Inside the world of crypto where there is no bank or institutional oversight, users are responsible for the security of their own token holdings. Generally speaking, crypto security is practically impenetrable, but human error can be a single point of failure.
Every day, new users fall victim to crypto attacks from scammers as they don’t realize how some things work and aren’t able to spot the red flags. Crypto scammers take advantage of new users’ lack of knowledge, so being aware of what tactics they use and disarming their knowledge is a huge step in protecting your crypto so you don’t make unnecessary errors.
It is important to understand what you’re doing as most countries have no crypto regulation, so bringing these scammers to justice rarely if ever happens, and being on the blockchain makes it that much harder to identify individuals who are engaging in fraudulent activity.
The common methods scammers use to try and steal your crypto
1 – Asking for your wallet seed or recovery phrase. This is something no one else aside from the wallet owner should ever see, and it must always remain private. The seed phrase has a singular use; preventing others from accessing your wallet. This is why users are prompted to secretly store a seed phrase somewhere private and offline.
Scammers often claim you’ve won some crypto in an airdrop and need to type in your private key in order to receive the crypto. What they’re doing is simply trying to steal your 12 or 24 word seed phrase and gain access to your crypto. They could even use a link to a replica wallet interface that looks nearly the same as your usual wallet entry. Be sure to always check the website you’re on and that the link spelling checks out fine.
2 – This brings us to the next method: illegitimate websites. Scammers create replica or fraudulent websites that rely on users not checking the small details. Example:
Real website – polkadot.network
Replica website – polkadotnetwork.com
2nd Replica website – polkdot.network
These fraudulent websites could be an NFT store, wallet application, or a project homepage. The idea is they’ve copied the code of the real website and created a false sense of security in order to acquire sensitive information from you. They may promote a special offer to push you further into giving up information. These replica websites also sometimes buy ads to end up on the first page of Google search results. How to avoid this?
Make sure the website domain name checks out, including knowing if it should end in .io .net .com .edu .co or something else, and look for any spelling errors as no two websites can have the same name. Bookmark websites you trust in order to fast track them and save time.
3 – Social media scamming has become the most prevalent form of crypto scams.
Using false social media handles, pretending to be influencers volunteering to invest for you or crypto miners asking you to send $200 in order for you to receive $15,000 in a matter of hours is just about as illegitimate as it gets. New users still fall victim unaware that professionals in the industry do not approach you in the DMs.
To clarify it’s a scam, double check the account handle, followers, and post dates. If it’s fake, likely all of these will be suspicious, including a huge group of posts posted on the same day, something no one really ever does.
If someone unknown has reached out and is asking you for money or wants you to click on a link, best believe they’re a scam, especially if they seem disinterested in anything else besides those two options. Instagram, Twitter, Discord, Telegram, and What’s App are all prone to heavy scamming.
4 – Pump and dump projects. There are several varieties of these scams:
- Fake ICOs – These Initial Coin Offerings use gimmicks such as trends, a high quality website, or big promises without the intention of following it up (example: Squid Games token). They simply aim to gain investor money and run off with it. Usually, if the project is broken down from its whitepaper to the team behind the project and their social media, their real dedication to the project will show. For new users, it’s wise to stay away from ICOs until having dealt with many other crypto niches first.
- Smart contract bugs – Smart contracts can be adjusted for devious manipulation, including the ability to buy a token, but the inability to sell it. With the approval function on or the rebase function off in a token contract, a scam coin can run for years and give off the idea that’s being bought up when really it’s forcing users to hold, leaving the founders with the ability to run off with their bags at any given time. Sometimes it pays to read smart contracts. Additionally, this can be spotted by the lack of any trade volume of the project.
- Whales with dividing wallets – Whales are crypto holders with an amassed fortune of cryptocurrency in a wallet, and they have the ability to manipulate markets. Some smaller projects may be overrun and controlled by a whale using multiple crypto wallets, however, this is fully traceable on the blockchain if you’re willing to do some digging to find if owners are connected. There are also whale tracking accounts and analytics available.
5 – A newer occurrence is a scam where someone claiming to be from a country where crypto is banned needs to get rid of their crypto and offer to give it to you for free while supplying you with the seed phrase to their wallet. They’ll likely leave a few thousand dollars in Tether inside the wallet, which can only be moved from the wallet when paired with a small amount of Ethereum. This plays on the greed of a seemingly opportunistic chance to make a quick few thousand dollars. The victim then sends $50 of their own ETH to the wallet in order to move the Tether to their own wallet, but within seconds of sending the money, the Ethereum is snatched up by the scammer.