Cryptocurrencies have gained immense popularity in recent years, with global mainstream media coverage and celebrities openly wearing their NFTs. The recent approval of the Bitcoin Spot ETF is likely to further increase the influx of funds into the blockchain market. This activity has not gone unnoticed by bad actors and hackers.
With increased digitization and new AI tools, it is increasingly important for individuals to remain vigilant and take protective measures. The FBI reported more than $2.5 billion in losses from crypto-related scams in 2022. To protect yourself from fraudulent schemes, it's important to be aware of the most common crypto scams and take steps to protect your investments. Here's a breakdown of some of the most common crypto scams, along with tips on how to avoid them.
Subscribe to our newsletter
The best articles of the week, directly delivered into your mailbox.
1. Phishing scams
Phishing scams are common in the cryptocurrency space and use emails, text messages, or social media messages to trick users into revealing their private information. These messages often appear to come from legitimate sources, such as cryptocurrency exchanges or employees of well-known companies. They may request account credentials, authentication codes, or seed phrases used to access cryptocurrency wallets. It is important to note that wallet seed phrases should never be shared with anyone under any circumstances. Sharing the seed phrase grants access to all cryptocurrencies stored in that wallet. Also be careful where the seed phrase is stored, it is recommended not to store seed phrases digitally, but rather keep physical copies.
To protect yourself from phishing scams, be wary of suspicious emails or messages, especially those with embedded links or attachments. Hover over links or right-click to copy the link address and paste it into a Word document to see the actual destination URL before clicking. Never give out sensitive information in unsolicited communications. Especially if you were not expecting the message in the first place. Even if the message appears to come from a legitimate source, always double-check the website and social media accounts associated with it. Scam websites often switch domains, for example, the official website is on a ".com" domain and the scammers create a fake ".org" site. Social media handles are often spelled the same with a letter that is swapped or has a similar sound, for example: @fr3derik instead of @frederik.
Scammers also use relatively simple methods to obtain digital assets. Be careful when using messaging apps like Telegram, where it's easy to get contact information and mask your identity. You can be certain if you receive messages along the lines of "Send me 1 BTC and you will receive 2 BTC back" or "I am so sorry, but I have lost access to my wallet. Can you please send me..." that these are all phishing attempts. Likewise, private messages from alleged "support agents" should always be treated with the utmost caution.
2. SIM swap attacks
In the digital age, smartphones have become an indispensable part of everyday life. They serve as the primary link for communication, banking, navigation, and countless other online services. This reliance on mobile devices has also made them a prime target for cybercriminals, who have developed sophisticated schemes to exploit them.
A SIM swap is a fraudulent technique in which a hacker convinces a mobile service provider to transfer the victim's phone number to a new SIM card under the attacker's control, allowing calls and messages to be intercepted. This gives the scammer complete control over the victim's phone number. It allows them to receive text messages, such as two-Factor Authentication (2FA) codes. Hackers can also impersonate victims to gain unauthorized access to their financial accounts, social media profiles, and other services.
The consequences of a SIM swap scam can be devastating, ranging from financial loss and identity theft to emotional distress and reputational damage. The most recent example is the SEC's compromised Twitter account, where hackers released an early tweet about the upcoming spot bitcoin ETF, causing a price pump and subsequent dump. To protect yourself from this threat, it's important to be aware of the tactics used by scammers and take proactive measures to protect your phone number and personal information. It is also recommended to never use mobile numbers as 2 Factor Authentication (2FA) but download a dedicated app such as Google Authenticator or Authy.
3. Fake investment opportunities
Scammers often create websites or social media pages that mimic legitimate cryptocurrency exchanges or investment platforms. They lure unsuspecting individuals with promises of high returns, limited-time offers, or exclusive investment opportunities. These sites are typically recent and have not gained much feedback from users. Twitter (X) is an important source information, that allows you to put together a first opinion. Typically if the sentiment or reviews of a product or platform is negative it most likely has valid substance and should be taken into consideration before interacting with the dApp.
To avoid falling prey to these schemes, always conduct thorough research on any investment opportunity before committing funds. Look for reputable reviews, verify the authenticity of the website or platform, and never rely on unsolicited emails or messages for investment advice.
4. Airdrops or giveaways
Scammers can also create fake airdrops or giveaways, promising free cryptocurrency tokens or prizes to entice users to connect their wallets or provide personal information. While legitimate airdrops do occur, these scams often contain malware or redirect users to malicious websites. To avoid falling victim to fake airdrops, only participate in airdrops or giveaways from reputable sources or projects. Research the project thoroughly and verify the authenticity of the airdrop before connecting your wallet.
The airdrop tactic can also be used by sending free tokens or NFTs to wallet addresses. This tricks users into interacting with scam sites or contract addresses. It's an easy to implement scheme as, due to the way the blockchain is setup, wallet addresses are publicly available and transactions cannot be prevented from being received on a non-custodial wallet.
5. Wallet drainers
So-called wallet drainers typically work by exploiting vulnerabilities in cryptocurrency exchanges, wallets, or dApps. Once a user connects their wallet to a compromised website or platform and signs the smart contract with their wallet, the user gives permission for whatever is written in the fraudulent smart contract's code. Typically, the signature triggers a transfer of all cryptocurrency and NFTs to a wallet controlled by the hackers.
Wallet drainers can be devastating for victims. The stolen funds are irretrievable, as blockchain transactions cannot be reversed or stopped. Thankfully the transparency of the blockchain makes it possible to track transactions. These wallets controlled by criminals or tainted with cryptocurrencies from dubious sources can be flagged. This, in turn, can make it difficult for criminals to off-ramp their stolen cryptocurrencies to Fiat. Especially, if they have been flagged by compliance tools such as Chainalysis. Still, users should proceed with utmost caution when approving transactions on websites.
Protect yourself from crypto scams by taking the following steps:
- Interact only with legitimate websites
Always verify the URL of a website before entering any personal information or connecting your wallet. Avoid clicking on suspicious links or attachments in emails or messages.
- Keep your software updated
Cryptocurrency wallets sometimes release security updates to patch vulnerabilities. Make sure your software is always up to date to minimize the risk of exploitation.
- Never share your private keys or seed phrases
These are the keys to your cryptocurrency holdings, and sharing them with anyone is like giving away your money. Never enter them on websites or share them in messages.
- Beware of unsolicited offers
Be wary of unsolicited messages or emails claiming to offer high-return investment opportunities, free cryptocurrency, or other unrealistic promises. These are often signs of a scam.
- Do your own research (DYOR)
Conduct thorough research before investing in any cryptocurrency project or participating in any airdrops or giveaways. Only invest in projects with a strong track record and a transparent team.