in the past year. In an Aug. 19 statement, ASIC revealed that since July of 2023, it has taken down more than 5,530 fake investment platforms, 1,065 phishing links, and 615 crypto investment scams.
ASIC Deputy Chair Sarah Court specifically pointed out the growing threat posed by artificial intelligence (AI) and deepfake technology, which have made it very difficult for the average consumer to detect fraudulent schemes. According to Court, the scams landscape is being driven by innovative technology. While this tech can be beneficial in many areas, it also provides new opportunities for scammers.
ASIC takedowns by month (Source: ASIC)
On average, 20 investment scam websites are removed daily. Unfortunately, these scams lead to huge financial losses in Australia. In fact, Australians lost $1.3 billion to these scams in 2023 alone. Fake celebrity endorsements, especially those involving well known people like Chris Hemsworth and Elon Musk, are very often used to lure consumers into low-cost, high-return investment schemes that are ultimately fraudulent.
Elon Musk’s likeness and voice have become very popular among AI-driven crypto scammers. In June, more than 35 YouTube channels live-streamed an AI-generated voice of Musk, promising to double the crypto deposits made by viewers. A similar scam was reported in July by Bitcoin consulting firm, The Bitcoin Way. ASIC has also flagged Dexa Trade Markets, a suspicious crypto investment firm that falsely claimed to be internationally regulated and highly successful, but lacks the necessary licenses to operate in Australia.
While AI is being exploited by scammers, some believe it could also be a tool to fight against fraud. Ben Goertzel, the CEO of SingularityNET, suggested in January that AI could help prevent crypto scams by generating customized summaries of crypto entities’ reputations by using data from various sources to alert consumers to potential red flags. However, he still acknowledged that AI alone may not be able to eliminate all scams.
Fake crypto ads have also recently been under scrutiny. The Australian Competition and Consumer Commission (ACCC) claimed that over half of crypto ads on Facebook are scams or violate Meta’s policies, but Meta disputed these findings.
Ava Labs COO’s X Account Hacked
Despite so many crypto investment schemes being removed, scammers are not showing any signs of stopping. It is suspected that the X account of Ava Labs COO, Luigi D’Onorio DeMeo, is hacked after it posted about a newly launched Pokémon-themed meme coin and suspicious airdrop links.
On Aug. 19, two now-deleted posts from DeMeo's account promoted a Solana-based meme coin called Pika (PIKA), which was modeled after Pikachu, in what seems to be a pump-and-dump scheme. The posts urged users to invest in the token, but very quickly drew warnings from the crypto community on X that advised users not to click on the links.
Screenshot of DeMeo's post (Source: X)
One post from DeMeo's account claimed that he was creating the PIKA token on Solana, despite his usual focus on Avalanche. This statement, along with the suspicious links, raised a lot of concerns about the account's security. The PIKA token briefly reached a market cap of $388,570 after the posts but soon plummeted by over 99%, according to DEX Screener.
The hacked account also shared links to fraudulent websites mimicking Ava Labs' design, and falsely claimed that the company was giving away Avalanche (AVAX) tokens. These sites very likely hosted wallet-draining software that is designed to steal users' crypto assets. Comments on DeMeo's posts were disabled to prevent users from warning others about the scam.
This latest attack came after a similar pattern to other recent hacks, including one in July where the X account of actress Sydney Sweeney was compromised to promote a crypto token using her likeness.
New Malware Sold Online for Crypto Payments
A new malware named Styx Stealer has been uncovered by Check Point Research. It can steal various types of sensitive information, including cryptocurrency, through a method that is known as clipping.
The malware is available for rent on the developer's website, which makes it very accessible to a wide range of bad actors. Fortunately, Windows users with an up-to-date operating system are protected, as Styx Stealer relies on a vulnerability in Microsoft Windows Defender that was patched last year.
Styx Stealer is an evolution of the older Phemedrone Stealer, but it still retains some of its predecessor's functions like stealing saved passwords, cookies, auto-fill data, crypto wallet information, and instant messenger sessions. However, it has been upgraded with new detection evasion techniques and a crypto clipper function. This clipping function allows the malware to replace a crypto recipient's wallet address with the attacker’s during a transaction, effectively redirecting funds.
The malware was launched in April and can be licensed for $75 per month or $350 for a lifetime license. These details were available on the website styxcrypter.com until they were removed on Aug. 16. Payments for the malware were accepted through Telegram, using Bitcoin (BTC), Litecoin (LTC), Tron (TRX), Tether (USDT), or Monero (XMR), and explanatory videos were once available on YouTube.
Styx Stealer pricing (Source: Check Point Research)
Check Point Research identified eight wallets, likely belonging to the Turkey-based developer, that received close to $9,500 in cryptocurrency payments during the first two months of Styx Stealer's operation.
WazirX Restores Balances After Hack
Some hack victims are luckier than others. Almost a month after a major hack resulted in the loss of $234 million from WazirX’s Safe Multisig wallet, the Indian crypto exchange has restored investor balances. However, users are still frustrated as there is still no clarity on when they will be able to withdraw their funds.
In an update on Aug. 16, WazirX stated that they are working on solutions for Indian Rupee (INR) balances and crypto balances, both of which require legal analysis and confirmation from partners.
WazirX announced the completion of its scheduled maintenance, which started on the same day. This maintenance is taking place after the suspension of all platform operations after the hack on July 18. The exchange confirmed that all trades made after the withdrawal stoppage at 1 pm IST on the day the hack had been reversed, and users can now see their funds in their accounts after a month of uncertainty.
Despite this progress, the lack of a clear timeline for fund withdrawals has not satisfied angry investors who are demanding immediate access to their funds. The situation was also aggravated after WazirX’s initial proposal of a 55/45 socialistic loss-sharing model, which faced very strong opposition.
The hack targeted one of WazirX’s multisignature wallets that contained over 45% of investor funds. This left the exchange with the challenge of returning all funds with only 55% remaining.
Unfortunately, the lack of transparency and the fact that people cannot withdraw funds have caused serious dissatisfaction among users. Many have even taken to social media to share their frustration.
