May 29, 2021

A Really Elaborate Crypto Scam

Crypto scams are getting more and more elaborate. Here is an example of a one which closely resembles a new interesting crypto project. Especially for people investing in private sales it is a valuable lesson.

The "project" in question is Duplicate Finance. We will be using Wayback Machine for most of the links in this article, as I have a hunch the website itself might be taken down at relatively short notice. The "project" has Twitter and Medium accounts as well as a Telegram channel. It also has a pitch deck and a litepaper, describing their claim to fame - a new protocol for creating synthetic assets. While this in itself is nothing groundbreaking, Duplicate promises to be the "first trading platform to
launch leveraged synthetic equities". They even provide a sneak peek of what they are "building".

Also, as a relative rarity, they provide Twitter and LinkedIn profiles of the whole team, including - the CEO, the CTO, the Operations Lead and the Community Manager. You can get the Twitter links on their homepage, if it hasn't been taken down already of course.

Duplicate is now fundraising by selling tokens to build their groundbreaking product. In the crypto world funds are often raised by first selling tokens to institutional investors before doing a public sales round for the wider crypto population. Duplicate allege to have completed a seed token sale round and being halfway through a private round - also for institutional investors. Funds already raised are a strong investment motivator, who wouldn't love a project which has already raised $750k?

Duplicate is now searching for further institutional investors, to contribute the further $500k to fill the private round. This is an interesting approach, as most scams target the general public counting on it to be less informed and dilligent than crypto venture capital. Apparently Duplicate has decided it is more efficient to find a few gullible VCs, than a large crowd of small investors. This is the opposite approach to e.g the Poplink Oracles scam we described a few weeks ago.

So how can you recognize it is a scam? The first thing which is a bit peculiar is the project is almost too good to be true. Take for instance the tokenomics, which are usually a key investor topic.

Duplicate Finance tokenomics

These look almost perfect. The starting market cap after launch is $362 500, which is extremely low. This means there is signficant uspide, so the price can be reasonably expected to go up. Also private investors buy tokens four times cheaper than the general public, meaning they have even more profit potential. In fact, these numbers seem almost too good to be true and should already set off a slightly yellow light in an investor's head.

Then the team - at first sight it also looks really great. You have four young people with great experience, who show their faces, Twitter, LinkedIn. All of them are real professionals, look at the CEO:

Fake Profile of Duplicate Finance CEO

Director of Business Development at Salesforce in Germany, VP of Sales at Daimler AG, a solid university, this is one most impressive person. Also, as he looks maybe 30, he must have become the VP at 24. When you examine the profiles of the other founding team members, you notice they are carbon copies of each other - a profile pic, 50-100 connections, several career stations, a solid university and no further activity except a share of a random TEDX post. Even the pictures look eerily similar.

Fake Duplicate Finance team

Notice the identical backgrounds. On one hand you might think the team has done a photoshoot and created the LinkedIn profiles specially for the project to provide real transparency. But then, how many early-stage crypto projects actually do photoshoots for the team? How many young high-level managers in Germany do not have a LinkedIn profile full of connections? What is the chance of four profiles being so similar in structure and activity? The yellow light in your head should be getting pretty orange by now.

Even more strangely, the Twitter accounts are also similar. Created eight or more years ago, but with nary a tweet. Or at least a non-hidden tweet - the only ones which are public come from the last month or so.

If you start talking to Duplicate about an allocation, i.e. buying tokens, they will be happy to accommodate you. Not too happy - that would be suspicious - but willing to make room in their long list of investors. If you ask for more allocation, they will be happy to grant this wish, albeit with some reluctance. They also play hard to get, asking for quick decisions due to huge investor interest:

Fake pressure from the Duplicate Finance investor scam

This looks like regular project behaviour, but let's say you express the wish to discuss the topic with them over a video call. For some crypto VCs this is a prerequisite to invest. They will acquiesce, but then at the last moment you will learn their camera is broken. The call will be postponed till they get a new one.

Now let's say the orange light in your head has made you start to rethink things and do some dilligence on their team. When you google it, nothing comes up. And we mean nothing at all. There are of course many people with those generic names, but googling the people + the names of their employers shows nothing. No LinkedIn post with a tag, nada, zilch. This calls for more intricate dilligence. The one thing you have are pictures. Google searching for those pictures again shows nothing. But if you use more complex facial features recognition software, bingo:

Real profile of fake Duplicate Operations Lead

This is the real "Lorenzo Biancho", the innocent victim of identity theft. If you use facial recognition software on other team members, you will also find who they have stolen their pictures from with little difficulty.

Now it all starts to make sense. The similar Twitter and LinkedIn accounts, the perfect tokenomics, the willingness to make room in the investment round and even increase the allocation, the misfortune of a broken camera. The scammers tried to hide themselves behind fake pictures. Incidentally, the fake team comes from Western Europe, which is another part of the scam - a team from countries with stable legal systems evokes more confidence, even though the company might be registered in a more exotic place.

So how do you protect yourself against such elaborate scams? We must say this one was really hard to solve. In fact if the scammers hadn't taken a few team profile shortcuts, a crypto VC fund we know might have actually fallen for this. If you look at their Twitter, you will see a tweet from one other crypto VC, presumably one of their victims.

Regretfully there is no easy solution. The only proxy for trustworthiness would be social proof - look for projects with numerous institutional crypto investors. These investors should have also had tweeted about the projects, confirming the investment is real. It may seem ironic, but such social media backing is one of the stronger due dilligence shortcuts you can make.

If you see projects without such social proof, then it's all about your intuition. You need to have experience to develop a hunch how a regular crypto project looks like and when something feels wrong. But such a hunch might not be enough, especially if next time the scammers devote a bit more time to creating a believable backstory for their fake team. Crypto offers a chance for significant profits, but requires a lot of care and dilligence.