Trend Micro: ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites
June 2024 by Trend Micro
Cybercriminals are using the buzz around the upcoming 2024 Olympics to target victims in a recent series of scams exploiting major events to grab the public’s interest and attention. This blog aims to expose initial coin offering (ICO) scams that exploit interest in the games scheduled in France from July 26 to August 11.
Key points:
Threat actors are using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO).
Similar schemes have been found to use AI-generated images for their fake ICO websites.
More ICO scams utilizing AI-generated content can be expected in the future to maximize the tool’s cost-and time-efficiency in creating more convincing lures.
Cryptocurrency is here to stay, but the average internet user has yet to fully grasp its concept. Cybercriminals exploit this unfamiliarity by creating ICO scams designed to steal money from victims by offering a chance to invest in cryptocurrency and then running away with their money.
Would-be investors are enticed to buy new cryptocurrency tokens through established cryptocurrencies such as Bitcoin or Solana, supposedly to develop a project that will generate profit and promise returns to the investor. But the promise never happens, cybercriminals later disappear with their investors’ money along with any evidence of the ICO scam ever existing: the website vanishes, as well as the social media accounts related to it. Victims are left with no way to recover their investment. Other scams use a liquidity rug-pull: in this scheme, tokens initiated must be paired with another well-known token, such as Ether or Solana, and then are listed as a liquidity pool on a Decentralized Exchange (DEX). When enough victims have put money in the pool, the cybercriminals withdraw most of the liquidity, causing the value of the token to plummet and leaving the investors with worthless assets.
The Olympic Token ICO fraud
The domain name theolympictoken.com was registered on March 30, 2024, and its website went up a day after offering an Olympics Games Token, a digital asset in which any internet user can invest. As shown in Figure 1, the website is simple and straightforward; it even shows a roadmap of the project, albeit a vague one. It states it is affiliated to the International Olympic Committee and uses the Olympics 2024 logo and even has a countdown to the event. It offers investors the chance to trade tokens on Raydium, a legitimate cryptocurrency exchange. It should be noted that being able to trade a token on legitimate exchanges does not ensure that the token is itself legitimate, as many exchanges allow users to create and remove liquidity for any tokens.
The fake ICO website also links to a whitepaper, but the link does not lead to an actual whitepaper about the project and instead links to the legitimate olympics.com website. This is an immediate red flag: legitimate ICOs always show a whitepaper describing the inner concept of the project.
An X (formerly, Twitter) account run by the cybercriminals started advertising the website at the same time the website came up. A Telegram channel also actively pushed its members into buying what it calls Olympic Games Token (OGT) with a sense of urgency. We suspect that cybercriminals have probably used more social networking platforms to try to entice people to the fake ICO website or the Telegram channel. ICO scams usually operate this way: once the fake website is put up, aggressive marketing happens on social networks, forums, and other online platforms to drive traffic and potential victims to invest in the project.
A few days after its domain was registered, the website was shut down, but we suspect the fraudsters behind the scheme started operating under a new website, olympictokensolana.com, which contains the same exact content as the first fake ICO website.
Other Olympics-related cryptocurrency scams
In the past months of monitoring, we have encountered at least ten other websites using the 2024 Olympics to lure victims into ICO scams; some of them were quickly shut down after discovery.
Apart from being designed well enough to pass off as legitimate sites, we have also noticed the use of AI-generated images. However, it seems that ICO scam websites that do not offer roadmap information or whitepapers are the ones who compensate with these AI-generated images.
It can be assumed that the use of AI-generated content is the more cost-effective and time-efficient option for fraudsters, because creating a website that looks legitimate enough to successfully entice victims requires time and skills. While cybercriminals can always opt to steal images, design, and content from an actual legitimate site, this option might not be as attractive because potential victims might detect the fraud by spotting the plagiarized content.
AI has become increasingly useful to cybercriminals in generating text for their phishing campaigns, as well as correcting spelling and grammatical errors, and even generating sentences in languages that fraudsters do not speak. In the ICO scams we have been investigating, we have seen at least three different ICO scam websites taking AI use a step further by generating images and designs for their websites. We believe more scams and cybercrimes will soon adopt the use of AI-generated art.
Conclusion
ICOs have gained significant attention as cryptocurrency continues to be adopted in various industries. Creating a new token on the blockchain has become easier and less expensive, especially with the correct tools now available for everyone. On-chain data indicates that over one million new tokens have been created across various blockchains in the past few months. While most of these new tokens lack utility and are simply memecoins (cryptocurrencies often created as a joke or based on memes or hot events), it does not always mean they are scams. Although many new coins are either scams or are vulnerable, they cannot be definitively labeled as such until an exit scam occurs. While the examples discussed in this blog fall under the category of memecoins as they leverage the interest surrounding the 2024 Olympics, some of them have revealed themselves to be scams.
There have already been numerous reported instances of fraudulent ICOs, especially during the ICO boom in 2017. The high prevalence of fraudulent activity in the Solana presale and meme coin space highlights the need for caution when investing in new projects. Even if a memecoin is not a scam, we should note that these tokens are highly volatile, which means they can have extreme price and value changes. Therefore, investors should be diligent and conduct thorough research before investing in any cryptocurrency, especially in memecoins.
Crypto investors should be vigilant and look out for potential scams and rug-pulls. A legitimate ICO should have the following:
Proper website and social media presence. A professional, well-designed website and active social media presence are crucial indicators of legitimacy. Scammers often use poorly designed websites and inactive or fake social media profiles, whereas legitimate projects usually have an active online presence to engage with their community.
Transparent team. Verify the identities and credentials of the team members behind the token. Anonymity or unverifiable team members can be a red flag. Legitimate projects are typically transparent about who is involved and their backgrounds.
Active community. Look for an active and engaged community on platforms like Discord, Telegram, or Twitter. A healthy community can indicate genuine interest and support, while scams often have low community engagement or fabricated interactions.
Comprehensive whitepaper. Ensure the token has a detailed whitepaper that outlines its goals, utility, and technical aspects. A thorough whitepaper demonstrates the project’s seriousness and planning, whereas scams often have vague or plagiarized whitepapers.
Legitimacy of claims. Validate the claims made by the token, such as who they represent, their partnerships, use cases, and endorsements. Scammers frequently make false claims to attract investors, so verification can help discern genuine projects from fraudulent ones.
Token distribution. Assess whether the token distribution is balanced and not overly concentrated in a few wallets. Highly concentrated token ownership can indicate potential for manipulation and rug-pulls.
Smart contract audit. Confirm if the smart contract has been audited by reputable third-party auditors. Audits help identify vulnerabilities and enhance trust, whereas lack of an audit or a poor-quality audit can be a red flag.
Liquidity management. Check if the liquidity is locked to prevent developers from withdrawing it prematurely and determine if the major portion of the liquidity is controlled by the developers or distributed among the community. Locked liquidity secures investors’ funds and reduces the risk of rug-pulls, while decentralized control over liquidity enhances trust and reduces the risk of manipulation by developers.
In the case of the Olympic Games Token, the website they put up raises red flags, the number of token holders is very low, and the whitepaper leads to nothing substantial. Investors and those interested in cryptocurrency should be very careful and follow the guidelines provided to avoid falling victim to such scams.
Most of the domains related to the fraud discussed in this blog have either vanished, are suspended, or contain no content. All remaining domains related to the fraud discussed in this blog have been blocked by Trend Micro.