Scams and confidence tricks, they’re not new thing and, irrespective of what the media suggest, they are certainly not just a problem for crypto. In fact they have been around for thousands of years in many different forms. It’s just that crypto (and social media) has given scammers a new way to part unsuspecting marks from their hard earned money on a global scale.
In Part 1 of this Numio scam advisory post we take a look at some of the more technical scams in crypto — rug pulls and hacks.
The Rug pull
Rug pulls are a relatively new type of scam that relies on a traders Fear of Missing Out, or FOMO. Rug pulls generally target people who are a bit more crypto savvy as the trading involved does require some degree of technical expertise.
How does it Work?
A scammer creates a new token. It’s usually based on something that grabs the attention of the crypto moon crowd, maybe a food based or dog based token, or whatever the latest meme coin is.
They build a website, they post in /r/cryptomoonshots and other social media channels, promising huge returns. They build hype. Then they list the token on a Decentralised Exchange (DEX) like Uniswap or Pancake Swap.
All that hype and the ETH/BNB starts to flow in. The token price rises and the liquidity the scammer had in their scam token is now all in ETH/BNB, and that is when they strike. They withdraw all their new ETH/BNB out leaving their victims with vast amounts of a valueless token that they cannot sell.
How to protect yourself?
There is an old saying in crypto, ‘Do Your Own Research’ (DYOR) and that is exactly what you should do. Make sure you have thoroughly researched any project you invest in, don’t get greedy, and only invest what you can afford to lose.
Fake Wallets and Apps
Scammers and hackers build fake apps to steal your money.
How does it work?
Scammers will build a fake version of a wallet or app and seed it around the internet on forums, torrents, apk download sites, via direct message, or even by gaining access to the project server.
Once downloaded any data you input into the app will go directly to the scammer, including those precious private keys.
How to protect yourself
If downloading a mobile app it is always advised to download directly from the projects official Google Play Store or App Store. Both Google and iOS review the app code and ensure that all uploads are signed using the project’s signing key. If it’s an open source app then it is worth checking apps like F-Droid instead of Google Play.
If the mobile app or desktop wallet is a direct download from the project, then always ensure that you download from a reputable source, preferably the project’s own website. When downloading directly, projects may provide a download signature for you to verify the hash of the download, thus ensuring that the downloaded file is legitimate.
An example of this is the Ledger Live software: https://www.ledger.com/ledger-live/lld-signatures
The top tip though is to never download apps or wallets that are posted in forums or on messaging services such as Telegram.
Fake Websites
Much like fake banking websites, there are numerous fake websites that appear to be popular web wallets, such as myetherwallet or Decentralised Exchanges (DEXs) like Uniswap. They are however built for one purpose. To steal your money.
How does it Work?
A scammer will create an exact clone of a web service and give it a very similar domain name before adding links to forums, messaging services and even getting ranked on Google itself.
Once an unsuspecting person enters their details on the site (e.g. private key, seed words) it’s game over — the scammer has access to your wallet and all the crypto in it.
How to protect yourself?
Always make sure that you carefully check the link is correct, that the website is using https and has the padlock symbol at the top. Be extremely wary of links that are found on forums, messaging services, social media, or sent via email and direct message.
If you are unsure you can hover over the link to see where it is actually taking you. If you are still unsure then find a link to the relevant service via the project’s own website, social media channels, or services such as Numio, Coingecko or CoinMarketCap.
Next Week
In Part 2 of this series we will look at confidence tricks and social engineering scams.
Stay safe out there…
Want to learn more?
If you are interested in integrating Numio tech into your platform, having a demo, or simply want a chat with our devs, then please contact us at hello@numio.one or via one of our social channels.
