By: Kendall Casey

Picture this: you meet someone on a dating app, develop a relationship, and then they ask, “Can I teach you to invest in crypto?”  Naturally, you want to know more about what they are interested in, so it sounds like a great idea when they suggest investing to start a future together.  However, after investing, you are left both penniless and partnerless.

Romance scams occur when a scammer uses a dating or social media site to form a relationship with the victim and then uses that relationship to manipulate them.  In 2021, the most common method scammers used was to convince victims to purchase gift cards.  However, a new romance scam involves cryptocurrency and has allowed scammers to steal more money than ever.  In 2021, cryptocurrency scams led to $139 million in losses compared to $36 million from gift card scams.  This trend has been coined CryptoRom and generally targets younger, tech-savvy individuals using social engineering and fake applications.

The scam tends to work as follows: the scammer creates a fake online profile, spends weeks or months establishing a relationship with the victim, and then casually offers investment advice.  If the victim does not own any crypto, the scammer will first show the victim how to purchase it on a legitimate site, such as Coinbase.  The scammer will then show them how to transfer it to a fake exchange or trading app that the scammer created to mirror a real site.  For example, scammers created “RobinHand” which used the same logo as the popular trading app “RobinHood.”  The victim could then see their money on the fake site and start “investing” it in various crypto assets when in reality, it was in the scammer’s wallet.

Cryptocurrency is attractive for scammers because it is irreversible, can be received anonymously, and is potentially untraceable.  Cryptocurrency is a digital or virtual currency that uses decentralized networks based on blockchain technology.  Each transaction is recorded as a “block” of data connecting to the blocks before and after it.  This creates an irreversible chain known as a “blockchain.”  Crypto wallets are used to store and send cryptocurrency and contain both a public and a private key.  A public key is the wallet’s address and is what is stored on the blockchain.  A private key is used like a password to prove ownership of the cryptocurrency; therefore, anyone who knows the private key can control the crypto associated with that wallet.  When the victim transfers their crypto to a fake exchange or trading app, the scammer gains access to the cryptocurrency.  The scammer can then move the cryptocurrency to their personal wallet.  The transaction will be displayed on the public blockchain; however, the real-world identity of the scammer will remain unknown.

As regulation of the crypto industry continues to evolve, it is possible to ascertain the real-world identity of the holder of a crypto wallet.  Cryptocurrency exchanges, which are used to convert conventional money into digital currencies and vice-versa, are regulated by the Bank Secrecy Act (“BSA”).  The BSA requires exchange providers to register with the Financial Crimes Enforcement Network (“FinCEN”) and comply with Know-Your-Customer (“KYC”) and Anti-Money Laundering (“AML”) regulations.  However, not all wallets and exchanges abide by these regulations.  Therefore, crypto users who seek to protect their privacy or engage in criminal activity use non-KYC exchanges to protect their anonymity.  Non-KYC exchanges make it nearly impossible to figure out the scammer’s identity or recover stolen assets.

FinCEN has proposed modifications to the BSA, such as lowering the threshold amount for international transactions, requiring wallet owners to identify themselves when sending over $3,000 in a single transaction, and restating the definition of money to include digital assets.  These proposals, however, are only helpful if the scammer uses an exchange that complies with the BSA.  If the scammer’s wallet has been verified to comply with the KYC and AML regulations, then the proposed rules will help combat one of the main issues in the enforcement of crypto fraud – the identity of the scammer.  In addition, the proposed rules would require scammers to transfer funds in smaller amounts to prevent detection.  However, scammers already attempt to create a labyrinth of transactions by making many small transfers to multiple addresses.  Scammers will likely continue to do so to avoid this requirement and protect their anonymity.  If the scammer uses a non-KYC exchange or wallet, it is unlikely that these proposed rules will help victims.

The Department of Justice (“DOJ”), the U.S. Securities and Exchange Commission (“SEC”), and the President have all taken action to address the rise in crypto fraud.  Authorities emphasize the importance of public-private partnerships and cross-border enforcement to have all wallets and exchanges comply with KYC regulations.  While financial privacy is a crucial feature of crypto, the public also expects fair and safe markets and protection from financial crimes such as fraud, money laundering, and tax evasion.

While awaiting further regulation, consumer education is the only way to prevent CryptoRom scams.  Consumers should educate themselves on the irreversible nature of cryptocurrency and the importance of not disclosing their private keys.  In addition, anyone on dating apps or social media sites should be wary of accepting investment advice from people they have never met.  The DOJ notes that “‘[a]s with any emerging technology, those who invest in cryptocurrency must beware of profit-making opportunities that appear too good to be true.’”  While one might think they met their perfect soulmate online, if they offer crypto investment tips, it may be best to heed the DOJ’s advice and realize before it’s too late – they too might be too good to be true.

 

Student Bio: Kendall Casey is a second-year law student at Suffolk University Law School.  She is a staff writer for the Journal of High Technology Law.  Kendall received a Bachelor’s of Science in Business Management and Bachelor’s of Arts in Spanish Studies from the University of Delaware.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.