10 cryptocurrency scams you need to be aware of
I really hate scammers, in fact I detest them. They prey on anyone, the vulnerable, the naïve and the greedy; there whole aim is to steal. Sadly the crypto space is awash with these low lives and they are becoming both ever more sophisticated and prevalent. In this article I will present 10 common cryptocurrency scams you need to be aware of so that you are more informed as to what to look out for and hopefully help you to avoid becoming a victim of one of these devious schemes.
Cryptocurrency is empowering....but...
One of the liberating and empowering aspects of owning cryptocurrency is the ability to have self sovereignty over one's assets. With this comes a personal responsibility to keep those assets as secure as possible, because in accepting control over your assets you no longer have a third party or middle man acting as custodian; you effectively become your own bank.
Most crypto scams try to find a weakness or attack vector that can be exploited. The sole intention of the scammers is to either gain access to cryptocurrency wallets or get people to unwittingly send their cryptocurrency to them, and this can be achieved in a variety of devious and cunning ways. The following are 10 methods currently being used.
1. Fake websites
Scammers frequently put up fake websites and then have the audacity to advertise those fake websites, which can even end up on the top of a Google search.
For example, in conducting a search for the Metamask wallet download site, you may see an advert that says it’s for "Metamask". If you were to click on it you could be taken to a fake website and you will subsequently install a fake Metamask app.
After you have installed the wallet and have gone through the set up process, including writing down the seed words, the thieves will literally be waiting for you to deposit your crypto at which point they will take control and empty the wallet.
This is the ONLY place you should download a Metamask wallet from:
Alternatively go to the Google Play Store and download the app from there.
Remember to always check the URL of any website that you are visiting and be very mindful of any website where you are conducting a download or clicking a link.
While we are on the subject of Metamask wallets I think it would be useful to digress slightly and explain another approach that scammers use.
They go into Twitter threads and make posts impersonating someone from Metamask support. On any thread where there is a mention of the word "Metamask" they will be waiting to pounce.
Therefore if anyone either complains, comments or is looking for help regarding Metamask wallets on Twitter, they will have people who say that they are from Metamask support in their username or refer you to someone else who says they are. They will then try to get you to fill out a Google form and convince you that it is ok to put your seed words in the form. If the form is sent you will lose all of your money.
2. Fake YouTube streams
Fake YouTube video streams are also another devious method that is used to steal people’s crypto.
The scammers run what you may think are live video streaming presentations being given by a well known personality in the crypto space. For example I have seen these with both the founders of Ethereum and Cardano being involved and most recently the Bitcoin evangelist Michael Saylor.
Although on the face of it you may think the presentations are live but they never, they are effectively a copy of a presentation, a talk or interview that the personality has given previously and as such it is used without their knowledge.
The scammers know how to game the system so as to create a sense of realism. They falsify the number of viewers as well as subscribers so as to make you believe that there are a substantial number viewers and participants.
The premise is that they make the viewer believe that they are offering something for free and all the viewer has to do is send a certain amount of a particular cryptocurrency and they will receive back double or more for free. Sadly many people fall for this and in fact a recent streaming event falsely claiming to be from MicroStrategy, Michael Saylor's company, saw thieves steal over $400,000 from dozens of innocent victims.
The crypto space can be legitimately generous when it comes to giving away free coins in the form of genuine "air drops", for example when crypto projects launch, however NEVER hand over your own crypto in the belief that someone will send you back more. You will lose it all! Consider the old adage…."if it is too good to be true…..it probably is!"
What I actually find quite disgusting with this form of scam is that YouTube does nothing to curtail this type of thing from happening and will even show adverts before the person views the video! And isn't it ironic that if someone says a certain word or phrase that does not fit the desired narrative of the tech behemoth then the video stands a chance of being censored and be banned from being broadcast on the platform. It's funny where their priorities lay.
3. Fake Twitter profiles
Another common scam that is quite prevalent on Twitter is that scam artists will clone the accounts and profiles of well known people and then use their status as a high profile personality to gain trust and make people follow directions with the intent of stealing from them. They will typically send a direct message to the unsuspecting victim and try to entice them into handing over their cryptocurrency by directing them to a scam that they have set up.
Below you can see that someone had the the audacity to pretend to be Elon Musk:
Quite clearly the name is incorrect as it has some weird icons being used, plus I don't think Elon was born in India!
Just remember that if you were ever to receive a random message from a well known person don't get star struck and become all gooey eyed, think logically and ask yourself why would this person really be contacting you?
Another new scam that has recently appeared on Twitter is where a scammer will post a random sentence and introduction. They will try to funnel victims to a YouTube tutorial, that if you follow it, you will end up losing your money. Don't fall for it!
Overall, this is an interesting technique the scammers are using - exploiting the ratio of human greed vs technical knowledge - where scammers are targeting users who are somewhat knowledgeable crypto enthusiasts who are reasonably capable of following fairly technical instructions, but still not educated enough to understand how they are being scammed.
4. Malicious Smart Contracts
Following the success of DeFi on Ethereum, the centralised exchange Binance launched their own blockchain (Binance Smart Chain or BSC) and, allegedly, funded multiple projects that copied the most successful and advanced DeFi-projects that operated on Ethereum. Everything looked fine until a cascade of hacks that targeted projects on BSC in the Spring of 2021.
Most of the attacks used a similar scheme:
A DeFi smart contract had a flaw in its token balances calculation.
An attacker used a flash loan to inflate a token pool or vault.
The attacker then exploited the flaw by initiating a large trade or token swap and tricking the contract into thinking that all balances were correct.
The flash loan was repaid and the attacker got away with some profit
The scammers have however become more brazen in their approach.
Mechanics of the scam:
The author of a video for example shared how they managed to take a flash loan to make one arbitraging trade and earn several BNB (1 BNB cost around $400). And, out of generosity, they shared the technique:
Viewer was asked to deploy a smart contract that performs all of the functions.
To cover transaction fees, viewer was asked to deposit 0.25 BNB into the contract. The contract belonged to the viewer, so everything looked safe.
Then, viewer needed to execute the flash loan function of the contract.
The author even uploaded the contract to Remix, an Ethereum online development environment, so viewer needed to only click a couple of buttons.
Everyone who followed the instructions lost the 0.25 BNB they deposited into the contract and got nothing in return. At the time of writing, more than 44 BNB (nearly $25,000) had been withdrawn from the attacker’s address.
5. Rug Pulls with a Twist
A rug pull is a fraudulent scheme that tricks people into investing money in a product. In this case, with an offer for an incredible deal, an investor is enticed to invest their hard-earned money (or, in some cases, Bitcoin and other cryptos) into a particular token.
Essentially, what happens then is that the token developers abandon the project, taking their investors’ money, and leaving little to no trace.
Cheemies was a token that was recently being promoted in the crypto space through social media as well as a very unprofessional website. Needless to say the thought of massive gains enticed a number of "investors" or perhaps I should I say once again.....victims!
The standard schtick was used: liquidity was locked, no developer tokens involved, it was being promoted by a big influencer, there was absolutely nothing untoward, etc...
The token went live for around 2 1/2 hours and in that time 33 people lost their money totaling around 25 ETH (approximately $100,000).
What made this rug pull different from other scams was the smart contract that they deployed when the tokens were bought on the decentralised exchange (Dex). Once the tokens were in the wallet of the buyer even if they hadn't subsequently gone to the Dex and approved them for sale the fraudsters were still able to get into the person's wallet, withdraw the tokens and then either dump them or offer them for sale again.
6. Strangers trying to befriend you...and scam you!
I am mentioning this particular scam because it was something that happened to me only last week on Twitter and even though I saw through the rouse I can see other people easily falling for the scam.
I am trying to develop more of a presence on social media so at the moment I don't have a many followers and I seldom have people message me. However, last week out of the blue I received a direct message from a young lady of Far Eastern decent, well that is what the profile was showing.
Being a red blooded male I guess I was quite flattered by the attention, however as a consequence of my personal crypto journey to date I was wary of any subsequent conversations and where they would ultimately lead to.
We exchanged pleasantries and she asked if we could continue our conversation on WhatsApp; I was curious so I obliged.
She seemed quite sincere and well educated, although there were some immediate red flags that put me on notice that I had to be on my guard. She said that she was living in Singapore, however her telephone number had a UK dialing code, plus she had an odd building as a profile picture, which when questioned about she said that it was her Uncle's golf club!
The following day I received a video call from her, however the person who I was speaking to was different from the person in the picture on her Twitter profile and having lived in South East Asia the accent indicated that the lady I was speaking with was definitely not from Singapore, but actually from Thailand. Again I was polite and the conversation was brief.
The next day I then started to receive information about a new crypto project that was only known about in Asia and I was asked several times whether I was interested in investing.
The conversation quickly transitioned from being nice, light and friendly to being a hard sell from a pushy salesperson. Lots of information started to get messaged to me which was most certainly a copy and paste of some generic online information about the Internet of Things (IOT). Simple and what I would regard to be standard due diligence questions were ignored and the tone was solely focused on pushing me to part with my money.
I saw through what her or more than likely their intentions were, however I could easily see many other people who are perhaps gullible and new to the crypto space quite easily being manipulated to part with their money.
Hackers are constantly looking to exploit vulnerabilities in technology as well as mistakes and errors made by humans operating devices linked to the internet.
In crypto there is one simple phrase that every investor should etch into their brain:
"Not Your Keys Not Your Coins"
The expression “not your keys, not your coins” refers to needing to own the private keys associated with your funds.
The person owning private keys is the one who ultimately decides how the crypto assets associated are spent – if you don’t own this, you’re entrusting your crypto to a third party.
If you do own your keys, you have complete control over how to use your funds.
Owning your keys also means being responsible for their security.
Hackers know the incredible power of being able to gain access to the private keys of a crypto wallet, because it is effectively like having the key or combination to a vault that can be entered and plundered from anywhere in the world.
Simple rules to follow:
Never keep your crypto private keys on ANY device that connects to the internet. I heard of a situation recently where an elderly gentleman who had tens of millions of dollars worth of cryptocurrency stolen from him by a hacker who gained access and downloaded all of his data and information held on his mobile phone when he walked through an airport and his phone picked up and connected to a public WiFi spot that was set up by the hackers. Unfortunately he made the mistake of storing the private keys to his Metamask wallet on his phone as well as the wallet app. This was a very unfortunate and extremely costly mistake that could have easily been avoided.
Never give out your private keys to ANYONE.
Consider investing in a cold storage device such as a Ledger.
8. Fake Telegram Groups
Cryptocurrency projects often use the social chatting channel Telegram as a means of communicating with and helping their communities. This medium is very good means of letting people keep up to date with what is transpiring or allow community members to ask questions and gain knowledge. However scammers know that these channels attract many new people to popular projects and as such they invariably create channels that purport to be associated with the crypto project, but are instead nothing more than a scam that have the sole intention of trying to get people to part with their money.
Scam Telegram channels rarely have a means of allowing participants to send messages
Always check with the official channels such as the project website or community members what the correct Telegram channel is and only join that one.
,Scam channels tend to appear in one's active groups list automatically, especially if you have already joined another channel associated with the project. For example, below is the screenshot of a scam channel
that appeared on my phone only today. I know that they are most definitely a scams as I am a member of the genuine PulseX channel.,
9. SIM Swap plus Telegram
SIM swap attacks, which transfer ownership of your phone number to a malicious attacker, are a common attack vector.
And once the attacker has your number in hand, they can cause all sorts of mayhem, most notably by obtaining two-factor authentication (2FA) codes for your important logins that are sent over text.
A lot of traditional finance banks and other services operate on legacy technology, for example, meaning that many only offer 2FA authentication via text. 2FA over text, plus SIM swap, often leads to a zero bank balance.
Telegram’s killer feature is that it allows an easy and convenient way to communicate with others via username, instead of phone number. If attackers don’t know your phone number, how can they SIM swap you? So goes the logic, and so a lot of crypto users just install Telegram, ignore the settings, and call it a day.
But that’s not enough. Since everyone is on Telegram, Telegram is the place where hackers concentrate a lot of firepower. If you’re not careful, there are ways to get pwned through Telegram, as well.
If you use Telegram make sure that you set up two-factor authentication to protect your account against hijacking. The primary login method uses a one-time code sent by text, so Telegram lets you set a password as the second factor. In case someone manages to SIM swap you, Telegram will prompt them for a password in order to access your account, instead of just letting them in based on having access to the phone number. You will rarely enter this password in, so make sure that you store it somewhere safe, like in a password manager, so you won’t forget it.
Make sure you restrict what information you share with other Telegram users so as not to share unnecessary details with all 500 million Telegram users in the Privacy settings you should pretty much turn off everything.
10. Executable files that are received
Regardless of what app or piece of software you are interacting with hackers like to send links which when clicked on open up a type of ‘hacking software’ that can infect a computer with malware and it has been known for it to replace all crypto wallets on that computer or device with their own versions of those wallets. Of course, the modified crypto wallets then send all the funds to the attacker.
Therefore, never open any files or click on any links that are sent to you from unknown parties. In actual fact if you have any doubts whatsoever over what has been sent to you, even if it is from someone that you know and trust, don't open the file or click on the link.
Lessons to learn
Hackers, scammers and thieves are a frustrating and known facet of the crypto space. They are constantly adapting and changing their techniques and you definitely need to have your wits about you when operating in the space; security must be taken extremely seriously.
These nefarious characters are obviously creative minds. The ingenuity and perseverance would be good if they put the same effort towards positive and meaningful projects. Instead they rob others of their funds and sooth their souls that those people deserved to be robbed. Unfortunately this is a sad indictment of modern society and the reality is it isn't going to change anytime soon.
Hopefully you are now aware of some of the common scams that are currently being employed by unscrupulous individuals in the crypto arena and you also have the knowledge to be able to recognize and avoid situations that have the potential to put your assets at jeopardy, however I will leave you with these simple lessons:
The first lesson, and this applies to all investments, any of which is potentially a scam - is NEVER FOMO into something! Do not pull the trigger quickly! Whenever you find that "amazing deal" that is going to make you rich: STOP! WAIT! SEARCH! READ! OBSERVE! STUDY! THINK! LEARN! Repeat several times! Then, and only then - make your move.
Second, you have to consider that by eliminating middle men and taking control of your assets it requires you to put your big boy (or girl) pants on and take personal responsibility for all actions and security measures taken to ensure that your money and potentially life changing wealth stays completely safe. You need to stay alert and vigilant, especially when navigating or moving assets around in the crypto eco-system.
Finally, if you intend on holding your assets for the long term consider setting up a wallet, reproduce and store the private key (12 word seed phrase) in such a way that it won't be affected or damaged by either fire or water damage. You can then literally delete the wallet from any of your computer or mobile devices and at the appropriate time you'll be able to re-enter the 12 words into a new wallet on any device, from anywhere in the world and you will be able to retrieve your assets. Alternatively consider buying and setting up a cold storage device or take a look at the following video that has a rather ingenious solution for storing a seed phrase.<<VIDEO LINK>>