OXFORD, U.K. — mai 17, 2022 —

Sophos, a global leader in next-generation cybersecurity, today released threat research about nascent cybercrime in the article, “Liquidity Mining Scams Add Another Layer to Cryptocurrency Crime.” The article is the first in a series lifting the lid off scammers who are taking advantage of the hype about cryptocurrency trading and the vast sums of digital wealth users have made (and lost) in crypto markets to lure in and swindle would-be investors.

In the investigative article, Sophos explains how the complexity of cryptocurrency and decentralized finance (DeFi), the foundations of liquidity mining, create the ideal environment for criminals to easily camouflage and carry out their malicious intentions. Scammers are not shy when it comes to targeting their victims; they proactively spam recipients via Direct Message on Twitter, What’s App, Telegram, and other social networking platforms, and innocuously chat about liquidity mining to put targets at ease. From there, scammers escalate the swindle.

liquidity-mining-cryptocrime

Above, a screen shot of an initial stage conversation from a scammer luring in a target. As spammy as this Direct Message seems, people are falling prey to what ensues: liquidity mining CryptoCrime.

“Interactions from a single Direct Message on Twitter led to Sophos’ investigation that uncovered several liquidity mining fraud rings. Liquidity mining is a form of cryptocurrency-based investment in DeFi that even when ‘legitimate' is both dubious and complicated,” said Sean Gallagher, senior threat researcher at Sophos. “The strategies behind the investments themselves are complex, and there’s no regulation beyond the ‘smart contract’ code embedded in the DeFi network’s blockchain — code that many people can’t easily interpret even when it’s publicly published. There’s also a shortage of reliable information for new investors on how these networks work. Despite these risks, liquidity mining is the latest cryptocurrency investment craze, but because of these factors it’s also the perfect platform for scammers to leverage. Unfortunately, we expect liquidity mining CryptoCrime to continue; it hasn’t peaked. Hundreds of millions of dollars are at stake.”

How Liquidity Mining Works

Legitimate liquidity mining makes it possible for DeFi networks to automatically process trades using digital currency such as Ethereum, the preferred cryptocurrency for liquidity mining. Smart contracts built into the DeFi network must rapidly determine the relative value of the currencies being exchanged and execute the trade. Since there is no centralized pool of cryptocurrency for these distributed exchanges to pull from to complete trades, they rely on crowdsourcing to provide the pool of cryptocurrency capital required to complete a trade — a liquidity pool.

To create the liquidity pool — which handles transactions between a single pair of cryptocurrencies, such as Ethereum and Tether — investors commit equal values of both cryptocurrencies to the pool. In exchange for lending that cryptocurrency to the pool, the investors get a reward based on a percentage of the trading fees associated with the DeFi protocol.

Investors also receive liquidity pool tokens (LP tokens) — a representation of their share of the pool. These tokens can be “staked,” or linked back to the exchange, further committing the original contribution, and earning the investor dividends in the form of another cryptocurrency associated with the DeFi project. The value of these reward tokens can vary widely.

“The mechanics of liquidity mining in its legitimate form provide the perfect cover for old fashioned swindles re-minted for the cryptocurrency age,” said Gallagher. “Criminal liquidity mining schemes, like traditional Ponzi schemes, give targets the illusion that they can pull their money out at any time — even allowing them to make withdrawals early on. But scammers will continuously urge targets to keep investing and to ‘invest big’ by obscuring what’s really happening with fake applications, phony profit reports and the promise of lucrative pay outs. In reality, scammers have gained control of their targets’ cryptocurrency wallets and are withdrawing currency whenever they want. Gradually, scammers empty the wallets, all while continuing to assure targets that everything is fine, and finally cut off communications.”

More information is available in “Liquidity Mining Scams Add Another Layer to Cryptocurrency Crime.”

À propos de Sophos

Sophos est un leader mondial et un innovateur dans le domaine des solutions de cybersécurité avancées, qui comprend des services managés de détection et réponse (MDR) et de réponse aux incidents, ainsi qu’un vaste portefeuille de technologies de sécurité qui protègent les systèmes endpoint, les réseaux, les messageries et le Cloud contre les cyberattaques. Sophos est l’un des plus grands fournisseurs de cybersécurité et protège aujourd’hui plus de 500 000 entreprises et plus de 100 millions d’utilisateurs dans le monde contre les adversaires actifs, les ransomwares, le phishing, les malwares, etc. Les services et produits de Sophos sont connectés à travers sa console d’administration Sophos Central basée dans le Cloud et sont alimentés par Sophos X-Ops, l’unité de renseignement sur les menaces transversale de la société. L’intelligence de Sophos X-Ops optimise l’ensemble de l’écosystème de cybersécurité adaptatif (ACE) de Sophos, qui comprend un datalake centralisé exploitant un ensemble riche d’API ouvertes à destination des clients, des partenaires, des développeurs et des autres fournisseurs de cybersécurité et de technologies de l’information. Sophos fournit des services de cybersécurité aux entreprises qui ont besoin de solutions de sécurité clés en main et entièrement gérées. Les clients peuvent également gérer leur cybersécurité directement avec la plateforme d’opérations de sécurité de Sophos ou utiliser une approche hybride en complétant leurs équipes internes avec les services de Sophos, notamment la chasse aux menaces et la remédiation. Sophos vend ses produits par l’intermédiaire d’un réseau mondial de partenaires et de fournisseurs de services gérés (MSP : Managed Service Provider). Le siège de l’entreprise est basé à Oxford, au Royaume-Uni. Plus d’informations sont disponibles sur www.sophos.fr.