Scams promising bitcoin riches have netted swindlers at least $11m in the last four years, researchers have found.
Some 13,000 victims handed over their money unwittingly in 42 different scams over that time period, their data suggests.
However, the total amount of funds cheated from victims over this period is almost certainly higher than the estimated $11m the research identified.
Vasek, who researches computer security at Southern Methodist University, co-wrote the paper with Tyler Moore, an assistant professor in computer science at the same institution.
The paper, titled There's No Free Lunch, Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams, has been presented at the Financial Cryptography and Data Security conference taking place in Puerto Rico this week.
Vasek and Moore combed online repositories of scam accusations, including a mega-thread of scams, hacks and heists on the Bitcointalk forum that has been maintained since 2012, as well as the subreddit r/bitcoin, BadBitcoin.org and CryptoHYIPs.com.
This process required the researchers to painstakingly go through forum threads post by post, even translating messages that were written in languages other then English, as well as visiting the websites that scammers created to publicise themselves.
"We went through every single post to determine if the scheme was a scam, any associated bitcoin addresses with the scheme, and any associated scams," Vasek said.
Using this method they found 349 scams, which were then whittled down to 192 deceptions after excluding phishing, malware and pay-for-click websites, which fall outside the scope of the study.
The researchers then extracted bitcoin addresses linked to the frauds, enabling them to look at transactions from victims to fraudsters recorded on the blockchain.
The paper groups scams into four categories: wallet software, exchanges, mining 'vapourware' and 'high-yield' investment programmes that operate as Ponzi schemes.
The authors notably exclude the collapsed bitcoin exchange Mt Gox from their study because it's unclear if the platform was originally set up to defraud users or was simply poorly run.
As Vasek put it:
Catching the 'big fish'
The most lucrative scams were Ponzis, which yielded $7.3m to the fraudsters that the researchers were able to track. Mining scams were next, generating $2.9m in ill-gotten gains for the cryptocurrency hustlers. Exchange and wallet scams, by comparison, yielded a paltry $455,000 and $360,000 respectively.
The Ponzi schemes, which are called 'high-yield investment programs' (HYIPs) in the paper, come in three different flavours, ranging from 'traditional' programs to bitcoin-only variants. Moore has previously conducted research into HYIPs.
Notably, it is the schemes that cross over from the traditional HYIP world to the bitcoin realm that are the most successful, the paper finds. Nine scams bagged $6.5m-worth of coins in the 12 months from September 2013. These include schemes like Leancy, Cryptory and Rockwell Partners.
These 'bridge' HYIPs also keep the carousel going the longest, operating on average for 125 days before folding. Bitcoin-only schemes, like First Pirate Savings and Trust, by contrast run for only 37 days on average.
The analysis also produced insights into what makes a scam successful. The deceptions that generated the most money did so by getting a handful of "big fish" victims to pay in the majority of the funds.
"For a scam to be successful, it appears that it must catch the few 'big fish' who will pay the bulk of the money into the scam," the authors write.
Vasek said the opportunity to use the blockchain to quantify the amount of money fraudsters were making was one reason she and Moore conducted their research.
"The blockchain creates an opportunity in that transactions may often be tracked, which could make it easier to assess the true risk posed by scams," the authors write.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.