An analysis performed on behalf of WIRED by crypto auditing company Hacken identified red flags in the token’s underlying code that might in some circumstances betray a scam. Those included the absence of a function that prevents the issuer from stealing away with the pool of tokens set aside to make trading on the secondary market possible, among others.
Suspecting he has fallen victim to a scam, Ryan has tried to warn others away. “While $750 is a lot to lose, it wouldn’t be the end of me,” he says. “But I feel bad for those that really lost.”
WIRED did not receive a response to a request for comment sent to email aliases listed on the Rebel Satoshi website.
The type of swindle Ryan suspects he has been caught in is known as a token presale scam. The format has been around for a while, but amid the FOMO that comes with skyrocketing cryptocurrency prices, people are particularly vulnerable. “These scams are broadly correlated to recent events,” says Ben-Natan. “They aren’t new phenomena, but they resurface.”
There are variations on the theme, explains Ben-Natan, but the scams tend to pull from the same playbook. Typically, the developers—who remain anonymous—invest in glossy social media marketing and paid-for placements in crypto media outlets, advertising their token as the next hit memecoin and promising a discount to presale investors. In some cases, the token never materializes and the scammers make off with the funds. In others, the scammers abandon the project after selling off their own token holdings, or fail to deliver on the promise of long-term support.
In the latter scenario, as with Rebel Satoshi, the line between a scam and an unsuccessful project is not always clear. And occasionally, because of the large sums of money involved, “something that wasn’t a scam initially can later transform into a scam,” says Ben-Natan. “As time passes, the line can become blurrier.”
In large part, these scams are conducted by sophisticated cybercriminal groups, says Ben-Natan, not lone actors. A “microeconomy” has formed around them, he says, whereby separate parties might be responsible for managing different elements of the charade, from the marketing campaign to the website design, and so on. The largest of these operations can rake in hundreds of millions of dollars. “The numbers are staggering,” says Ben-Natan.
For anybody willing to look for them, the warning signs are there, says Dyma Budorin, cofounder of Hacken. It is straightforward to check whether the creators have revealed their identities, for example, or whether a system is in place that prevents them from dumping their holdings without warning. But in their eagerness to enter into new projects early, few investors bother with due diligence. “It all comes from greediness,” says Budorin.
In extreme cases, profit-hungry investors have taken to using “sniping bots” to automatically purchase tokens as they first begin to trade on the open market, says Budorin, in a bid to get in early. Others are engaging in copy-trading, a process whereby they blindly replicate someone else’s trades, so they don’t have to do their own research. Both techniques increase the likelihood someone is exposed to a scam.