Protect Yourself From Common Crypto Scams

Scams in the crypto space take on various forms, and identifying each comes with its own challenges. In this article, a list and short description of the most common scams will be provided, as well as ways of identifying scams in order to prevent falling victim to one in the future.

What are the common crypto scams and how do you protect yourself from scams? This lesson tackles the different scams run by bad-actors online in the crypto space. By the end of this lesson, you will be able to list out the common crypto scams, how to spot them, and gain the knowledge on how to avoid them. 

What are the Types of Crypto Scams

Generally, crypto scams involve initiatives aiming to obtain access to a targets’ wallet or authentication credentials, and transferring cryptocurrencies directly to a scammer due to impersonation, fraudulent investment or other malicious means.

In a social engineering scam / fraud criminals exploit a target’s trust in order to gain access to a location, network, or confidential data that can be used in a crime, in some forms the bad-actor may even try to get the victim to give them money directly. According to Interpol, social media is the preferred channel but it is not unusual for contact to be made by telephone or in person. 

Scammers in social engineering scams, use psychological manipulation and deceit to gain control of vital information relating to holders' accounts by acting as an official entity in most cases. For example, someone impersonating someone who works with a crypto/blockchain project may message, saying they need you to provide information that may be used to open your account.

Here are more examples of scams that broadly fall under social engineering:  

• Romance scams utilize dating websites to make unsuspecting targets believe they are in a real relationship. When trust is established, the conversation turns to cryptocurrencies opportunities and the eventual transfer of either account information or coins.
• Giveaway/imposter scams occur when people pose as famous celebrities, business people or crypto influencers. To get the attention of victims, scammers promise to match or multiply the crypto sent to them in what is known as a giveaway scam.
• Phishing scams are the most common type of scam, fake emails, texts or other articles imitating legitimate sources such as banks or e-commerce sites are used to reveal personal or financial information. Phishing, in the context of cryptocurrencies, targets information pertaining to online wallets – specifically, scammers are interested in crypto wallet private keys – which are required to access funds within a wallet.

• Blackmail/extortion scams include emails in which the scammer claims to have incriminating evidence i.e of adult websites by the unsuspecting user. The scammer then threatens to go public with the information if not paid.
• Investment in Business Opportunity Scams. For instance, the Africrypt scam that stole billions of dollars worth of BTC by posing as a crypto investment firm. The perpetrators targetted high net-worth individuals telling them to use their platform for great gains, however, they then report being hacked leading to users being unable to access their accounts. They urged their victims to keep the hack a secret, away from authorities, but then proceeded to make away with over 3.8Billion dollars in crypto.
• New crypto-based opportunities for ICOs and NFTs. ICOs and NFTs are all around us and may seem lucrative at first. Keep in mind, if it sounds too good to be true, it usually is. In this scam a victim may be lured into purchasing coins or NFTs sometimes at lower prices, but soon find out that these coins or NFTs are fake.
• DeFi rug pull is another popular scam hanging around in the crypto world. Rug pulls occur when bad actors run off with the funds raised by investors before the project is fully launched. Scammers generally run away with funds that were meant for the set-up of the project. There are two forms of rug pulls, the first would be a soft rug pull where there is a dumping of large amounts of tokens/coins quickly by the developer.  A hard rug pull can take form in liquidity stealing or when project developers code malicious backdoors into their token.
• Cloud Mining scams occur in platforms that will market to retail buyers and investors to front capital to secure an ongoing stream on mining and reward. Some of these platforms will say they will provide the means to mine tokens – cloud mine on your behalf offering different pricing and profitability points. The platforms do not actually have the hash rates they say they do, and will not deliver the rewards following your down payment.

Spotting Cryptocurrency Scams

According to the United States Federal Trade Commission, you need to be on the lookout for big claims such as the following:

• Guarantees of making money. These promises should not be believed as they indicate scams, even if it is endorsed by a celebrity or influencer since they can be easily faked.
• Big pay-outs with guaranteed returns. “Guaranteed” returns should be a big red flag to anyone in the crypto space.
• Free money. Promises of free money, whether in cash or crypto, are usually fake.
• Big claims without details or explanations. Users in the space should be very skeptical about big claims with little detail or explanation.
• Investing in projects where the founders have not made their identity publicly known.

• To avoid being financially devastated if you are pulled into a scam, do not put money into digital currencies if you do not really understand how they work. Educate yourself before entering into any type of investment.
• Check the websites and e-mail addresses you are dealing with
• Projects that have been verified/certified by a trusted auditor such as Hacken are generally more credible. Always look for some sort of verification where possible.
• Projects funded from mixers like Tornado Cash are generally more suspect since the project could be funded by washed funds. 
• Avoid projects with anonymous founders and team members. 
• Do not invest or trade based on unsubstantiated advice from somebody that you have only met online. In fact, don’t just take anyone’s unsupported claims, do your own research (DYOR), and go through as many credible sources as possible.
• Be alert when it comes to social media promoting cryptocurrency giveaways. Free money is never really free, remember; if it’s too good to be true, it is.
• Never share your private keys with anyone. Keep them safe. 

‍

Summary  (TL:DR)

There are various scams being deployed throughout the world, they have been present even before blockchain. Today, these same scams that our mothers and fathers may know of are being used in cryptocurrency. Most these scams exploit your trust, by making you believe:

• They are the legitimate organizations and companies that you have known to trust
• They are celebrities that you respect
• They are the friends and family members you know in real life
• They are legitimate businesses that will give you large returns if you invest in them
• That you will get rich quick by following their instructions

‍

Be vigilant, if it’s too good to be true, it is. Never share delicate information such as passwords and keys. Always educate yourself and do your research using credible resources. 

Sources:

1. Social Engineering Scams : Interpol - https://www.interpol.int/en/Crimes/Financial-crime/Social-engineering-scams
2. What to know about Cryptocurrencies and scams : FTC - https://consumer.ftc.gov/articles/what-know-about-cryptocurrency-and-scams
3. How to Improve Your Cybersecurity - https://hacken.io/researches-and-investigations/how-to-improve-your-cybersecurity/ 
4. Security Pitfalls & Best Practices - https://secureum.substack.com/p/security-pitfalls-and-best-practices-101 

About Hacken

Hacken is a cybersecurity auditor born in 2017 with a vision of transforming Web3 into a more ethical place. With 5+ years of experience, hundreds of blockchain partners, and thousands of secured crypto projects, Hacken protects technological businesses and crypto communities worldwide with the most competitive suite of professional cybersecurity services. 

Hacken in figures:

• 1,070+ clients, including THORSTARTER, ConstitutionDAO, XTblock, Paribus, to name a few
• 180+ partners including Avalanche, Polkastarter, CoinMarketCap, Weld Money, CoinGecko, Solana Foundation, Simplex, to name a few
• 23/50 top crypto exchanges are Hacken clients
• $10B in users’ assets saved from being stolen by hackers

Strategic goal: get a 20% share in the Web 3.0 cybersecurity market by 2024.‍

For more on Hacken follow them on:

Twitter | Discord | Telegram | Hacken.io