Originally posted on https://www.hacker9.com/beware-8-cryptocurrency-scams.html
Cryptocurrencies are changing the way we understand finance & investment. An increasing number of people from different age groups are dabbling into the crypto world, valuing the decentralized digital money above traditional investments.
From college grade students to founders & business owners, everybody is involved in Cryptocurrencies and many are making fortune out of it, especially newbie investors who are brave enough to take risks. In fact, according to a survey in the US 30% of the investors between the age of 18 and 34 would easily prefer investing in cryptocurrency over company stocks or government bonds.
Of late, you might have noticed that crypto scams and hacks have become a hot topic of discussion. A lot of investors have lost collectively millions of dollars in these scams, Some have even lost their life-savings.
In Cryptocurrency scams, apart from worrying about your invested money or regretting not having invested, you cant do nothing to get your money back.
2017 saw some of the craziest cryptocurrency scams. There have been scams, right from that guy who said he was affiliated with some revolutionary cryptocurrency that has enormous growth opportunities and made you invest in it, which turns out to be a Ponzi scheme and then there were scams which operated on preeminent levels, like that of Enigma ICO scam wherein hackershijacked official Enigma ICO website and their social accounts, altered the website with their own wallet addresses and urged their investors to send the Ether coin in exchange for the enigma token.
We are all aware of the Buffet’s investment advice: “Invest only what you can afford to lose”, However somehow we tend to forget it when somebody is putting a really nice investment scheme on the table.
There are dozens of cryptocurrencies which saw over 10 times growth in 2017. while some deserved the price rise, many were just hyped up and overestimated. Scammers take advantage of these growth examples to pitch you their own FAKE COIN and spread a sense of exuberance. Many who are not much agnostic fall prey to such scams.
lately, scammers are using various techniques which often use “social engineering” tactics to scam their target audience and steal cryptocurrencies.
#UPDATE
Meanwhile, Imposter scams on twitter are on the rise and causing huge problems. Let us first see what imposter scam is and how imposters are making huge money by scamming informed users.
Imposter scams on twitter
In imposter scam, The scammer uses fake celebrity social media accounts, preferably twitter to dupe people into sending small cryptocurrency donations in return for a chance of being sent 10 times worth of cryptocurrency back.
Here’s a fake twitter account of ‘Tim Cook’ replying (pitching his scam) to the real Tim cook’s tweet, creating an impression that the tweet is from the real ‘Tim Cook’ per se.
You can see the tweet from fake ‘Tim cook’ has garnered a lot of likes and replies that look genuine. No, wait! all those replies are made by the same crooks. The modus operandi of crooks carrying out imposter scams is, They first create a fake account of popular tech celebrity along with another 5 to 6 fake twitter accounts that impersonate normal twitter users.
Once they have their weapons ready, the scammer starts tweeting his “scam text” to real celebs latest tweet as a reply. Quickly garners fake likes and retweets on his reply, which makes it a top reply to that tweet. He then uses his other fake accounts to respond to his tweet claiming to have received the promised funds.
How to spot Imposter scams on twitter?
Many of the imposter accounts are quickly being suspended by Twitter, however, a new account can be set up in under a minute. Spotting fake accounts of celebrities is quite easy. Always look for ‘verified’ tick, Most real profiles will have a ‘verified’ tick. Other warning signs include a low follower count and a Twitter handle that contains unnecessary letters or numbers to make it look like a real twitter handle.
Also see: Here’s why you should never ask someone to create BITCOIN wallet for you.
Now, here are the most popular scams you can fall prey to:
- Airdrop scam – Free coins
- Pump & Dump scam
- Malicious cryptocurrency trading Apps & Bots
- Fake cryptocurrency wallets
- Fake coin promotion (Ponzi scheme)
- Initial coin offering scam (ICO scam)
- Phishing & Phone porting attacks on wallet holders
- Bitcoin cloud mining scam
1. Airdrop scam – Free coins
Who doesn’t like incentives for being a loyal customer? Companies have been using incentives model to create awareness about their products or services. The same model is being used in Crypto projects and it is popularly known as Airdrop.
A crypto airdrop is when a blockchain/cryptocurrency project distributes free tokens or coins to the crypto community or people who joined a pre-sale.
Scammers have mastered this art of luring crypto community. First, they impersonate official social channels and a landing page that resembles original crypto project. Next, they start posting about fake Airdrop event of genuine cryptocurrency across their duplicate social channels.
Typically the post contains a link to their landing page which contains a form, wherein every participant or anyone who would like to get free coins has to input his/hers Ether wallet address, where the coins would be credited. Now here comes the catch, They also ask for a private key that corresponds to the wallet address. Most users without giving a second thought, give out their private keys as well.
As soon as you submit your details, The scammer on the other side quickly drains your wallet without leaving any trace.
Here is an example of fake Airdrop promotion for EOS Token.
Official website: https://eos.io
Fake website: https://eos-token.org
Fake promotions on scammers twitter handle:
2. Pump & Dump scam
Pump & dump scam is another shady scheme, which is very popular amongst newbie traders. It is usually done by experienced traders with massive cryptocurrency capital aka whales. It is often considered as a way of with quick money.
Typical pump & dumb effect on cryptocurrency:
How “Pump and dump” scam works?
A trader or a group of cryptocurrency traders look out for a target coin with low market cap and low trading volume. Once the coin is finalized, they start placing a huge amount of buy orders (PUMP) at the current price to make some crazy movements. This leads to a rise in coin’s price.
As soon as the coin starts pumping, the traders inform their followers to invest in it. At this moment the followers assume that the coin is soon going to pump and start buying it at higher price unaware of the already pumped up price. Here comes the catch, The traders who had initiated the pump had already placed the sell orders at a pumped-up price which would be eventually sold out to their followers (DUMP). Thus the followers end up losing their money as soon as the coin price drastically drops back.
What’s more, Scammers have created “pump & dump” groups on various social networks. Telegram being very popular, there are dozens of “pump & dump” channels that give out trading signals to their followers. The only ones that really win out are the ones who operate “pump and dump” groups cause they and their friends buy in before the pump and leave many people within the group hanging.
Do yourself a favor and never participate in any kind of “pump and dump” groups.
3. Malicious cryptocurrency trading Apps & Bots
Trading apps basically do 2 things: They provide the facility of holding your cryptocurrency tokens and they give you the ability to buy & sell cryptocurrency tokens whenever you want. Most cryptocurrency exchanges facilitate trading and few of them have an app for easy access.
Since many exchanges provide REST API to allow you to programmatically perform nearly all actions you can from the web interface, A number of 3rd party trading apps are floating in the market.
Many of them provide automated trading options, wherein a trading Bot will trade on behalf of you so that you maximize the profits. However, not all of them are trustworthy.
A typical malicious trading app will ask you to first deposit or transfer cryptocurrency to your account Or it will ask you to input your existing wallet address & private key. Once you do this, the app suddenly stops working or will suspend your account without warning. The scammers on the other side with your public and private key would soon empty your wallet without your consent.
So always be skeptical when it comes to trading apps, Don’t fall for the excellent reviews on 3rd party websites. Always check reviews and ratings in the Appstore.
I’m not here to spread fear without offering you some good news: there are some excellent trading apps out there. One such trading app which I personally use is BINANCE APP. I hold a number of altcoins there, and I’ve never had any trouble with them.
4. Fake cryptocurrency wallets
A “cryptocurrency wallet” is a collection of keypair which consists a “public key” and a “private key”. The “address” you send people is the public half and the private half resides in your wallet file. Now if a person has X cryptocurrency, he has to have a wallet to hold them.
This wallet can be in the form of hardware (hardware wallet) or in an online digital form (Digital wallet). And just like fake trading apps, there are fake digital wallets as well.
These fake wallets contain keylogger program that steals your sensitive information and makes unwanted transactions. The problem is that these fake wallets easily appear in mobile app stores and hardly gets audited until the investors lose their money.
If you are looking for trustworthy wallets then be sure to check out these:
Digital wallets: Myetherwallet, Blockchain.info.
Hardware wallets: Trezor, Ledgerwallet.
5. Fake coin promotion (Ponzi scheme)
We think we’re clever enough to spot a scam when it is in front of us. But if someone who is really confident of his product pitches you to invest in his business in a room full of investors, Its pretty much hard to avoid being lured into it.
This is what happened when a young man in India was allegedly delivering a sales pitch for a cryptocurrency which did not exist. When arrested, he had already duped hundreds of people by luring them into investing.
Scammers like these often organize lavish seminars to lure bigshot investors who then pitch in their referral connection to smaller investors. The scam involves typical pyramid scheme, wherein you get paid more when you bring in more investors down the line. This kind of scam is often offline based, and you are more likely to figure it out if you have had indulged in Pyramid & Ponzi schemes before.
6. Initial coin offering scam (ICO scam)
What is ICO? “Initial coin offering” is a way of raising substantial funds from investors for a blockchain project. Investors are given tokens/cryptocurrency in exchange for fiat currency. Any individual who wants to invest in a blockchain project can purchase the tokens from its developers during ICO sale.
ICO’s have become very popular and every new ICO sale attracts thousands of investors who are inspired by previous ICO performances, like that of NEO COINwhich went from the ICO price of 3 cents to over $150 within 36 months.
Seeing this opportunity, Scammers are coming up with their own Blockchain projects which essentially does nothing, except having a fancy problem-solving approach in their whitepapers (You can easily get a fake whitepaper for as little as few hundred dollars). With little marketing, they end up getting attention from crypto enthusiasts who then give them a shout-out on social media & crypto channels.
This causes irrational exuberance among a wide range of crypto community, Which then leads to considerable participation of investors in their futile ICO sale. And as soon as their token becomes vastly overestimated, The scammers star dumping their crypto tokens which eventually leads to an enormous price drop. The investors are left with no choice but sell their crypto tokens with huge losses. Somebody has even written about 5 step process to create an ICO scam.
Again, I don’t want to spread FUD, there are some excellent ICO’s which look promising in solving real-world problems. Before investing do your own research, Check industry sites like CoinDesk, IcoWatchList, IcoAlert to verify the legitimacy of a claimed ICO. Don’t fall for “too good to be true” offers, especially when received over email, advertisements or social media messaging.
I know many of you are lazy enough like me to do research on their own. To beat this, I personally follow this guy on twitter who has a team of assessors who test the authenticity of any new blockchain projects. John McAfee is a computer security legend and a crypto whale of course.
Also, take a look at this wonderful post by BlockGeeks to avoid getting duped by ICO scams.
7. Phishing & Phone porting attacks on wallet holders
Phishing is far deadlier than all of the above scams. Its the old school way to get sensitive information from crypto investors. A single phishing attack on any of your accounts is enough for a hacker to figure out other sensitive information related to you.
Here is how scammers target their victims:
- They hunt and shortlist crypto investors from various social channels who are easily swayed to give out their details.
- They then identify their holdings with various cryptocurrency exchanges and wallets services.
- Using social engineering tactics, they obtain their email address which is linked to their wallet/ trading accounts.
- Finally, they start spamming their target user with phisher email crafted to sniff away the login credentials.
- If the victim falls for it, The scammer drains their wallet.
A phishing email targeting “Bittrex Exchange” users:
It’s easier to identify the phishing email while on a desktop since most email clients will show you the senders full email and you can always hower over the links to see the destination URL. However, if you happen to be on your cell phone, the email client might not show you the senders email address unless you click “view details”. So always remember to verify the sender details before clicking any links in the email.
Since most crypto wallet services and exchanges have adopted 2-factor authentication which can also be used to reset passwords, scammers are also indulging in Phone-porting attacks. “Phone-porting,” is when scammer takes possession of a person’s phone number by tricking the mobile provider into giving them control of the account. Once he gets control over victims cellphone, he can easily opt to reset the password using SMS verification.
As discussed in phishing section, the modus operandi remains the same. Instead of email, they acquire cellphone numbers of their victims who then fall prey to Cell phone identity theft.
A solution for this is to switch two-factor authentication from SMS to Google Authenticator service.
8. Bitcoin cloud mining scam
Ever since bitcoin got popular, a lot of cloud mining companies started surfing online who rent out their mining hardware for a fixed price to their customers. The customer who buys mining service gets paid mining profits monthly or yearly, which is often a small fraction of the money he invested.
You would say, If you had mining hardware running, and it would earn you money, why would you rent it out to strangers on the internet? The only logical answer to that is because by renting out hardware mining companies do not have to depend on mining profitability. Even if mining is not profitable, they get their steady income.
Since mining companies do not have to worry about paying their customers immediately, It can be a lucrative scam business opportunity. Check out uncle scam’s video explaining how you can set up a fake cloud mining business.
So is there any legitimate cloud mining company I can trust?
Of course, there is. I am personally using this service called “Genesis-mining” which is the most trusted cloud mining company operating since 2014 and have a wide range of cryptocurrency mining contracts which are profitable. You can use promo code “jyl14W” to get 3% discount on your contract purchase.
If you are looking for easy returns on your investments, you should definitely consider buying cloud mining contracts. However, setting up your own mining rig is way more profitable than cloud mining.
Final word
In the light of above-discussed scams, It is indeed a very risky deal to bet money on blockchain projects if you don’t know what you are investing in. The key to staying safe in the crypto world is research. If you believe in the project, go ahead and take a risk.