Cryptocurrencies and future financial crime

Background Cryptocurrency fraud has become a growing global concern, with various governments reporting an increase in the frequency of and losses from cryptocurrency scams. Despite increasing fraudulent activity involving cryptocurrencies, research on the potential of cryptocurrencies for fraud has not been examined in a systematic study. This review examines the current state of knowledge about what kinds of cryptocurrency fraud currently exist, or are expected to exist in the future, and provides comprehensive definitions of the frauds identified. Methods The study involved a scoping review of academic research and grey literature on cryptocurrency fraud and a 1.5-day expert consensus exercise. The review followed the PRISMA-ScR protocol, with eligibility criteria based on language, publication type, relevance to cryptocurrency fraud, and evidence provided. Researchers screened 391 academic records, 106 of which went on to the eligibility phase, and 63 of which were ultimately analysed. We screened 394 grey literature sources, 128 of which passed on to the eligibility phase, and 53 of which were included in our review. The expert consensus exercise was attended by high-profile participants from the private sector, government, and academia. It involved problem planning and analysis activities and discussion about the future of cryptocurrency crime. Results The academic literature identified 29 different types of cryptocurrency fraud; the grey literature discussed 32 types, 14 of which were not identified in the academic literature (i.e., 47 unique types in total). Ponzi schemes and (synonymous) high yield investment programmes were most discussed across all literature. Participants in the expert consensus exercise ranked pump-and-dump schemes and ransomware as the most profitable and feasible threats, though pump-and-dumps were, notably, perceived as the least harmful type of fraud. Conclusions The findings of this scoping review suggest cryptocurrency fraud research is rapidly developing in volume and breadth, though we remain at an early stage of thinking about future problems and scenarios involving cryptocurrencies. The findings of this work emphasise the need for better collaboration across sectors and consensus on definitions surrounding cryptocurrency fraud to address the problems identified.


Background
Cryptocurrency fraud has become a growing concern worldwide. Between 2017 and 2018, the Australian Competition and Consumer Commission (2019) registered a 190% increase in losses for victims of scams involving cryptocurrencies. In 2019, the United Kingdom Financial Conduct Authority issued a warning to the public after cryptocurrency scam reports tripled (Financial Conduct Authority, 2019). This trajectory of criminals defrauding individuals who have purchased or transacted using cryptocurrencies (cryptocurrency 'users') suggests the cryptocurrency space offers yet unexploited opportunities for crime.

Open Access
Crime Science The rapid surge in defrauded cryptocurrency users appears to have outpaced corresponding research efforts. Yli-Huumo, et al. (2016) conducted a literature review to identify key blockchain research areas. Fourteen out of 41 reviewed papers addressed Bitcoin blockchain security challenges. However, only one publication examined fraud associated with blockchain ecosystems (Vasek & Moore, 2015). This points to a lack of research investigating deception and misrepresentation for financial gain as a challenge for cryptocurrencies, and the forms of fraud that might occur. The aim of this paper is to understand which types of cryptocurrency fraud have thus far been identified, which types might develop in the future, and how these threats are perceived by researchers and other stakeholders. To this end, we present findings from two complementary studies: a scoping review of the state of published knowledge relating to cryptocurrency fraud, and an expert consensus exercise involving participants from various stakeholder organisations.

A primer on cryptocurrencies
In this section, we provide a brief overview of the key principles of cryptocurrencies-with a focus on Bitcoin in particular-to provide context for the discussion of fraudulent exploitation that follows. While this outline is high-level, the interested reader is referred to both the original Bitcoin whitepaper (Nakamoto, 2008) or the textbook by Narayanan et al. (2016) for further details.
In 2008, an individual or group under the pseudonym Satoshi Nakamoto published a whitepaper entitled, 'Bitcoin: A Peer-to-Peer Electronic Cash System' (Nakamoto, 2008). This paper discussed a system through which parties could transact directly, without intermediary financial institutions. Bitcoin would rely on cryptography rather than central banks, law enforcement, and anticounterfeiting measures to ensure security (Narayanan et al., 2016). Bitcoin's market capitalisation has grown significantly since its implementation in 2009, and currently stands at $668 billion (CoinMarketCap, 2021). Bitcoin's creation has sparked thousands of other cryptocurrencies which share similar tenets and technology; the total cryptocurrency market capitalisation is $1.6 trillion (CoinMarketCap, 2021).
Bitcoin and other cryptocurrencies share three common principles: decentralisation, pseudo-anonymity, and transparency. They are decentralised in that, rather than being governed by any single institution, they are administered via a peer-to-peer network, the majority of which must agree on which transactions and branch of a distributed digital ledger (the 'blockchain') are valid. They are pseudo-anonymous because, instead of usernames or account numbers, Bitcoin uses hashes of public keys to identify users, forming a system of 'decentralised identity management' decoupled from real-world identities. Cryptocurrencies are considered only pseudo-anonymous (rather than fully anonymous) due to the transparent nature of their transactions, despite not being explicitly connected with particular individuals and companies (Meiklejohn et al., 2016). Transparency results from the fact that all transactions that have ever occurred are recorded on the publicly available blockchain.
When someone creates a transaction, it is broadcast to all the peers in the network. To create a transaction, the user must have a pair of alphanumeric digital keys, comprising a public key (the hash of which identifies the user, and is analogous to an account address) and a private key (analogous to a PIN). Participants use their keys for digital signatures, to prove that they own the Bitcoin they are sending, and to specify the new owner.
The 'miners' , a specialised subset of peers, collect contemporaneous transactions into a 'block' (one element of the 'blockchain'). They compete to find a correct answer to a computationally hard puzzle-finding an input to a hash function which produces a particular output. Once one of the miners, after attempting many random inputs, finds a correct one, they broadcast the block to the network. This is referred to as Proof of Work ('PoW') because the nature of the puzzle means that, to find the correct input, the miner must have expended significant computational resources. 1 Miners are rewarded for their work-at the time of writing, the reward for finding a correct block is 6.25 Bitcoin (Conway, 2021). These 6.25 Bitcoin are created and enter circulation once the miner finds a block, through what is called a 'coinbase' transaction (until the maximum amount of Bitcoin, as specified in Nakamoto's paper-21 million-are minted). The reward is halved approximately every 4 years.
After a candidate block has been broadcast, a consensus process begins to establish whether the block is valid and should be added to the main ledger. Other miners perform a computational test on the transactions within the block and the PoW from the original miner: if this test gives the correct output, the block is considered valid.
They then add the next blocks to whichever chain they think is the correct one. At any given time, there may be multiple branches of the blockchain, but generally the longest one is the most valid. Importantly, participants can only add blocks to the blockchain and are unable to change previous blocks. Once a transaction is executed, it is irreversible. This consensus mechanism prevents what is known as 'double-spending' , whereby a user could attempt to spend the same Bitcoin again. Consensus on the most valid chain requires agreement of at least 51% of miners and is usually achieved after about six blocks (Narayanan et al., 2016). An attack in which a miner or group of miners attempts to manipulate this by controlling 51% of the hashing power-requiring tremendous computational resources-is referred to as a '51% attack' .
There are a variety of ways users can store their cryptocurrencies, which effectively means storing their private key. Storage can be either 'hot' (online) or 'cold' (offline). Offline storage may involve a physical wallet locked in a safe or a key stored locally in a file on one's computer. Though cold storage is generally safer, if one loses his/ her private key or it is stolen, the coins are lost forever. Online wallets are often hosted through custodial wallet provider services, which manage users' private keys; in exchange, the user sacrifices some anonymity, security, and control. Cryptocurrency exchanges are another type of online service and enable users to convert between fiat currencies backed by governments and cryptocurrencies and among different cryptocurrencies. Many offer custodial online wallets.
While Bitcoin was the first cryptocurrency, and is the prototypical example of the concept, a range of alternative coins and services have subsequently been created for cryptocurrency users who desire more anonymity. For example, Monero obscures wallet addresses and transactions (Keller et al., 2021). Individuals may also use 'mixers' or 'tumblers' to further obfuscate the origin of their funds. (Möser et al., 2013).
Another particularly prominent project in the field is Ethereum, which is a distributed virtual machine. Ethereum accounts enable smart contracts, which are computer programmes that automatically execute contracts, in the form of if-else statements (e.g., if a product is received, then release the funds) (Narayanan et al., 2016). The smart contract code is publicly visible on the blockchain and immutable. Smart contracts allow parties to enter contracts without needing to trust one another, or a third party, for execution. Rather, the parties can be confident that the contract will be carried out as agreed, so long as they trust its code (Bartoletti et al., 2020).

Research approach
To determine the state of knowledge on which types of cryptocurrency fraud currently exist or will exist in the future, as well as the defining characteristics of these frauds, we conducted a scoping study in three steps. The first was a scoping review of published academic research on cryptocurrency fraud. This was followed by a 1.5-day in-person consensus exercise to elicit expert opinion on current and future threats, and to identify priorities for future work. The final step involved an updated search of the academic literature and a review of the grey literature.

Scoping review
Scoping reviews are a replicable method of knowledge synthesis when it is unclear what has been already published on a given topic (Arksey & O'Malley, 2005;Levac et al., 2010;Munn et al., 2018;Paré et al., 2015;Peters et al., 2015;Peterson et al., 2017;Pham et al., 2014). The objective of this scoping review was to describe current research into cryptocurrency fraud. For the purpose of this review, we consider a cryptocurrency to be any electronic payment system which uses cryptography to secure peer-to-peer transactions (Nakamoto, 2008). Moreover, we define fraud as misrepresentation to gain some (financial) advantage (Law & Martin, 2009).

Methods Protocol
This review followed the Preferred Reporting Items for Systematic reviews and Meta-Analyses extension for Scoping Reviews (PRISMA-ScR) protocol (Moher et al., 2009).

Eligibility criteria
To be considered for this scoping review, published studies had to meet various eligibility criteria. First, we limited our review to publications written in English as we relied entirely on our reviewers' language skills. The academic literature portion of the scoping review exclusively focused on academic articles such as peer-reviewed journals and conference papers due to the study's aim of mapping out current research activities. The grey literature review included reports, publications, and alerts. By implication, the review excludes publications such as blog posts, op-eds, presentations, newsletters, marketing materials, correspondence, and magazine or newspaper articles.
Second, studies eligible for this review had to address cryptocurrency fraud in some form. As a minimum, a publication had to discuss at least one scam type related to cryptocurrencies. However, it was not necessary to dedicate an entire publication to this topic. Additionally, publications from the grey literature needed to be authored by a governmental organisation or a private sector company-publications from non-governmental or religious organisations were excluded.
Finally, statements about frauds exploiting cryptocurrency environments had to be based on empirical evidence. Studies had to report at least anecdotal evidence of the scams. If a study did not meet one of the eligibility criteria, we excluded it.
The review used Google Scholar (GS) to identify academic studies for review and Google's Search Engine to identify private and public sector publications potentially eligible for review. 2 One of the authors (AT) performed the final and most recent search on GS and Google's Search Engine in November 2020. Table 1 shows the search strings used. We split the search string into two separate queries because GS restricted searches to 256 characters. 3 Moreover, we used inverted commas to limit the search to exact key phrases to avoid retrieving too many irrelevant records. The searches included academic and legal articles but excluded patents and citations. Searches were not limited to a given period; most publications were released in the last decade owing to the recency of the topic.

Search strategy
We used the same two search strings to identify grey literature publications, with the addition of the following parameters: the file type should be a PDF and the text should be in English.

Selection of sources of evidence
Two reviewers (EA and FH) separately selected the publications eligible for the scoping review in two steps. First, each reviewer independently screened the title and abstract of the publications for language, publication type, and relevance to cryptocurrency fraud. To be regarded relevant, the title and abstract had to mention fraudulent behaviour linked to cryptocurrency technology. After completing the first round, the reviewers discussed disagreements and resolved them by consensus. Second, the two reviewers individually assessed the full texts of the articles to identify those that discussed cryptocurrency frauds and related empirical evidence. Any disagreements were resolved through discussion. This covered papers through June 2019. As this is a fast-moving field, the search was updated in November 2020. One reviewer (AT) conducted this subsequent search to capture articles released between June 2019 and November 2020, following the same process as the initial search.
In November 2020, one reviewer (AT) selected publications eligible for the grey literature scoping review in two steps. First, the reviewer screened the title and executive summary (or first section if none existed) of the publication for language, publication type, and relevance to cryptocurrency fraud. In addition, the reviewer searched the text of the source for 'fraud' and 'scam' and read the paragraph(s) including those words. To account for the fact that many sources did not have executive summaries, the reviewer adopted a permissive attitude at this stage; to be regarded as relevant, the content screened did not need to explicitly discuss fraudulent behaviour in detail. Rather, the reviewer included the publication if, from the content reviewed at this stage, the full text could reasonably be expected to discuss cryptocurrency fraud. Second, one reviewer assessed the full texts of publications meeting the initial criteria to identify those that discussed cryptocurrency frauds and related empirical evidence.

Data extraction process
Next, data were extracted from the included studies by one of the three reviewers. During the first round of the review, the data extraction form was tested by having the first two reviewers independently code 25 of the included studies. Disagreements were discussed and the form was updated accordingly. The final version of the data Query 1 "cryptocurrency fraud" OR "cryptocurrency scam" OR "virtual currency fraud" OR "virtual currency scam" OR "digital currency fraud" OR "digital currency scam" Query 2 "cryptocurrency frauds" OR "cryptocurrency scams" OR "virtual currency frauds" OR "virtual currency scams" OR "digital currency frauds" OR "digital currency scams" reducing irrelevant noise in our results. In contrast to other publication aggregators, such as the Web of Science, GS is faster in indexing published work, especially from pre-print servers (i.e., where researchers make publications available without a paywall or before publication in conference proceedings or a journal). To map existing research on cryptocurrency fraud, this review required academic search engines and databases with broad coverage. Previous studies suggested that GS provides the best scope among the available databases. For instance, Gusenbauer (2019) compared the coverage of 12 databases and found GS to provide the most comprehensive range of academic publications. Martín-Martín, et al. (2018) analysed GS, Scopus, and Web of Science concluding that GS identified the largest proportion of citations across a broad spectrum of subject areas. Against this background, we tested our search on GS, ProQuest, Scopus, and Web of Science in April 2019. All of these databases, including GS, include results behind paywalls as well as open access sources. The results suggested GS was the only database with comprehensive coverage of academic publications. Given these findings, we selected GS as the information source for this scoping review on cryptocurrency fraud. extraction form (see Table 2) was then used to extract information from all studies. Figure 1 shows the PRISMA-ScR flow diagram (Moher et al., 2009), which summarises the study selection process for the two academic searches. GS identified 171 citations in the initial search and 220 in the November 2020 update. After removing duplicates, we screened 160 publications during the initial iteration and 167 in the update (i.e., a total of 327 unique publications). Based on the title and abstract, we excluded 114 records from the initial search and 107 from the second. As shown in Fig. 1, a small number of studies were excluded because they were published in a language other than English, or because they were not academic publications, but most of those that were excluded did not address the topic of cryptocurrency fraud; rather, they were focused on topics like the technological and regulatory challenges of cryptocurrency ecosystems.

Study selection and characteristics
This left 46 studies from the initial search, of which 15 were excluded following full-text assessment. In total, 31 studies met the inclusion criteria and are included in the review from the initial search. We evaluated the full text of 60 publications during the November 2020 update, of which 32 were ultimately included. The four articles ultimately deemed not to be academic in nature were published on the electronic pre-print service SSRN; they appeared to be academic publications from their titles and abstract but, upon full-text examination, were excluded. The duplicate article was included in the initial iteration of the search as a pre-print but had since been formally published. The content had not changed and, therefore, it was excluded as part of the second full-text review. Overall, 63 total studies met the inclusion criteria and are included in this scoping review (see Appendix 1: Table 3 or https:// osf. io/ 7w9mu/? view_ only= c9ad3 a1e2e d54da e9b1a 0fc28 07f14 4f for summary details of these studies). Figure 2 summarises the publication selection process for the grey literature. We identified 394 records through the Google search. After removing duplicate web addresses, we screened 377 publications. Based on the title and summary (or the first section of the documents), we excluded 249 records. Of these, one was published in a language other than English; 85 were academic publications; and 116 were ineligible types of publications. 4 Thirty-three sources were either not accessible or were excluded because opening them posed a privacy or security risk. Eleven sources did not address the topic of cryptocurrency fraud and three were, upon further inspection, duplicates.
This left 128 sources, of which 75 were excluded following full-text assessment. Fifty-three studies met the inclusion criteria and are included in the review (see Appendix 2: Tables 4 and 5 or https:// osf. io/ 7w9mu/? view_ only= c9ad3 a1e2e d54da e9b1a 0fc28 07f14 4f for summary details of these studies).

Types of fraud
In this section, we identify the specific forms of cryptocurrency fraud discussed and the definitions thereof.
The academic literature identified 29 different types of cryptocurrency fraud. Figure 3 lists all fraud types identified in the literature and the proportion of publications that discussed them, while Appendix 3: Table 6 provides descriptions of the offences. 5 It is worth noting that in the literature reviewed, authors did not always clearly define or differentiate among types of fraud. Specifically,  *Articles were published on electronic pre-print service SSRN and appeared to be academic in nature from screening their titles and abstract but, upon full-text examination, were excluded. **One article was included in the initial search as a pre-print, but had since been formally published and was, therefore, excluded during the updated search as a duplicate out of the 63 included academic studies, 30 (47.6%) fully reported definitions for all types of fraud discussed, while almost the same number of publications (33; 52.4%) did not. This lack of conceptual clarity is unfortunate as it impedes understanding of how the frauds are committed and how we might address them. For the benefit of the reader, where necessary, Appendix 3: Table 6 includes definitions derived from additional sources. Academic publications most frequently referred to Ponzi schemes and (synonymous) high yield investment programmes (HYIPs). These scam types were discussed in 44.4% of the included studies. Eighteen (28.6%) publications analysed scams involving initial coin offerings (ICOs). Ten analyses (15.9%) covered phishing scams and nine (14.3%) discussed unspecified types of fraud. Seven (11.1%) studies covered pump-and-dump schemes and market manipulation. Six (9.5%) studies looked at exchange scams and five (7.9%) at scam wallet services. Four papers (4.8%) discussed each of the following types of fraud: fraudulent cryptocoins, smart contract honeypots / attacks, and mining scams. Three publications (4.8%) discussed mining malware and the same number addressed smart Ponzi schemes. Two (3.2%) publications discussed securities fraud and identity theft. Sixteen fraud categories were only mentioned in a single (1.6%) publication each. The second iteration of the search identified 17 new types of fraud from the literature.
Altogether, 36 of the grey literature publications came from private sector companies. These publications identified 32 different types of cryptocurrency fraud, 14 of which were not identified in the academic literature. Figure 3 shows these and the proportion of publications that discussed them, while Appendix 3: Table 7 provides descriptions of any offences which were not previously defined in the academic literature. 6 Even more so than in the academic literature, authors did not clearly define or differentiate between types of fraud. Specifically, only four of the 36 studies (11.1%) fully reported definitions for all types of fraud discussed.
Most private sector studies (63.9%) referred to some unspecified type of fraud or scam. Fourteen (38.9%) publications analysed scams involving ICOs and 13 (36.1%) discussed Ponzi schemes or HYIPs. Nine (25.0%) studies covered phishing and seven (19.4%) covered mining malware. Four studies (11.1%) looked at SIM swapping, which did not appear in the academic literature, and which is defined in Appendix 3: Table 7. Four studies (11%) also discussed giveaway scams. Three studies (8.3%) discussed market manipulation, forex fraud, and/ or exchange scams. Two studies (5.6%) looked at impersonation scams, mining scams, pump-and-dumps, and/ or securities fraud. Eighteen fraud categories were mentioned in a single publication each (2.8%).
Seventeen different types of cryptocurrency fraud were identified in the public sector literature. Complete descriptions of these were provided for only four (23.5%). Definitions of frauds covered only in the public sector literature can be found in Appendix 3: Table 8. 7 The most frequently discussed were Ponzi schemes and HYIPs, which were covered in 58.8% of studies. This was followed closely by coverage of undefined or general fraud and scams (nine publications, 52.9%). Four publications (23.5%) addressed ICO fraud and three (17.6%) covered mining malware. Two studies each (11.8%) covered mining malware, pump-and-dumps, phishing, mining scams, and/or manipulation and market abuse. Nine types of fraud were only mentioned in a single (5.9%) publication each.

Expert consensus exercise
A recurring issue in the literature reviewed was the absence of clear definitions of the fraud types identified. In addition, few publications included any assessment of the level of risk presented by the offences: while the existence of a publication on a particular topic is evidence of research effort, this does not necessarily imply that the problem is severe or important. To address this gap, we held a 1.5-day 'sandpit' exercise in which we sought to elicit expert opinion on these issues from a diverse group of stakeholders in the field. The aim of the event was to complement our academically-focussed scoping study by obtaining subjective views on a range of issues: the cryptocurrency frauds identified in the literature, any additional threats not present in the literature, the potential for future crime, and the challenges and opportunities participants experienced or anticipated.
The sandpit activity was held in June 2019, with 27 high-profile representatives from the tech industry, the financial sector (HSBC, Nasdaq, Facebook), international financial intelligence units (from the UK, the Netherlands and Australia), law enforcement (Metropolitan Police, City of London Police, Her Majesty's Prison and Probation Service, National Crime Agency, Defence Science and Technology Laboratory), as well as the World Bank and academic researchers (UCL, Georgia State University, Australian National University, Imperial College London). Findings from the first iteration of the scoping review were presented to inform the activity. However, to maximise the information provided by attendees, the findings from the scoping study were introduced as a way of providing an overview of the problem as it was represented in the published literature (at that time) and to frame the discussions, rather than a point of reference intended to limit their thinking.
Hereafter, we provide an overview of the planning considerations and structure of the event, as well as a summary of the activities, 8 their results, and key conclusions.

Methods
The event commenced with a general introduction and a presentation of the preliminary findings of the initial scoping review. All participants introduced themselves and described what they saw as the key problem with cryptocurrencies for their sector/area and what they thought were the key drivers and inhibitors of the adoption of cryptocurrencies.
Next, to ensure a common understanding of the overall topic, two invited talks were given: one providing an overview of the blockchain and cryptocurrencies, and the second offering an empirical example of a cryptocurrency fraud; in this case, pump-and-dump schemes (based on Kamps & Kleinberg, 2018).
Two group problem planning exercises formed the core part of day one. In predetermined groups (allocated to include members of each sector to facilitate cross-pollination of ideas), participants first engaged in the development of a fraud strategy. Their task was to devise a fraud/crime scheme with cryptocurrencies. Groups started in pairs to develop initial ideas, then joined another pair to decide on one fraud activity and further developed that idea in their group. These findings were then presented in a plenary setting. Next, in the second problem planning phase, each of the groups was assigned a fraud scheme from another group and had to devise mitigation steps. Specifically, the groups were tasked with thinking about what is already in place to mitigate cryptocurrency-related crime, what is needed for better mitigation efforts, and how they would address their allocated problem. As in the first problem planning phase, each group presented their mitigation ideas to the wider audience.
Day two was dedicated to analysing the problems identified. Participants were again allocated to groups, different from those of the first day to ensure that everyone interacted with as many others as possible. In roundtable discussions, the groups focused on the core problems identified on day one and were asked to indicate (on a scale from 1 = very low to 7 = very high) how harmful, profitable, feasible and defeatable they found each of the problems. These judgments were made using interactive polling software that allowed them to access the poll with their smartphone and see the (anonymised) results in real-time. Expert opinions concerning these four facets were particularly pertinent given the absence of such insights in the literature.
After a brief discussion of the findings, we proceeded in a plenary setting and focused on the wider problems associated with cryptocurrencies identified on day one. All participants were again asked to use the polling software to rank the issues according to their relevance. The problem analysis exercise closed with a ranking of the importance of the drivers and inhibitors identified during the introduction of the first day.
The activities of the event closed with three further questions about the future; another area about which the literature provided limited insight, and for which the answers to these questions were, therefore, critical to guiding future academic research. Specifically, we asked participants individually (using the polling software): (1) what they expected to see in the cryptocurrency space in ten years' time; (2) what they definitely did not expect to happen; and (3) what would be needed to better address the potential criminal exploitation of cryptocurrencies in the broadest sense.

Summary of findings Problem planning exercise and analysis of issues
The initial problem planning exercise resulted in the identification/ production of various problem scenarios by the invited participants, as follows 9 : • Fake crypto wallets; • Pump-and-dump schemes; • Investment scams (includes ICO scams, Ponzi schemes, and HYIPs); • Cryptojacking (mining malware); and • Ransomware.

Problem analysis and evaluation
The problems identified in the scenario planning group exercises were discussed, and participants were asked to rate them (on a seven-point scale such as: 1 = not harmful at all to 7 = very harmful) regarding their harmfulness, profitability, feasibility, and defeatability. To capture their confidence in ratings made, participants were also asked to indicate the certainty in their judgments (1 = low certainty to 7 = high certainty). Participants completed the task individually using polling software. 10 To facilitate comparison with the results of our scoping review, the proportion of participants in this exercise who identified each type of fraud as a source of harm in the cryptocurrency space is also included in Fig. 3. Figure 3 displays the proportion of participants who rated the harmfulness of each of these as '5' , '6' , or '7' . The expert consensus exercise participants did not differentiate between ICO scams and other HYIPs, but we have displayed their responses under the latter, more general category. There are clear discrepancies between the extent to which certain threats were identified by experts and the frequency with which they appear in the literature. While Ponzi schemes and other scams were common in both, two of the primary threats identified by experts-ransomware and wallet scams-were among those which only received modest attention in the literature. In contrast, the level of published material concerning issues such as phishing appeared disproportionate to its perceived risk.
The aggregate results for all four dimensions (averaged across participants) are shown in Fig. 4. For each of the dimensions, the graph can be interpreted in much the same way: for example, the offences that participants perceived to be most harmful and for which they were the most certain of their judgement are in the top right of the figure.
Overall, the problems discussed scored higher on their feasibility than they did on their defeatability. The tendency for participants to perceive defeating these problems as more difficult than devising the scams was a recurring topic during the exercise. While most offences were perceived to be profitable, participants were divided in terms of the degree of harm they posed. For all dimensions considered, participants expressed varying degrees of (un)certainty, suggesting a need for more knowledge on these offences.
In terms of the most highly ranked threats, pumpand-dump schemes and ransomware were perceived as the most profitable and most feasible. These were also the two offences for which participants tended to 9 We exclude here discussion of problems identified which specifically relate to money laundering or areas of crime other than fraud. Participants identified the following other crimes: money laundering using Bitcoin ATMs, cryptocurrency money mules, and cryptocurrency transaction extortion. More detail can be found in the following policy brief: https:// www. ucl. ac. uk/ jill-dando-insti tute/ sites/ jill-dando-insti tute/ files/ ucl_ crypt ocurr encies_ and_ future_ crime_ policy_ briefi ng_ feb20 21_ compr essed_1. pdf. express the most confidence in their answers. Interestingly, perceptions differed for the perceived harm associated with pump-and-dump schemes, which were seen as the overall least harmful issue. An explanation for this disparity could be the perceived lack of victims for pump-and-dump operations. During the activity, participants voiced concerns that pump-and-dump operations are a known risk of which all cryptocurrency market participants should be aware.

Final three questions about the future
Participants emphasised the demand for better collaboration across sectors to address the problems discussed. Some highlighted the need for better sharing of intelligence and collaboration between cryptocurrency exchanges and public institutions. Unfortunately, others highlighted the same things as being unlikely to happen. Such diversity of opinion was also present for broader scenarios: specifically, while some anticipated a fully cashless society and easy-to-use cryptocurrency payments for everyday items in the next ten years, others saw the same scenario as unlikely.
Collectively, the findings demonstrate that we are at an early stage in thinking about future problems and scenarios involving cryptocurrencies. An area of agreement was the need for better collaboration between sectors since neither the private sector, nor the law enforcement or financial intelligence units can address the problem alone.

Discussion
This scoping review represents the first summary of available research on cryptocurrency fraud and definitions of the types of fraud identified by the research. Findings suggest research on cryptocurrency fraud is rapidly developing both in volume and breadth. Criminals appear to be rapidly expanding into other areas of fraud and research has, so far, been unable to keep up. While it is unwise to conflate the volume of research on particular types of fraud with the magnitude of offending, the existence of empirical evidence of a number of different types of fraud about which there is little academic research supports this assertion. Key findings and limitations are discussed below, emphasising the need for further research on newly identified areas of cryptocurrency fraud and collaboration across stakeholders.

Cryptocurrency fraud as a cyber-enabled crime
Most sources portrayed cryptocurrency frauds as cyber-enabled frauds. Cyber-enabled crimes involve perpetrators using information and communication technologies to magnify the scale and reach of offences that could also be committed offline (McGuire & Dowling, 2013). In describing cryptocurrency frauds, researchers often refer to traditional financial frauds like Ponzi schemes (Bartoletti et al., 2018;Reddy & Minaar, 2018;Securities & Exchange Commission, 2013), market manipulation, and pump-and-dump schemes (Anderson et al., 2019;Chen et al., 2019aChen et al., , 2019bChen et al., , 2019cChen et al., , 2019d. These types of fraud are not new-Charles Ponzi first committed his namesake fraud in the 1920s, promising high returns for investments in stamps (Frankel, 2012). Pump-and-dump schemes have similarly plagued the stock market for centuries (Kamps & Kleinberg, 2018).
While the underlying characteristics of these frauds remain unchanged, implementation mechanisms have evolved. For example, there are significant parallels between ICOs and initial public offerings (Barnes, 2018;Baum, 2018) but, rather than shares being offered via a stock exchange, ICOs raise funds through the blockchain. Furthermore, smart contracts have transformed the way Ponzi schemes can be executed (Bartoletti et al., 2017;Chen et al., 2018aChen et al., , 2018bChen et al., , 2019aChen et al., , 2019bChen et al., , 2019cChen et al., , 2019d. Overall, however, the literature points to significant similarities between cryptocurrency frauds and traditional financial frauds (or at least the academic imagination conceptualises it this way).
Research refers to cryptocurrency frauds as cyberdependent comparatively less often. Cyber-dependent crimes are offences that are only able to be committed using information and communication technologies (McGuire & Dowling, 2013). Crypto-mining and wallet and exchange service frauds can be categorised as such. For example, crypto-mining frauds involve malware which uses a victim's computer to mine cryptocurrencies for the offender (Anderson et al., 2019;Conley et al., 2015). In the case of wallet and exchange service frauds, fraudsters impersonate legitimate versions of such services, only to later steal money from victims (Pryzmont, 2016;Samsudeen et al., 2019;Vasek, 2017;Vasek & Moore, 2015). These are, perhaps, the only two types of fraud identified which could be considered strictly crypto-dependent, as opposed to other crimes, such as ransomware, which-while cyber-dependentare merely facilitated by cryptocurrencies. While these frauds were not particularly prominent in the literature, they illustrate how new technologies facilitate novel crime opportunities, not just in terms of the technologies themselves, but also through the supplementary services created alongside them. As cryptocurrency use becomes more mainstream, new cyber-dependent methods of fraud may emerge. There is particular potential for this to occur as the decentralised finance industry further develops (Schär, 2021).
The fraud types identified in the expert consensus exercise were more evenly split in terms of cyber-enabled and cyber-dependent crimes. Three of the crimes discussed (fake cryptocurrency wallets, cryptojacking, and ransomware) are cyber-dependent, while pump-and-dump schemes and investment scams are cyber-enabled.

Definitions in the literature
Insufficient reporting of definitions in the literature across all sectors (but especially in non-academic literature) was observed. One of the primary contributions of this study is, therefore, to provide a comprehensive list of definitions of the types of fraud identified in the literature (see Appendix 3 or https:// osf. io/ 7w9mu/? view_ only= c9ad3 a1e2e d54da e9b1a 0fc28 07f14 4f ). In some cases, for example in legal sector sources (both academic and non-academic), this may be due to disciplinary norms. Legal scholars tend to assume fraud definitions refer to their statutory definition, which would be known to their intended audience.
There were also different definitions of certain types of fraud across the literature. For example, 'credential stuffing' was defined slightly differently in the private sector literature than its categorisation in academic literature (Krone et al., 2018;Navarro, 2019). Similarly, one academic study defined all 'malware' as ransomware (Xia et al., 2020a). Furthermore, across the grey literature, types of crime ordinarily not considered fraud, per sesuch as ransomware, embezzlement, and other malware-were all categorised as such.
In some cases, it was more difficult to synthesise the types of fraud due to disparities in definitions. For example, one article considered 'imposter websites and apps' an issue; it was unclear if the author intended this to be categorised as distinct from phishing or if this was another way to describe the same criminal act (Scheau et al., 2020). Similarly, one paper referred to 'unfair and deceptive acts' as a type of fraud but failed to define it. Without a definition and an understanding that this is likely to refer to the Federal Trade Commission Act (Federal Trade Commission Act, 2012), this could easily be misinterpreted as 'unspecified fraud' (Scott, 2020).
There were different levels of depth in definitions across sectors. For example, public sector literature included 'market abuse' when discussing 'market manipulation' (HM Treasury et al., 2018). Another public sector article referred to COVID-related scams very generally, while an academic article split them into several different categories (NHS National Services Scotland, 2020; Xia et al., 2020a). Finally, some publications referred to individual types of fraud that were actually sub-categories of other types of fraud. For example, pump-and-dump schemes are one type of market manipulation.

Development of academic research over time
The most discussed types of fraud (Ponzi schemes/ HYIPs and ICO scams) remained the same between the first iteration of our academic literature review and the update. The third most discussed was phishing, which was newly identified in the research during the second iteration.
Overall, 17 new types of fraud were identified in the updated literature review, all of which were cyber-enabled crimes. Since they were all cyber-enabled crimes (and not 'new' , cyber-dependent crimes), it was surprising that these went unidentified in earlier literature. It is unclear if criminals are adapting to enforcement efforts and committing new types of fraud or if the research is simply 'catching up' . Interestingly, besides phishing, only two other newly identified types of crime-securities fraud and identity theft-were mentioned in more than one publication.
Some of this change could be due to the fields responsible for publishing these papers. In the first iteration, there were more computer science papers; they would be less likely to pick up on legal issues like securities fraud.
There is a clear need for more research on these 'newer' types of fraud. This need is further supported by the expert consensus exercise participants' varying degrees of (un)certainty about harmfulness, profitability, feasibility, and defeatability of the offences discussed. The volume of research is growing rapidly-this review identified more eligible publications published in the last year than in the first several years included in the first iteration of the academic literature review. Considering this rapid development, a followup expert consensus exercise could be useful, which we discuss in more detail below.

Differences among sectors
One of the primary conclusions from the sandpit exercise was the need for further collaboration among stakeholders. To address this, the updated version of this scoping review expanded to include grey literature sources.
Private sector literature was less specific in its discussion of fraud than other sectors-'unspecified fraud' was discussed most often. The prevalence of the 'unspecified fraud' categorisation also highlights the lack of transparency in many private sector publications, in both their methods and conclusions. 'Unspecified fraud' was followed by the same three most 'popular' types of fraud as in the academic literature-ICO scams, Ponzi Schemes / HYIPs, and phishing.
New types of fraud (e.g., SIM swapping, forex fraud, and securities fraud) were more commonly discussed in the grey literature than in the academic literature. This was true even though the academic review was recently updated. Notably, SIM swapping, forex fraud, and impersonation scams were completely absent from the academic literature. The remaining 'new' crimes identified in the private sector literature were only mentioned in one publication each and can be categorised as cyber-enabled crimes. These may, indeed, be crimes that have only recently emerged in the cryptocurrency space. In the public sector literature, Ponzi schemes, unspecified fraud, and ICO scams were the most frequently discussed types of fraud. Phishing was also frequently discussed in the public sector literature.

Focus of research and expert consensus exercise and prioritising future research
Across all sectors of published research, Ponzi Schemes/ HYIPs and ICO scams were discussed the most often but were not considered particularly profitable or feasible by sandpit participants. It is possible that more research into-and a greater understanding of-these scams has made them less feasible, or at least has led to them being perceived as such. There was less certainty among participants surrounding the profitability of investment scams; future academic research (and collaboration with other stakeholders) could serve to reduce this uncertainty.
There could also, however, be a mismatch between research and practice. For example, our experts perceived crimes like ransomware and fake crypto wallets as profitable. Prior academic research has shown that ransomware, in particular, was not particularly so (Conti et al., 2018;Vasek et al., 2017). However, the applicability of this academic work might be limited by its age, as more recent, private sector sources have suggested ransomware has been increasing in recent years and that it has the potential to be very profitable and harmful (Chainalysis, 2021; CipherTrace, 2020). Beyond highlighting the need for further academic research on the impact of ransomware, this discrepancy emphasises the need for collaboration among stakeholders and academia in developing research agendas.
As noted by the expert participants of our sandpit activity, further collaboration is necessary across sectors to prioritise future research into cryptocurrency fraud. To facilitate this, a follow-up sandpit-style activity, informed by the updated and expanded scoping review, is recommended. It would be useful to gain experts' insight into the harmfulness, feasibility, profitability, and defeatability of some of the 'new' cyber-enabled crimes we identified in the literature (e.g., securities fraud, identity theft, and wire fraud). Since the number of types of frauds has significantly increased, and many types of fraud were only mentioned in a single study, this is crucial to prioritising future research. The follow-up exercise should include broad participation from a variety of sectors to get a more comprehensive view of the current and future cryptocurrency-based fraud landscape. Finally, an emphasis on consensus surrounding definitions of various types of fraud would be useful. This could ultimately lead to the collaborative development of standards in the field, which could help prevent future frauds. 11

Limitations and Outlook
The limitations of this (and any) scoping review concern choices regarding the eligibility criteria and search strategy used. First, this scoping review was limited to GS. While it may be argued that using a single database may result in some publications being missed, we believe GS provides comprehensive coverage of the issues on which this review focuses. In designing the review, we conducted test runs across various databases, including ProQuest, Web of Science, and Scopus, with a combination of more general and more specific search terms. These searches returned a large volume of publications; however, many of the articles were merely news reports and the searches included many duplicates. In contrast to the other databases, GS returned the highest proportion of relevant, scientific work. While other similar studies (for example, Badawi and Jourdan (2020)) identified a higher volume of publications, this is primarily due to their broader inclusion criteria.
We tested multiple alternative search strings but found that these resulted in large volumes of irrelevant material being identified. The final search strings were chosen through trial and error, and were deemed to best reduce irrelevant material, while remaining processable in a reasonable timeframe. We ultimately restricted the GS search to exact phrases (as opposed to texts including the keywords in an unconnected manner) because test queries identified too many potential (but irrelevant) records when the search terms were less specific. We acknowledge that we may have excluded relevant studies that alternative search strategies would have detected. However, the fact that we uncovered such a large range and number of scams and frauds means the implications of this on our overall conclusions are likely to be minimal. Furthermore, GS lacks wildcard character functionality. However, in our experience, using wildcards on other databases primarily resulted in more noise, rather than better findings. Moreover, using wildcards reduces control over the search to a certain extent. We ultimately sacrificed some potential coverage for greater precision, control, reliability, and transparency.
We limited our scoping review to research published in English. Of the 160 records screened in the first iteration of our review, only 14 were excluded because they were not in English (i.e., 10.9% of the total records excluded after removing duplicates). In the second iteration, of the 167 records reviewed, 20 were excluded because they were not in English (i.e., 14.8% of the total records excluded after removing duplicates). While future studies may benefit from including non-English sources, we do not feel their exclusion from this study meaningfully affected our conclusions.
Besides 'classical' journal publications, we also categorised electronic pre-prints, industry reports, and theses as eligible publication types. Some may argue that such publications lack peer-review and are therefore of lower academic value. However, while they would not be subject to the official peer-review process, they are likely to have undergone informal academic review. Furthermore, regardless of their peer-review status, they serve as an indicator of research effort within the field, which is what we sought to measure. On the other hand, we excluded blogs and other sources which might more expeditiously capture what is currently happening or likely to happen in the future in terms of cryptocurrency fraud. We acknowledge that there is a trade-off between timely identification of types of fraud through these types of sources and credibility and verifiability. Many blog posts do not involve rigorous analyses or empirical evidence, may exaggerate claims for marketing purposes or shock value, and do not undergo any outside review (formal or informal). We sought to understand scams and frauds that have been verified (including via some level of peer review in the case of academic publications) and well-researched, rather than identify speculated, future-oriented insights. If we had primarily consulted blogs, many of the insights reported in this paper would not have been identified due to the lack of detail compared to formal articles and reports. We ultimately strove for a balance between prompt identification of frauds and credibility by including electronic pre-prints, theses, and the like.
We also excluded non-governmental organisations' research from our grey literature review. However, only four of the 128 full texts screened were excluded for this reason. Finally, only one researcher updated the academic literature scoping review and conducted the grey literature review. Ultimately, we designed a rigorous process that was easily replicable and, therefore, do not consider it to have impacted our results.
As literature on this topic develops, further analysis of the literature's insights-specifically on the harmfulness, feasibility, profitability, and defeatability of the frauds as well as information on whether they are increasing, decreasing or otherwise-would be pertinent. Unfortunately, it was not possible to glean such information from the literature in either iteration of this scoping review as it was largely absent. The absence of these insights in the literature was one motivation for including these factors in the expert consensus exercise but it would, ultimately, be useful have these perspectives from the literature as well. We invite further studies to analyse these frauds in more depth. Since developments in this field are fast-paced, we also recommend regular updates to this scoping review to maintain an accurate view thereof.

Conclusions
In recent years, governments have reported an increase in frequency and scale of frauds involving cryptocurrencies. This review offers the first systematic study of research on what kinds of cryptocurrency fraud currently exist or are expected to exist in the future and, uniquely, systematically identifies expert practitioners' assessments of these issues as well. The findings suggest scholarship on future problems and scenarios involving cryptocurrency fraud remains in its early stages, though research is rapidly developing (both in volume and scope). Even though many of the frauds identified in this research can be considered cyber-enabled (rather than cyber-dependent), the new ways in which they are being committed using cryptocurrencies necessitates future research.
Another notable finding was the lack of consistency (or existence at all) of definitions of the various types of fraud identified in the literature. One contribution of this study is, therefore, to provide definitions of all the types of fraud currently identified in the academic and grey literature (see Appendix 3 or https:// osf. io/ 7w9mu/? view_ only= c9ad3 a1e2e d54da e9b1a 0fc28 07f14 4f ).
Further consensus surrounding these definitions could lead to the collaborative development of standards in the cryptocurrency sector, which would facilitate prevention of future frauds.
This work can help guide research agendas and activities aimed at translating research into practice. Ultimately, the study emphasises the need for better collaboration across sectors in prioritising future research on and mitigations of frauds involving cryptocurrencies to better address the problems identified.

Label Description
Ponzi scheme/ high yield investment programme Ponzi schemes and high yield investment programmes are the cryptocurrency version of Charles Ponzi's scam technique, where outlandish interest rates are promised in return for investments. Returns on these investments are paid to investors with funds invested by new users that join the scheme until it is no longer possible to find new victims (Bartoletti, et al., 2018;Baum, 2018;Pryzmont, 2016;Reddy et al., 2018;Vasek, 2017;Vasek et al., 2015) Initial Coin Offering (ICO) scams ICOs involve fundraising, often crowdfunding, to launch a new cryptocurrency (Anderson et al., 2019). Fraudulent ICOs, on the other hand, lure investors into paying money into cryptocurrencies for simple theft, or as part of pumpand-dump and Ponzi schemes (Barnes, 2018;Baum, 2018) Phishing* Phishing involves creating a fake version of an official website (or email, etc. and, in this case, cryptocurrency websites) and getting users to input their private information on this website (Chen et al., 2020a) Pump-and-dump schemes Pump-and-dump schemes are a type of stock market fraud and have been committed since the 1700s. They have recently been applied to cryptocurrencies. In the context of cryptocurrencies, fraudsters accumulate volumes of a low-value currency and then aim to artificially inflate its price by spreading misinformation, typically as a coordinated effort over the internet. When the value of the cryptocurrency increases, they sell everything to make a profit (Barnes, 2018;Baum, 2018;Chen et al., 2019c) Market manipulation Market manipulation refers to market participants (including exchanges) and bots attempting to change the price of a cryptocurrency (ur Rehman et al., 2020) Exchange scam Scams related to cryptocurrency exchange platforms entail the purposeful closing of a platform leading to financial losses for the cryptocurrency owners (Samsudeen et al., 2019). To that end, fraudulent exchange services entice victims through unique payment features or high exchange rates (Vasek, 2017;Vasek et al., 2015). Once victims have bought a cryptocurrency, the scammers simply close the exchange, taking the victims' money without any repayment Scam wallet Scam wallets are fraudulent services that masquerade as cryptocurrency wallets to siphon some or all of the currency transferred to them (Vasek, 2017;Vasek et al., 2015) Smart contracts honeypots Smart contracts honeypots are smart contracts that seemingly contain design flaws. Users (the victims of this fraud) attempt to exploit these flaws, only to find that this perceived vulnerability did not exist. Instead, the code of the contract, when executed, does things like freeze their funds and only make them accessible to the scammer. For example, the honeypot could be set up to (appear to) leak funds (the bait) which a user may want to exploit by fulfilling the contract (e.g., paying a defined amount of cryptocurrency). The trap is that the code of the contract does not actually leak any funds but freezes them (for a detailed review, see Torres et al., 2019) Mining scam Victims invest in cryptocurrency mining operations in the hope of getting larger sums back, only to never receive a pay-out (Vasek, 2017;Vasek et al., 2015) Fraudulent cryptocoins No definition was reported in the reviewed studies. However, Higgins (2017) defines this type of fraud as the unauthorised use of names from established companies to gain the trust of potential investors Smart Ponzi Scheme Smart Ponzi schemes apply the classic Ponzi schemes technique to smart contract platforms (Bartoletti et al., 2017;Chen et al., 2018a, d). The scammer makes money by taking parts of the investments of the victims for themselves rather than genuinely investing it. High interest rates or returns are paid with the investments of others rather than through a genuine increase in value

Appendix 3
Definitions denoted with an asterisk (*), indicate types of fraud newly identified in the November 2020 update of the academic literature review. This information can

Label Description
Wash trading* Wash trading was not defined in the literature. However, the UK Financial Conduct Authority defines it in the Market Abuse Regulation as 'a sale or purchase of a qualifying investment where there is no change in beneficial interest or market risk, or where the transfer or beneficial interest or market risk is only between parties acting in concert or collusion, other than for legitimate reasons' (Financial Conduct Authority, 2021). In this case, the sale or purchase could be completed using cryptocurrencies or the qualifying investment itself could be a crypto asset Selfish mining* Though selfish mining is not prohibited, per se, one article refers to it specifically as fraud (Phan et al., 2019). Selfish mining involves miners purposefully hiding blocks they have found so they can secretly mine on top of them, causing other miners to waste their computing power in trying to mine a block that has already been found. This allows the selfish miner to fork the blockchain, essentially enabling miners to carry out a 51% attack, but with a far smaller proportion of the overall hashing power (as little as 25%) (Phan et al., 2019) Romance scams* Romance scams involve a nefarious actor gaining an individual's trust by engaging in a romantic relationship with them. Once they have received said trust, the perpetrator requests money (in this case, cryptocurrency) from the victim (usually for something like an urgent surgery, because they temporarily cannot access their bank, etc.) (Navarro, 2019) Pyramid schemes* In a pyramid scheme, participants earn money by recruiting other members to the scheme (in this context, a cryptocurrency investment scheme), rather than by delivering investments, products, or services (Jiaying, 2020) Malware scams* Malware prohibits victims' access to their phones or computers until they pay a ransom in cryptocurrency (Xia et al., 2020a). Traditionally, this type of scam is more specifically referred to as 'ransomware' , a type of malware Giveaway scams* In a giveaway scam, a fraudster promises to give victims a reward for sending him/her a particular amount of cryptocurrency (which is never ultimately delivered) (Xia et al., 2020a) Fake agencies Scammers pretend to be an existing exchange or government organization to steal cryptocurrency from customers (Samsudeen et al., 2019) Donation scams* In a donation scam, a fraudster will pretend to be from a public organisation purporting to raise money (using cryptocurrency) for a worthy cause that does not actually exist (Xia et al., 2020a) Blackmail scams* Blackmail scams were defined and discussed in the studies in the context of COVID-19. They refer to individuals claiming they will spread coronavirus unless the victim sends them cryptocurrency (Xia et al., 2020a) Arbitrage scams* Arbitrage refers to investors profiting off price imbalances in the market. Scammers often combine arbitrage with counterfeit cryptocoins, i.e., they provide a scam address for the victim to send cryptocurrency to (to take advantage of an arbitrage opportunity). Rather than returning their profits, they send only counterfeit tokens to the victim (Gao et al., 2020) Airdrop scams* Scammers promise to give various victims a free cryptocurrency token. Rather than providing the real cryptocurrency, they often send victims counterfeit tokens (Gao et al., 2020). In other cases, they airdrop token to trick a user into approving access to their online wallet; the scammer subsequently drains funds from their wallet Advance-fee scam* An advance-fee scam involves convincing a victim to send cryptocurrency to a particular address. The scammer promises to return the full amount and more (though this money never arrives) (Phillips & Wilder, 2020)  Commodity fraud The definition of commodity fraud was not reported in the private sector literature. The U.S. Code defines it as carrying out a scheme 'to defraud any person in connection with any commodity for future delivery, or any option on a commodity for future delivery' or 'to obtain, by means of false or fraudulent pretenses [sic.], representations, or promises, any money or property in connection with the purchase or sale of any commodity for future delivery, or any option on a commodity for future delivery' (Corporate & Criminal Fraud Accountability Act of, 2002. The commodity in this case would be a crypto asset Access device fraud The private sector literature failed to report the definition of access device fraud. U.S. statute defines a perpetrator thereof as someone who 'knowingly and with intent to defraud produces, uses, or traffics in one or more' of items like 'counterfeit access devices'; 'unauthorized access devices'; 'a telecommunications instrument that has been modified or altered to obtain unauthorized use of telecommunications services'; or 'a scanning receiver'; among others (Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, 2015) CPO / CTA fraud The definition of CPO / CTA fraud was not reported in the private sector literature. We understand this to refer to fraud committed by Commodity Pool Operators or Commodity Trading Advisors, in this case, fraud involving cryptocurrency (Ropes & Gray, 2019) Credential stuffing Credential stuffing occurs when brute-force attackers automatically try huge sets of login credentials in login pages in an attempt to access an account which exists (Krone et al., 2018). Attackers could use credential stuffing to access custodial wallet or exchange accounts a

Discount scams
The private sector literature failed to define discount scams. From the context in which they were mentioned, they appear to involve the promise of discounts for early investors in a cryptocurrency. The purported discounts may be for a counterfeit or fraudulent cryptocurrency (Bolster, 2019)

Dusting
Dusting involves scammers sending small amount of cryptocurrency to lots of addresses. The fraudster can then track these funds in an attempt to figure out which addresses are housed in the same wallet or identify wallet holders. They then use this information for targeted phishing or blackmail scams (Musiala et al., 2020). It is worth noting that dusting is not necessarily malicious; it has also been used for advertisement purposes Embezzlement Embezzlement was not defined in the private sector literature. However, the U.S. Supreme Court defined embezzlement 'the fraudulent appropriation of property by a person to whom such property has been entrusted, or into whose hands it has lawfully come' (Moore v. United States, 1895). In the context of cryptocurrency fraud, this would mean the misappropriation of crypto assets

Forex fraud
The private sector literature did not include a definition of forex fraud. The Financial Conduct Authority states that these scams involve unauthorised foreign exchange trading and brokerage firms who 'promise very high returns and guaranteed profits' (Financial Conduct Authority, 2020), in this case, from exchanging cryptocurrencies. Generally, victims will initially receive some returns, but, following further investment, the scam forex firm will halt all communication (Financial Conduct Authority, 2020) Issuing false account statements in connection with soliciting investments This was not defined in the literature, however, from the context in which it was mentioned, appears to refer to scammers publicising fake profit and loss information from their cryptocurrency 'investment opportunity' in order to entice new investors to join their scam (Malyshev et al., 2018) Options fraud Options fraud was not defined in the private sector literature. This review, again, interpreted the literature as referring to the U.S. statutory definition, namely, 'to defraud any person in connection with…any option on a commodity for future delivery' or 'to obtain, by means of false or fraudulent pretenses [sic.], representations, or promises, any money or property in connection with the purchase or sale of…any option on a commodity for future delivery' (in this context, an option on a crypto asset) (Corporate & Criminal Fraud Accountability Act of, 2002, 2009) Impersonating celebrities or a federal employee The private sector literature did not define scams involving the impersonation of a federal employee (Lucking & Aravind, 2019). The public sector literature specifically referred to impersonation scams involving celebrities, defining them as involving a scammer using 'the image, name, and personal characteristics of a well-known person to sell a product or service' (Australian Competition & Consumer Commission, 2020). This could involve, for example, a fraudster impersonating a celebrity to recruit victims to a cryptocurrency investment scam. We understand the definition of impersonating a federal employee to be largely the same (albeit with the perpetrator impersonating different targets). In practice, this is closely related to giveaway and advance-fee frauds b Exploiting vulnerabilities Though this was not defined in the publication that mentioned it, exploiting vulnerabilities is understood to refer to any fraudulent behaviour enabled by web browser, software, hardware or firmware security issues (PYMNTS.com & Trulioo, 2019). This could also potentially apply to exploiting vulnerabilities in smart contracts, though this was unclear from the context in which it was discussed

Ransomware
The private sector literature that referred to ransomware specifically as a type of fraud defined it as malware that controls a victim's computer or device and 'holds it hostage until the victim pays the hackers to regain access' (Musiala et al., 2020). Generally, the hackers require payment in cryptocurrency a In contrast, in the academic literature, this was specifically defined as phishing (Navarro, 2019). While the source of these sets of login credentials may be phishing, the definition provided above is more accurate. b This is similar to the definition of 'fake agencies' , as defined in the academic literature. Table 8 Description of fraud types identified in the public sector literature

Label Description
COVID-related scams The publication that referred to COVID-related cryptocurrency scams did not provide a definition thereof. However, it is implied that this refers to any scam related to COVID-19 that requires payment in cryptocurrencies, such as donation scams, payment for fake personal protective equipment, etc. (NHS National Services Scotland, 2020). We note that Xia et al. (2020a) also define various scams in the context of COVID, which we have included separately above (see, for example, definitions of malware scams, giveaway scams, donation scams, and blackmail scams) False signals of supply and demand (wash trading, layering, spoofing) False signals of supply and demand were not defined in the public sector literature. The UK Financial Conduct Authority, in the Market Abuse Regulations, defines this as providing information 'which is likely to give the regular user a false or misleading impression as to the supply of, or the demand for, or the price or value of a qualifying investment or relevant product' , for example, of a crypto asset (Financial Conduct Authority, 2021) Income tax scams The public sector publication referring to income tax scams did not offer a definition thereof (Manojlovic, 2019). However, in describing the scam, it appears to involve someone impersonating federal employees (defined above), specifically, in this case, Canada Revenue Agency employees (Manojlovic, 2019) Unfair and deceptive acts This was not defined in the literature. However, it is understood to refer to the Federal Trade Commission Act, which prohibits any practice that 'causes or is likely to cause substantial injury to consumers; cannot be reasonably avoided by consumers; and is not outweighed by countervailing benefits to consumers or to competition' or 'where a representation, omission, or practice misleads or is likely to mislead the consumer; a consumer's interpretation of the representation, omission, or practice is considered reasonable under the circumstances; and the misleading representation, omission, or practice is material' (Federal Trade Commission Act, 2012)