Top 3 Crypto Scams and How to Avoid Them
Protect Yourself as Crypto Theft Continues to Rise
Web3, crypto, blockchain, NFTs — the industry introduced by Satoshi Nakamoto back in 2009 has spawned a trillion-dollar industry that only looks to grow increasingly larger in the years to come. As money continues to pour into the space, so to do the thieves, hackers, and other nefarious criminals who see opportunities to exploit those who lack experience, or are blinded by dreams of getting rich. As the opportunities rack up, it is becoming increasingly difficult for bad actors to turn away from these opportunities — thereby increasing the number of crypto thefts which are occurring throughout the years, as well as the total amounts which are being compromised in totality.
During 2020, crypto hacks amounted to almost $4 billion USD , a sizable number by any measure. However, 2021 has since seen that number explode to more than $14 billion USD, with over 50% of the theft tied to scams alone. With increasing new entrants coming into the space, bringing in fresh capital looking for a new home, scams are almost certain to continue to rise in the coming years as many new joiners learn the hard way about the importance of protecting their own crypto.
Fortunately, with the right information, training, due diligence, and reflection, people can learn to avoid scams in the same way that many people have now learned to not click links from suspicious looking emails. In the crypto-sphere, it will take some time before all individuals have arrived at that point — which makes it all the more important to be aware of such schemes in the crypto world as hackers become more prevalent.
Starting with the Red Flags
While entering the blockchain and crypto industry for the first time is an exciting venture, participants (new and experienced) need to be alert at all times. New technologies, processes, and the anonymity provided by the internet to criminals, all raises the risk of users losing their crypto. From on-boarding their fiat to just clicking a link, wallets can be drained in the blink of an eye if users are not careful.
General warning signs that users should be aware of when interacting with exchanges, crypto applications (e.g. wallets), projects, websites, etc….:
- Ensure that all written copy is without spelling errors. Businesses and projects which are serious about their solutions will rarely have any spelling errors on their copy. Conversely, scammers looking to trick as many people as quickly as possible will deploy content without much review — and such content is often full of errors
- Unreasonable promises / guarantees to multiply your money — 2x, 3x, 4x, etc…. while crypto can be very lucrative, there are never any guarantees. Anyone promising guaranteed high returns should be viewed with extreme caution.
- Unclear explanations on how the money might be used, stored, or kept safe. A business or project looking to grow and develop their customer base will know that they need to earn their customer’s trust if they are looking long term. The lack of transparency regarding how a third party is keeping its customer’s money safe is a serious warning sign.
While there are several others, these are a few to initially keep in mind. Crypto is still in its very early stages, and there are numerous unsavory individuals looking to take advantage of inexperienced or careless participants in the space.
The Scams & How to Protect Your Funds
Phishing scams date back to even before the internet. From the days when households only had landlines, every so often a stranger might call the home and lure an unsuspecting child into divulging information that might compromise the safety of that child or their family. In the internet age, this scam evolved — largely into tricking unsuspecting users to click links, which might then install various forms of malware or ransomware on their devices. Such software, when activated — could do anything from keystroke logging to taking control of the device. In the Web3 world, scammers use links differently — to lure users into divulging information which would allow an attacker access to a user’s wallet. Such attacks, if successful, could lead to the victim divulging seed phrases, private keys, and other information which would give the attacker access to a user’s funds.
The Takeaway: Users should learn to never divulge any details which would compromise personal identities or access to wallets. Be suspicious of any links which are received without being asked. When looking at a project or a business, search for “Official Links” from their official Twitter or Discord accounts, to ensure that only legitimate links are clicked. Consider setting up a blockchain monitoring solution for your wallet. As a second line of defense, crypto monitors can inform you of unauthorized activity in the event that your account is compromised. Blockchain monitoring solution companies often have free accounts to use, and can also be a contact point to trace your funds in the event that crypto is stolen from your wallet.
“Squid Game” Like Projects
One of the hottest TV shows of 2021 was the Netflix hit, Squid Game, which audiences around the world watched with great enjoyment and intensity. As the show reached its peak popularity, an unknown group of individuals launched a “squid game” token, playing off the hype generated by the Netflix series. Those who enjoyed the series and believed in the promises laid out by the token poured money into securing these tokens, only to see its creators take down the website and run away with the funds shortly thereafter.
The Takeaway: Post-mortem analysis of what happened in this scam revealed that there were several warning signs that this project was questionable. From spelling mistakes on the project’s website, to the suspicious timing of the token launch (where its affiliation to the Squid Game series was not specifically spelled out), investors in the token had several opportunities to truly question the legitimacy of the project that they were pouring their funds into. The key learning here is to do significant research on all potential investments in crypto before depositing money into the project. Safety does not come in numbers, as was evidenced by this scheme. Ultimately, people need to be alert at all times that scams can come in various forms — especially in the crypto world.
Social engineering is also one of the oldest forms of intrusion known to man. While the execution of social engineering attacks has evolved over the years, the foundation of how these attacks work has generally remained the same — identify a victim, build trust with the victim over time, and then begin guilting or persuading the victim to divulge something of value to the attacker.
In the online world, much of this happens through online dating sites, chatrooms, or other social media channels. Attackers may randomly send direct messages (DMs) to others where they may be in the same group (e.g. the same Telegram or Discord group). Attackers may have attractive profile photos which may help elicit a response from the potential victim. Should the victim respond, the attacker begins building a relationship with them — hoping to earn trust and empathy from the victim over time. Eventually, when the “relationship” seems to have some solid foundation, the attacker may ask for money — and do it in such a way where the victim may feel guilty in saying no.
The Takeaway: Spend enough time in crypto focused chatrooms, and users will inevitably receive a DM from a scammer on the platform. Almost 100% of the time, these DMs are fraudsters, looking for ways to get the victim to divulge sensitive information which would allow them access to personal information, crypto wallets, or worse. To minimize / eliminate the chance of being contacted via unwanted DMs, ensure to turn off such functionality upon joining any new social media platforms, or spaces within those platforms. If and when a DM is received, review the message with the utmost caution, and determine if:
- The sender is likely the person who he/she says they are (e.g. part of a project team member)
- There is a reason for the person to be reaching out directly to you (e.g. contact has been made with this person before so you already know who he/she is)
If one or both of the above tests fail, it is likely safer to close the DM and ignore the user. Engaging with an unknown person likely will increase the risk that you are eventually scammed.
The Future of Crypto Crime
With an increasing number of new entrants in the cryptocurrency space — the amount of users and the money which they bring with them will rise significantly in the years to come. While this will be great for the overall space, this will also introduce a new wave of scammers and tricksters who will continuously find ways to separate people from their money. As the incentives rise, so too will the number of scammers, as well as the sophistication in their schemes to trick individuals into divulging information which allows the thieves access to funds.
New entrants to the space need to be aware that the crypto world differs greatly from the traditional financial institutions that most individuals are accustomed to dealing with. With banks and other stewards of people’s funds, there are often government or company backed guarantees to protect their customers. The impacts of fraudulent credit card charges can be absorbed by card companies, while theft of bank deposits can be insured by the bank or the government itself.
In Web3/crypto — all of this disappears. The upside is that people become stewards of their own money, with full control of their assets at all times. The downside is that people participating in this economy are tasked with the full responsibility of ensuring the safety and security of their funds — as there are no third parties involved in this new era of finance. Once funds leave a crypto wallet — they are effectively gone.
Therefore, it is of critical importance that users be aware of the types of scams noted above. As well, users should consider additional layers of security, including implementing a blockchain monitoring solution for their wallets. Such a solution would allow for crypto monitoring capabilities for its users, and inform the wallet holder each time that there is activity happening in the wallet. Free blockchain monitoring solutions solutions can be implemented easily and without any prior technical knowledge needed. With crypto monitoring, users can be informed immediately when a transaction is occurring which they did not authorize. Such knowledge could allow the user to immediately report such activities, and possibly provide just enough time to freeze the transaction before it gets confirmed on the blockchain.
At a minimum, blockchain monitoring solutions will also allow for a level of traceability. That is, should a hacker get away with funds, a crypto monitor would be able to assist in tracking how those funds changed hands after they were hacked — and/or if the funds were eventually off-boarded into fiat. If used effectively, a crypto monitor would provide users information to go to various off-boarding platforms (e.g. cryptocurrency exchanges) and provide them the details of why a specific set of funds should be frozen on the exchange, and not allowed to be moved further.
Crypto is an exciting and transformative space to be a part of. However, users should regularly remember that the space is still in its nascent stages, with many of the technologies being proposed still in process. Vulnerabilities do exist, and Web3 participants should remember to always be on guard to protect their own assets. Awareness of common scams, as well as implementing blockchain monitoring solutions, or other lines of defence, are critical to ensure the safety and security of funds.