User security is a big challenge facing the crypto ecosystem. Unfortunately, there have been billions of dollars worth of bitcoin, ether, and other cryptocurrencies stolen or locked by scammers and hackers in recent years.
Why so much? There are many possible reasons. For you as an individual crypto investor or trader, understanding why scams and hacks are so prevalent isn’t all that important.
What is of the utmost importance, though, is that you’re able to minimise the chances that you become a victim. It’s worth highlighting that this relates far more to the ‘scamming’ side of things than it does ‘hacking’, so that’s what we’ll focus on below.
To be able to better protect yourself against crypto scammers, you must be aware of their most common tricks and techniques. Making things easier for you is the fact that you’re (hopefully) already familiar with many of these crypto scams. That’s because they’re essentially re-designed versions of the classic online scams that have existed for decades.
When it comes to common types of cryptocurrency scams, there’s just one you need to understand. Be aware that whilst various sub-types exist, they all ultimately fall back on the same premise. That is, the scammer is trying to trick you into trusting them enough that you send your cryptocurrency to their address.
Spend some time on platforms like Twitter, Telegram, Reddit, and Discord, and you’re bound to come across trust-trading crypto scams. If you’re familiar with advance-fee or up-front payment scams—made infamous by the age-old Nigerian 419 scam—then trust-trading scams are basically just that.
With these scams, victims are encouraged to send cryptocurrency to an attacker’s address with the promise of receiving more cryptocurrency back. They’ll often be presented in a way that makes it seem like it’s being offered by a reputable, popular cryptocurrency exchange, business, or industry personality.
Typically, the scammers will post something along the lines of: “To celebrate the launch of [XYZ], we’re doing a giveaway! To join, simply send us 0.5 ETH and we’ll send you 5 ETH back.” These scammers usually deploy bots to support the post and comment with affirmative responses (e.g., “Thanks! This was super easy!”) to make the bogus offer appear more legitimate.
In the above example, the scammer has uploaded an image of a photoshopped tweet. This makes it harder for Twitter’s automated detection technology to identify it. In an effort to “legitimise” the scam, they have included fabricated responses from trusted, well-known industry figures—in this case, Anthony Pompliano (Managing Partner, Morgan Creek Digital) and Brian Armstrong (Co-Founder & CEO, Coinbase).
Crypto scammers also lurk over on Facebook. In Australia in particular, this has been an ongoing issue for years. Unlike Twitter, scams on Facebook take the form of paid advertisements that exploit the social influence of various high-profile Australians—from billionaires James Packer and Andrew ‘Twiggy’ Forrest to well-known television hosts David Koch and Waleed Aly—to trick the vulnerable into sending them bitcoin.
Example of a trust-trading scam involving a fake Nugget’s News account
Keeping Scammers at Bay
There is a near-endless amount of tips when it comes to defending yourself against scammers. Plenty of these tips you’ve likely come across when learning about traditional online scam protection. Some, however, are specific to the cryptocurrency ecosystem—such as the tips explained below.
- Never share your private keys. Sometimes following blanket rules can inadvertently do more harm than good. This isn’t one of those times. Click through for more on private keys.
- Bookmark your most visited cryptocurrency websites. The more you can get in the habit of navigating the internet using bookmarks, the safer you’ll be. Try minimising the number of links you click on, especially those in emails, social media platforms, messages, and online forums.
- Only send cryptocurrency to trusted addresses. If you’re about to send a material amount of cryptocurrency to another address, it’s worthwhile checking it using a block explorer. Some explorers flag addresses that are associated with known scams.
Use These Resources
Encouragingly, there are many websites and initiatives that exist solely to help crypto users stay safe from scammers. We’ve linked to and described some of these helpful resources below. Keep them handy!
- CryptoScamDB—an open-source dataset of more than 7,000 known scams across various public blockchains such as Bitcoin and Ethereum.
- EtherAddressLookup—an open-source security plugin designed to protect users from unsafe websites, Twitter accounts, and cryptocurrency addresses.
- HoweyCoins.com—a bogus website created by the U.S. Securities and Exchange Commission as an educational tool to alert investors to possible cryptocurrency fraud.
At the end of the day, scammers will have great difficulty tricking you if you’re in the know and act with vigilance. The more people who know how to spot crypto scams, the better! Be sure to word up your friends, family, or colleagues about what to look out for.