The growth of the blockchain and cryptocurrency space has been undeniably exciting. Tech innovation and the fast paced new trading paradigm continues to attract big crowds, but this also includes a number of bad actors.
Based on Cryptonerds’ (https://twitter.com/CriptoNerds) beautiful infographic, we want to outline some information to help the community identify and avoid scams. People are generally more aware now than in the past, but new scams are still perpetrated daily.
Types of scams
- Fake ICOs
In a recent study 80% of the ICOs conducted in 2017 were identified as scams. One of the most popular was Confido. In November 2017, the team raised $375,000 and disappeared shortly after. As soon as the news spread, the token price plummeted from $0.60 to $0.10 in less than 2 hours and then to fractions of a cent a few hours later.
An even larger ICO scam was Centra, which raised $32M and was supported by celebrities Floyd Mayweather and DJ Khaled. In April 2018 the two founders were arrested, and in a similar manner to Confido the coin lost almost all its value following the news.
Another typical ICO scam is simply listing fake team or advisor profiles, be they imaginary with stock images or often blatantly stolen from well known advisors. Images of team members can easily be reverse image searched on Google. If you find a match under a different name, it is likely that the ICO is a scam, especially if the picture happens to be of Ryan Gosling — as per an ICO named Miroskii earlier this year.
Other Fake ICO scams:
2. Social media giveaway scams
Be aware of social media groups and users (on Facebook, Telegram and Twitter), sometimes impersonating notable figures in the crypto space such as Vitalik Buterin or Andreas Antonopoulos, that offer giveaways. Whenever you read “send 1 ETH to this address and receive X amount back”, that ia a sure scam. Crypto is money and nobody is giving away money for free.
3. Cloned websites
Exact clones of legitimate projects, generally exchanges or ICO websites, are used to steal funds and personal information. Always double check the URL and bookmark the websites that you visit often. Cloned websites will use similar letters in the URL to make it look like the real one at a quick glance, for example using “m” instead of “n”, “0” instead of “o” and so on.
Cloned website examples: https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.htmlhttps://www.reddit.com/r/CryptoCurrency/comments/7ykzar/be_careful_of_spoof_exchanges_would_you_have/
4. Ad scams
Be aware of ads leading to phishing sites. Recent examples include Google Ads to cloned exchanges and Reddit ads to Trezor hardware wallet sale offers. Always bookmark the legitimate URL and don’t visit other URLs even if they look similar. Chrome extensions like Metamask help to avoid phishing sites.
Ad scam examples:
5. DNS hacks
Both Etherdelta, a now almost defunct decentralized exchange, and MyEtherWallet were victims of DNS hacks (https://www.ccn.com/cryptocurrency-exchange-etherdelta-hacked-in-dns-hijacking-scheme/, https://bitcoinist.com/myetherwallet-users-lose-funds-to-dns-hack/). A DNS hack occurs when traffic is redirected from the legitimate website to the scam site by modifying DNS records of the legitimate site. This means that a user visits the correct URL, but is unknowingly redirected to a scam site. These are particularly tricky because even if you visit the site from a bookmark, you may still be deceived. One great way to avoid DNS hacks is to verify the SSL certificate of the website you’re visiting. Major targets for DNS hacks such as MyEtherWallet or MyCrypto both have specific SSL certificate names. If the SSL certificates don’t match or you receive an error exit the website immediately. Another way to prevent DNS hacks for MyEtherWallet and MyCrypto is to run them offline locally on your computer.
6. Email scams
Also known as phishing, fake emails can redirect the users to fake websites where they attempt to steal funds and personal information. These often arise during ICO crowdsales. Databases of emails and other personal information have been obtained by scammers from past ICOs in an effort to fleece future investors of their funds.
7. Fake support teams
Another type of phishing campaign, these groups pretend to be the support team of a project and ask for personal information, deposits, or private keys.
8. Fake exchanges and apps
When it comes to exchanges, stick to the well known ones such as Binance, Kraken, Bitfinex, Kucoin, Huobi, Bibox, Coinbase and Gemini. At the moment of writing, CoinMarketCap lists 204 exchanges and there’s a good chance that among them there is another BitKRX, a fake exchange that was discovered and seized in 2017: (https://www.coinwire.com/south-korean-government-cracks-down-on-fraudulent-exchanges).
Another example from the Ukraine: https://news.bitcoin.com/six-fake-crypto-exchange-sites-busted-by-ukraines-cyberpolice/
Also, watch out for the legitimacy of apps you download to your phone or browser.
9. Cloud Mining scams
The increasing popularity of cloud mining, due to higher costs of mining equipment and electricity for individuals, has given bad actors another easy way to perform fraudulent activities. A well known case is MiningMax, a cloud based mining service that was asking people to invest $3,200 for daily ROIs over two years, and a $200 referral commission for every personally recruited investor, making it a clear ponzi scheme. The website scammed investors out of as much as $250 million.
More examples here:
10. Ponzi, pyramid and multi-level
A Ponzi scheme is an investment fraud that involves the payment of purported returns to existing investors from funds contributed by new investors. The most notorious Ponzi scheme in crypto was Bitconnect. It surprisingly managed to stay active for a year, until they executed the largest exit scam to date (https://thenextweb.com/hardfork/2018/01/17/bitconnect-bitcoin-scam-cryptocurrency/). At the moment of the collapse, the market cap of Bitconnect was around $2 billion and the price of the single coin was around $320. In less than 24 hours it plummeted to $6 and the market cap was reduced to $40 million. Bitconnect had a huge following and the marketing was very well orchestrated as it often happens in successful pyramid schemes. Bottom line, always think with your head and if something sounds too good to be true it probably is.
Some redditors compiled a list of Ponzi schemes in the cryptosphere a while ago, doesn’t hurt to check once in a while: https://www.reddit.com/r/CryptoCurrency/comments/7r6chx/here_is_a_list_of_crypto_ponzi_schemes_and_people/
11. Malware and Crypto Mining
Malware in crypto comes in two forms; the most common comes when malicious software is installed, generally with naive consent of the user, on a computer or mobile device, with the intent of stealing private keys or funds.
Crypto mining malware is the second form. In this case the malware secretly uses the infected computer’s resources to mine cryptocurrency, effectively creating a decentralized mining network (https://www.zdnet.com/article/why-cryptocurrency-mining-malware-is-the-new-ransomware/).
One telltale sign of crypto mining is increased CPU or GPU usage. This can result in your device becoming more noisy as the fan speed increases to keep the device cool.
Be extremely cautious when installing software on the computer that you use for trading or dealing with crypto. If you’re using Google Chrome, pay attention to the extensions that you are installing and in general always double check the authenticity of the app and its source.
Some more resources this regarding: https://www.androidauthority.com/millions-android-phones-hijacked-mine-cryptocurrency-837374/
12. Fake Pools and OTC scams
Fake pools are generally organized through Telegram or Discord group chats. These groups offer allocations for upcoming ICOs and ask you to send funds, generally Ethereum, to contribute to the pool in order to receive the ICO tokens later on. While some of these groups are legitimate although generally very hard to get into — they might require a steep monthly fee, KYC and a specific skill set — most of them are just scams. Moreover, due to the anonymous nature of crypto, once you send the funds to a fake pool there is no way to get a “refund”.
Fake OTC (over the counter) scams operate the same way. They offer to sell or buy assets directly from you, ask you to send the funds first and then never send you anything back. OTC deals are extremely risky so proceed with caution and use a trusted third party as an escrow. Be careful since the intermediary could be an accomplice of the person that is offering the OTC deal.
13. Pump and dumps
Image Source: https://bitfalls.com/2018/01/12/anatomy-pump-dump-group/
Pump and dump groups manipulate the price and the volume of a coin — generally lesser known, lower cap coins. They initially pump the price in a short amount of time by coordinating the purchase of large amounts and subsequently they sell it dumping the price. The caveat is that these groups have different levels and the higher levels communicate which coin is getting pumped to the lower levels only when they already bought it. The lower levels are the ones that are getting dumped on. These are in fact pyramid schemes. https://cointelegraph.com/news/pump-and-dump-in-crypto-cases-measures-warnings
14. Phone hacks
Recently several prominent crypto influencers reported their assets stolen by the attacker taking over control of their phone number. How this works is shockingly simple. The attacker impersonates the owner of a phone number when calling the mobile phone provider and asks for the number to be transferred to a new SIM. Consequently the attacker has access to your email, 2FA and all relevant tools to steal your assets.
Here are some recent reports:
This video and article from Motherboard sums up how to protect yourself from phone hacking:
Typical Red Flags
- Promise astronomical gains
Always keep in mind that if it sounds too good to be true then it probably isn’t true. Simply put, always suspect of any project that offers high returns on your investment.
2. You have to invite more users
Doubt and suspect: when you are asked to invite other users it is a clear sign that it is a Ponzi scheme. Although keep in mind that affiliate programs are a different thing and always voluntary.
3. They ask for your private keys
Never share your passwords, private keys or security phrases. Any individual, project or ICO that asks for your passwords, private keys or security phrases are scams.
4. Previous scam
A scam will always be a scam. If a project or a startup or an individual has been accused of being a scam in the past, be careful as it might be that they might be a scam again.
5. Project team
Do not trust articles or a website of a project. It is of utmost importance to verify that the team has LinkedIn profiles and possibly go beyond that and do a full background check with Google and Twitter/Facebook. If the team information isn’t public there’s a good chance that it could be a scam.
How to evaluate the legitimacy of ICOs
Are there full names and faces associated to the project?
Do they have active LinkedIn or other social media profiles?
Is the whitepaper original or is it a copy of another whitepaper?
Are there confirmed partnerships with other companies?
Does the project have a roadmap, a working product or it’s just an idea?
Are they a registered and incorporated company?
If the project has been abandoned, then it isn’t worth your time and money.
- What do people say on the different social media channels about this project?
- Is the team interacting with the community and what is their attitude?
Not everything needs the blockchain.
Does the project need the blockchain or can the problem be solved with a classic database?
Is the technology behind this project actually solving a problem?
Is there any other project that is trying to solve the very same problem?
Does the project have a clear objective?
Did the team meet the deadlines in the past and reached the goals stated in the roadmap?
Did the team run into any problem during the development and how did they handle it?
Has the coin been through a pump and dump before?
Was there any recent change on the team structure?
At the end of the day, while there are numerous scams, schemes, and perpetrators of various fraudulent activities throughout crypto, the best approach is to proceed with a reasonable degree of skepticism and care. Despite the number of fraudulent projects, there are countless reputable, and well run projects and groups that make investing in cryptocurrency worth while.
As with many things in life, exercising reasonable caution when dealing with finances is the best approach, so whenever you are visiting a new website, see something that feels too good to be true, or are storing or accessing information using your private keys, take care , and ask yourself if you could be exposing yourself to any undue risk.