Approximately 562 million people globally are thought to own crypto. And the ecosystem is growing – but so are crypto scams.
For opportunists, this burgeoning industry is a honeypot waiting to be exploited. The amount of crypto stolen each year through crypto scams and hacks is on the rise, seeing a 53% year-over-year increase in 2023. The alarming trend underscores why you must be aware of crypto scammers, and understand the dynamics of how crypto scams work.
In this article, we explain blockchain’s most common fraud strategies so you know how to avoid crypto scams yourself.
Top 10 cryptocurrency scams 2024 |
---|
1. Fake crypto exhchanges and wallet apps |
2. Paypal Bitcoin invoice scam |
3. Customer support scam |
4. Crypto romance scams |
5. Pump and dump schemes |
6. Celebrity crypto shilling |
7. Fake giveawways |
8. Malicious smart contracts and token approvals |
9. Man in the middle (MITM) attacks |
10. Protocol hacks and exploits |
Crypto scammers target users using fake crypto exchanges, fake websites and sometimes fake crypto wallet apps. This is a type of phishing that relies on a legitimate-looking website or download button to con users into parting with their crypto
For example, a common crypto scam is to set up a fake crypto exchange. It promises unrealistic returns or bonuses in exchange for a “sign-up fee.” Of course, there is no bonus, and the sign-up fee goes directly from your bank account to the scammers who set up the site.
Similarly, you may encounter a fake wallet app. The bogus interface requests your seed phrase or prompts you to send your crypto to your “new wallet”, which is just the scammer’s wallet. A great example is the fake Trezor wallet app, which appeared in the Apple App Store and pretends to be a popular crypto wallet. The scammers requested users to enter their credentials, including their seed phrase, which could give scammers access to user accounts.
Maintain skepticism towards too-good-to-be-true offers and verify the legitimacy of exchanges before you dive in. Check URLs and user reviews to verify that the platform is genuine. You should never be asked for any money to download a wallet or join an exchange. And remember: never share your Secret Recovery Phrase. Ever.
Cryptocurrency scams tend to use existing brand names or relationships to establish a degree of trust with the victim and the Paypal Bticoin scam is a great example.
It involves a third party sending fake invoices to your Paypal interface for Bitcoin you never purchased. They lure you into calling a number and then request remote access to your account to “resolve the issue.”
Let’s use an example scenario. A PayPal user received an email with the platform’s logo claiming a Bitcoin purchase of $548.15 from Coinbase, a service they never used. The email, designed to create panic, offered a phone number to open a dispute, a classic tactic for getting victims to hand over critical account data. This set the stage for the malicious actor behind the scam to empty the victim’s account.
Anyone can send an invoice on PayPal. The only way to verify your transactions is to log in to your account and check directly. If unsure, contact your account provider directly rather than using numbers from suspicious emails. Never give remote access or personal details over the phone.
Fake customer support is a very convincing way to begin phishing scams. Here, scammers impersonate crypto customer support agents from NFT marketplaces or wallet providers. They might contact you through social media to discuss fake account issues. Behind the trusted guise of “customer service,” the scammers then deceive you into providing your recovery phrase or account credentials.
For instance, a user received a link that appeared to be KuCoin’s customer service on Telegram, but it was a scam designed to steal information.
Always verify the legitimacy of customer support requests through official channels of your NFT or crypto marketplaces and never share private keys or click on suspicious links.
Also known as pig butchering, crypto romance scams involve fraudsters creating fake identities on dating apps. From there, they select a target and build trust to exploit victims financially down the line. This often manifests as convincing them to invest in fraudulent cryptocurrency ventures.
The FTC recently warned of crypto romance scams, citing it as one of the most common and lucrative approaches for scammers.
Be cautious of romantic interests asking for financial help or investments. Anyone can create a false persona online. Contact authorities if you suspect you’re being targeted.
Pump-and-dump scams are a subcategory of investment scams. Fraudsters with an established position in a project make false or vastly exaggerated claims about it to drive up the price. At the peak of the market, they sell out, crashing the price of the project—leaving victims with a worthless asset.
The rise of Web3, where anyone can develop a project and market its tokens, has given bad actors new opportunities to deploy this scam. Crypto scammers create fake projects and buy large positions in their native tokens. They then create fake excitement around the project online to inflate its price. This might include making false claims about its utility or the project’s roadmap and sowing a sense of urgency to pressure victims into buying.
Unsuspecting investors buy in at the inflated price, but then the scammers quickly sell their holdings, crashing the price. The Squid Game pump-and-dump scam saw its creators lock in investors and disappear with over $12 million after selling their tokens.
Shilling is another subset of crypto investment scams. As the name suggests, this crypto scam involves celebrities promoting crypto projects with false promises, creating hype to inflate prices. They often fail to disclose payment for endorsements or personal holdings.
For example, the SEC recently charged Lindsay Lohan, Jake Paul and a handful of other celebrities for shilling crypto projects without disclosing they were being paid.
And crypto shilling is often even less obvious than this. For example, where an individual holds a huge stake in a given asset, and also has a huge audience, they can hype up the asset to their followers. By creating buzz and demand, the shill increases the value of their existing holdings, all thanks to a few Tweets. Some speculate that crypto whales like Elon Musk engage in this type of shilling.
The credibility of a trusted brand makes it a great tool for persuasion, and this is the crux of fake crypto giveaway scams. Here, scammers promise free money while impersonating celebrities or companies you know and trust – all you need to do is send them the private key for your crypto account! They use fake social media accounts and bots to create an illusion of legitimacy, exploiting your trust and the fear of missing out.
In 2020, scammers took control of celebrity accounts like Elon Musk and Joe Biden on Twitter to promote fake crypto giveaways. The source made them believable, luring many victims in the process.
FAST FACT
The Internet Crime Report revealed crypto fraud losses reached $3.96 billion in 2023!
Web3 is built on smart contracts, and more or less, every interaction involves signing one. But clever scammers can use legitimate-looking smart contracts as a Trojan Horse to deploy malicious code, and gain access to your wallet. This means you’re only one small mistake away from a cryptocurrency scam whenever you sign a transaction.
In February 2022, a phishing scam tricked users into signing a malicious smart contract, transferring all their NFTs to a hacker’s address. The Opensea Malicious Smart Contract scam resulted in a loss of $1.7 million.
A Man-in-the-Middle (MITM) attack in cryptocurrency involves an attacker intercepting and altering the communication between two parties. For instance, crypto fraudsters could infiltrate your network and tamper with address displayed during a crypto transaction. The aim of this type of attack is to direct your funds to their wallet instead.
Andrew Schober, heavily invested in Bitcoin, downloaded a fake wallet app, Electrum Atom, through a malicious link. This malware launched a man-in-the-middle attack, stealing nearly $200,000 in Bitcoin by swapping copied addresses with the attacker’s during a transfer.
Protocol exploits occur when attackers find and exploit a protocol’s code vulnerabilities, leading to unauthorized access to funds locked in the protocol. This is particularly prevalent with blockchain bridges, which are protocols that lock-up huge amounts of crypto in a pool to create synthetic counterparts (wrapped crypto).
The most famous (and severe) example of this is the Solana Wormhole Hack. Here, hackers stole $321 million in crypto by targeting a flaw in Wormhole’s bridge on the Solana blockchain – the biggest crypto hack of all time.
This same risk also applies to software wallets. The 2023 Trust Wallet hack saw users lose a total of $170,000 over six months thanks to a vulnerabillity in the wallet’s open source code. All of this to say that your wallet or crypto tool is only as safe as its underlying code.
Educating yourself about cryptocurrency scams is crucial in 2024. Scammers are constantly devising new tricks to steal your hard-earned cash. The good news? A little education can be your shield.
This guide will equip you with the knowledge to navigate the crypto world confidently and avoid falling victim to scams.
Verify the legitimacy of websites and wallet apps. Here’s how:
Official Sources: Visit the official cryptocurrency or project website to see if they recommend specific wallet apps.
Your private keys and recovery phrase are like the master password to your crypto. Never share them with anyone. Customer support or anyone claiming to be from the platform must use official communication sources. Legitimate companies will never ask for your account information.
Phishing scams nearly always begin with a message. If you receive a private message, especially from someone you don’t know, take a step back and question its legitimacy.
Crypto projects and platforms typically communicate through official channels like email or announcements on their platforms. So, if a stranger slides into your DMs offering investment advice or claiming a problem with your account, it’s a major red flag.
Cryptocurrency wallets often ask you to approve transactions before interacting with a project. But as you know, signing just one malicious transaction or approval can empty the crypto assets from your wallet. Take time to learn about:
Keeping your digital assets safe goes beyond online vigilance. Consider using a hardware wallet – a physical device that stores your private keys offline. Hardware crypto wallets are not connected to the internet, making them much less vulnerable to hacking attempts.
If it sounds too good to be true, it probably is. Cryptocurrency scams often rely on hype and urgency, but don’t let this cloud your judgment. Instead, do your own research! Use tools like Etherscan to check a project’s fundamentals, token contract and trading activity. You can also dig into the project’s whitepaper to understand what you’re investing in.
Vigilance and knowledge are your best defence against cryptocurrency scams. Scammers may be cunning, but by arming yourself with information, you’ll be well-equipped to participate in the crypto market. Remember, crypto moves fast, so stay informed and never stop learning.
With a healthy dose of skepticism and the right knowledge, you can transform yourself into a savvy crypto investor and protect yoour digital assets.