Cryptocurrency Scams

The crypto storm has found takers in both retail and institutional investors. But as more and more people are jumping onto this bandwagon by making a higher investment, it is also luring in more threats from hackers and other cybercriminals. If you are planning on entering the crypto market, then you have arrived at the right place. Today we are going to discuss the common types of crypto scams and analyze the background causes so that you can make a well-informed decision prior to investing.

Ways in Which Investors Might Lose Their Crypto

  • Losing your private key – Wallet keys can be compared with that of a conventional vault. They create signatures and authorize transactions required for spending your crypto. Thus, losing the private key means you are going to lose the funds stored in your wallet as you won’t be able to access it anymore. All crypto wallets offer a certain number of attempts to the users before the content gets encrypted forever. This is why all crypto investors should be especially cautious about not sharing their private keys with anyone.

Solution: To be on the safer side, you can opt for a removable drive or computer hard drive to store the wallet as online ones are the least secure. Certain users opt for paper wallets where the encryption keys are printed and stored in a physical paper sheet making them safe from hackers. Alternatively, you can bank on the services of third-party hardware like Trezor which is going to manage your wallet and alleviate all security concerns. However, you are going to get locked out on forgetting the login details although the third-party hardware is highly immune to cyber threats.  

  • Storing critical information unencrypted – Storing sensitive credentials unencrypted makes it hugely vulnerable to attacks from malicious parties. Hackers conducted a theft worth $2 million from popular crypto trader Ian Balina after finding that the plaintext versions of his private keys were stored on Evernote.

Solution: This is why it is advisable to password-protect and encrypt sensitive credentials like passphrases and private keys. You can also encrypt your communication channels like emails for benefitting from an additional layer of security. Hackers often use techniques like malware and keyboard loggers for gaining access to information stored in your computer. Thus, it is best to note down the credentials on hard paper and store them in safety deposit boxes. Often investors go a step ahead by separating the phrases into separate portions for being stored securely in different safety deposit boxes.

  • Keeping your crypto on an exchange – Crypto exchanges allow individuals to transact in cryptocurrencies. However, these exchanges often fall prey to hackers and 46 crypto exchanges have suffered major hacks since 2012. In 2019 alone, 19 crypto exchanges were compromised by hackers though the number has decreased since then coupled with improvements in enterprise distributed storage solutions. The centralized structure and huge fund holding of exchange platforms make them a frequent hacking target. You can take the example of the Binance hack on 7th May 2019 where the attackers used a combination of viruses, phishing, and other vectors which lead to a compromise of the user’s API tokens and two-factor authentication codes. Hardware wallets are more preferred storage for crypto private keys compared to trading platforms.
  • Using weak & reused passwords – You can keep your login credentials safe with unique passwords including a mix of lower and uppercase letters, numbers, and special characters. It is also important to make sure that you do not reuse old passwords and opt for significantly lengthy passwords to prevent brute force attacks. Often investors make the mistake of using a complex password for multiple accounts. This is a poor security practice that can make every account sharing a similar password vulnerable to hacking.
  • Not using two-factor authentication (2FA) – The digital nature of cryptocurrencies makes them vulnerable to an array of security threats. To keep things on the safer side, you can set up two-factor authentication for your exchange accounts. This acts as an additional layer of security and prevents unauthorized access to your trading account. 2FA makes it difficult for cybercriminals to gain access to your accounts even when they have cracked your username and password. A hacker needs to access your email account or phone for breaking into your account once 2FA is enabled. It is supported by most crypto platforms though the method of implementation differs from case to case. While some integrate authentication apps like Google Authenticator or Authy, others send a one-time password via SMS and email. 2FA should be enabled on multiple business functions starting from logging in to moving funds and making trades. Investors need to stay cautious post 2FA implementation to keep their account secure from malicious tactics like SIM swapping which often circumvents 2FA security measures.
  • Falling victim to phishing scams – Cybercriminals commonly undertake phishing tactics for obtaining the private keys and login credentials of investors. Under this method, attackers impersonate a renowned individual of the crypto community or a popular exchange. They copy everything ranging from the website URL to the official branding pressurizing investors to send their account credentials. To stay on the safer side, you should avoid clicking on suspicious links and uploading the private keys to any site. Rather you should verify the authenticity of the sender by examining their email address as scammers usually use special characters allowing the email or handle to look similar to the original. For example, the real Twitter handle of Elon Musk is @elonmusk whereas the fake account handles are like @elonnmusk.
  • Handing over your API keys – Handing over API keys to a third party makes it vulnerable to malicious activities. Various cloud-based services and trading bots perform trades on behalf of investors by commonly accessing a user’s API keys. Attackers can exploit stolen API keys by trading the investors’ balance via highly unprofitable trades against the bot deployed by themselves. Investors should refrain from sharing their API keys with anyone even when the withdrawals are disabled. Various Binance customers were using a third-party trading bot in 2018 which pumped up the price of Viacoin by placing orders without the investor’s permission. Artificial inflation of Viacoin price caused various investors to lose considerable sums of money while making trades. Binance reversed the trades by freezing the accounts of victims.
  • Downloading unknown software – Ransomware and malware attacks have been increasing with every passing year. These pesky programs can encrypt the files of investors and claim a huge sum for decryption. Usually, malware finds its way into your system when you download unknown software from different sources. You can take the example of Cookie Miner which steals browser cookies from wallets and exchanges websites alongside iPhone text messages and Chrome saved passwords. All this information offers the malicious software adequate intel to access your account even when you have two-factor SMS authentication activated. You can keep your crypto buffered from malware by updating your antivirus software. It also becomes imperative to double-check public addresses before transferring crypto to another wallet.
  • Installing unknown browser plug-ins – The internet is filled with malicious plugins which take advantage of unsuspecting victims who might grant permission without proper knowledge. Attackers installed a mining software for the Monero crypto which compromised a third-party browser plug-in called Browseloud. This plug-in is commonly used by various websites for offering speech navigation support to users. Prior to installing a browser plug-in, investors need to conduct proper due diligence. This can be done by scouring Google and reading reviews so that you understand the permissions you are providing to the software.

Types of Crypto Scams to Avoid

  • ICO fraud – Fabricating a fake ICO is one of the most common means of a crypto scam. Here a market hype is created persuading people to invest in the same. Often companies bank on ICOs to raise the initial funding and this belief is misused for scamming unsuspecting investors. Some signs of ICO fraud you need to be aware of are unusual hurry in execution, copied whitepaper, no roadmap, mismatch of said and written words, half anonymous team, etc.
  • Phone porting – This type of scam targets established investors of the crypto sector by gaining control over mobile gadgets remotely with another phone. Hackers can call your service provider by impersonating you and request a change in private keys and other credentials. This can be achieved if the hackers have access to your personal information like your name and phone number. If you somehow fall prey to phone porting, then you can contact the support team and request them to change your credentials. Alternatively, you can change your phone line and instruct your bank to monitor any fraudulent activities.
  • Fake digital wallets – You need to think twice before choosing any random digital wallet from the app store as it might be fraudulent causing massive loss of money. It is imperative to conduct proper due diligence before entrusting your funds with a digital wallet.
  • Bitcoin-stealing malware – Crypto malware can drain significant funds using the victims’ computer by leveraging their processing power. This tool is gaining massive popularity amongst cybercriminals and can run independently after being executed once on the victim’s device. Rather than stealing data, this form of malware mines crypto inconspicuously using the victim’s device for as long as possible. A malicious code is embedded in the system which runs in the background and mines cryptos whenever the victim uses the device.

Signs of Crypto Scam

  • Bold claims on returns – Scammers use various means of advertising and leverage the lack of understanding and greed of unsuspecting investors to siphon their funds. If a particular ICO is claiming to offer massive returns to investors, then chances are high that it is fraudulent. The same logic holds true when someone advocates something as risk-free in cryptocurrency. This is impossible even if the backend system works flawlessly. Fraudsters make fake promises of monthly or daily profits and urge investors to join cloud mining services or bitcoin investment packages.
  • No code repository – Ideally all crypto projects should be open-sourced allowing the owners to view the project codes from the provided link. A code repository makes it possible for anyone in the crypto community to keep a tab over project alterations. If the cryptocurrency doesn’t offer links to its code, then chances are high that it is a scam.
  • Misleading details – Fraudsters use complex language to cover up their unworthy and illegitimate operations. Though this initially impresses investors with the massive profit potential, it is actually a trap. You should stick to websites that allow investors to make well-informed decisions with their easy-to-understand language.
  • Compromised escrow – The escrow service holds crypto funds both during and after an Initial Coin Offering. This service ensures that funds receive proper approval from two or more members of the crypto community and one member of the crypto project before they are being moved. Fraudsters can move funds illegally by posing as escrow in scam projects.
  • Lack of communication – Scam cryptos do not answer the doubts of investors in stark contrast to the legitimate ones which often participate in social media discussion forums. It is best to opt for cryptos which give a regular status update to investors through their social media handles and website.
  • Ghost team members – If you are dealing with crypto whose working team includes people having anonymous identities, then this is a potential cause of concern. This means that they are trying to hide some facts from the public eye. Ideally, cryptocurrencies should have an advisory board and founding team comprising well-known experts in the field of finance and crypto.
  • No whitepaper – If a company fails to offer its users a whitepaper detailing all technicalities in a simplified manner, then it is a red flag to watch out for. A whitepaper explains the goals of the company, the number of tokens that shall be offered to the crypto community, and how the digital tokens shall be used.

Although a crypto transaction is secure, a scammer can easily create a fake website for duping the investors into sending their fiat money or crypto to cybercriminals. This is phishing in its most basic forms. Crypto scams constitute a broader field of which phishing is just a small part.