The biggest crypto scams of 2022 (so far).

Ah, 2022. Cryptocurrency’s first full year in the mainstream…and it was an unmitigated disaster. But even amid crypto’s biggest crash yet, the scams flourished.

And while the value of cryptocurrency stolen is stunning, not everything is solely about the money. Last year, Mashable looked into the biggest crypto scams of 2021. Yes, some big bucks were being funneled via various scams and schemes included on that list. However, sometimes the audacity and uniqueness of these scams and hacks — perpetrated by people who only walk away with six figures worth of stolen crypto — are worth mentioning, too.

So, without any further ado, here are some of the biggest and boldest frauds, swindles, and rackets in cryptocurrency from 2022 thus far.

Celsius’ crypto pyramid comes tumbling down

When the stablecoin Terra and its sister token Luna failed in May, it created a domino effect that took down the whole crypto market with it. Crypto lending companies in turn took a huge hit in the crypto crash. Celsius, formerly one of the largest crypto lenders, ended up filing for bankruptcy.

Things were already fishy when some Celsius clients began reporting they couldn’t withdraw their funds in June. The now-former Celsius CEO Alex Mashinsky tried to calm fears by saying the company was not halting withdrawals. But then just days later, Celsius froze everyone’s accounts.

Critics say that Celsius’ promise of ridiculously high yields should have already been a warning sign that things were too good to be true. However, as more information comes to light in the aftermath, it seems increasingly likely that Celsius functioned much like a Ponzi scheme, paying off early investors with funds that came in from recent investors.

In fact, that’s basically what regulators with the Vermont Department of Financial Regulation said.

“This shows a high level of financial mismanagement and also suggests that at least at some points in time, yields to existing investors were probably being paid with the assets of new investors,” reads a September filing from the agency.

Thus, when the crypto market crashed, Celsius ran out of liquidity.

According to Celsius’ bankruptcy filings, the crypto lender owes around $4.7 billion to its investors.

Ukraine rug pulls donors (for good reason!)

One of these scams is not like the others and it’s this one: When the government of Ukraine rug pulled its donors. However, it needs to be included because it’s honestly so great: a rare “good” scam.

In February of 2022, shortly after Russia invaded Ukraine, the Ukrainian government quickly decided to accept donations in the form of cryptocurrencies to take advantage of the big pockets in the crypto space who are always looking to pump their coins and generate good press. 

While a decent number of donations came in at first, the crypto started to pour in after Ukraine announced an airdrop to those who donated via the Ethereum network. An airdrop is basically when crypto wallet holders are sent freebies, usually in the form of crypto tokens or NFTs. As Ukraine put it, they were essentially sending donors a “reward” for donating.

Enter the bad-faith actors. People started sending a slew of crypto donations to Ukraine to take advantage of the airdrop. Around 60,000 transactions were made on the Ethereum blockchain to Ukraine in less than 2 days. According to Ukrainian officials, individuals started to send minuscule sums of money just so they could register in time to receive the airdrop. Ostensibly, these individuals were looking to profit off of a country in wartime by receiving a “reward” more valuable than whatever they donated to flip the freebie for quick profits.

Ukraine decided to cancel the airdrop, just days after it was announced. Some donors who were looking for those profits cried “scam.” And, technically, this is what’s known as a rug pull. A rug pull is when a crypto developer makes promises to raise funds, then abandons the project while walking away with all the liquidity.

But, this is a truly unique situation. Ukraine was trying to fundraise, thought they’d thank donors who meant well, then pulled the plug when they realized people were trying to take advantage of the situation. The donations still went to a charitable cause though.  So, let’s call this a rug pull for good. And that’s why it’s at the top of the list.

Users “loot” Nomad bridge thanks to exploit

Crypto bridge hacks are nothing new at this point. According to blockchain analytics firm Chainalysis, hackers have managed to haul in around $2 billion in 2022 alone by exploiting bugs on these bridges, which allow users to exchange one crypto token for another across separate blockchains. Crypto bridges are supposed to make things easier when trading between crypto tokens, but they’ve also made things a lot easier for hackers due to the potential for vulnerabilities.

In August, hackers discovered one such vulnerability on the Nomad crypto bridge and were able to walk away with close to $100 million thanks to their efforts. That’s a lot of money, but certainly nowhere close to the largest amount of crypto stolen from a crypto bridge.

However, it didn’t end there. The Nomad bridge hack was unique because the exploit leaked to the public before it could be patched. This led to a situation where multiple people decided to join in on the “looting” of the Nomad bridge. In total, $186 million was pilfered from the Nomad bridge. 

Researchers at Coinbase later discovered that around 90 percent of the crypto wallet addresses taking part in the hack were “copycats” who were replicating the original hackers’ exploit after it was publicized.

Some of the millions of dollars in crypto stolen was eventually returned by white hat hackers and people who later realized their crypto wallet address was connected to enough personal data that they could be identified. But that recovered crypto only amounted to less than 5 percent of the total haul.

Wormhole bridge hacked for $325 million

As mentioned previously, crypto bridge hacks are becoming more and more frequent. While the Nomad hack was unique, the $186 million stolen pales in comparison to the $325 million taken in February from the Wormhole crypto bridge.

The attacker was able to mint 120,000 in “wrapped” Ethereum on the Solana blockchain via the Wormhole bridge. (Wrapped crypto, for the uninitiated, is essentially a way to peg the amount of crypto to the current value, making it easier to trade when bidding on NFTs for example.) However, the Wormhole bridge exploit allowed the hacker to mine those tokens without depositing the equivalent amount from their own funds. Basically, the hacker was able to print money out of thin air here due to a vulnerability on the Wormhole crypto bridge.

Wormhole’s developers ended up having to temporarily shut the crypto bridge down in order to close the exploit. But by then, of course, it was too late. $10 million was offered as a bounty to the hacker if they returned the rest of the funds. But, being that $325 million is a lot more than $10 million, the offer wasn’t accepted.

Axie Infinity hacked, $615 million stolen

Would you notice if someone stole $615 million from you? Sky Mavis, the company behind the most popular crypto game Axie Infinity sure didn’t!

In March, hackers discovered an exploit on the Ronin blockchain, which is the Ethereum-based sidechain that Axie Infinity runs on. To make matters worse, the exploit was a result of what was supposed to be a temporary change initiated by Sky Mavis in December that lowered security protocols. Things weren’t reverted and the hackers were able to take advantage of the situation just months later.

How did Sky Mavis finally discover they were missing hundreds of millions of dollars? A user tried to withdraw their funds and was unable to because the liquidity was no longer there.

Axie Infinity is a play-to-earn crypto game that requires users to purchase expensive NFTs before playing. Once they acquire those NFTs, they can then earn real money in the form of crypto from playing the game. However, due to the high cost of entry, users who can’t afford the NFTs often find themselves wrapped up in exploitative “scholarships” that require them to split the profits with other users who lend out these high costs NFTs that are needed to play.

Nonetheless, in countries like the Philippines, play-to-earn games like Axie Infinity have become popular as users can earn the equivalent of an average salary in their country. Those users, unfortunately, found out that their earnings were inaccessible due to the hack.

Axie Infinity has since raised $125 million to reimburse its users for stolen funds. But, that’s a far cry from the $625 million they lost. As for that money, they’re likely never going to get that back. The U.S. government believes that the hack was carried out by a group based in North Korea.

Day of Defeat, red flags everywhere

Does an investment that promises a 10,000,000 x price increase sound too good to be true to you? No, my zero key did not get stuck. That’s exactly what the Day of Defeat token promised. And plenty of people bought in.

Molly White is the creator of Web3 Is Going Great, a website that tracks all of the scams and grifts in the space daily. When I reached out to her to see what crypto scams stuck out to her so far this year, she pointed me to Day of Defeat. She called it one of the projects with “some of the biggest red flags I’ve ever seen.” And she’s seen a lot.