With all the market excitement around bitcoin and other cryptocurrencies, there has been a large increase in scams to try steal your fiat money or cryptocurrency. In this post, we’ll cover what are the primary attack vectors for cryptocurrency scams, as well as how to stay safe against them.

The three major ways in which scams work are by:

  • stealing your private key through phishing
  • offering illegitimate services
  • offering illegitimate investment schemes

Phishing Scams

As with emails from so-called “Nigerian princes” you get for fiat currency, phishing scams are easy to find in realm of cryptocurrency as well. As they give control over your wallet and all the currency in them, this also makes private keys a favorite target of phishers. Private keys gives you complete control over your wallet so it’s important to keep them just that – private!

There are multiple common ways that phishing attacks try to get your private key:

Method 1:
You will get a message asking to ‘upgrade’ to a newer version of service you use today “for sake of security”, and they will provide a fake URL which will lead to a page which leads almost identical to the real version! On this fake website they hope you’ll type in your private key which they now have

Method 2:
You may get an offer to ‘verify’ your wallet, or transaction, often claiming that your balance is at risk if you don’t check. They ask for your private key which they then steal.

Method 3:
You may get an offer which promises free cryptocurrency for adding a ‘special’ new feature or connecting with another service. These scams ask you to ‘sign-up’ with your private key which then gets stolen.

Example of phishing scam trying to get user to access a fake or compromised website.

Example of phishing scam trying to get user to access a fake or compromised website.

All of these phishing attacks are after private key, which gives full control over your wallet and enables the attackers to steal your money.

So, how do you stay safe?

Breathe and don’t act without thinking
A common thread here is that they want to create the feeling of ‘scarcity’ – either that you’ll lose your money if you don’t follow their instructions, or that you’ll miss out on an opportunity if you don’t act right this instant! So step 1: breathe! Any time you’re thinking about your money, you need to be thinking clearly.

Bookmark or navigate to the site yourself
Always access your wallet in the same way, bookmark or write down the link. This way, you won’t fall for fake URLs – it’s amazing how similar some phishing websites look compared to the real deal!

Use extensions
Luckily, there’s also a Chrome extension that helps spot mismatched URLs. It can be found here.

Don’t overuse your private key
You don’t need a private key to access your wallet! Any time someone claims that there is an issue with a transaction or your wallet, you can easily check this on your own, without using whatever (almost certainly malicious) link they told you to use. Blockexplorer.com, Etherscan.io, and more all allow you to check your wallet without a private key – virtually all cryptocurrencies support a method of doing this! All you need is a transaction ID or your wallet public key, and you can check the status of a transaction or the value of a wallet.

Stay away from remote access software
Never use remote access software like TeamViewer on a computer where you may have a private key saved. Remote access systems are very dangerous as they give near full access to your computer and they can install malware on your computer which may help someone steal your private keys.

You can read about some of TeamViewer’s security issues here.

Beware advertisements
Avoid clicking on internet advertisements, or downloading software from unknown sources! This is a basic tenant of computer security, as advertisements and some software found on the internet will install malware on your computer which may give the malware’s creator to your private key if it goes undetected.

Here is a good resource on how to protect yourself from malware in general.

 

Illegitimate Services

Some more sophisticated attacks include providing illegitimate services that aim to get you to sign up and transfer in your money. Once you do that the scammers promptly transfer your funds to their own accounts. While certainly illegal, these types of scams leave the victims with little chance of recourse as

These types of services may include:

  • A new or better wallet, often claiming to be more secure or easier to use
  • A service to somehow split or generate coins without needing to do anything
  • An exchange where it is possible to buy cryptocurrency very cheaply, or one that promises free cryptocurrency when opening an account

 

This fake wallet asked users to deposit money or Bitcoin before stealing both via a backdoor.

This fake wallet asked users to deposit money or Bitcoin before stealing both via a backdoor. It has luckily now been removed from the app store.

 

How do you stay safe?

Pick your wallets carefully
Only trust first party wallets when possible – most cryptocurrencies have a native wallet that they provide for free.

  • Some currencies will also list supported and reputable wallets, such as this list that Bitcoin maintains. You can also check out Cryptominded’s resource section.
  • If you own a lot of different cryptocurrencies this may start to become burdensome so you may want to investigate multi-currency wallets.

Find reputable exchanges (this list may help)
When looking for an exchange to trade on, do a lot of research into which are the most reputable, just as you would with normal investing.

  • Bitcoin for example lists trusted exchanges on their website.
  • Google the name of service plus “scam”.
    You’ll be surprised what you may find! While there’s always a first person who may get scammed, you want to learn from others when you can!
  • Inform yourself about how cryptocurrency works, here on Cryptominded and elsewhere.

Illegitimate Investment Schemes

The last types of scam are illegitimate investment schemes, and can often be the hardest type to spot. They offer amazing returns with little to no work, and try to get you to invest more and more capital.

These illegitimate investment schemes might offer:

  • An investment scheme that features daily payouts that are ‘re-invested’ for you
  • Opportunities to increase income with multiple referrals which are uncapped
  • An ‘opportunity of a life time’ or a ‘special, limited time offer’
  • Offer ‘cloud mining’ or other rewards in exchange for upfront payment

 

Example of promised daily prophets that may indicate a Ponzi scheme.

Example of promised daily prophets that may indicate a Ponzi scheme.

 

How do you stay safe?

It probably is too good to be true
Be suspicious of any High Yield Investment Plans – they often claim to be able to provide unusually high or very consistent returns.

  • The market is never consistent, if they’re offering (even proving) very consistent returns, they may be funding your returns with the deposits of others.
  • These often may be Ponzi schemes (just like you would find with fiat), key words to look out for are ‘proprietary’ or ‘secret’ investment strategies, or show strategies that are too complex to understand.
  • Here is a great set of tips on how to spot Ponzi scheme.

Seeing referral codes? Do you research.
Be suspicious when being marketed to by a friend or member of the community, particularly if they offer a referral code.

  • This is the hallmark of a multi-level marketing (MLM) scheme in which it’s impossible to make money is to try to sell the product to others in your circle.

But not all referrals are bad
Referral codes are sometimes used by legitimate businesses such as Coinbase. One way to spot the difference is if referrals are capped. If they’re uncapped the more you spend the more the referrer earns and the more incentive they have to push you. On the other hand Coinbase referrals are capped at $10, so there’s less incentive and less pushiness.

Cloud mining? You’re probably mining air indeed.
Stay away from cloud mining if you’re a beginner! While in theory not all cloud mining is illegitimate, it’s very complicated and there is a history of lawsuits in this space. One company CEO recently plead guilty to fraud for fake mining services.

Are others talking about it? Research the service
Make sure you can find information about the company from other websites, not just from the company. Again, google name of the service plus “scam”.”

Conclusion

As with any investing, cryptocurrencies has a fair share of scams that are targeted in new investors who are uneducated on cryptocurrency. So remember to never let anyone have your private key unless you’re willing to let them spend all funds on your behalf.  Be suspicious and vigilant about investment opportunities that provide outsized returns, and do your research!

And finally, when in doubt, use Google!

Dylan Walker
Dylan Walker

I have been a writer for 7 years, focusing on topics related to the Economy and Finance. My interest in blockchain technology started out as a hobby that is now a full-time gig. I have worked with different blockchain and meta startups. My portfolio interests are NFTs and P2P assets.