If you’re new to the world of cryptocurrency, you should be aware that scamming and hacking is everywhere in this space.
With the explosive popularity of crypto and DeFi projects comes lots of financial opportunity… and of course, FOMO – and risk.
It’s hard to avoid the FOMO when you hear all these stories of overnight crypto millionaires.
One of my favorites is the warehouse worker who quit their job and retired at age 35 after investing in risky shitcoins that made them millions in less than a year.
The FOMO is real.
This is causing droves of uneducated newbies aping into crypto without doing much of any research. This also creates lots of easy targets for hackers and scammers.
You may be wondering how to ensure your safety in this unregulated, wild west of ballin’ out. And If you’re not thinking about crypto security, you should be.
Learn to crawl before you ball.
In this article, we’ll cover some of the most common cryptocurrency scams and how they work. After reading this, you should be able to spot these scams so that you can avoid them.
Quick primer on crypto wallets
At a very minimum, you need to understand how crypto wallets work and what private keys are.
Then, you should learn how hardware wallets work and why you need one.
So for starters, first know that you can keep your cryptocurrency stored in either a custodian wallet or a non-custodian wallet.
However, your crypto isn’t actually “stored” in your wallet. Rather, your wallet is software that stores and controls your private keys. These keys give you access to your crypto on the blockchain.
Custodial Wallets
For most people that just want to buy and hold coins, using and keeping your funds on an exchange like CoinBase is considered relatively safe.
I say relatively because any wallet that’s connected to the internet can be hacked. Possibly, but not likely. CoinBase is also a trusted U.S-based service that is regulated and insured.
As a third-party service that acts as both an exchange and your custodian wallet, CoinBase controls the private keys for your account and is responsible for securing your digital assets.
Non-custodial Wallets
If you ever decide to move your crypto out of the exchange wallet or buy tokens from a DEX (de-centralized exchange), you’re probably using a non-custodial wallet like MetaMask.
With a non-custodial wallet, you are solely responsible and in complete control of your private keys, and therefore, all of your crypto holdings.
When using a non-custodial or self-custody wallet, you’re fully responsible for your own private keys. That means you’re in charge of remembering your private keys and maintaining security measures to protect your funds.
If you forget or lose your private keys, you’re screwed.
If a scammer tricks you into accidentally giving out your private keys, you’re screwed.
If your wallet gets hacked, yep, screwed.
Although, you’re LESS likely to get “hacked” and MORE likely to become victim of a scam due to user error (newbie ignorance).
Now that you understand the risk of using a self-custody wallet versus a custodial wallet, let’s dive into some of the most common crypto scams that you should be able to spot.
Common crypto scams and how they work
Copycat crypto websites and DApps
The cryptocurrency market is a crowded place, with thousands of new coins, tokens, and projects being launched every week. As such, it’s easy to get confused by all the different projects that are popping up online.
One thing you should be aware of when looking at these sites is that they often look very similar to genuine exchanges, portals, and DApps.
One of the first DeFi projects I started researching was OlympusDAO. This project launched mid-year in 2021 and quickly became one of the most popular DeFi projects on the web.
After doing a ton of research and hanging out in Discord channels, I came to realize there’s lots of sophisticated scammers and copycat websites that look almost exactly like the original.
Here’s an example of one of the first one’s I encountered:
The OlympusDAO project’s official website is https://olympusdao.finance but imposter sites were running under similar domains like “olympusdao.com” which uses “.com” instead of “.finance” or using “rn” in the domain to look like the letter “m” as in the fake domain olyrnpusdao.com.
See how close that is? It’s pretty damn sneaky if you’re not paying attention.
These fake sites are even being advertised on Google search result pages.
I noticed the same scam happening with another popular DeFi project that I was researching called Wonderland.
These fake Wonderland sites also popping up on Google as paid ads to nearly identical URLs.
You can find these type of scam report warnings all over Reddit and Discord.
Here’s two important notes on this:
You may be following a solid tip from someone with a lot of expertise but still become a victim by accidentally visiting a fake website. There’s a surprising number of websites that have been set up to resemble original, valid startup companies. If there isn’t a small lock icon indicating security near the URL bar and no “https” in the site address think twice.
Even if the site looks identical to the one you think you’re visiting, you may find yourself directed to another platform for payment. For example, you click on a link that looks like a legitimate site, but attackers have created a fake URL with a zero in it instead of a letter ‘o’. That platform, of course, isn’t taking you to the cryptocurrency investment that you’ve already researched. To avoid this, carefully type the exact URL into your browser. Double check it, too.
kaspersky.com
How do the scammers get you with this?
In order to transact with these DeFi projects, you would normally go to the project’s website or DApp and connect your wallet to its protocol. This would be for doing thins like buying or minting tokens, or staking in the protocols.
The way these scammers hope steal your money is by tricking you in to connecting your wallet to these fakes sites.
Once you wallet is connected, the scammers gain access to your funds and can drain your account instantly. Not good!
It’s common for scammers to use fake domains and advertise imposter websites that are nearly identical to legitimate DeFi projects.
Always be cautious and triple check that you’re using the correct site.
I always bookmark the sites of crypto projects and services that I regularly visit to be sure I’m always going to the correct address.
Visit the official addresses by using the links from a project’s official twitter page or discord.
Use popular price tracking sites like CoinMarketCap or CoinGecko that have direct links to the legit project websites and social channels.
Phishing scams and impersonating support staff
Phishing attacks are extremely common.
These scams run in a number of different ways.
Phishing Scams within the context of the cryptocurrency industry, phishing scams target information pertaining to online wallets.
investopedia.com
In other phishing scams, criminals ask investors to share their private keys, which are used to secure their cryptocurrency wallets, so they can access a person’s account and steal their cryptocurrency.
nerdwallet.com
I’ll share two scams that I became aware of very early on in my crypto/DeFi journey.
I participate in a lot of the Discord servers of the projects I’m interested in. I’m also in the sub-reddits as well.
When you’re starting out, you’re probably asking newbie questions that reveal your ignorance.
This is normal. I learned a lot by asking questions and getting help from friendly community members in Discord channels.
However, when I started doing this, I started receiving DMs on both Reddit and Discord.
It’s common for scammers to pose as fake customer support agents and offer their help.
A couple of scammers offered to help me with issues I was posting about. Especially, in regards to issues with my MetaMask wallet.
One scammer suggested that I reach out to “MetaMask support” by email and gave me a fake gmail address. The email could have easily fooled someone not paying attention.
They also provided a fake MetaMask questionnaire that was branded to look like an official MetaMask support form.
How’s this scam work?
These scammers are hoping they can trick you into revealing your seed phrase or private keys so they can “investigate” or “trouble shoot” your issue.
Any reputable crypto project or service will repeatedly warn users that they will never ask for seed phrases or private keys. Nor will they reach out to you by DM on Reddit.
Fake projects and rug pulls
Rug pulls are the latest cryptocurrency scams to hit the crypto market. Rug pulls are very common with DeFi projects.
Decentralized finance, or DeFi, aims to decentralize finance by removing gatekeepers for financial transactions. In recent times, it has become a magnet for innovation in the crypto ecosystem. However, the development of DeFi platforms is beset with its own problems. Bad actors have made away with investor funds via such avenues. This practice, known as a rug pull, has become especially prevalent as DeFi protocols have become popular with crypto investors interested in magnifying returns by hunting down yield-bearing crypto instruments.
investopedia.com
Anubis DAO is a clear example of a shady DeFi project that turned out to be a straight up rug pull.
Anubis was a short-lived project that gained lots of attention and grew very quickly. The project attracted a bunch of investors, tricking them into contributing over $60 million worth of Ethereum which was completely drained shortly after.
Read about the Anubis DAO rug pull here.
Fake airdrops and dusting attacks
This is one that really scared me early on, shortly after dipping my toes into my first two DeFi projects.
Now that I had some skin in the game with some crypto sitting in my self-custody wallet, the risks felt very real for the first time.
Suppose you find some mysterious tokens on your wallet that you never purchased or transferred into your account. These coins can be malicious smart contracts that can gain access to your wallet if you try to transact with them.
More to come on this.
As for dust attacks, scammers do something similar in an attempt to reveal your identity.
Here’s a Binance video explaining a dusting attack:
Shitcoins, Meme coins, and Bullshit ICOs
Do your homework.
Don’t invest in bullshit projects and tokens that have no real value.
Don’t buy into hype, looking to score a quick buck.
It’s possible, but also VERY risky. More people lose than win.
More to come on this.
What to do about these scams
- Always DYOR (do your own research) before investing in crypto. This is just solid advice for investing in general.
- As a general rule of thumb, you should never invest more than you’re willing to lose. Crypto is risky. And if you don’t understand something, do your homework before throwing your hard earned dollars into it.
- Learn the basics of crypto security and how crypto wallets work.
- Help out the crypto community be reporting scammers and suspicious activity immediately. You can do this by joining the Discords of specific projects or reaching out to official support contacts.
- What should you do if you suspect that you’ve been scammed or that your wallet has been hacked? More to come on this. A great place to start would be to join a project’s Discord and ask the community for help. Most members are willing to help trace where your funds went and can at least help to determine if you were in fact scammed. There is no guarantee that funds can be recovered.
- Think your crypto is secure? Find out how secure you think it is versus how secure it actually is by taking the NGRAVE security knowledge test here.
