Skip to main content
  • Systematic Review
  • Open access
  • Published:

Cryptocurrencies and future financial crime

Abstract

Background

Cryptocurrency fraud has become a growing global concern, with various governments reporting an increase in the frequency of and losses from cryptocurrency scams. Despite increasing fraudulent activity involving cryptocurrencies, research on the potential of cryptocurrencies for fraud has not been examined in a systematic study. This review examines the current state of knowledge about what kinds of cryptocurrency fraud currently exist, or are expected to exist in the future, and provides comprehensive definitions of the frauds identified.

Methods

The study involved a scoping review of academic research and grey literature on cryptocurrency fraud and a 1.5-day expert consensus exercise. The review followed the PRISMA-ScR protocol, with eligibility criteria based on language, publication type, relevance to cryptocurrency fraud, and evidence provided. Researchers screened 391 academic records, 106 of which went on to the eligibility phase, and 63 of which were ultimately analysed. We screened 394 grey literature sources, 128 of which passed on to the eligibility phase, and 53 of which were included in our review. The expert consensus exercise was attended by high-profile participants from the private sector, government, and academia. It involved problem planning and analysis activities and discussion about the future of cryptocurrency crime.

Results

The academic literature identified 29 different types of cryptocurrency fraud; the grey literature discussed 32 types, 14 of which were not identified in the academic literature (i.e., 47 unique types in total). Ponzi schemes and (synonymous) high yield investment programmes were most discussed across all literature. Participants in the expert consensus exercise ranked pump-and-dump schemes and ransomware as the most profitable and feasible threats, though pump-and-dumps were, notably, perceived as the least harmful type of fraud.

Conclusions

The findings of this scoping review suggest cryptocurrency fraud research is rapidly developing in volume and breadth, though we remain at an early stage of thinking about future problems and scenarios involving cryptocurrencies. The findings of this work emphasise the need for better collaboration across sectors and consensus on definitions surrounding cryptocurrency fraud to address the problems identified.

Background

Cryptocurrency fraud has become a growing concern worldwide. Between 2017 and 2018, the Australian Competition and Consumer Commission (2019) registered a 190% increase in losses for victims of scams involving cryptocurrencies. In 2019, the United Kingdom Financial Conduct Authority issued a warning to the public after cryptocurrency scam reports tripled (Financial Conduct Authority, 2019). This trajectory of criminals defrauding individuals who have purchased or transacted using cryptocurrencies (cryptocurrency ‘users’) suggests the cryptocurrency space offers yet unexploited opportunities for crime.

The rapid surge in defrauded cryptocurrency users appears to have outpaced corresponding research efforts. Yli-Huumo, et al. (2016) conducted a literature review to identify key blockchain research areas. Fourteen out of 41 reviewed papers addressed Bitcoin blockchain security challenges. However, only one publication examined fraud associated with blockchain ecosystems (Vasek & Moore, 2015). This points to a lack of research investigating deception and misrepresentation for financial gain as a challenge for cryptocurrencies, and the forms of fraud that might occur. The aim of this paper is to understand which types of cryptocurrency fraud have thus far been identified, which types might develop in the future, and how these threats are perceived by researchers and other stakeholders. To this end, we present findings from two complementary studies: a scoping review of the state of published knowledge relating to cryptocurrency fraud, and an expert consensus exercise involving participants from various stakeholder organisations.

A primer on cryptocurrencies

In this section, we provide a brief overview of the key principles of cryptocurrencies—with a focus on Bitcoin in particular—to provide context for the discussion of fraudulent exploitation that follows. While this outline is high-level, the interested reader is referred to both the original Bitcoin whitepaper (Nakamoto, 2008) or the textbook by Narayanan et al. (2016) for further details.

In 2008, an individual or group under the pseudonym Satoshi Nakamoto published a whitepaper entitled, ‘Bitcoin: A Peer-to-Peer Electronic Cash System’ (Nakamoto, 2008). This paper discussed a system through which parties could transact directly, without intermediary financial institutions. Bitcoin would rely on cryptography rather than central banks, law enforcement, and anti-counterfeiting measures to ensure security (Narayanan et al., 2016). Bitcoin’s market capitalisation has grown significantly since its implementation in 2009, and currently stands at $668 billion (CoinMarketCap, 2021). Bitcoin’s creation has sparked thousands of other cryptocurrencies which share similar tenets and technology; the total cryptocurrency market capitalisation is $1.6 trillion (CoinMarketCap, 2021).

Bitcoin and other cryptocurrencies share three common principles: decentralisation, pseudo-anonymity, and transparency. They are decentralised in that, rather than being governed by any single institution, they are administered via a peer-to-peer network, the majority of which must agree on which transactions and branch of a distributed digital ledger (the ‘blockchain’) are valid. They are pseudo-anonymous because, instead of usernames or account numbers, Bitcoin uses hashes of public keys to identify users, forming a system of ‘decentralised identity management’ decoupled from real-world identities. Cryptocurrencies are considered only pseudo-anonymous (rather than fully anonymous) due to the transparent nature of their transactions, despite not being explicitly connected with particular individuals and companies (Meiklejohn et al., 2016). Transparency results from the fact that all transactions that have ever occurred are recorded on the publicly available blockchain.

When someone creates a transaction, it is broadcast to all the peers in the network. To create a transaction, the user must have a pair of alphanumeric digital keys, comprising a public key (the hash of which identifies the user, and is analogous to an account address) and a private key (analogous to a PIN). Participants use their keys for digital signatures, to prove that they own the Bitcoin they are sending, and to specify the new owner.

The ‘miners’, a specialised subset of peers, collect contemporaneous transactions into a ‘block’ (one element of the ‘blockchain’). They compete to find a correct answer to a computationally hard puzzle—finding an input to a hash function which produces a particular output. Once one of the miners, after attempting many random inputs, finds a correct one, they broadcast the block to the network. This is referred to as Proof of Work (‘PoW’) because the nature of the puzzle means that, to find the correct input, the miner must have expended significant computational resources.Footnote 1

Miners are rewarded for their work—at the time of writing, the reward for finding a correct block is 6.25 Bitcoin (Conway, 2021). These 6.25 Bitcoin are created and enter circulation once the miner finds a block, through what is called a ‘coinbase’ transaction (until the maximum amount of Bitcoin, as specified in Nakamoto’s paper—21 million—are minted). The reward is halved approximately every 4 years.

After a candidate block has been broadcast, a consensus process begins to establish whether the block is valid and should be added to the main ledger. Other miners perform a computational test on the transactions within the block and the PoW from the original miner: if this test gives the correct output, the block is considered valid.

They then add the next blocks to whichever chain they think is the correct one. At any given time, there may be multiple branches of the blockchain, but generally the longest one is the most valid. Importantly, participants can only add blocks to the blockchain and are unable to change previous blocks. Once a transaction is executed, it is irreversible. This consensus mechanism prevents what is known as ‘double-spending’, whereby a user could attempt to spend the same Bitcoin again. Consensus on the most valid chain requires agreement of at least 51% of miners and is usually achieved after about six blocks (Narayanan et al., 2016). An attack in which a miner or group of miners attempts to manipulate this by controlling 51% of the hashing power—requiring tremendous computational resources—is referred to as a ‘51% attack’.

There are a variety of ways users can store their cryptocurrencies, which effectively means storing their private key. Storage can be either ‘hot’ (online) or ‘cold’ (offline). Offline storage may involve a physical wallet locked in a safe or a key stored locally in a file on one’s computer. Though cold storage is generally safer, if one loses his/her private key or it is stolen, the coins are lost forever. Online wallets are often hosted through custodial wallet provider services, which manage users’ private keys; in exchange, the user sacrifices some anonymity, security, and control. Cryptocurrency exchanges are another type of online service and enable users to convert between fiat currencies backed by governments and cryptocurrencies and among different cryptocurrencies. Many offer custodial online wallets.

While Bitcoin was the first cryptocurrency, and is the prototypical example of the concept, a range of alternative coins and services have subsequently been created for cryptocurrency users who desire more anonymity. For example, Monero obscures wallet addresses and transactions (Keller et al., 2021). Individuals may also use ‘mixers’ or ‘tumblers’ to further obfuscate the origin of their funds. (Möser et al., 2013).

Another particularly prominent project in the field is Ethereum, which is a distributed virtual machine. Ethereum accounts enable smart contracts, which are computer programmes that automatically execute contracts, in the form of if-else statements (e.g., if a product is received, then release the funds) (Narayanan et al., 2016). The smart contract code is publicly visible on the blockchain and immutable. Smart contracts allow parties to enter contracts without needing to trust one another, or a third party, for execution. Rather, the parties can be confident that the contract will be carried out as agreed, so long as they trust its code (Bartoletti et al., 2020).

Research approach

To determine the state of knowledge on which types of cryptocurrency fraud currently exist or will exist in the future, as well as the defining characteristics of these frauds, we conducted a scoping study in three steps. The first was a scoping review of published academic research on cryptocurrency fraud. This was followed by a 1.5-day in-person consensus exercise to elicit expert opinion on current and future threats, and to identify priorities for future work. The final step involved an updated search of the academic literature and a review of the grey literature.

Scoping review

Scoping reviews are a replicable method of knowledge synthesis when it is unclear what has been already published on a given topic (Arksey & O’Malley, 2005; Levac et al., 2010; Munn et al., 2018; Paré et al., 2015; Peters et al., 2015; Peterson et al., 2017; Pham et al., 2014). The objective of this scoping review was to describe current research into cryptocurrency fraud. For the purpose of this review, we consider a cryptocurrency to be any electronic payment system which uses cryptography to secure peer-to-peer transactions (Nakamoto, 2008). Moreover, we define fraud as misrepresentation to gain some (financial) advantage (Law & Martin, 2009).

Methods

Protocol

This review followed the Preferred Reporting Items for Systematic reviews and Meta-Analyses extension for Scoping Reviews (PRISMA-ScR) protocol (Moher et al., 2009).

Eligibility criteria

To be considered for this scoping review, published studies had to meet various eligibility criteria. First, we limited our review to publications written in English as we relied entirely on our reviewers’ language skills. The academic literature portion of the scoping review exclusively focused on academic articles such as peer-reviewed journals and conference papers due to the study’s aim of mapping out current research activities. The grey literature review included reports, publications, and alerts. By implication, the review excludes publications such as blog posts, op-eds, presentations, newsletters, marketing materials, correspondence, and magazine or newspaper articles.

Second, studies eligible for this review had to address cryptocurrency fraud in some form. As a minimum, a publication had to discuss at least one scam type related to cryptocurrencies. However, it was not necessary to dedicate an entire publication to this topic. Additionally, publications from the grey literature needed to be authored by a governmental organisation or a private sector company—publications from non-governmental or religious organisations were excluded.

Finally, statements about frauds exploiting cryptocurrency environments had to be based on empirical evidence. Studies had to report at least anecdotal evidence of the scams. If a study did not meet one of the eligibility criteria, we excluded it.

The review used Google Scholar (GS) to identify academic studies for review and Google’s Search Engine to identify private and public sector publications potentially eligible for review.Footnote 2 One of the authors (AT) performed the final and most recent search on GS and Google’s Search Engine in November 2020.

Search strategy

Table 1 shows the search strings used. We split the search string into two separate queries because GS restricted searches to 256 characters.Footnote 3 Moreover, we used inverted commas to limit the search to exact key phrases to avoid retrieving too many irrelevant records. The searches included academic and legal articles but excluded patents and citations. Searches were not limited to a given period; most publications were released in the last decade owing to the recency of the topic.

Table 1 Queries for the literature selection in Google Scholar

We used the same two search strings to identify grey literature publications, with the addition of the following parameters: the file type should be a PDF and the text should be in English.

Selection of sources of evidence

Two reviewers (EA and FH) separately selected the publications eligible for the scoping review in two steps. First, each reviewer independently screened the title and abstract of the publications for language, publication type, and relevance to cryptocurrency fraud. To be regarded relevant, the title and abstract had to mention fraudulent behaviour linked to cryptocurrency technology. After completing the first round, the reviewers discussed disagreements and resolved them by consensus. Second, the two reviewers individually assessed the full texts of the articles to identify those that discussed cryptocurrency frauds and related empirical evidence. Any disagreements were resolved through discussion. This covered papers through June 2019. As this is a fast-moving field, the search was updated in November 2020. One reviewer (AT) conducted this subsequent search to capture articles released between June 2019 and November 2020, following the same process as the initial search.

In November 2020, one reviewer (AT) selected publications eligible for the grey literature scoping review in two steps. First, the reviewer screened the title and executive summary (or first section if none existed) of the publication for language, publication type, and relevance to cryptocurrency fraud. In addition, the reviewer searched the text of the source for ‘fraud’ and ‘scam’ and read the paragraph(s) including those words. To account for the fact that many sources did not have executive summaries, the reviewer adopted a permissive attitude at this stage; to be regarded as relevant, the content screened did not need to explicitly discuss fraudulent behaviour in detail. Rather, the reviewer included the publication if, from the content reviewed at this stage, the full text could reasonably be expected to discuss cryptocurrency fraud. Second, one reviewer assessed the full texts of publications meeting the initial criteria to identify those that discussed cryptocurrency frauds and related empirical evidence.

Data extraction process

Next, data were extracted from the included studies by one of the three reviewers. During the first round of the review, the data extraction form was tested by having the first two reviewers independently code 25 of the included studies. Disagreements were discussed and the form was updated accordingly. The final version of the data extraction form (see Table 2) was then used to extract information from all studies.

Table 2 Characteristics of the literature extracted

Results

Study selection and characteristics

Figure 1 shows the PRISMA-ScR flow diagram (Moher et al., 2009), which summarises the study selection process for the two academic searches. GS identified 171 citations in the initial search and 220 in the November 2020 update. After removing duplicates, we screened 160 publications during the initial iteration and 167 in the update (i.e., a total of 327 unique publications). Based on the title and abstract, we excluded 114 records from the initial search and 107 from the second. As shown in Fig. 1, a small number of studies were excluded because they were published in a language other than English, or because they were not academic publications, but most of those that were excluded did not address the topic of cryptocurrency fraud; rather, they were focused on topics like the technological and regulatory challenges of cryptocurrency ecosystems.

Fig. 1
figure 1

PRISMA-ScR flow diagram. *Articles were published on electronic pre-print service SSRN and appeared to be academic in nature from screening their titles and abstract but, upon full-text examination, were excluded. **One article was included in the initial search as a pre-print, but had since been formally published and was, therefore, excluded during the updated search as a duplicate

This left 46 studies from the initial search, of which 15 were excluded following full-text assessment. In total, 31 studies met the inclusion criteria and are included in the review from the initial search. We evaluated the full text of 60 publications during the November 2020 update, of which 32 were ultimately included. The four articles ultimately deemed not to be academic in nature were published on the electronic pre-print service SSRN; they appeared to be academic publications from their titles and abstract but, upon full-text examination, were excluded. The duplicate article was included in the initial iteration of the search as a pre-print but had since been formally published. The content had not changed and, therefore, it was excluded as part of the second full-text review. Overall, 63 total studies met the inclusion criteria and are included in this scoping review (see Appendix 1: Table 3 or https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f for summary details of these studies).

Figure 2 summarises the publication selection process for the grey literature. We identified 394 records through the Google search. After removing duplicate web addresses, we screened 377 publications. Based on the title and summary (or the first section of the documents), we excluded 249 records. Of these, one was published in a language other than English; 85 were academic publications; and 116 were ineligible types of publications.Footnote 4 Thirty-three sources were either not accessible or were excluded because opening them posed a privacy or security risk. Eleven sources did not address the topic of cryptocurrency fraud and three were, upon further inspection, duplicates.

Fig. 2
figure 2

PRISMA-ScR flow diagram for grey literature selection (search conducted November 2020)

This left 128 sources, of which 75 were excluded following full-text assessment. Fifty-three studies met the inclusion criteria and are included in the review (see Appendix 2: Tables 4 and 5 or https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f for summary details of these studies).

Types of fraud

In this section, we identify the specific forms of cryptocurrency fraud discussed and the definitions thereof.

The academic literature identified 29 different types of cryptocurrency fraud. Figure 3 lists all fraud types identified in the literature and the proportion of publications that discussed them, while Appendix 3: Table 6 provides descriptions of the offences.Footnote 5 It is worth noting that in the literature reviewed, authors did not always clearly define or differentiate among types of fraud. Specifically, out of the 63 included academic studies, 30 (47.6%) fully reported definitions for all types of fraud discussed, while almost the same number of publications (33; 52.4%) did not. This lack of conceptual clarity is unfortunate as it impedes understanding of how the frauds are committed and how we might address them. For the benefit of the reader, where necessary, Appendix 3: Table 6 includes definitions derived from additional sources.

Fig. 3
figure 3

Number of publications and expert consensus exercise participant votes per fraud type. *CPO/CTA fraud is an abbreviation for Commodity Pool Operator or Commodity Trading Advisor fraud. For more details, see Appendix 3 or https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f

Academic publications most frequently referred to Ponzi schemes and (synonymous) high yield investment programmes (HYIPs). These scam types were discussed in 44.4% of the included studies. Eighteen (28.6%) publications analysed scams involving initial coin offerings (ICOs). Ten analyses (15.9%) covered phishing scams and nine (14.3%) discussed unspecified types of fraud. Seven (11.1%) studies covered pump-and-dump schemes and market manipulation. Six (9.5%) studies looked at exchange scams and five (7.9%) at scam wallet services. Four papers (4.8%) discussed each of the following types of fraud: fraudulent cryptocoins, smart contract honeypots / attacks, and mining scams. Three publications (4.8%) discussed mining malware and the same number addressed smart Ponzi schemes. Two (3.2%) publications discussed securities fraud and identity theft. Sixteen fraud categories were only mentioned in a single (1.6%) publication each. The second iteration of the search identified 17 new types of fraud from the literature.

Altogether, 36 of the grey literature publications came from private sector companies. These publications identified 32 different types of cryptocurrency fraud, 14 of which were not identified in the academic literature. Figure 3 shows these and the proportion of publications that discussed them, while Appendix 3: Table 7 provides descriptions of any offences which were not previously defined in the academic literature.Footnote 6 Even more so than in the academic literature, authors did not clearly define or differentiate between types of fraud. Specifically, only four of the 36 studies (11.1%) fully reported definitions for all types of fraud discussed.

Most private sector studies (63.9%) referred to some unspecified type of fraud or scam. Fourteen (38.9%) publications analysed scams involving ICOs and 13 (36.1%) discussed Ponzi schemes or HYIPs. Nine (25.0%) studies covered phishing and seven (19.4%) covered mining malware. Four studies (11.1%) looked at SIM swapping, which did not appear in the academic literature, and which is defined in Appendix 3: Table 7. Four studies (11%) also discussed giveaway scams. Three studies (8.3%) discussed market manipulation, forex fraud, and/or exchange scams. Two studies (5.6%) looked at impersonation scams, mining scams, pump-and-dumps, and/or securities fraud. Eighteen fraud categories were mentioned in a single publication each (2.8%).

Seventeen different types of cryptocurrency fraud were identified in the public sector literature. Complete descriptions of these were provided for only four (23.5%). Definitions of frauds covered only in the public sector literature can be found in Appendix 3: Table 8.Footnote 7

The most frequently discussed were Ponzi schemes and HYIPs, which were covered in 58.8% of studies. This was followed closely by coverage of undefined or general fraud and scams (nine publications, 52.9%). Four publications (23.5%) addressed ICO fraud and three (17.6%) covered mining malware. Two studies each (11.8%) covered mining malware, pump-and-dumps, phishing, mining scams, and/or manipulation and market abuse. Nine types of fraud were only mentioned in a single (5.9%) publication each.

Expert consensus exercise

A recurring issue in the literature reviewed was the absence of clear definitions of the fraud types identified. In addition, few publications included any assessment of the level of risk presented by the offences: while the existence of a publication on a particular topic is evidence of research effort, this does not necessarily imply that the problem is severe or important. To address this gap, we held a 1.5-day ‘sandpit’ exercise in which we sought to elicit expert opinion on these issues from a diverse group of stakeholders in the field. The aim of the event was to complement our academically-focussed scoping study by obtaining subjective views on a range of issues: the cryptocurrency frauds identified in the literature, any additional threats not present in the literature, the potential for future crime, and the challenges and opportunities participants experienced or anticipated.

The sandpit activity was held in June 2019, with 27 high-profile representatives from the tech industry, the financial sector (HSBC, Nasdaq, Facebook), international financial intelligence units (from the UK, the Netherlands and Australia), law enforcement (Metropolitan Police, City of London Police, Her Majesty’s Prison and Probation Service, National Crime Agency, Defence Science and Technology Laboratory), as well as the World Bank and academic researchers (UCL, Georgia State University, Australian National University, Imperial College London). Findings from the first iteration of the scoping review were presented to inform the activity. However, to maximise the information provided by attendees, the findings from the scoping study were introduced as a way of providing an overview of the problem as it was represented in the published literature (at that time) and to frame the discussions, rather than a point of reference intended to limit their thinking.

Hereafter, we provide an overview of the planning considerations and structure of the event, as well as a summary of the activities,Footnote 8 their results, and key conclusions.

Methods

The event commenced with a general introduction and a presentation of the preliminary findings of the initial scoping review. All participants introduced themselves and described what they saw as the key problem with cryptocurrencies for their sector/area and what they thought were the key drivers and inhibitors of the adoption of cryptocurrencies.

Next, to ensure a common understanding of the overall topic, two invited talks were given: one providing an overview of the blockchain and cryptocurrencies, and the second offering an empirical example of a cryptocurrency fraud; in this case, pump-and-dump schemes (based on Kamps & Kleinberg, 2018).

Two group problem planning exercises formed the core part of day one. In predetermined groups (allocated to include members of each sector to facilitate cross-pollination of ideas), participants first engaged in the development of a fraud strategy. Their task was to devise a fraud/crime scheme with cryptocurrencies. Groups started in pairs to develop initial ideas, then joined another pair to decide on one fraud activity and further developed that idea in their group. These findings were then presented in a plenary setting. Next, in the second problem planning phase, each of the groups was assigned a fraud scheme from another group and had to devise mitigation steps. Specifically, the groups were tasked with thinking about what is already in place to mitigate cryptocurrency-related crime, what is needed for better mitigation efforts, and how they would address their allocated problem. As in the first problem planning phase, each group presented their mitigation ideas to the wider audience.

Day two was dedicated to analysing the problems identified. Participants were again allocated to groups, different from those of the first day to ensure that everyone interacted with as many others as possible. In roundtable discussions, the groups focused on the core problems identified on day one and were asked to indicate (on a scale from 1 = very low to 7 = very high) how harmful, profitable, feasible and defeatable they found each of the problems. These judgments were made using interactive polling software that allowed them to access the poll with their smartphone and see the (anonymised) results in real-time. Expert opinions concerning these four facets were particularly pertinent given the absence of such insights in the literature.

After a brief discussion of the findings, we proceeded in a plenary setting and focused on the wider problems associated with cryptocurrencies identified on day one. All participants were again asked to use the polling software to rank the issues according to their relevance. The problem analysis exercise closed with a ranking of the importance of the drivers and inhibitors identified during the introduction of the first day.

The activities of the event closed with three further questions about the future; another area about which the literature provided limited insight, and for which the answers to these questions were, therefore, critical to guiding future academic research. Specifically, we asked participants individually (using the polling software): (1) what they expected to see in the cryptocurrency space in ten years’ time; (2) what they definitely did not expect to happen; and (3) what would be needed to better address the potential criminal exploitation of cryptocurrencies in the broadest sense.

Summary of findings

Problem planning exercise and analysis of issues

The initial problem planning exercise resulted in the identification/ production of various problem scenarios by the invited participants, as followsFootnote 9:

  • Fake crypto wallets;

  • Pump-and-dump schemes;

  • Investment scams (includes ICO scams, Ponzi schemes, and HYIPs);

  • Cryptojacking (mining malware); and

  • Ransomware.

Problem analysis and evaluation

The problems identified in the scenario planning group exercises were discussed, and participants were asked to rate them (on a seven-point scale such as: 1 = not harmful at all to 7 = very harmful) regarding their harmfulness, profitability, feasibility, and defeatability. To capture their confidence in ratings made, participants were also asked to indicate the certainty in their judgments (1 = low certainty to 7 = high certainty). Participants completed the task individually using polling software.Footnote 10

To facilitate comparison with the results of our scoping review, the proportion of participants in this exercise who identified each type of fraud as a source of harm in the cryptocurrency space is also included in Fig. 3. Figure 3 displays the proportion of participants who rated the harmfulness of each of these as ‘5’, ‘6’, or ‘7’. The expert consensus exercise participants did not differentiate between ICO scams and other HYIPs, but we have displayed their responses under the latter, more general category. There are clear discrepancies between the extent to which certain threats were identified by experts and the frequency with which they appear in the literature. While Ponzi schemes and other scams were common in both, two of the primary threats identified by experts—ransomware and wallet scams—were among those which only received modest attention in the literature. In contrast, the level of published material concerning issues such as phishing appeared disproportionate to its perceived risk.

The aggregate results for all four dimensions (averaged across participants) are shown in Fig. 4. For each of the dimensions, the graph can be interpreted in much the same way: for example, the offences that participants perceived to be most harmful and for which they were the most certain of their judgement are in the top right of the figure.

Fig. 4
figure 4

Problem analysis on the harmfulness, profitability, feasibility, and defeatability dimensions (horizontal axis; judgment certainty on the vertical axis)

Overall, the problems discussed scored higher on their feasibility than they did on their defeatability. The tendency for participants to perceive defeating these problems as more difficult than devising the scams was a recurring topic during the exercise. While most offences were perceived to be profitable, participants were divided in terms of the degree of harm they posed. For all dimensions considered, participants expressed varying degrees of (un)certainty, suggesting a need for more knowledge on these offences.

In terms of the most highly ranked threats, pump-and-dump schemes and ransomware were perceived as the most profitable and most feasible. These were also the two offences for which participants tended to express the most confidence in their answers. Interestingly, perceptions differed for the perceived harm associated with pump-and-dump schemes, which were seen as the overall least harmful issue. An explanation for this disparity could be the perceived lack of victims for pump-and-dump operations. During the activity, participants voiced concerns that pump-and-dump operations are a known risk of which all cryptocurrency market participants should be aware.

Final three questions about the future

Participants emphasised the demand for better collaboration across sectors to address the problems discussed. Some highlighted the need for better sharing of intelligence and collaboration between cryptocurrency exchanges and public institutions. Unfortunately, others highlighted the same things as being unlikely to happen. Such diversity of opinion was also present for broader scenarios: specifically, while some anticipated a fully cashless society and easy-to-use cryptocurrency payments for everyday items in the next ten years, others saw the same scenario as unlikely.

Collectively, the findings demonstrate that we are at an early stage in thinking about future problems and scenarios involving cryptocurrencies. An area of agreement was the need for better collaboration between sectors since neither the private sector, nor the law enforcement or financial intelligence units can address the problem alone.

Discussion

This scoping review represents the first summary of available research on cryptocurrency fraud and definitions of the types of fraud identified by the research. Findings suggest research on cryptocurrency fraud is rapidly developing both in volume and breadth. Criminals appear to be rapidly expanding into other areas of fraud and research has, so far, been unable to keep up. While it is unwise to conflate the volume of research on particular types of fraud with the magnitude of offending, the existence of empirical evidence of a number of different types of fraud about which there is little academic research supports this assertion. Key findings and limitations are discussed below, emphasising the need for further research on newly identified areas of cryptocurrency fraud and collaboration across stakeholders.

Cryptocurrency fraud as a cyber-enabled crime

Most sources portrayed cryptocurrency frauds as cyber-enabled frauds. Cyber-enabled crimes involve perpetrators using information and communication technologies to magnify the scale and reach of offences that could also be committed offline (McGuire & Dowling, 2013). In describing cryptocurrency frauds, researchers often refer to traditional financial frauds like Ponzi schemes (Bartoletti et al., 2018; Reddy & Minaar, 2018; Securities & Exchange Commission, 2013), market manipulation, and pump-and-dump schemes (Anderson et al., 2019; Chen et al., 2019a, 2019b, 2019c, 2019d). These types of fraud are not new—Charles Ponzi first committed his namesake fraud in the 1920s, promising high returns for investments in stamps (Frankel, 2012). Pump-and-dump schemes have similarly plagued the stock market for centuries (Kamps & Kleinberg, 2018).

While the underlying characteristics of these frauds remain unchanged, implementation mechanisms have evolved. For example, there are significant parallels between ICOs and initial public offerings (Barnes, 2018; Baum, 2018) but, rather than shares being offered via a stock exchange, ICOs raise funds through the blockchain. Furthermore, smart contracts have transformed the way Ponzi schemes can be executed (Bartoletti et al., 2017; Chen et al., 2018a, 2018b, 2019a, 2019b, 2019c, 2019d). Overall, however, the literature points to significant similarities between cryptocurrency frauds and traditional financial frauds (or at least the academic imagination conceptualises it this way).

Research refers to cryptocurrency frauds as cyber-dependent comparatively less often. Cyber-dependent crimes are offences that are only able to be committed using information and communication technologies (McGuire & Dowling, 2013). Crypto-mining and wallet and exchange service frauds can be categorised as such. For example, crypto-mining frauds involve malware which uses a victim’s computer to mine cryptocurrencies for the offender (Anderson et al., 2019; Conley et al., 2015). In the case of wallet and exchange service frauds, fraudsters impersonate legitimate versions of such services, only to later steal money from victims (Pryzmont, 2016; Samsudeen et al., 2019; Vasek, 2017; Vasek & Moore, 2015). These are, perhaps, the only two types of fraud identified which could be considered strictly crypto-dependent, as opposed to other crimes, such as ransomware, which—while cyber-dependent—are merely facilitated by cryptocurrencies. While these frauds were not particularly prominent in the literature, they illustrate how new technologies facilitate novel crime opportunities, not just in terms of the technologies themselves, but also through the supplementary services created alongside them. As cryptocurrency use becomes more mainstream, new cyber-dependent methods of fraud may emerge. There is particular potential for this to occur as the decentralised finance industry further develops (Schär, 2021).

The fraud types identified in the expert consensus exercise were more evenly split in terms of cyber-enabled and cyber-dependent crimes. Three of the crimes discussed (fake cryptocurrency wallets, cryptojacking, and ransomware) are cyber-dependent, while pump-and-dump schemes and investment scams are cyber-enabled.

Definitions in the literature

Insufficient reporting of definitions in the literature across all sectors (but especially in non-academic literature) was observed. One of the primary contributions of this study is, therefore, to provide a comprehensive list of definitions of the types of fraud identified in the literature (see Appendix 3 or https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f). In some cases, for example in legal sector sources (both academic and non-academic), this may be due to disciplinary norms. Legal scholars tend to assume fraud definitions refer to their statutory definition, which would be known to their intended audience.

There were also different definitions of certain types of fraud across the literature. For example, ‘credential stuffing’ was defined slightly differently in the private sector literature than its categorisation in academic literature (Krone et al., 2018; Navarro, 2019). Similarly, one academic study defined all ‘malware’ as ransomware (Xia et al., 2020a). Furthermore, across the grey literature, types of crime ordinarily not considered fraud, per se—such as ransomware, embezzlement, and other malware—were all categorised as such.

In some cases, it was more difficult to synthesise the types of fraud due to disparities in definitions. For example, one article considered ‘imposter websites and apps’ an issue; it was unclear if the author intended this to be categorised as distinct from phishing or if this was another way to describe the same criminal act (Scheau et al., 2020). Similarly, one paper referred to ‘unfair and deceptive acts’ as a type of fraud but failed to define it. Without a definition and an understanding that this is likely to refer to the Federal Trade Commission Act (Federal Trade Commission Act, 2012), this could easily be misinterpreted as ‘unspecified fraud’ (Scott, 2020).

There were different levels of depth in definitions across sectors. For example, public sector literature included ‘market abuse’ when discussing ‘market manipulation’ (HM Treasury et al., 2018). Another public sector article referred to COVID-related scams very generally, while an academic article split them into several different categories (NHS National Services Scotland, 2020; Xia et al., 2020a). Finally, some publications referred to individual types of fraud that were actually sub-categories of other types of fraud. For example, pump-and-dump schemes are one type of market manipulation.

Development of academic research over time

The most discussed types of fraud (Ponzi schemes/HYIPs and ICO scams) remained the same between the first iteration of our academic literature review and the update. The third most discussed was phishing, which was newly identified in the research during the second iteration.

Overall, 17 new types of fraud were identified in the updated literature review, all of which were cyber-enabled crimes. Since they were all cyber-enabled crimes (and not ‘new’, cyber-dependent crimes), it was surprising that these went unidentified in earlier literature. It is unclear if criminals are adapting to enforcement efforts and committing new types of fraud or if the research is simply ‘catching up’. Interestingly, besides phishing, only two other newly identified types of crime—securities fraud and identity theft—were mentioned in more than one publication.

Some of this change could be due to the fields responsible for publishing these papers. In the first iteration, there were more computer science papers; they would be less likely to pick up on legal issues like securities fraud.

There is a clear need for more research on these ‘newer’ types of fraud. This need is further supported by the expert consensus exercise participants’ varying degrees of (un)certainty about harmfulness, profitability, feasibility, and defeatability of the offences discussed. The volume of research is growing rapidly—this review identified more eligible publications published in the last year than in the first several years included in the first iteration of the academic literature review. Considering this rapid development, a follow-up expert consensus exercise could be useful, which we discuss in more detail below.

Differences among sectors

One of the primary conclusions from the sandpit exercise was the need for further collaboration among stakeholders. To address this, the updated version of this scoping review expanded to include grey literature sources.

Private sector literature was less specific in its discussion of fraud than other sectors—‘unspecified fraud’ was discussed most often. The prevalence of the ‘unspecified fraud’ categorisation also highlights the lack of transparency in many private sector publications, in both their methods and conclusions. ‘Unspecified fraud’ was followed by the same three most ‘popular’ types of fraud as in the academic literature—ICO scams, Ponzi Schemes / HYIPs, and phishing.

New types of fraud (e.g., SIM swapping, forex fraud, and securities fraud) were more commonly discussed in the grey literature than in the academic literature. This was true even though the academic review was recently updated. Notably, SIM swapping, forex fraud, and impersonation scams were completely absent from the academic literature. The remaining ‘new’ crimes identified in the private sector literature were only mentioned in one publication each and can be categorised as cyber-enabled crimes. These may, indeed, be crimes that have only recently emerged in the cryptocurrency space. In the public sector literature, Ponzi schemes, unspecified fraud, and ICO scams were the most frequently discussed types of fraud. Phishing was also frequently discussed in the public sector literature.

Focus of research and expert consensus exercise and prioritising future research

Across all sectors of published research, Ponzi Schemes/HYIPs and ICO scams were discussed the most often but were not considered particularly profitable or feasible by sandpit participants. It is possible that more research into—and a greater understanding of—these scams has made them less feasible, or at least has led to them being perceived as such. There was less certainty among participants surrounding the profitability of investment scams; future academic research (and collaboration with other stakeholders) could serve to reduce this uncertainty.

There could also, however, be a mismatch between research and practice. For example, our experts perceived crimes like ransomware and fake crypto wallets as profitable. Prior academic research has shown that ransomware, in particular, was not particularly so (Conti et al., 2018; Vasek et al., 2017). However, the applicability of this academic work might be limited by its age, as more recent, private sector sources have suggested ransomware has been increasing in recent years and that it has the potential to be very profitable and harmful (Chainalysis, 2021; CipherTrace, 2020). Beyond highlighting the need for further academic research on the impact of ransomware, this discrepancy emphasises the need for collaboration among stakeholders and academia in developing research agendas.

As noted by the expert participants of our sandpit activity, further collaboration is necessary across sectors to prioritise future research into cryptocurrency fraud. To facilitate this, a follow-up sandpit-style activity, informed by the updated and expanded scoping review, is recommended. It would be useful to gain experts’ insight into the harmfulness, feasibility, profitability, and defeatability of some of the ‘new’ cyber-enabled crimes we identified in the literature (e.g., securities fraud, identity theft, and wire fraud). Since the number of types of frauds has significantly increased, and many types of fraud were only mentioned in a single study, this is crucial to prioritising future research. The follow-up exercise should include broad participation from a variety of sectors to get a more comprehensive view of the current and future cryptocurrency-based fraud landscape. Finally, an emphasis on consensus surrounding definitions of various types of fraud would be useful. This could ultimately lead to the collaborative development of standards in the field, which could help prevent future frauds.Footnote 11

Limitations and Outlook

The limitations of this (and any) scoping review concern choices regarding the eligibility criteria and search strategy used. First, this scoping review was limited to GS. While it may be argued that using a single database may result in some publications being missed, we believe GS provides comprehensive coverage of the issues on which this review focuses. In designing the review, we conducted test runs across various databases, including ProQuest, Web of Science, and Scopus, with a combination of more general and more specific search terms. These searches returned a large volume of publications; however, many of the articles were merely news reports and the searches included many duplicates. In contrast to the other databases, GS returned the highest proportion of relevant, scientific work. While other similar studies (for example, Badawi and Jourdan (2020)) identified a higher volume of publications, this is primarily due to their broader inclusion criteria.

We tested multiple alternative search strings but found that these resulted in large volumes of irrelevant material being identified. The final search strings were chosen through trial and error, and were deemed to best reduce irrelevant material, while remaining processable in a reasonable timeframe. We ultimately restricted the GS search to exact phrases (as opposed to texts including the keywords in an unconnected manner) because test queries identified too many potential (but irrelevant) records when the search terms were less specific. We acknowledge that we may have excluded relevant studies that alternative search strategies would have detected. However, the fact that we uncovered such a large range and number of scams and frauds means the implications of this on our overall conclusions are likely to be minimal. Furthermore, GS lacks wildcard character functionality. However, in our experience, using wildcards on other databases primarily resulted in more noise, rather than better findings. Moreover, using wildcards reduces control over the search to a certain extent. We ultimately sacrificed some potential coverage for greater precision, control, reliability, and transparency.

We limited our scoping review to research published in English. Of the 160 records screened in the first iteration of our review, only 14 were excluded because they were not in English (i.e., 10.9% of the total records excluded after removing duplicates). In the second iteration, of the 167 records reviewed, 20 were excluded because they were not in English (i.e., 14.8% of the total records excluded after removing duplicates). While future studies may benefit from including non-English sources, we do not feel their exclusion from this study meaningfully affected our conclusions.

Besides ‘classical’ journal publications, we also categorised electronic pre-prints, industry reports, and theses as eligible publication types. Some may argue that such publications lack peer-review and are therefore of lower academic value. However, while they would not be subject to the official peer-review process, they are likely to have undergone informal academic review. Furthermore, regardless of their peer-review status, they serve as an indicator of research effort within the field, which is what we sought to measure. On the other hand, we excluded blogs and other sources which might more expeditiously capture what is currently happening or likely to happen in the future in terms of cryptocurrency fraud. We acknowledge that there is a trade-off between timely identification of types of fraud through these types of sources and credibility and verifiability. Many blog posts do not involve rigorous analyses or empirical evidence, may exaggerate claims for marketing purposes or shock value, and do not undergo any outside review (formal or informal). We sought to understand scams and frauds that have been verified (including via some level of peer review in the case of academic publications) and well-researched, rather than identify speculated, future-oriented insights. If we had primarily consulted blogs, many of the insights reported in this paper would not have been identified due to the lack of detail compared to formal articles and reports. We ultimately strove for a balance between prompt identification of frauds and credibility by including electronic pre-prints, theses, and the like.

We also excluded non-governmental organisations’ research from our grey literature review. However, only four of the 128 full texts screened were excluded for this reason. Finally, only one researcher updated the academic literature scoping review and conducted the grey literature review. Ultimately, we designed a rigorous process that was easily replicable and, therefore, do not consider it to have impacted our results.

As literature on this topic develops, further analysis of the literature’s insights—specifically on the harmfulness, feasibility, profitability, and defeatability of the frauds as well as information on whether they are increasing, decreasing or otherwise—would be pertinent. Unfortunately, it was not possible to glean such information from the literature in either iteration of this scoping review as it was largely absent. The absence of these insights in the literature was one motivation for including these factors in the expert consensus exercise but it would, ultimately, be useful have these perspectives from the literature as well. We invite further studies to analyse these frauds in more depth. Since developments in this field are fast-paced, we also recommend regular updates to this scoping review to maintain an accurate view thereof.

Conclusions

In recent years, governments have reported an increase in frequency and scale of frauds involving cryptocurrencies. This review offers the first systematic study of research on what kinds of cryptocurrency fraud currently exist or are expected to exist in the future and, uniquely, systematically identifies expert practitioners’ assessments of these issues as well. The findings suggest scholarship on future problems and scenarios involving cryptocurrency fraud remains in its early stages, though research is rapidly developing (both in volume and scope). Even though many of the frauds identified in this research can be considered cyber-enabled (rather than cyber-dependent), the new ways in which they are being committed using cryptocurrencies necessitates future research.

Another notable finding was the lack of consistency (or existence at all) of definitions of the various types of fraud identified in the literature. One contribution of this study is, therefore, to provide definitions of all the types of fraud currently identified in the academic and grey literature (see Appendix 3 or https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f). Further consensus surrounding these definitions could lead to the collaborative development of standards in the cryptocurrency sector, which would facilitate prevention of future frauds.

This work can help guide research agendas and activities aimed at translating research into practice. Ultimately, the study emphasises the need for better collaboration across sectors in prioritising future research on and mitigations of frauds involving cryptocurrencies to better address the problems identified.

Availability of data and materials

The datasets generated and analysed in the current study are available in the Open Science Framework repository, https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f.

Notes

  1. Not all cryptocurrencies employ PoW. Other mechanisms, such as Proof of Stake, are used by other cryptocurrencies.

  2. In designing the scoping review, we conducted test searches of multiple databases using various search strings with varying levels of specificity. Ultimately, Google Scholar provided the most comprehensive results, while reducing irrelevant noise in our results. In contrast to other publication aggregators, such as the Web of Science, GS is faster in indexing published work, especially from pre-print servers (i.e., where researchers make publications available without a paywall or before publication in conference proceedings or a journal). To map existing research on cryptocurrency fraud, this review required academic search engines and databases with broad coverage. Previous studies suggested that GS provides the best scope among the available databases. For instance, Gusenbauer (2019) compared the coverage of 12 databases and found GS to provide the most comprehensive range of academic publications. Martín-Martín, et al. (2018) analysed GS, Scopus, and Web of Science concluding that GS identified the largest proportion of citations across a broad spectrum of subject areas. Against this background, we tested our search on GS, ProQuest, Scopus, and Web of Science in April 2019. All of these databases, including GS, include results behind paywalls as well as open access sources. The results suggested GS was the only database with comprehensive coverage of academic publications. Given these findings, we selected GS as the information source for this scoping review on cryptocurrency fraud.

  3. Note that Google Scholar does not support the wildcard function. However, from our test searches, using wildcard characters primarily resulted in more noise, rather than better findings.

  4. Ineligible publication types included agendas marketing materials, blog posts, indices, infographics, statutes, magazines, reading lists, contracts, CVs, course catalogues, court cases, correspondence, op eds, press releases, news articles, websites, newsletters, and PowerPoints.

  5. Definitions of all types of fraud identified in this scoping review can also be found at https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f.

  6. For a full list of definitions identified in this scoping review, see https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f.

  7. See also https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f.

  8. The full schedule of the event can be found at https://drive.google.com/file/d/1EqRYLUCTQ6Vn3oN_CQ0RSOa1Kgmpbq93/view.

  9. We exclude here discussion of problems identified which specifically relate to money laundering or areas of crime other than fraud. Participants identified the following other crimes: money laundering using Bitcoin ATMs, cryptocurrency money mules, and cryptocurrency transaction extortion. More detail can be found in the following policy brief:

    https://www.ucl.ac.uk/jill-dando-institute/sites/jill-dando-institute/files/ucl_cryptocurrencies_and_future_crime_policy_briefing_feb2021_compressed_1.pdf.

  10. The Mentimeter polling software allowed us to display the questions using the Mentimeter app interface (using an Internet connection). That interface was displayed on a big screen, and each participant could use their smartphone to obtain access to answer the questions. Once they provided an answer, their response was visible (in anonymised form) on the screen so that the participants could see their judgments in real-time.

  11. For example, many standards have been developed for the Internet; perhaps the cryptocurrency arena could learn from this example. See, for example, the work of the Internet Engineering Task Force.

Abbreviations

PRISMA-ScR:

Preferred Reporting Items for Systematic reviews and Meta-Analyses extension for Scoping Reviews

PoW:

Proof of Work

GS:

Google Scholar

HYIPs:

High yield investment programmes

ICOs:

Initial coin offerings

CPO:

Commodity Pool Operator

CTA:

Commodity Trading Advisor

References

Download references

Acknowledgements

We thank the anonymous reviewers for their helpful comments.

Funding

This project was funded by the Dawes Centre for Future Crime at UCL and UK EPSRC Grant EP/S022503/1 that supports the Centre for Doctoral Training in Cybersecurity at UCL.

Author information

Authors and Affiliations

Authors

Contributions

AT drafted the final manuscript, conducted the updated academic literature review, designed and conducted the grey literature review, and analysed and interpreted the results of all aspects of the scoping review. EA and FJH conducted the initial academic literature review and interpretation of data. JK, BK, FH, EA, and SDJ planned and carried out the expert consensus exercise reported in this study. BK, TD, JK, SDJ provided substantial feedback on the manuscript. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Arianna Trozze.

Ethics declarations

Ethics approval and consent to participate

Not applicable.

Consent for publication

Not applicable.

Competing interests

The authors declare that they have no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendices

Appendix 1

See Table 3.

Table 3 Academic papers included in this scoping review

Appendix 2

See Tables 4 and 5.

Table 4 Private sector sources included in this scoping review
Table 5 Public sector sources included in this scoping review

Appendix 3

Definitions denoted with an asterisk (*), indicate types of fraud newly identified in the November 2020 update of the academic literature review. This information can also be found at https://osf.io/7w9mu/?view_only=c9ad3a1e2ed54dae9b1a0fc2807f144f. See Tables 6, 7 and 8.

Table 6 Description of fraud types identified in the academic literature
Table 7 Description of the fraud types identified in the private sector literature
Table 8 Description of fraud types identified in the public sector literature

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/. The Creative Commons Public Domain Dedication waiver (http://creativecommons.org/publicdomain/zero/1.0/) applies to the data made available in this article, unless otherwise stated in a credit line to the data.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Trozze, A., Kamps, J., Akartuna, E.A. et al. Cryptocurrencies and future financial crime. Crime Sci 11, 1 (2022). https://doi.org/10.1186/s40163-021-00163-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1186/s40163-021-00163-8

Keywords