Bitcoin and cryptocurrencies have gained a reputation for generating rapid wealth bringing in new types of investors eager to make a quick buck. Unfortunately, the novelty of the space and lack of technological understanding from the investor's side has opened up the floor for bad actors and scammers to enter the market and take advantage of investors' naivety.
The idea of making millionsfrom low investments promotes a fast-moving investment strategy that builds on top of investor's FOMO mentality. A response that plays right into the hacker's ability to take advantage of the user's naivety.
Scammers are gaining access to a market that's very vulnerable to attacks because it lacks worldwide regulation by governments to protect investors. As a new asset class, the lack of governance by authorities gives opportunities to criminals to take advantage of investors. Cryptocurrency scams can pay large dividends for bad actors with billions stolen from crypto exchanges since 2012.
Based on our research, the most common red flag or scams to be aware of in 2022 when buying or selling Bitcoin are:
- Fake crypto exchanges
- Discord scams
- Promotion ad scams
- Compromised websites
- Phishing emails and SMS
- Malware within software wallets & apps
Investors can protect themselves by learning and identifying scam behaviors and being wary of crypto exchanges that have been hacked. Below are the most frequently used hacking methods and some ways users can protect themselves.
In the golden Bitcoin rush, the user's better judgment is altered by the sheer excitement and FOMO. As a result, users who have no previous experience buying cryptocurrencies give into their better judgment and choose exchanges that promise lower fees and a better price than usual.
Although several approved cryptocurrency exchanges are marketed and promoted on major outlets, including those who've struck major partnerships with companies, users still fall prey to dodgy exchanges.
Fake crypto exchanges can appear to be exact replicas with a similar design to already established exchanges with the same branding and logos. The goal of a fake exchange is to retrieve the e-mail and password of an existing user. Some fake exchanges have been known to even allow users to deposit funds, which are then transferred to another account.
Verify every aspect of the buying experience, including their URL, app, and contact information. If there is just a single red flag, such as a typo, users should withdraw their funds immediately and change their e-mail password as fast as possible.
How To Avoid Fake Exchanges:
- Use established exchanges such as Binance, Coinbase, Kraken or FTX
- Finalize and conduct the KYC process to ensure the exchange is legitimate
- Research the exchange on Google, social media and exchange reviews to verify if other users have reported any issues
- Be diligent with promotional material that sounds too good to be true
- Don't be pressured to receive special offers
- Don't rush into purchasing Bitcoin immediately
Telegram and Discord have become popular choices for the crypto sector because they enable projects to create a community that facilitates faster and near-instant access to information.
Discord promotes unrestricted access to users in the same channel, meaning users can receive unsolicited messages from strangers. The most common scams on Discord involve sending private messages to trick others into sending crypto to a fake wallet.
While some messages are very compelling and accurate, crypto project owners often emphasize, "Admins will not message you." However, users can prevent unsolicited messaged by disabling the option in their settings.
Another more advanced Discord scam involves a compromised admin account. For example, one of Beeple's Discord admin accounts had been compromised and managed to obtain 38 ETH from unsuspecting users after the scammer posed as the Admin and sent automated messages asking for crypto.
How To Avoid Discord Scams:
- Don't reply to any message on Discord
- Disable the option to allow messages from anyone on Discord
- Even if the offer is too good to be true, it is a scam for certain
- Never send money or share your private keys with anyone, even if it's an admin
In the crypto space, attention to detail is important. After Google and Facebook announced they are more lenient with cryptocurrency wallet ad promotions, hackers have identified a way to trick users into giving their private keys for their Bitcoin. Specifically, the hack targets newcomers in the crypto space, using Google Ads by promoting a phishing website such as Metamask or Trust Wallet.
Scammers are outbidding competitors for keywords and placing the scam website at the top of the search result. While the website is identical to the original one, users can scan the URL to identify if the word is correct. More often than not, hackers replace or add a letter to create confusion and mimic the original URL.
How To Avoid Promoted Scams:
- Copy the website's URL and paste it in Google to see if the letter match the original
- Do not click on any crypto wallet ads
- Scan the website metadata and content to find any inconsistencies
- Visit the crypto exchange using a Favourite or Bookmark list
Hacking a well-established website is not a common occurrence, but when that does happen, users can be blindsided. Hackers compromise websites, creating a custom message which is meant only to steal users' funds.
For example, Bitcoin.org, the domain initially registered by Satoshi Nakamoto, the founder of Bitcoin, was compromised following an attack. In addition, hackers managed to steal $17,000 in funds after they promoted a "double your money" giveaway.
The main takeaway is to not indulge in any request, especially if it's too good to be true. Hackers cannot steal users' funds unless they contribute by sending money to unknown wallets or not being skeptical enough of the intention of the giveaway.
How To Avoid Compromised Websites:
- Identify which giveaway is a scam and which one is not
- Giveaways or requests to send money are always a scam
- Don't trust any request coming from a high authority website because it could have been compromised
Phishing is an already outdated way of finding potential targets by sending unsolicited emails. Crypto phishing operates abnormally because it targets users' emotions, especially when it involves the security of their assets. The most common scams that occur via phishing emails appear to be from a trusted organization such as a bank, or in this case, a cryptocurrency exchange or software wallet.
The content of the e-mail or SMS is a scam, and upon clicking the email link, users will either have malware installed on their computer or be asked to enter their wallet or exchange password. Fortunately, fake emails are easy to spot because they either contain fake names, different fonts than usual, typos or won't match the previous look and feel.
How to Avoid Email & SMS Phishing Scams:
- Do not open any email that looks suspicious and send it directly into the spam folder
- Always double-check the sender's address because it never corresponds to the original one
- Don't click on any links/buttons/newsletters attached to the email
- Keep your funds in a cold storage wallet and only attribute a small fraction to a hot wallet
- Never share your private key with anyone regardless of their request
Malware has long been a favorite among online scammers. Users that download software such as wallets and Bitcoin mining apps for mobile phones can contain harmful malware. These can be a little more difficult to identify.
Once the malware infects your PC, it will get access to your software wallet and drain your account, monitor the ‘clipboard' for cryptocurrency addresses and passwords or steal the private keys.
How to Avoid Malware within Software Wallets:
- Purchase and use a trusted and reputable hardware wallet
- Do NOT buy a hardware wallet from unauthorized resellers
- Do NOT just download any Bitcoin wallet in the App Store
- Make sure the website has a padlock and click it to ensure the organization name details match the website description
- Use ExpressVPN or NordVPN to encrypt all your traffic including URLs that you search and protect your identity
- Ensure your virus scanner is up to date
There are several prevention measures an investor can undertake to ensure they are not susceptible or vulnerable to Bitcoin scams. The most basic measures everyone should consider include:
- Don't invest more than you can afford to lose
- Always verify the URL address of the exchange
- Use trusted and trustworthy crypto exchange
- Complete the ID verification process and activate 2 Factor Authentication (2FA)
- Be diligent with promotional offers and giveaways that sound too good to be true
- Never send money or provide account information to anyone on a social media platform
- Don't click on links within emails or SMS
- Use a hardware wallet to store Bitcoin or other cryptocurrencies
The naivety of newcomers in the crypto space creates infinite opportunities for hackers to steal users' funds. Still, Bitcoin scams can be avoided if investors identify patterns of hacker behavior before taking any sort of action. After understanding the most common hacks, users should be able to identify when their digital interaction with an entity does not add up and reach out to the exchange via their official contact channels to report an incident.