Risks with Peer-to-Peer Crypto Payments On-Chain
It is essential to exercise caution and perform due diligence on counterparties and transaction details when making peer-to-peer crypto transactions to avoid falling victim to scammers and fraudsters. Typically, peer-to-peer crypto transactions are made by individuals on marketplaces that negotiate between themselves to carry out fiat-to-crypto exchange transactions. Still, businesses may also engage with it to avoid intermediaries and save a few basis points on transaction fees.
However, this direct relationship with an unknown counterparty brings some risks.
Here are the 3 most common scams related to Peer-to-Peer Crypto Transactions:
Fake Proof of Payment for a Peer-to-Peer Transaction
Scammers may digitally alter receipts or forge SMS messages to trick victims into releasing funds to them. Therefore, exercising caution and performing proper due diligence is essential when executing these types of crypto transactions.
Suppose you are selling crypto (off-ramps) directly to a counterparty. In that case, it is crucial to only send the crypto assets to your counterparty after checking if the payment is already in your wallet or bank account. This step minimizes the risk of losing any assets to scammers.
When businesses process crypto transactions with Beta Ramps, they are assured that the deposits are genuine and funds will be settled in their preferred bank account soon. Beta executes proper on-chain due diligence on all crypto payments on behalf of its merchants.
Man-in-the-middle attacks
In a man-in-the-middle attack, a malicious actor intercepts communication between two parties and impersonates one or both of them to steal crypto assets or obtain details on sensitive information such as private keys. We classified these attacks into two categories:
1. In a Relationship scam, the attacker forges a relationship with their victim. Once they've gained the victim's trust, they manipulate them into helping with their financial issues, such as sending them money or crypto, or accessing sensitive information like private keys stored on devices, only to cease all contact once they've achieved their malicious goals.
2. In a Deposit scam, the attacker convinces their victim to make a deposit into a specific opportunity. Being the "man in the middle" between the victim and the business opportunity, the attacker can direct the user's funds wherever they wish, and the sender might never have access to the crypto funds again.
It is advisable to conduct thorough due diligence on counterparties before transferring funds and to invest in technology that can protect and limit access to your sensitive information to mitigate these scams.
Triangulation scams
A triangulation scam involves two bad actors taking two orders from the same seller almost simultaneously, ultimately confusing a seller into releasing more crypto than has been paid.
This can happen when businesses try to sell their crypto assets through a peer-to-peer marketplace, but buyers are interested in purchasing only fractional amounts from you.
For example, the seller has the equivalent of 11,000 crypto to sell. Buyer A orders 5,000 USD worth of crypto (Order A), while Buyer B takes an order for the equivalent of 6,000 USD (Order B).
Buyer B then transfers 5,000 USD to the seller, while Buyer A sends a fake receipt to the seller suggesting that Order A is paid. The seller then releases the crypto to Buyer A, thus completing Order A for 5,000 USD. Buyer B sends another 1,000 USD to the seller, provides payment proof for the 5,000 USD they received from Buyer A plus 1,000 USD, and forces the seller to release digital assets under Order B.
When the dust settles, it turns out that the seller has released 5,000 + 6,000 = 11,000 USD worth of crypto but has been paid only 6,000 USD.
Businesses should carefully cross-check deposits and verify they have received the correct amount before releasing the funds to reduce the chances of falling victim to triangulation scams.