Open in app

Sign in

Write

Sign in

Identifying Scams

TheManWithoutAName
7 min readFeb 26, 2024

--

When navigating the cryptoverse, one must always rely on education as being the most important form of defense against malicious actors. Doing so requires being cognizant of various typologies to which users are frequently subjected to.

The types of scams that exist in the crypto industry

If you’ve been in the crypto space for some time and have used your wallet(s) to buy non-fungible tokens (NFTs), swapping tokens on decentralized exchanges (DEXs), adding funds to liquidity pools, or taking out loans, you might have noticed tokens airdropped into your wallet without any apparent explanation. This phenomenon is widespread in the cryptocurrency community and is observed across various blockchains.

What might initially evoke excitement in a sense of “Oh wow, I just got an airdrop! This may be worth so much money”, can quickly turn into a tragedy if one is not privy to this typology. This is commonly known as Airdrop phishing or Airdrop scam, where perpetrators lure recipients by airdropping a given token that proves difficult to swap on decentralized exchanges. Subsequently, recipients may feel compelled to investigate the token further, often by visiting a website linked to it. However, the danger lies in connecting one’s wallet to such malicious websites, as victims might inadvertently sign a message, allowing the attacker to drain the wallet of all funds.

Several red flags associated with this scam, including but not limited to the following:

  • The token’s market value is usually zero (0) upon inspection.
  • The token address, when searched on a blockchain explorer, may be flagged as a scam.
  • The airdropped token often originates from an address that has been mass-dispersed to many addresses all at once.
  • Tracing the funds may lead back to a mixer, whose purpose is to throw off the crypto trail.

Best Practices

When encountering a suspicious random airdrop, the best course of action is to conduct thorough due diligence and take note of any of the aforementioned red flags If there is any doubt, it’s advisable to hide the token if such a feature is available, but refrain from interacting with it altogether. It is also recommended to report any suspicions to a relevant blockchain explorer where the incident took place. Many users rely on the information provided by these explorers, in addition, they are also utilized by many blockchain analytics companies to further “home into” any malicious activity on the blockchain and further help the efforts to remedy any victims of such phishing attacks.

A frequently encountered term in the cryptocurrency space is “rug pull”. This is a word that indicates a project that was created with malicious intent. The individuals behind the project either obtain user assets (such as cryptocurrencies or tokens) without providing anything of value in exchange, or lure people to connect to its smart contracts. These contracts contain code that allows those privy to the contract details to extract value from user deposits.

Examples of scams related to fake ICOs and rugpulls

Numerous examples of various forms of rug pulls exist, some of which have been covered by vigilant Anti-Money Laundering (AML) investigators such as Coffeezilla or ZachXBT.

For example, certain projects on DeFi promote themselves on Twitter, promising high yields if users provide liquidity in their pools. However, users immediately find their deposited funds siphoned off to another address, followed by the deletion of the project’s Twitter account and Discord server.

Another rife variant of this typology involves NFT projects that emerge and shill themselves on social media platforms. Countless such NFT projects have been created solely to exploit users and then quickly disappear.

There are several red flags associated with this scam, including, but not limited to:

  • The NFT project’s team is anonymous or pseudo-anonymous.
  • The project is relatively new and lacks a track record.
  • The project, some of its team members, or wallet addresses have been associated with prior NFT rug pulls.
  • When asking the team questions, there is either no response or they are deleted on apps such as Discord or Telegram.

Best Practices

When coming across NFT projects, users should keep several factors in mind, including:

  • Conducting due diligence on the team:
  • Are the team members doxxed?
  • Do they have a reputable background?
  • Is there any form of engagement on their Twitter accounts?
  • How does the team respond to questions from the community?

If any concerns stem from the above, proceed with the utmost caution.

There have been instances of crypto and NFT projects have promoted investment opportunities, promising investors a pre-sale allocation of tokens in exchange for their tokens. Some of these schemes have proven to be fraudulent, and serve as mere investment scams that swindled funds from unwitting investors.

Examples of scams related to airdrops and giveaway campaigns

In the decentralized space, this is even more prevalent due to lax or non-existent controls, allowing anyone to participate in investment opportunities as opposed to what we see in centralized finance, and thus, requires a much more vigilant eye and an increased sense of self-preservation.

When coming across any investment opportunities on social media, always be wary and skeptical before going any further. There have also been reports of fraudulent investment schemes utilizing deep fakes on streaming platforms like YouTube. For instance, one video might feature a convincing portrayal of Elon Musk speaking at a conference, promoting a crypto investment opportunity and luring potential victims.

There are several red flags associated with this scam. These include:

  • Projects with recently created social media profiles.
  • The individuals behind the investment opportunity are not identifiable.
  • The source of the yield or investment income is not clear.
  • The investment opportunity is offered in an “over-the-counter” manner via apps such as Discord or Telegram.

Best Practices

Manage risk by conducting rigorous due diligence when entering into investment opportunities and take note of any red flags of concern. Otherwise, assume it is a scam and do not proceed.

Romance Scams

Another form of scam, spanning across both traditional finance and crypto, is that of romance scams and fraud. In these cases, victims, often in a vulnerable state, are swindled from their funds under the guise of a romantic relationship with the fraudster who needs their financial support.

The most well-known example of relationship scam is the Tinder Swindler, where an Israeli individual used a false identity to enthrall women he met on the dating app. He fabricated a story, convinced them to send him a large amount of funds and ghosted them afterwards.

There are several red flags associated with this scam. They include the following:

  • Asking for funds, loans, or financial support.
  • These individuals often claim to be in remote or distant locations.
  • Lack of any verifiable social and work references.

Best Practices

Never send any crypto or funds to anyone, whether entering into or already in a romantic relationship.

Address poisoning is another type of scam. Here, the attacker generates an address that looks very similar to a user’s address and sends funds to it with hope that the victim will mistakenly use this address, believing that it’s their own and send funds to it.

This scam relies on users who may be either careless or over-trusting, copying and pasting any address that resembles their own when making transactions.

A key red flag associated with this scam is:

  • If the user recalls recent transactions involving their addresses, they can usually determine if this was indeed one of their addresses for sending funds.

Best Practice

Never copy and paste addresses from any blockchain explorer, UI wallet address transfer log interface, etc. Always manually double-check the addresses before initiating any transactions to ensure they are going to the intended recipient.

With the significant impact of the 2022 and 2023 lay-offs in crypto businesses, many individuals are actively seeking employment opportunities and are eager to secure a role in the industry.

Examples of how to identify job scams

Unfortunately, this surge in job hunting has led to an increase in job application scams, where unsuspecting job seekers apply for positions and go through a supposed hiring process, only to unknowingly provide Personal Identifiable Information (PII) that can be exploited for identity theft. In addition, these fraudulent actors may also demand payment from applicants to complete the “application process”, further worsening the situation for the victims.

The following are some red flags associated with this type of scam:

  • Asking for money in order to continue with the hiring process.
  • The job description is generic and is not appropriate for the role.
  • Lack of understanding of the role by the person communicating with applicants.

Best Practices

  • Never, under any circumstance, should applicants pay to secure a job.
  • Conduct thorough due diligence on the project and cross-reference job post details with the business’s past postings.

Given the unregulated nature of the crypto space, you can only rely on yourself for protection through education, awareness, critical thinking, and risk management.

Anti Scam
Self Protection
Web3
Crypto
Romance Scam

--

--

TheManWithoutAName

Written by TheManWithoutAName

2 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams