As the cryptocurrency scene has grown, so has the appetite for scams.
After a certain number of confirmations, the spending of bitcoins is irreversible. While irreversible transactions have advantages (e.g., no chargeback fraud), scammers have capitalised on this feature as well as cryptocurrency’s digital nature.
As soon as people started to realise cryptocurrency was valuable, scammers fielded simple as well as sophisticated techniques to steal people’s coins.
While con artists will always come up with new ways of stealing coins from unsuspecting victims, this article will look at the most common cryptocurrency scams and the precautions you should take.
Perhaps one of the most popular scams involves tricking a user of an exchange or a social media platform into thinking they are logging onto a genuine platform.
Fake websites are a form of phishing, where the user unknowingly provides their log in details to the scammer. These links are often floated on social media, so be careful what links you click on.
Always ensure you bookmark the genuine page of Interdax or any other cryptocurrency service you are using and use it to log on to the platform each time. If you click on a link starting with http, it is insecure and could potentially be a fake website.
Malicious Mobile Apps
Some mobile wallets may have access to your private keys, while others are solely designed to mimic genuine cryptocurrency wallets and steal your money.
Not all of these malicious mobile wallet apps have been purged from the Google Play store, so you have to be careful when downloading mobile wallets and cryptocurrency-related software. Coin Wallet was a malicious wallet that used the same address for each cryptocurrency it supported, which meant that users were tricked into depositing coins to the attacker’s address.
You should always research the company and the individuals behind any software you use, check their social media channels as well as any feedback on Google Play or the Apple Store. you can download mobile wallets directly from the provider’s website.
Decent mobile wallet apps should also appear on the free and open source app repository F-droid.
One scam that abused social media platforms to trick people into parting with their cryptocurrency was the wave of fake giveaways from accounts that pretended to be famous people, mostly in the cryptocurrency space such as Ethereum’s co-founder Vitalik Buterin, but also Tesla’s Elon Musk.
These giveaway scams offered their victims the potential to double their money if they sent a certain amount of ether to their address, but the sender would not receive anything back.
On top of this, these accounts replied on the feeds of the people they were impersonating to dupe users into sending them ether. These scams became so effective that even Vitalik Buterin changed his Twitter handle to read “Vitalik Non-giver of Ether” since his image was used frequently in these fake giveaways.
Peer-to-peer exchanges can also be vulnerable to scammers, especially if you do not check their feedback. For instance, victims can be targeted on LocalBitcoins and other peer-to-peer exchanges, with the perpetrators using charge backs via PayPal or through their bank account.
Also, these platforms have sometimes facilitated robberies with respect to face-to-face bitcoin sales. In April 2018, it was reported that a fraudulent bitcoin seller stole $365,000 in cash from a prospective buyer in Malaysia. The victim was assaulted by two men as the broker run off with the money. When organising a face to face meet to exchange bitcoins for cash, always meet in a busy, public place.
There are also third-party scams on platforms like LocalBitcoins, where a scammer may advertise a phone for sale. The scammer also opens a trade on LocalBitcoins to buy bitcoin from you and then uses your bank address in the ‘sale’ of the phone. The scammer gets the bitcoins from the trade and the bitcoin seller gets the funds, but the victim buying the phone gets nothing. When the victim realises he has been scammed, the bitcoin seller will be linked to the crime.
You should also remain vigilant when using centralised exchanges. For instance, exit scams and the withholding of customer funds are two common ways exchanges can swindle their users.
Ensure you check the legitimacy of the exchange by researching the history of the company, their leadership team, what the trading and cryptocurrency communities have to say about them, how long they have been in operation and where they are based.
Friend in Need
Another scam is the “friend in need” scheme where say your friend’s social media account is hacked and they ask for funds in an emergency.
These scams rely on the trust you place in your friends and those close to you, so always be sure to verify who you are speaking to in some other way.
Have that friend’s mobile number or email? Follow up with them to ensure that their request for help is indeed genuine.
Similar to fake websites, criminals also use emails to ‘phish’ their victim’s details.
For instance, an email may appear to come from Interdax but when the receiver clicks on the link, they are taken to a scam site where the information on their computer could become exposed.
A well-known example of phishing emails pretends to be a tax authority such as the IRS in the United States or HMRC in the United Kingdom. These emails impersonate the tax man and pressure you to send your bitcoins to settle a debt or avoid prosecution. Keep in mind that tax agencies will never ask you to send them bitcoin.
Investors that are new to cryptocurrency are often courted by people who claim to mine bitcoin and give a large return on your investment.
These schemes are similar to the fake giveaways in that they entice users with a promise of a return on their investment. In general, anyone or anything that offers you a guaranteed return is most likely a fraud.
Similarly, a lot of scams have involved cloud mining. Cloud mining essentially allows you to rent server space to mine coins using someone else’s hardware. While there are legitimate cloud mining providers, the sector is also riddled with Ponzi schemes and swindlers.
Be sure to investigate a cloud mining company thoroughly before buying any of their services. Specifically, you will want to check if the company has any positive customer reviews and can provide proof of their mining capabilities.
Pump and Dumps
Since cryptocurrency is still in its early formative years, market manipulation is a lot easier than with assets that are more heavily traded. As a result of the low volume of some altcoins, individuals can get together and influence the market by engaging in what is known as a pump and dump.
These traders band together to coordinate the buying of an altcoin to drive its price higher in an attempt to lure new buyers in. However, once new buyers started to arrive and the price has moved up significantly, these traders will exit their positions in profit and leave everyone else holding the bag.
As the traders exit their positions, volume dries up and the price falls back near its pre-pump levels. Pump and Dumps are often coordinated on Telegram but avoid being tempted to join these groups, as they may even mislead their own members to cut them out and gain a higher profit.
Hardware Wallets: Man in the Middle Attacks
Criminals have also taken advantage of the fact that people may want hardware wallets to securely store their cryptocurrency offline. Hardware wallets provide the private keys and signatures needed to transact in bitcoin and come with a small piece of paper which you write your 24 word seed on to restore your wallet.
However, one Reddit user reported a scam in 2018 where the hardware wallet was bought from an unregistered seller on eBay. The device arrived with the seed already printed onto a piece of paper that had to be scratched to reveal the words.
Once the user stored cryptocurrency on this hardware wallet, the scammer accessed and transferred these funds, since they knew the secret seed to restore that wallet. You should always generate the private keys and secret seed yourself, and a genuine hardware wallet will never come with a pre-written seed.
To avoid man in the middle attacks, always buy hardware wallets directly from the provider using their website or from a registered seller. Never buy hardware wallets from eBay or unregistered sellers.