Eight Tips to Detect Crypto Mining Scams

Whether it’s Power Mining Pool today or Bitconnect yesterday, the crypto space is festering with parasitic scams and opportunistic swindlers. The conditions are ripe for them and there’s money to be made.

Fig. 1. BTCProMiner Free Scam research, 2018.
BTCProminer.png

Among the dangers, Bitcoin mining scams are a tough one to identify and parting the good from the nasty can be tricky. Mining scams are wrapped up in an already technically demanding task of Bitcoin mining. They are billed as a consumer-friendly method for building exposure to Bitcoin mining, and when run like this, they really do provide value for investors looking to diversify.

Legit Bitcoin cloud mining pools are too often buried in search results and outranked by throngs of fly-by-night operations. Finding the legit pools can be a tall order and require sifting through Reddit posts and Bitcointalk forum entries. With that said, there are legit mining operations out there. As always, do your own research and stay skeptical as we settle and develop this wild frontier. For now, let’s take a look at what a crypto mining scam looks like to hopefully better prepare us to identify the key red flags.

What’s a Cloud Mining Pool?

A cloud mining pool is the most hands-off version of crypto mining you can get. They allow a participant to rent or lease hashing power not directly owned by themselves. The rented hashing power is then pooled and paid out proportionally to the members (after fees and operational costs).

A traditional mining pool instead requires participants to supply their own hashing power and pool it with other miners. The participant owns and operates their own hardware and contributes to the pool’s overall hashing power. The critical difference between a cloud mining pool and a traditional mining pool is the ownership of the hardware.

Cloud mining: you don’t own the hardware (hashing power).
Traditional mining: you own hardware (hashing power).

Why pool at all? In short, block rewards become more difficult to obtain as overall hashing power of a particular blockchain increase. Take Bitcoin as an example. There was a time in Bitcoin mining when a standard CPU could mine whole blocks itself. Gone are those days. Bitcoin mining is now big business with plenty of stakeholders leveraging their resources into the security of the blockchain. Miners with serious hashing power make it improbable for small miners to reasonably expect block rewards. Their hashing power is just not enough to compete.

The solution: gather together all these smaller players and pool their hashing power. Miners in a pool no longer compete for blocks of their own, instead, they work together and proportionally share the booty.

What’s a Ponzi Scheme?

It’s theft, let’s just clear that up. If you’re in a Ponzi scheme you are either being robbed or doing the robbing yourself. A typical Ponzi scheme involves enticing participants to invest their money into a fund or investment strategy that has seemingly guaranteed returns. In reality, and with variation, the returns are not gained by real-world trading or superior business acumen. Conversely, new investments to the funds are distributed around existing investors and represented as market returns.

Fig 2. General Ponzi Scheme Principles, 2018.
bitcoin-ponzi-games.jpgPonzi schemes require a constant flow of new investment to keep the machine moving. Once things fall apart or new investment slows, the scheme is often revealed for what it is. In the world of crypto Ponzi schemes, a collapsing Ponzi scheme is followed by a hasty exit scam.

Case in point; “A New York federal court has ordered cryptocurrency hedge fund Gelfman Blueprint, Inc. (GBI) and its CEO Nicholas Gelfman to pay over $2.5 million for operating a fraudulent Ponzi scheme, according to an official announcement published Oct. 18. GBI is a New York-based corporation and denominated Bitcoin (BTC) hedge fund incorporated in 2014. As stated on the company’s website, by 2015 it had 85 customers and 2,367 BTC under management. The order is the continuation of the initial anti-fraud enforcement action filed by the U.S. Commodity Futures Trading Commission (CFTC) against GBI in September 2017. The CFTC charged GBI for allegedly running a Ponzi scheme from 2014 to 2016, telling investors that it had developed a computer algorithm called “Jigsaw” which allowed for substantial returns through a commodity fund. In reality, the entire scheme was a fraud” (, Cointelegraph.com, 10/19/18).

Keep in mind that Ponzi schemes thrive in times of economic expansion and speculative bubbles. Capturing collective optimism is pivotal to its success. Bitconnect is a choice example of the market fervor getting the best of investors.

Identifying the Red Flags of a Cloud Mining Ponzi Scheme

Firstly, the duck test. If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck. The duck test isn’t scientific by any standard but can be used to leverage your gut feeling to identify early warning signs. Ponzi schemes, whether in Wall Street, Main Street or Bitcoin mining pools, all share very common characteristics. If the opportunity you’re looking at is checking off the same boxes that previous Ponzi schemes had, it’s probably a duck.

Let’s take a look at some criteria or common characteristics of Bitcoin cloud mining Ponzi schemes.

**Much appreciation to Puppet on the BitcoinTalk forum for their work on this template to review Bitcoin cloud mining operations. Until this type of vetting is part of the investor process, crowd-sourced community led investigation is paramount.**

Red flags of a cloud mining Ponzi scheme (adapted from Puppet’s Criteria)

  1. No public mining address / Users unable to select own pools
    When you rent hashing power from a cloud miner, you are only renting hashing power. This means that the pool you contribute to should be your own choice. The cloud mining operator you rent from may also have a pool for convenience but should not require you to use it. There is no reason for a mining pool to hide their public mining address, it just doesn’t make sense.
  2. No endorsement from hardware/ASIC provider
    With the overwhelming amount of cloud mining operations being Ponzi schemes, the industry virtually requires a shout-out from their hardware provider to ensure customers that there really are miners buzzing away on their behalf. If your cloud mining company can’t prove they own their hardware (without raising more questions) then you should reconsider.
  3. No pictures or recordings of their hardware or datacenter
    It is common practice for miners to be closed lipped about where their data centers are located. So, don’t expect to get robust images or recordings that dox the facility or owners. However, some evidence should exist and beyond their location, the pictures or video shouldn’t look to be hiding anything.
  4. No limits on how much hashing power you can lease
    Cloud mining providers will have a limited inventory of hashing power on hand at any time. Furthermore, expanding an operation’s inventory takes time and can be limited by the market supply of ASIC’s and other factors. It’s questionable for a cloud miner to not share their inventory supply with their customers. Most concerning, offenders will promise you instant and limitless scalability.
  5. Referral payouts schemes
    Often, mining Ponzi schemes will also feature a form of multi-level marketing to encourage members to bring on new investments. Members are incentivized to grow their own teams, and each new member they bring in increases their rewards.
  6. Anon operators
    If the owners are anonymous, move on. There is little-to-no reason to be an anonymous operator of a cloud mining service. If they provide identification, double check it, ask around, and do some due diligence. Is the owner hidden behind private registration? Has the domain been registered for less than six months? (You can find this information by searching for the platform’s URL registration details on a site like WHOis.net). The more information you can find about the people/company behind a website, the better.
  7. No clear path for divesting
    There should be well-defined methods for withdrawing funds or closing rental contracts.
  8. Guaranteed profits
    Quack, quack, quack!

If any of these red flags are present in the cloud mining business than take a moment and consider why.

Power Mining Pool: A Case Study for Cloud Mining Ponzi Schemes

Power Mining Pool was a typical Bitcoin mining pool Ponzi scheme and even included a multi-level marketing (MLM) styled referral system. Looking back it is a lot easier now to see the red flags that were present then. Hindsight is twenty-twenty. When a company expects you to send them money, but refuses to disclose any information about itself, you’re almost certainly being scammed. A WHOIS checkup shows that PowerMiningPool.com domain was registered on June 27, and the mining pool website launched online on September 4, 2017.

BitCoin Mining Scam

Red Flag #1 Power Mining Pool didn’t have a public mining address and didn’t allow for mining outside their own pool.

Red Flag #2 No endorsement or sign of approval from hardware suppliers. Nothing to be found on Reddit, Telegram, BitcoinTalk, and so on.

Red Flag #3 A serious lack of informative images. An archive of the Power Mining Pool shows a website riddled with stock images and vague copywriting. In addition to the generic images, there is a video that provides no additional insight into the company.

Red Flag #4 No limits to how much you can invest. Power Mining Pool sold hashing power in the form of shares, which any investor could purchase without limit. Shares would not only be your claim to the guaranteed returns but also provide you with more ability to climb the ranks of the MLM reward system.

Red Flag #5 From Associate to President Millionaire, members could climb the ranks by both acquiring new shares in the pool and successfully referring new members. At each new rank in membership, you received bonuses and higher returns. For you to move up in ranks, however, your referrals also needed to move up. Not only do you need to bring in new successful members, but your referrals do too. Sound familiar?

Red Flag #6 The founders of Power Mining Pool are brothers and live in central Europe. And that’s all the information available. Searching their names, Andrew and Mike Conti, is about as helpful as the caricatures of themselves on their about page. Additionally, a WHOIS search of the company’s domain shows the admin contacts hidden behind a domain name privacy service.

Red Flag #7 After the cease and desist, Power Mining Pool has up and left with members’ principal investments. Initially, there were accounts of members receiving their daily mining profits as promised. However, it’s common for early adopters of Ponzi schemes to see earnings while their principal investments are siphoned off.

Red Flag #8 “Every share you purchase will earn you €70.” That’s a promise plucked directly from the former subpage subtly titled opportunities. Each share costs members €50 which means Power Mining Pool is guaranteeing 40 percent returns.

Power Mining Pool is only one example of a Bitcoin cloud mining service riddled with red flags and warning signs. In fact, there are breadcrumbs of evidence linking Power Mining Pool to other operational Bitcoin cloud mining scams. Battling these schemes is a game of whack-a-mole: closing down one just creates three more.

Conclusion

The code is what makes the cryptocurrency work, and most legitimate cryptocurrency teams will make their codes ‘open source’. This means it is published openly, so anyone can read it, edit it, and check it is what the founders say it is. Of course, just because you can’t read the code yourself doesn’t mean not being able to see it is OK. If a cryptocurrency team is keeping their code secret, it should set off alarm bells.  Unless they have validated I.P., what are they trying to hide, but even then they would have long legal paperwork and patient documents they could show…..

Just because red flags are present doesn’t always mean you have identified a scam. They are early warning signs and alarms telling us to look a little deeper, investigate further, and remain skeptical. Questions and suspicions are not inherently dangerous themselves but ignoring them is. Power Mining Pool was peppered with reasons to raise concern and seek clarity. The answers provided to these questions should support unique technological offerings, business savvy, and this should all be logically connected. If operators don’t directly answer most of these questions see if they have other commonalities with know crypto scams as it may be another example in a long line of Bitcoin cloud mining Ponzi schemes. BitClub Network, HashOcean, Coinmulitplier Club, MinersLab, and Bitcoin Cloud Services are just a handful of other examples. Unscrupulous operators are swindling and cheating people out of their money. If you see reasons to be concerned, then share it with the community, ask the operators for clarity, and be cautious. Don’t keep it a secret.

Editor Jeremy Swenson
Writer Marshall Taylor

What is Crypto-Currency Malware And How Do You Prevent It?

As crypto-currency enters the mainstream cyber-criminals are using crypto-mining malware (Fig. 1) to infect websites and devices ranging from smartphones to servers. All of this is dependent on a strong understanding of bitcoin mining in the blockchain as described below.

Fig. 1. Bitcoin Crypto-Jacking Threat Actor.
bigstock-221140084-940x500

Every ten to fifteen minutes mining computers collect hundreds of waiting bitcoin transactions (a block) and then convert them into mathematical puzzles. The first miner to find the puzzle solution shares it with others on the network. Then other miners check whether the sender of the funds has the right to spend the money and if the solution to the puzzle is correct. If enough of them grant their approval, the block is crypto-graphically added to the ledger and the miners move on to the next set of transactions (hence the term “blockchain”). The miner who found the solution gets 12.5 bitcoins as a reward (presently), but only after another 99 blocks have been added to the ledger. This is the incentive to participate in the system and validate these transactions (L.S., The Economist, 2015).

Clever as it may be, this system has weaknesses. One is rapid consolidation. Most mining power today is provided by pools—big groups of miners who combine their computing power to increase the chance of winning the coin reward. As mining pools have gotten bigger, it no longer seems inconceivable that one of them might amass enough capacity to mount a 51% attack—whereby an organization is somehow able to control most of the network mining power (hashrate). Bitcoin is secured by having all miners (computers processing the networks transactions). Indeed, in June 2014 one pool, GHash.IO, had the bitcoin community running scared by briefly touching that level before some users voluntarily switched to other pools.

As the bitcoin price continues to fall, consolidation could become more of a problem. Some miners are giving up because the rewards of mining no longer cover the costs. Some worry that mining will become concentrated in a few countries where electricity is cheap, like China, thus allowing a hostile government to seize control of bitcoin. Others predict that mining will end up as a monopoly—the exact opposite of the decentralized system that the elusive Bitcoin founder Mr. Nakamoto set out to create.

Fig. 2.  General Crypto-Jacking Attack Flow. (Sugata Ghosh, ET Bureau, 05/11/2018).

Cryptojacking
With a strong understanding of blockchain technology, crypto-mining malware attacks and infects websites and devices ranging from smartphones to servers in one of these three common but not exhaustive ways.

1) Sneaking dedicated crypto-mining software into your network via unpatched and out of date server vulnerabilities. Servers are especially at risk here: the crooks love them because they’re usually more powerful than desktops and laptops, and they’re usually running 24/7. Old mid-sized data centers are at high risk because they often have minimal defenses.

2) Sneaking JavaScript crypto-mining software into hacked web pages via cross side scripting (forms and comment fields) and WordPress plug-in vulnerabilities—hard to keep track of because there are so many. Then your browser mines for currency as you surf the web. The crooks get much less out of each victim – as soon as you leave the poisoned website, the mining stops – but a single hacked site could end up crypto-jacking millions of visitors each day, whatever operating system they’re using.

3) Mobile application exploits—twenty-four Android apps recently (Sept 2018) made it into the Google Play store with code that turns users’ phones into crypto-currency mining workers. Some of them targeted users in the U.S. by using the guise of educational tools—they have been download around 120,000 times (Bleeping Computer, Ionut Ilascu, 09/28/18).

Crypto-jacking malware on enterprises running thousands of computers can disturb the daily operations of the business and even damage the hardware. In February 2018, Crypto-currency mining malware CoinHive was found on more than 5,000 government websites (Fig 3.) in the U.K., U.S., and Australia (Patrick Greenfield, The Guardian, 02/11/18).

Fig. 3. CoinHive JavaScript Crypto-jacking Malware (GitHub).
CoinHive Cryptojacking
At present, CoinHive is easy to deploy and generated hundreds of thousands of dollars in its first month, so its arguably easy money for the attacker. In support of this conclusion RWTH Aachen University in Germany added: “embedded crypto-currency miner CoinHive is generating $250 thousand worth of Monero every month – most of it going to just 10 individuals. Moreover, they found that Monero accounts for 75 percent (Fig 3.) of all browser-based crypto-currency mining (David Canellis, TNW, 08/14/2018).

Once infected, the crypto-mining malware uses hosts CPU / GPU power to mine coins thus allowing cyber-criminals to grow their personal wallets. According to McAfee Labs crypto-mining malware attacks increased by 1,189% in Q1 2018. Attackers are getting smarter, instead of a one-time payment from ransomware, they prefer the long game and a steady revenue stream from infected devices (McAfee Labs Threats Report, June 2018). Crypto-mining is in its infancy and thus there’s a lot of room for growth and evolution over the next few years.

Oftentimes crypto-jacking goes undetected as attackers find new ways to infect the devices.

Yet here are the top three indicators that a machine is infected with crypto-malware:

1.    The device is acting unusually slow.

2.    Smartphone or personal computer constantly overheats.

3.    The battery on laptop or phone dies unreasonably fast.

In today’s threat landscape here are the top five things you can do to prevent crypto-jacking:

1.    Run the most up-to-date anti-malware and antivirus programs. Ideally a strong one like Avast.

2.    If your device significantly slows down when you’re on a certain site close it and check it again. It may be an infected website especially if you get a bunch on pop-ups.

3.    Install web browser anti-crypto-mining extensions.

4.    Use AI driven network monitoring software (SecBl, Darktrace, etc). Mostly for servers not so much individual PCs.

5.    Disable JavaScript to prevent in-browser crypto-jacking. On side effect is that you will not be able to view all sites in an optimal way.

By Jeremy Swenson & Andrew Erkomaishvili