"Crypto is a scam." We've All Heard The Blanket Accusation
And, yes, most of us have fallen prey to crypto scams in one way or another. Whether they're astronomical heists like the FTX scandal or a crypto coin scam like a dev pulling unlocked liquidity of a $SOL memecoin (cries), bad actors have given the crypto space an unsavory reputation. And that's putting it lightly.
According to data from sources like Chainalysis and CoinMarketCap, negative search terms related to crypto scams generate much more traffic than positive or neutral ones. People are looking at crypto, but they're afraid to get into it because they don't want to lose all of their money.
Still, there's hope. The first step of winning the crypto battle is going in with the right mindset.
The second step is knowing your enemy. So, here's a breakdown of some crypto scams and what even the newest noobs can do to protect their bags frombagzfrom those who are out to steal them.
Hot and Cold Wallets
Before we get into the actual categories, however, a newcomer to crypto needs to understand some basic fundamentals about hot and cold wallets.
Maggie Love of SheFi, a DeFi and blockchain educational platform and community dedicated to empowering women and non-binary types, teaches wallet safety as one of the first classes in her curriculum. She explains how holders can protect themselves from crypto scams by sticking with the following best practices of wallet safety:
There are hot wallets and there are cold wallets. Hot wallets are easier to use, but they are more vulnerable to phishing and hacking attacks (we'll get into some of those, soon). That's because hot wallets are constantly online. There's also the issue that when you use a hot wallet to make transactions, your private keys are transmitted over the Internet. This puts them at risk of being intercepted by hackers. So, keep only what you need to transact with on hot wallets. Not lots of money, not valuable NFTs. Those go to your cold wallet.
The cold wallet, like a Ledger or Trezor, is a piece of hardware that you use as a digital vault. If you have more than a paycheck's amount on your hot wallet, send it over to your cold wallet. They're not as easy to use, but they're safer for a few reasons. Cold wallets are offline unless you connect them to your computer. They use a process called "signing" to authorize transactions. And the private keys never leave the device. This last feature protects your funds, even if you connect the cold wallet to a malware-infected computer.
But cold wallets and signing are not going to keep you completely safe from crypto scams. Most people's wallets are drained because of human error, ignorance and naivete. Browser extensions like CryptoGuard are useful in detecting scams, but the possibilities are endless. Still, a little bit of knowledge goes a long way when it comes to avoiding them. Let's talk about the main weapon of crypto scammers: social engineering.
Social Engineering
💬 "Hey, I love your art. Can we talk about how I can make you sales?"
💬 "Got a look at your resume and would like to interview you for a new job. You just need to download this chat software."
💬 "I'm with Metamask support. What is the issue you're having?"
These are just some of the most overdone crypto scams people have fallen for because of social engineering. NFT artists get buttered up. Degens get promised tokens that will moon if they send a certain amount of $SOL. New crypto users are asked for their seed phrases. People connect with links sent in DMs or emails that look like legit sites to have their wallets drained of all their assets.
It's all a mind game. The crypto scammers are really good at what they do. But there are specifically technical crypto scams you can spot easily, if you know what you're looking for.
Phishing
Coindesk reported that in May of 2023, phishing, or ice phishing, accounted for 55.8% of all crypto scams. This method tricks users into signing a malicious blockchain transaction that allows scammers full wallet access without needing direct approval of further transactions. Some of the biggest names in crypto have been swindled out of millions. Many people who've been in the crypto space for several years will never, ever click on a link because of the phishing fear. But here's what you can do to keep the crypto scammers at bay:
- Check your URLs before you click, connect, or sign any transaction. There are several hot wallets or wallet extensions, like Zerion, who are able to detect suspicious looking transactions before you make them. CryptoGuard is an AI powered security extension that offers collaborative anti-fraud, phishing site blocker, and real-time scans that works directly in your browser no matter what wallet you're using.
- Always navigate directly to a site before you enter any information. For example, if some Metamask scam bot tells you to "click on this link for further assistance," you may as well kiss your crypto goodbye. Navigate from your Metamask extension to Support and ask for support there.
- Never click on any link from a random direct message on any social media platform. Direct messages and even public posts from X, Discord and Instagram are infamous for ensnaring people into crypto scams.
- Do not get excited when you see official-looking emails claiming you made an NFT sale or that one of your centralized exchange accounts was hacked. Look at the link itself, the design and branding, or the text of the email as tools to signify a possible crypto scam. Look at the sender address, which will be similar to the real email address but slightly off, and navigate directly to the site from which the email claims it is supposedly representing. But never click on any links or connect your wallet to anything sent to you in email.
- Watch out for address poisoning. Just like you need to look carefully at any site you're sent in an official looking email to see if even one letter or phrase is off, it's even more important when you're copying and pasting wallet addresses, especially if you use the address all the time. Address poisoning is when hackers study the transaction history of their victims’ wallets and look for addresses they interact with the most. According to Coindesk, "They then create a blockchain address that would look familiar to their target and send the victim a transaction with little-to-no value. This transaction is meant to “poison” an intended victim's transaction history by putting the malicious address in a place where they may mistakenly copy and paste it when they make their next transaction."
- Crypto companies normally do not advertise on Google. Never click on search engine ads.
- You don't need to be in Web3 to know that if someone you don't know sends you software to download, you never, ever, ever, on pain of death, download it. That hack has been around since people were still running wwIV boards.
- Did you get an awesome-looking airdrop or a free NFT that seems too good to be true? Chances are, if you interact with them in any way, you are going to get your wallet drained. Don't even touch them.
- Use two-factor authentication for anything that demands the use of email addresses and passwords.
- Never store your passwords, seed phrases or private keys somewhere like Google or iCloud. Write them down, take photos of what you wrote and store them on offline USB drives to be placed in safe locations.
- What dApps are your wallet connected to? Periodically review the connections in your wallet. Delete the ones that are no longer necessary. If you must, use a service like revoke.cash.
- Use a separate browser for operations with cryptocurrencies and select an incognito browser mode.
- Do not download any crypto add-ons except CryptoGuard.
- Get a separate PC or smartphone just for crypto trading. Some people refuse to use a phone for anything related to Web3 and use apps like Bluestacks instead to create a virtual Android machine.
- Make sure your antivirus and install network protection is up to date, which you should be doing anyway.
These are some of the precepts that can help you keep your crypto safe from crypto scams, but even they won't necessarily save you from every one.
Crypto Coin Scams
The social engineering that drives fear and greed have made many people send their crypto to unknown wallets for hopeful gains. They inevitably never come to pass. Whether they're influencer accounts with huge followings, creatives with real portfolios (like Temple Pharmacy) or just accounts you came to from word-of-mouth, or alpha, the only thing that will save you from aping into crypto coin scams is keeping a rein on your emotions.
Check out this interview with Richard Sanders, founder of CipherBlade, to learn about the mindset you need to protect yourself from crypto coin scams.
It's also recommended to follow ZachXBT on X to learn more about crypto scams, including crypto coin scams, and watch him make fun of everyone falling for them.
There are many more types of crypto scams using tricks like fake profiles, giveaways, pump and dump schemes, exit scams, fake ICOs, SIM swapping, and other traps for the unwary adventurer in the crypto space.
There are even crypto scam-as-a-service offerings. These developers provide wallet-draining kits that include malware and other code to scammers. Their fee is a percentage of the stolen amount, typically 20% or 30%. This makes it much easier for crypto scammers to create fake websites or ads to lure victims into interacting with malicious smart contracts.
But now, you can identify many of them and steer clear of anything sketchy that might make you lose your bags. We're happy to have been able to give you the information you need to keep yourself safe from crypto scams. So cover your (redacted), do your own research, and remember what we've told you here today.