How to Prevent Fraud in Web3 and Web2

Vulnerabilities in traditional tech stacks can manifest in new ways with the introduction of web3 technology for any brand or business, and it’s incumbent on leaders to understand risks, and how to mitigate them.

Recently, while giving a presentation to an incoming cohort at a respected incubator, I realized that regardless of industry, not all business know how to protect their customers from scams and exploits. 

Let’s spend some time to outlining how businesses can protect customers from fraud in a world where web2 and web3 economic rails are rapidly converging. 

Web3 Fraud Prevention Starts with Web2

In 2022, Axie Infinity (a popular blockchain-based game) lost $620 million. Although they are an innovative “onchain” business, simple web2 security protocols of access controls, real-time monitoring and scam awareness training could have prevented the massive web3 exploit. Subsequently, the loss of trust and reputation cost more than over half a billion dollars. How can we learn the lessons that prevent these exploits from happening to future businesses and brands?

To Protect Against Fraud, Know What to Look For

There are several types of fraud prevalent in global markets that lead to the largest financial losses for individuals, businesses, and governments. These top four are the loss-leaders, but there are many more:

Investment Fraud

• Ponzi schemes and pump-and-dump schemes.

Corporate Fraud

• Manipulating financial statements.

Identity Fraud

• Theft of personal data.

Cyber/Online Fraud

• Phishing and e-commerce fraud.

Recently, there’s one particular crime that combines elements of the top scams: Pig Butchering.

What is Pig Butchering and Why Does it Matter?

Pig butchering is a type of online fraud where scammers use personal data to manipulate victims into unknowingly participate in investment fraud. Initially, victims are targeted and contacted via traditional text or email platforms. The victims are lured into building a relationship under false pretense with a fake persona (AI-prompt bot account with human oversight). Once trust is established, the scammers convince the victims to invest in fraudulent schemes or cryptocurrencies, often leading to significant financial losses.

‘Pig butchering’ scams that have been widely covered by the FBI’s Annual Crime Report, various media outlets and our own team. It’s estimated that in 2023, over $4.5 billion in losses from investment scams with 86% being crypto related. These massive global operations are clear evidence that criminals are innovating beyond traditional tech and using AI combined with crypto.

How can we prevent fraud that starts in web2 from destroying web3 innovation?

How to Minimize Fraud Risk for a Business?

To protect your company, start with educating yourself, your employees and your customers. Everything we do today is online and digital, which means more sensitive information and protocols need to be considered. I’ve written posts on the various ways to prepare and harden your application from pre- to post-deployment as well as real-time blocking solutions. Regardless of architecture, the targets and the attack vectors are similar.

Crypto Scam Protection: What Are Scammers After?

Criminals are seeking to exploit your accounts, wallets and contracts – but they’ll take whatever they can get:

1. Protect Web2 email and social accounts
   • Have 2FA / MFA set up with account alerts for any suspicious activity.
2. Protect Web2 bank accounts and transfers
   •  Don’t rush transactions. Have a protocol that ensures the right funds are being to the correct destinations. Sometimes it takes several emails, voice confirmation and test transactions.
3. Protect Web3 wallets and keys
   • Protect keys at all costs and ensure stringent access controls are in place.
   •  Store keys offline where possible, in a secure location.
4. Your customers’ assets
   •  Isolate sensitive data through network segmentation
5. Customer personal/financial data 
   •  Adhere to relevant data privacy laws and regulations, such as GDPR and CCPA.
6. Customer’s financial information
   •   Ensure encryption and regular penetration testing.
7. Your plumbing
   •   Network infrastructure
   •   Firewalls, intrusion detection systems, and secure remote access protocols
   •   Company software and hardware
   •  Keep software and systems up-to-date with the latest security patches to address vulnerabilities.
8. Your employees and customers themselves!
   •   Just like the vast fraud from pig butchering, soft target like human error, and exploits are clicking the wrong links, sharing, sensitive information and being careless with security.
   •   Train employees on cybersecurity best practices, including phishing, password management, and data handling.
   •  Educate employees to recognize and avoid social engineering tactics.

Looming Compliance and Legal Damages

Regardless of infrastructure, regulators and law enforcement will come after you too if you are careless with internal protocols and your clients data or capital under management. You can be sure if you lose millions of dollars in assets, the local law enforcement will only be the first of your problems, prosecution, litigation, and conviction are quick to follow.

If you need further guidance on how to prepare for upcoming regulations, see our Markets in Crypto Assets (MiCA) post.

How Can CUBE3 Protect Against Fraud?

Part of the reason web3 needs solutions like CUBE3 is the majority of people don’t think about fraud in web2. The FDIC insures your bank account, and credit card companies routinely block transactions for suspicious activity, even if you’re using your own card on vacation. The point is, you know you can recover funds and so you’re not concerned about clicking “buy” on any website with Stripe using USD. However, fraud is everywhere but we don’t think about it.

In web3 that’s not the case, web3 is dangerous and fraud is out of control for individuals and businesses alike (just ask HSBC). Whether it’s web3 native or leveraging major web2 platforms to compromise accounts (like McDonald’s) the damage is done and instantaneous… Crypto is perfect for criminals because it’s fast and irreversible.

CUBE3.AI is here to front-run fraud and block it before it happens using powerful AI engines that are built on traditional API architecture. CUBE3 can detect fraud days in advance by simple API calls that keep your business secure and compliant by constantly pinging our risk engines and sending back warnings or blocking transactions altogether.

CUBE3 has several use cases you can review from the past year when CUBE3 detected threats minutes or days before an exploit. We could have saved projects millions had they been using our tools.

Prevent Fraud in Web3 and Web2, Before it Occurs

At CUBE3, we’ve been working on something that can detect the early indicators of pre-crime activity both on and offchain. We’re integrating web2 data that can listen to web chatter and criminal intent that can save businesses billions by preventing fraud, security risks and compliance issues before they happen.

Don’t let criminals cost you capital, concern and hurt your brand reputation. Let’s create innovation and safeguard the world from fraud, security breaches and ensure compliance simultaneously. We’ll look for addresses that take your users money and you focus on bringing more value through your products and services.

CUBE3 is a fraud prevention solution with an expert web3 team with deep experience protecting some of the largest institutions in web2 (Mastercard, Oracle, Comcast, etc).

Book a demo and let’s help protect the combination of web2 and web3 businesses, brands and community together.