Skip to Content
Artificial intelligence

Machine learning identifies cryptocurrency scams before they happen

Pump-and-dump schemes have become increasingly common in cryptocurrency markets. Now security researchers have learned how to spot them in advance.

The emergence of cryptocurrencies in the last few years has been a roller coaster ride. During 2017, Bitcoin rose in value from $900 to almost $20,000 before collapsing dramatically. Today, at the beginning of December 2018, a single bitcoin is worth just under $4,000.

All this has encouraged the rapid development of other cryptocurrencies—well over 1,000 of them by most estimates. The dream is that these could reproduce Bitcoin’s success. But the reality is that few are traded in large volume or are worth anything at all.

The spectacular rise and fall of cryptocurrencies, along with the supposed anonymity they offer, has unsurprisingly attracted criminals. The story of cryptocurrencies is littered with thefts, Ponzi schemes, and other unlawful activities.

But in recent months, one type of fraud has come to the fore: pump-and-dump schemes. In February, the US Commodity Futures Trading Commission issued a specific warning to consumers about these scams, and regulators have begun to actively pursue the ringleaders.

Yet little is known about these schemes, how they are run, and how they work in detail.

Today that changes thanks to the work of Jiahua Xu and Benjamin Livshits at Imperial College London. These guys have studied pump-and-dump schemes in cryptocurrency markets and now publish the first detailed account of how they work. The researchers even developed an algorithm that can predict when they are about to occur, which offers a promising way to subvert or prevent them.

First some background. Pump-and-dump schemes are a well-known ruse in conventional commodity trading markets but have only recently become common in cryptocurrencies. The organizer begins by selecting an obscure cryptocurrency and quietly accumulating it.

The organizer then announces that a pump operation is about to begin and that a randomly chosen cryptocurrency will be announced at a specific time. These announcements take place over anonymous channels, such as Telegram, that interested parties can subscribe to.

At the specified time, the organizer reveals the chosen cryptocurrency, which happens to be the one they have accumulated. This is the cue for interested parties to begin buying. The sudden activity then triggers a sharp increase in the price of the currency.

When the price reaches its peak, a sell-off begins as participants attempt to make a quick profit at the expense of anybody unlucky enough to have joined the fun unwittingly or too slowly. All this activity takes place in just a few minutes.

Of course, the organizer is in a clear position to make the greatest profit. But a significant number of others take part in the hope of cashing out early enough to make a profit. Indeed, part of the ruse is that the “pump” is entirely automated and random, so that nobody can take advantage of insider information and that only quick reactions and judgment determine who wins.

Enough people have been fooled by this ruse to make pump-and-dump schemes increasingly common. Xu and Livshits say that on average there are two pump-and-dump scams every day and that these generate about $7 million worth of trading volume a month. So somebody is making a significant amount.

To study the details, the researchers focused on a single pump-and-dump scam that took place on November 14, 2018, at exactly 19:30 GMT. They gleaned the details by recording announcements over several Telegram channels, the largest being Official McAfee Pump Signals, which has over 12,000 members. They then recorded the price changes and trading volumes of the selected currency

At 19:30:04, Official McAfee Pump Signals revealed the chosen coin, a little-known cryptocurrency called BVB, which had been created in 2016 by supporters of the German soccer team Borussia Dortmund. However, the coin had been dormant for over a year, with little trading activity and a value of about 35 sat (1 sat = 10-8 bitcoin).

Then things started happening quickly. “We notice that the first buy order was placed and completed within 1 second after the first coin announcement,” say Xu and Livshits. “After a mere 18 seconds of a manic buying wave, the coin price already skyrocketed to its peak.” That was when it reached 115 sat.

Not all the Telegram channels reacted so quickly. Anybody following Bomba bitcoin “cryptopia” was at a significant disadvantage, since this channel announced the pump at 19:30:23. “Note that Bomba bitcoin ‘cryptopia’” only announced the coin at the time when the coin price was already at its peak, making it impossible for investors who solely relied on their announcement to make any money,” say Xu and Livshits.

Then, as participants took their profits, the price plummeted. “Three and half minutes after the start of the pump-and-dump, the coin price had dropped below its open price,” say the researchers. After that, the trading volume dropped significantly.

Xu and Livshits’s analysis reveals some interesting details about the event. First, anybody who joined the activity more than 18 seconds after it started had little hope of making a profit.

And second, participants bought about twice as much BVB coin as they sold. That suggests many participants are sitting on unsold coins. “Those coin holders can only expect to reverse the position in the next pump, which might never come,” say the researchers.

Xu and Livshits studied 236 other pump-and-dump events that took place between July 21 and November 18. They say that many of them were preceded by unusual buying activity in the target currency. This would be consistent with insiders’ accumulating the currency ahead of the pump. “The study reveals that pump-and-dump organizers can easily use their insider information to take extra gain at the sacrifice of fellow pumpers,” say Xu and Livshits.

But the study also suggests a way to spot target currencies before they are revealed: simply look for unexpected trades in obscure coins. To find out whether this works, Xu and Livshits used the historical data from known pump-and-dump schemes to train a machine-learning algorithm to spot the telltale signs that a scam is about to occur.

They then let it lose on live data, where it found this activity on six occasions between October 30 and November 6. Five of these alerts turned out to herald real pump-and-dump schemes.

This work suggests a path to undermining or preventing the scams, but it is likely to be just one move in the traditional cat-and-mouse game that security experts employ against malicious actors. Presumably, the organizers of these scams will quickly change their activities to make them harder for this kind of machine learning algorithm to spot. And so on.

Cryptocurrency scams are unlikely to disappear anytime soon. But this kind of detailed understanding of how they work can only be of important value in preventing them from spreading more widely.

Ref: : The Anatomy of a Cryptocurrency Pump-and-Dump Scheme

Deep Dive

Artificial intelligence

DeepMind’s cofounder: Generative AI is just a phase. What’s next is interactive AI.

“This is a profound moment in the history of technology,” says Mustafa Suleyman.

Deepfakes of Chinese influencers are livestreaming 24/7

With just a few minutes of sample video and $1,000, brands never have to stop selling their products.

AI hype is built on high test scores. Those tests are flawed.

With hopes and fears about the technology running wild, it's time to agree on what it can and can't do.

You need to talk to your kid about AI. Here are 6 things you should say.

As children start back at school this week, it’s not just ChatGPT you need to be thinking about.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.