The Poorest Man in Babylon: A Longitudinal Study of Cryptocurrency Investment Scams

Governments and regulatory bodies have recognized investment scams as a prevalent form of cryptocurrency fraud. These scams typically use professional-looking websites to lure unsuspecting victims with promises of unrealistically high returns. In this paper, we introduce Crimson, a distributed system designed to continuously detect cryptocurrency investment scam websites as they are created in the wild. During the first 8 months of 2024, Crimson processed approximately 6 billion domain names and classified 43, 572 unique cryptocurrency investment scam websites in realtime. Beyond detection, we provide insights into the design and infrastructure of these websites that can help users recognize scam patterns and assist hosting providers in detecting and blocking such sites. Furthermore, we investigate the inclusion of our detected scam websites in block-lists used by popular web browsers and applications, finding that the vast majority of these websites were absent. On the financial side, by analyzing the transactions incoming to scammer wallets on 6.7% of the sites detected by Crimson, we observe an estimated lower bound of 2.04M USD in losses due to cryptocurrency investment scams. CCS Concepts • Security and privacy → Social engineering attacks.