Dylan Walker
Editor
With all the market excitement around bitcoin and other cryptocurrencies, there has been a large increase in scams to try steal your fiat money or cryptocurrency. In this post, we’ll cover what are the primary attack vectors for cryptocurrency scams, as well as how to stay safe against them.
The three major ways in which scams work are by:
As with emails from so-called “Nigerian princes” you get for fiat currency, phishing scams are easy to find in realm of cryptocurrency as well. As they give control over your wallet and all the currency in them, this also makes private keys a favorite target of phishers. Private keys gives you complete control over your wallet so it’s important to keep them just that – private!
There are multiple common ways that phishing attacks try to get your private key:
Method 1:
You will get a message asking to ‘upgrade’ to a newer version of service you use today “for sake of security”, and they will provide a fake URL which will lead to a page which leads almost identical to the real version! On this fake website they hope you’ll type in your private key which they now have
Method 2:
You may get an offer to ‘verify’ your wallet, or transaction, often claiming that your balance is at risk if you don’t check. They ask for your private key which they then steal.
Method 3:
You may get an offer which promises free cryptocurrency for adding a ‘special’ new feature or connecting with another service. These scams ask you to ‘sign-up’ with your private key which then gets stolen.
Example of phishing scam trying to get user to access a fake or compromised website.
Breathe and don’t act without thinking
A common thread here is that they want to create the feeling of ‘scarcity’ – either that you’ll lose your money if you don’t follow their instructions, or that you’ll miss out on an opportunity if you don’t act right this instant! So step 1: breathe! Any time you’re thinking about your money, you need to be thinking clearly.
Bookmark or navigate to the site yourself
Always access your wallet in the same way, bookmark or write down the link. This way, you won’t fall for fake URLs – it’s amazing how similar some phishing websites look compared to the real deal!
Use extensions
Luckily, there’s also a Chrome extension that helps spot mismatched URLs. It can be found here.
Don’t overuse your private key
You don’t need a private key to access your wallet! Any time someone claims that there is an issue with a transaction or your wallet, you can easily check this on your own, without using whatever (almost certainly malicious) link they told you to use. Blockexplorer.com, Etherscan.io, and more all allow you to check your wallet without a private key – virtually all cryptocurrencies support a method of doing this! All you need is a transaction ID or your wallet public key, and you can check the status of a transaction or the value of a wallet.
Stay away from remote access software
Never use remote access software like TeamViewer on a computer where you may have a private key saved. Remote access systems are very dangerous as they give near full access to your computer and they can install malware on your computer which may help someone steal your private keys.
You can read about some of TeamViewer’s security issues here.
Beware advertisements
Avoid clicking on internet advertisements, or downloading software from unknown sources! This is a basic tenant of computer security, as advertisements and some software found on the internet will install malware on your computer which may give the malware’s creator to your private key if it goes undetected.
Here is a good resource on how to protect yourself from malware in general.
Some more sophisticated attacks include providing illegitimate services that aim to get you to sign up and transfer in your money. Once you do that the scammers promptly transfer your funds to their own accounts. While certainly illegal, these types of scams leave the victims with little chance of recourse as
These types of services may include:
This fake wallet asked users to deposit money or Bitcoin before stealing both via a backdoor. It has luckily now been removed from the app store.
Pick your wallets carefully
Only trust first party wallets when possible – most cryptocurrencies have a native wallet that they provide for free.
Find reputable exchanges (this list may help)
When looking for an exchange to trade on, do a lot of research into which are the most reputable, just as you would with normal investing.
The last types of scam are illegitimate investment schemes, and can often be the hardest type to spot. They offer amazing returns with little to no work, and try to get you to invest more and more capital.
These illegitimate investment schemes might offer:
Example of promised daily prophets that may indicate a Ponzi scheme.
It probably is too good to be true
Be suspicious of any High Yield Investment Plans – they often claim to be able to provide unusually high or very consistent returns.
Seeing referral codes? Do you research.
Be suspicious when being marketed to by a friend or member of the community, particularly if they offer a referral code.
But not all referrals are bad
Referral codes are sometimes used by legitimate businesses such as Coinbase. One way to spot the difference is if referrals are capped. If they’re uncapped the more you spend the more the referrer earns and the more incentive they have to push you. On the other hand Coinbase referrals are capped at $10, so there’s less incentive and less pushiness.
Cloud mining? You’re probably mining air indeed.
Stay away from cloud mining if you’re a beginner! While in theory not all cloud mining is illegitimate, it’s very complicated and there is a history of lawsuits in this space. One company CEO recently plead guilty to fraud for fake mining services.
Are others talking about it? Research the service
Make sure you can find information about the company from other websites, not just from the company. Again, google name of the service plus “scam”.”
As with any investing, cryptocurrencies has a fair share of scams that are targeted in new investors who are uneducated on cryptocurrency. So remember to never let anyone have your private key unless you’re willing to let them spend all funds on your behalf. Be suspicious and vigilant about investment opportunities that provide outsized returns, and do your research!
And finally, when in doubt, use Google!