Team members will never ask for your login credentials, private keys, recovery phrases, ask you for payment in return for support, or ask you to sign any transactions on their request!
Scammers are a serious threat to cryptocurrency traders and it is therefore very important that you do your due diligence when investing in cryptocurrencies or interacting with new or unfamiliar platforms. In this article we have gathered some information about the most common crypto scams and how you can protect yourself from them. Staying safe from scammers in crypto is a cat-and-mouse game where scammers are constantly evolving their techniques of fraud. It is therefore important that you expand your knowledge about this topic continuously. You will thank yourself later!
Common scam scenarios
We have listed a few scam scenarios below. Some may be more familiar than others, but all are equally important to have in mind when navigating the crypto space.
People reaching out to you with offers, airdrops or help
Beware! When random users approach you in text messages, emails, or phone calls, and offer you any kind of help or deal in crypto, it’s always an attempt to steal your money. Don’t let yourself get fooled. If something is too good to be true, it probably is!
Connecting your wallet to unknown sources (Malicious contracts)
A very common scenario today is being asked to “Connect your wallet here to claim your airdrop”. Connecting your wallet in such a scenario can very likely allow hackers to access your wallet and steal all of your funds without your knowledge. Also, always make sure that you’re on an official website when connecting your wallet to a smart contract! Double check website URLs and access the websites via official sources, for instance, CoinMarketCap or CoinGecko. Don’t enter websites sent to you in private messages.
Messages from fake crypto services (Phishing)
Be aware of emails, private messages, social media posts, and websites, claiming to be from official services such as Coinbase, MetaMask, CoinMarketCap etc. These messages/posts/websites may very well be faked ones used by scammers to trick you into giving away sensitive information such as login credentials or private keys. These messages/posts/websites can look very legitimate and be very convincing. They usually play on the fear that something bad has happened to your assets, or FOMO (Fear of missing out). Beware of the following type of content:
- “Someone has logged into your account”
- “The ability to login your account has been disabled until we can further verify your identity”
- ”2 ETH was withdrawn from your account”
- “Claim your airdrop today”
- “Your 0.624 BTC deposit is waiting for your confirmation”
Unexpected token approval transactions
Be very cautious if token approval transactions are prompted in your wallet, unexpectedly or in conjunction with you receiving help from an unknown person. A common scenario today is when a scammer (claiming to be a team member or a faithful community member, or similar) approaches you via private messages after you have asked for help in an open chat forum like Discord. The scammer will comfortably tell you that he will solve your problems, and while he is seemingly doing so you will be “required” to sign a couple of transactions in your wallet. In good faith you sign all the transactions, but little do you know that these transactions actually allow the scammer to access your funds and move them out of your wallet. Once the funds have been moved from your wallet to another wallet, there is absolutely nothing you can do to revert those transactions. Scammers may try to convince you the opposite, but don’t let yourself get fooled!
Below is an example of an token approval in MetaMask. By clicking on “Verify third-party details” you can get details about the contract requesting access to the funds in your wallet.
Unintentional download of malicious softwares
Malicious software (malware) is a type of software that is typically spread through email attachments, infected websites, pop-ups, or downloads from untrusted sources. The software can take many forms, including viruses, trojan horses, spyware, and more. Once installed on your computer, malware can steal sensitive information from you, such as your cryptocurrency wallets and/or your private keys.
Similar to the “phishing” case above, you should take care when you receive emails or messages from what is seemingly a legitimate source. Pressing links in these messages may very well cause you to download unwanted software to your computer.
If you notice strange behaviors on your computer. For instance, when pasting a copied address it is replaced by another unknown address. Your computer is most likely infected by a trojan.
What can I do to protect myself?
There are several actions you can take to protect yourself from scammers. We have gathered a few in the list below. But as previously stated, it is important that you expand your knowledge about this topic by continuously researching it.
2FA
2FA, short for “two-factor authentication, is a security process that requires users to provide two different authentication factors to access their account or complete a transaction. The purpose of it is to add an extra layer of security to the authentication process and reduce the risk of unauthorized access or fraud. The two factors used in 2FA are usually something the user knows, such as a password, and something temporary, such as a code sent to the user by email or text message. The user needs to provide both factors in order to pass the authentication process.
Hardware wallet
Hardware wallets are considered to be one of the most secure ways to store cryptocurrencies. They are cryptocurrency wallets that store a user’s private keys in a secure offline device. Since the wallet is an offline device and not exposed to the internet, it is resistant to hacking attempts and other types of cyberattacks. When a user wants to make a transaction, they connect their hardware wallet to their computer or mobile device, enter a PIN or password, and confirm the transaction on the device.
Read you transaction approvals
Do not blindly sign transactions in your wallet. There will always be information displayed when a transaction signature is required from you. Read it carefully to make sure that no scammer tries to take advantage of the situation to get access to your funds.
Revoke allowance
When you use dapps, such as Uniswap, you have to grant them permission to move/spend cryptocurrencies in your wallet on your behalf. If not, the smart contract behind, in this case the DEX, will not be able to complete your requested trade. It can be wise to check what allowances you have given to various dapps, and revoke those allowances you are not sure about. If you don’t revoke the allowances, the connected dapps will have the possibility to spend your allowed currencies forever.
You can use Arbiscan to check your allowances and revoke those that you don’t want to keep. Also, MetaMask keeps a list of services you can use to revoke allowances on other chains than Arbitrum.
Temporary wallets
If you want to interact with an unknown website, use a temporary wallet for this interaction and not the wallet in which you store the majority of your funds.
Initiate contact with team members yourself
If you are asking for support in one of the discord channels, never trust incoming messages from people claiming to be there to help you. Especially if the person claims to be on the team. Team members will never initiate contact with you. As a matter of fact, there are examples of when our community mods have blocked newly joined users on Discord with identical names to Joe Park.
Ask!
If you are unsure about the legitimacy of emails, private messages, websites, or other communication forms, ask someone you trust. The two of you (or more) will most likely be able to determine whether the source can be trusted or not.
Check official info on public pages
If you are uncertain about the legitimacy of a website you intend to visit, it is advisable to first check a reputable source like CoinGecko for any associated URLs. Should the recently shared link not be listed on the trusted site, it is likely a phishing attempt.
To stay updated or ask any questions you have: Join us on Discord and follow us on Twitter to stay up-to-date with our latest news and developments.
Make sure to check out our website: https://hydranet.ai
