Here are the most popular crypto scams and how to avoid them
Jul 8, 2022
Here are the most popular crypto scams and how to avoid them
Web3 gives us amazing opportunities to change our lives and change the world. If we stay positive, work together, support, and educate each other, we’re all gonna make it.
However, web3 has its drawbacks. One of the major ones is, you guessed it, security.
Web3 hackers are going crazy creating new ways to fraud you. So we decided that it’ll be useful to remind you of some basic but golden rules on how to stay safe in the crypto world. We also covered the most popular crypto scams and how they work so that you don’t fall for them.
This blog will be useful for everyone since both newbies and crypto savvy can bump into scammers.
Before we jump into the top tips to help you stay safe in web3, let’s see what are the most popular scam schemes you can run into.
1. Crypto giveaways.
One of the most common scams out there. You’ve probably seen it’s everywhere — thousands if not millions of bots are bombarding users on Twitter, Telegram, Instagram, or even via email. They all say that you can’t miss the chance to win some FREE crypto. To get your free coins, all you need to do is to send a certain person a small amount of crypto, this generous man will send you 10x of your investment. Sounds pretty persuasive, huh?
However, it actually is. The scammers buy lots of ad space across different platforms and even show you the fake transaction lists to convince you that people are indeed getting their money.
You can’t fight these scams alone, but you can identify them and don’t fall for the scammers. It’s important to understand that no one on the internet is going to give you something for free. Sad but true.
2. Rug pull scams.
A rug pull scam is when someone else pulls the rug from under you. The scammers rob you of your funds, disappear and leave you holding the bag. This type of scam is pretty common in the NFT and DeFi spaces.
Here’s how it happens in the NFT. The scammers usually get someone to create some pretty standard images and issue them in a mint, promising an exciting roadmap or paying some influencer to promote them.
Once people minted their NFTs, the project vanishes — all social media channels, websites, and emails are deleted. They pull the rug and leave you with the useless piece of sh… with the NFT that has no value.
In the DeFi sector, you’ll have to provide liquidity to the protocol and even get some pretty good returns from that. During this time, the project hype grows, and many people are joining the liquidity pools. This hype is created pretty much as in the case with NFTs — by influencers shilling the project and exciting promises. Once the project is at its peak, the developers strike and extract all the liquidity from the pool, leaving investors with nothing.
In 2021, rug pulls scams were dominating fraud schemes in the web3 and crypto landscape, according to the Chainalysis report.
3. Phishing attacks
Phishing scams have a long history, but in crypto, they are literally blooming. The goal of a phishing attack is to steal user data: your passwords, personal data, and other information. The scammers need this data to access users’ wallets or exchange accounts.
In some cases, you can voluntarily give them all they need. For example, when you visit the website and are asked to insert your wallet seed phrase in order to access it. When you do that, the frauds have access to your coins. Hence, you should never insert your seed phrase on suspicious websites.
Phishing scams are especially popular in the NFT space. A couple of months ago, an NFT collector lost roughly $2.2 billion worth of NFTs when he approved a phishing contract. That must hurt.
The only way to avoid this type of scam is to make sure that you are on the official website before you sign a transaction.
You’ve probably seen it before when trying to find your favourite crypto influencer on social media. Tens and hundreds of similar accounts and it’s pretty hard to identify which of them is the one you need. Especially if the person doesn’t have a verification mark.
These scammers are the real problem because many people actually fall for them. They follow you on social media, dm you offering some VIP trading signals, schemes that will make you rich in a few days, etc.
One of the ways to stay safe here is to remember that influencers, project founders, Elon Musk, and Vitalik Buterin will never dm you first. If they do, it’s a scam, stay away from the conversation with them and block the account.
5. Pump and dump
It’s a form of market manipulation when market participants attempt to pump a token increasing its price until it starts gaining attention. This will then create the illusion that this is a token of interest on the market making it tempting to ape in. Right after that those who pumped the token will dump it on the unsuspecting bag holders.
These pumps are usually well coordinated by groups of people; they chose a target token, accumulate the coins and then promote the pump to their subscribers. They also set up a day and time when to push it (probably even have a content plan for their social media).
So before jumping into a pumping token you’ve never heard of before, it might be worth looking at the previous volumes and trading activity and doing your own research.
We’ve covered some of the most widespread scams that are torturing blockchain users. Now let’s see what you can do to keep your funds and nerves safe.
Secure all your passwords
This is so obvious that we weren’t sure if we need to mention that, but this is literally the most important thing ever so you just can’t ignore it!
You probably know that Metamask allows you to create multiple accounts. So utilize this not just for farming airdrops but also for splitting tokens across different wallets.
Additionally, having multiple wallets with different seeds can help secure your funds even more. By using different wallets for NFTs, Degen plays, and long-term holds you’d be able to feel a lot safer when entering a new farm.
You can also consider buying a hardware wallet to hold your crypto.
Always keep your private key somewhere secure. Ideally, you’ll keep it offline, for example on an encrypted USB, but you can also keep it on a password program like LastPass (although this is arguably less secure).
Enable 2-factor authentication
Once you’ve secured all your passwords, you should also secure your password manager by using two-factor authentication (either via OTP such as Google Authenticator or Bonus points for using a password program like LastPass, Google 2FA, and a secure password-protected offline device.
Password+2FA is the minimum necessary for every account you own.
Track the news
If you know about the hacks and scams, frauds have fewer chances to cheat you. That’s why it’s important to follow the news and review previous large hacks and recent scams. Keep an eye out for the reported use of cryptocurrency in the cybercrime ecosystem. Consider subscribing to the newsletter for example Bankless and the Milk Road newsletters, or following the right people in crypto. Check out our tweet about the top crypto influencers to follow.
Verify that people you are chatting with online are who they claim to be
Unfortunately, it’s not easy controlling who can reach out to you online. People can hide their real motives for wanting to connect with you but those motives are not necessarily innocent. That said, should anyone reach out to you online, you need to verify whether the person they purport to be is actually who they are.
On the other hand, verified accounts can be hacked and used to spam you. One of the ways to verify if whomever you are talking to is who they claim to be (especially when working in anonymous teams) is to reach out to the actual person via other channels. This way, you will know whether you are talking to the actual person they claim to be or an impersonator.
Beware of clicking on links shared on Telegram or Discord
Telegram and Discord are the most popular platforms where web3 projects communities chat and discuss stuff. However, you still don’t entirely know what people’s true intentions on those networks are. So it’s better to not click on a link shared by some random guy (if it’s not a community manager or a team member) unless you can verify their source.
The Ethereum token approval checker is the tool that might come in handy. There you can review all the smart contracts that you’ve given approvals to and when. Then you can revoke access to those you found suspicious to protect yourself in the future.
DYOD (Do your own diligence)
You should always beware when clicking on a link to open a web3 site, especially if someone sends them over to you. These links can easily be redirected and lead to a spammy site where you can lose all your assets.
Before clicking on the URL, check if it’s correct on the brand’s official pages like their Twitter account or via the URL provided on Coingecko. Once you are sure the link is correct it’s worth bookmarking it because it makes it much easier to navigate.
Despite the various crypto frauds, web3 development continues, and we will soon see that the space becomes a safer place to be. For example, recently MetaMask announced a partnership with Asset Reality, a platform for accessing and recovering seized crypto and digital assets. The two organizations will work together to help MetaMask scam and phishing victims reclaim their funds.
To bring it home
web3 is great, but there are lots of scams that can be overwhelming for both newbies and long-term users;
to stay safe you need to secure all your passwords and store them off-chain. A cold wallet will be a great option.
once your passwords are secured, enable two-factor authentication.
always track the news to be aware of the recent hacks
do your own research and never click on links some random dude posts on Telegram or Discord, trust official channels only and double-check the links.