Crypto scammers are starting to use fake apps and malicious smart contracts to lure ‘liquidity mining’ investors to their doom.

Scammers are taking advantage of the hype about cryptocurrency trading and the vast sums of digital wealth users have made (and lost) in crypto markets to lure in and swindle would-be investors. 

The complexity of cryptocurrency speculation and decentralized finance (DeFi) create the ideal environment for criminals to easily camouflage and carry out their malicious intentions.

And when it comes to targeting their victims, scammers are not shy: they proactively spam recipients via social networking platforms and innocuously chat about liquidity mining to put targets at ease. From there, scammers escalate the swindle.  

A screenshot of an initial-stage approach from a scammer luring-in a target.

Liquidity mining explained

Legitimate liquidity mining makes it possible for DeFi networks to automatically process trades using digital currency such as Ethereum, the preferred cryptocurrency for liquidity mining.

Since there is no centralized pool of cryptocurrency for crypto exchanges to pull from in order to complete trades, crowdsourcing is needed to provide the pool of cryptocurrency capital required to complete a trade—a liquidity pool.
To create the liquidity pool—which handles transactions between a single pair of cryptocurrencies such as Ethereum and Tether, investors are expected to commit equal values of both cryptocurrencies to the pool. In exchange for lending that cryptocurrency to the pool, investors get a reward based on a percentage of the trading fees associated with the DeFi protocol.

Additionally, investors receive liquidity pool tokens—a representation of their share of the pool. These tokens can be ‘staked’ or linked back to the exchange, further committing the original contribution, and earning investors dividends in the form of another cryptocurrency associated with the DeFi project. The value of these reward tokens can vary widely.

No, you cannot pull out anytime

The mechanics of liquidity mining in its legitimate form provide the perfect cover for old fashioned swindles re-minted for the cryptocurrency age, according to Sean Gallagher, Senior Threat Researcher, Sophos, which announced the fraud trend.

“Criminal liquidity mining schemes, like traditional Ponzi schemes, give targets the illusion that they can pull their money out at any time; even allowing them to make withdrawals early on. But scammers will continuously urge targets to keep investing and to ‘invest big’ by obscuring what is really happening with fake applications, phony profit reports and the promise of lucrative pay outs. In reality, scammers have gained control of their targets’ cryptocurrency wallets and are withdrawing currency whenever they want. Gradually, scammers empty the wallets, all while continuing to assure targets that everything is fine, and finally cut off communications,” Gallagher explained.

Furthermore, there are no regulations beyond the ‘smart contract’ code embedded in the DeFi network’s blockchain—code that many people cannot easily interpret even when it is publicly published.

There is also a shortage of reliable information for new investors on how these networks work. Despite these risks, liquidity mining is the latest cryptocurrency investment craze, but because of these factors it is also the perfect platform for scammers to leverage, Gallagher added: “Unfortunately, we expect liquidity mining crypto crime to continue—it has not peaked. Hundreds of millions of dollars are at stake.”