20 of the Biggest Cryptocurrency Scams of the Past Year

Wormhole Portal is a decentralized finance, or DeFi, cryptocurrency platform that allows users to move digital coins from one blockchain to the next. Exploiting the bridge that allows tokens to move from the solana to the ethereum blockchain, the attacker stole more than $323 million in cryptocurrency. However, Wormhole announced the next day that all funds had been restored when digital assets firm Jump Crypto replaced the equivalent amount of tokens, essentially bailing out Wormhole Portal.

What is interesting in the Wormhole hack is that the attacker had been able “to ‘mint’ 120,000 ETH out of thin air,” blockchain analysis firm Elliptic explained. Specifically, the attacker was able to mint wrapped ethereum, wETH, which is the tradable version of ethereum currency, so the attacker could convert the wETH to real ETH. The attack was also interesting because it affected the price of the solana currency.

What do you do if you want to drive up the price of art you own? Well, one owner came up with a plan – buying the art for themselves at an inflated price. Well, up until CryptoPunk, the most expensive NFT evers sold was “Beeple’s Everydays — a collage of digital art that sold at Christie’s auction for $69 million,” according to Cnet. So when CryptoPunk sold for $532 million (or 124,457 ethereum) in October, everybody paid attention.

CryptoPunk is part of a set of 10,000 NFTs that are some of the first to ever be created and usually sell for between $350,000 and $500,000, though some fetch millions. By creating several digital wallets, the owner transferred the NFT to another wallet. Then, creating a third wallet, the owner bought the NFT for $532 million using a flash loan contract and immediately transferred it back to the original wallet. Though initially raising eyebrows, the racket was immediately discovered.

Cryptocurrency platform Poly Network said in early August 2021 it was hacked, with the attacker stealing more than $600 million worth of crypto-tokens. In a bizarre twist, however, the company said the hacker began returning the tokens the following day and then announced on Aug. 23 the hacker returned almost all of the funds. The hacker/s claimed they did the attack to expose a flaw in Poly Network’s digital contracts, though some skeptics believe the hackers found it hard to launder that much money.

Poly Network is a decentralized finance platform, or DeFi, a term for financial applications based on blockchain technology that allows people to transact across blockchains or complete other transactions without relying on intermediaries, such as brokerages and exchanges. The attacker managed to exploit a vulnerability in Poly Network’s code, which allowed them to transfer crypto-tokens to their own crypto wallets, therefore stealing the funds.

They call themselves the Lazarus Group, a hacking group believed to be controlled by North Korea’s primary intelligence bureau. The U.S. has linked the group to a massive cryptocurrency heist worth $615 million from players of the popular online NFT game Axie Infinity, conducted via an attack on Ronin Network last month.

“Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29,” the FBI said in a statement. And the Treasury Department’s Office of Foreign Assets Control announced new sanctions against an ethereum wallet belonging to Lazarus.

The Lazarus Group is reportedly behind hacks worth $400 million in digital assets in at least seven attacks on cryptocurrency platforms in 2021, according to blockchain analysis company Chainalysis. North Korea is likely attempting to use crypto to evade U.S. sanctions.

In what is possibly the biggest cryptocurrency scam to date, brothers Raees Cajee, 21, and Ameer, 18, may have swindled investors out of $3.6 billion. The two have launched Africrypt in 2019, setting it up as a fund that invested in cryptocurrency and blockchain technology. In April, 2021, however, Africyrpt said its systems were hacked and tokens were stolen.

While investors claim $3.6 billion were stolen, the brothers told The Wall Street Journal that at the height of the fund they were managing $200 million and insist no more than $5 million are missing. The brothers have since fled South Africa and their whereabouts is unknown. They deny any involvement in a heist and claim they are hiding from organized crime. Their disappearance came as bitcoin’s value hit a record high last April.

In yet another twist, a mystery investor has offered to bail out the company on the condition that all charges against the Cajee brothers would be dropped. Many investors have accepted the terms of the payout, though some are still pushing for the brothers to be charged, according to different reports.