Welcome to the Block & Mortar newsletter! Every week, I bring you the top stories and my analysis on where business meets web3: blockchain, cryptocurrencies, NFTs, and metaverse. Brought to you by Q McCallum.

Reading online? Subscribe to get this in your inbox whenever it's published.

#73 - Four ways to lose money in crypto

A screencap of the search results page on photo site Unsplash.   The image depicts the word 'scam' in the search bar, the number of matching photos, collections, and users, and words related to the search term 'scam'.  The first two related terms are 'Cryptocurrency' and 'Bitcoin'.
A screencap of the search results page on photo site Unsplash.   The image depicts the word 'scam' in the search bar, the number of matching photos, collections, and users, and words related to the search term 'scam'.  The first two related terms are 'Cryptocurrency' and 'Bitcoin'.

(Image credit: me, screen-capping search results on Unsplash.)

Prelude: Synonymous

Crypto is a minefield of scams. Everybody knows that by now, right? Even Unsplash, a site from which I draw many of the header images for this newsletter, knows it.

This week’s header is a screencap from the Unsplash search page. You’ll notice that “Cryptocurrency” and “Bitcon” are the top terms related to my search for “scam.” And while I’ve cropped out the search results, just know that six of the first ten images had some tie to crypto.

Yet, nothing makes people forget about crypto scams quite like Free Stuff. Hence why Free Stuff is such a common lure for scammers. And also why, after eight months’ reprieve, the Scam O’Clock segment is back. It’s the opening gambit in a play I call “Four Ways to Lose Money In Crypto.”

Act I: Scam O’Clock: Misusing Vitalik’s good name

Last week someone hijacked a Twitter (I refuse to call it “X”) account to run the old Click A Link And Lose Your Tokens phishing scam. The trick with this kind of scam is to break into the account of a trusted person or entity, then ride their credibility to attract victims. (We saw this when the Bored Ape Yacht Club’s Instagram account got hacked and someone infiltrated the Premint service way back when.)

Since this is all about trust, thieves therefore have to choose their target entity wisely.

  • “Would people trust an offer from someone named cryptobro6969420?” Probably not.

  • “A politician or a celebrity?” Maybe. But only if they were known to talk about crypto in a positive light.

  • “Vitalik Buterin, creator of Ethereum?” Yeh. Him. That guy. He has a large following and huge street cred. And a tweet about NFTs would seem perfectly normal coming from his account.

Having hacked Buterin’s account, the perpetrators posted the following:

“To celebrate Proto-Danksharding coming to Ethereum, [Consensys] is marking the moment with a commemorative NFT,” the tweet stated. “‘Proto’ honors the work of the devs who made this possible. The collection is free for the next 24 hours. Claim your piece of history.”

What does that even mean? I don’t know. But it meant something to someone. And there was the mention of Free Stuff. That’s all it took!

The tweet was up for all of twenty minutes, in which time the victims parted ways with about $690k in tokens. The thieves later resold the lot for about $500k.

Act II: Also

Looking for another way to lose your money in crypto? There have been more rumblings about a possible FTX reboot.

I probably don’t have to tell you why this raises an eyebrow. But just in case, here’s what I said about it back in July.

Act III: We’re always one keystroke away from disaster

If you insist on losing money but don’t want to wait for a scam to find you, you can always … rob yourself.

Let me explain:

  1. Bitcoin uses the proof of work system to validate transactions.

  2. Since proof of work is computationally expensive, you have to pay Bitcoin miners a fee to process your transaction.

  3. You get to choose the transaction fee.

Simple, right? Except that Step 3 introduces an opportunity for error. Miners prioritize transactions based on that fee so you have to decide how much you’d like to pay. Set it too low and miners will prioritize it all the way to “nope.” Set it too high and, well

On Sept. 10, an unidentified entity paid a fee of 19.89 BTC worth about $500,000 to move just 0.008 BTC ($200).

($500k on top of $200? Damn. This really puts airline baggage fees in perspective.)

The “unidentified” entity has since been revealed as crypto fintech firm Paxos. The reason for the outsized transaction fee? It was – and I’m using very technical finance lingo here – a fat-finger error. A plain-vanilla typo. That’s it.

The fat-finger’s mundanity is precisely what makes it so scary. A stray keystroke or even a malfunctioning keyboard can turn you into a case of the “life comes at you fast” meme. I don’t even want to think about the damage that smartphone autocorrect – or as I call it, “autocowrong” – has unleashed on the world.

The kicker is that fat-finger errors and similar slip-ups are reasonably common in the traditional finance (tradfi) world. The difference is that in tradfi, it’s sometimes possible to unwind (“bust”) trades or roll back payments that were clearly made in error. Crypto, being the land of Code Has The Last Word, plays by different rules.

I can only hope that the $200 was spent wisely.

Act IV: Walking the walk and paying the fine

Thus far we’ve covered scams, doom reboots, and typos. This week’s fourth and final way to lose money in crypto is to be on the wrong side of regulations.

The Stoner Cats NFT collection served as a funding mechanism for an animated web series of the same name. To explain why this is an issue, it helps to zoom out a bit:

There’s an all-too-common business model in the financial realm. You make something that walks and talks just like some highly-regulated instrument, but you give it a different name and hope that no one notices. Consider “reverse factoring” from supply-chain finance, credit default swaps (made famous by the 2008 mortgage crisis), and buy-now-pay-later (BNPL) services: all are, arguably, twists on the concept of a “loan.” But they aren’t always treated as such. Sometimes they don’t even show up on your company’s balance sheet as debt, so they – sheer coincidence – don’t ding your share price or credit rating.

And this It’s Not What It Looks Like approach works, until it doesn’t. And once you’re on regulators’ radars, things get a little uncomfortable. Just ask the BNPL crowd.

Which takes us back to Stoner Cats. When you’ve issued instruments for fundraising, and have stated that said instruments may increase in value, the SEC sure thinks those look like unregistered securities. So they’ll want you to settle up.

You may ask, how is the Stoner Cats project not just plain old crowdfunding? The answer is simple: it’s that the SEC says those NFTs are securities. Now you know why Stoner Cats has paid $1 million in fines as part of their agreement with the regulator.

Curtain call

There you have it. Four ways to lose money in crypto.

That’s four of many ways, mind you. If you’re looking for even more, Block & Mortar’s “Mostly Crime Issue” (August 2023 edition) has some ideas.

The wrap-up

This was an issue of Block & Mortar.

Who’s behind Block & Mortar? I'm Q McCallum. I've spent the past two decades in the emerging-tech space. And I'm very interested in web3 use cases.

Credit where it's due. Big thanks to Shane Glynn for reviewing early drafts. Any mistakes that remain are mine.

Reading this online? Or as a forward? Why not sign up? Get Block & Mortar news in your inbox, whenever it's published.

Privacy statement: I don’t share/rent/sell your personal info. Seriously.