It seems each day brings another ICO, another altcoin trying to earn its place in a quickly growing market. Coinmarketcap tracks 865 publicly traded cryptocurrencies, and there are more on the way. These coins can be bought and sold on dozens of different exchanges and stored in one of 1000+ digital or cold storage wallets. Proliferation of these entities has added a great deal of confusion to the already complex “getting started” process, and this has created an ideal environment for scamsters to thrive. Scams have pervaded the space between users and legitimate crypto service providers, but they can be easily avoided by being familiar with their tactics and following a few simple rules.
Scams can be broken down into the following categories, by order of prevalence.
Phishing can be further divided into several different types, but ‘spear phishing’ is the biggest threat and involves directly attacking an individual through malicious emails or similar avenues. Spam filters have helped reduce phishing success to an extent, but to be 100% safe, do not open emails from anyone you do not know. If the email title is ‘clickbaity’ in nature, that is all the more reason to delete it without opening. Furthermore, do not follow links from any email unless it was sent at your request (i.e. activation email for an account you just signed up for) or you were otherwise expecting it.
Phishing may also be done through a more indirect approach where malicious links are disseminated via social media. If you stumble across links or articles representing something that is too good to be true, it likely is. Avoid anything that looks like spam, especially those posts advertising “daily Bitcoin revenue” with “photo evidence” of legitimacy asking you to post a certain word for more info. Those are dead giveaways.
If you plan on participating in any ICOs, exercise extreme caution, as this is the most common environment for phishing scams. Take CoinDash for example, who’s ICO was hacked within minutes, resulting in $7 million (37,000 ETH at the time) in stolen Ethereum. The hacker accomplished this by hacking the CoinDash website and switching the wallet address to his/her own, thereby redirecting all of the investment funds.
Another infamous phishing ruse was only recently discovered by Comparitech.com and involves channeling users to a malicious website through Google’s search engine. ‘Bitcoin mixing’, when searched on Google, returns the site as the top result. Many of the links found within direct users down a path of stolen Bitcoin and regret.
Malware differs from phishing in that it generally requires a download or other means of initiating certain executable code. Once activated, it will gather sensitive information from your online engagement as you go through your daily routine, logging into accounts and entering passwords etc. This information is then harvested and used to access your accounts without your permission or knowledge. Malware may present itself in several different forms, the most common being a Trojan Horse. This type of malware derives its name from the Greek story of how one of the greatest ancient cities was infiltrated and destroyed by a hollow horse full of soldiers. In a similar fashion, Trojan Horse viruses commonly act as backdoors allowing remote access to a user’s personal information.
When downloading wallet software or other crypto-related software, ensure you are doing so through official channels only. Malware has been known to be integrated into fake or infected wallet downloads. Downloading an infected wallet will generally lead to loss of all funds deposited.
Watch out for malicious apps as well, even from well-respected outlets like the iTunes store. Recently an app called LocalBitcoins was discovered to have been set up for the express purpose of stealing Bitcoin. It was removed from the store soon thereafter, but a few users were affected.
Flipping Scams or Doubling Scams are easily identified and easily avoided by that virtue. These scams involve a “trust trade” whereby the scammer claims to double/multiply your investment over a very short timeline, sometimes overnight. Anyone foolish enough to participate will quickly find that the other party never intended to follow through on the promise, and be left empty handed. Flipping scams are commonly advertised on social media. Again, if it looks like spam and is too good to be true – ignore it.
Pump-and-Dump scams start when a group of people overhype a particular altcoin for the purpose of making very quick return on investment. Prior to hyping the coin they initiate a sizable position only to dump it immediately once their target price is achieved. Anyone that is not an early participator will realize heavy losses as it is sold off. These can be easily avoided by doing intensive research prior to initiating a new altcoin position, collecting information from multiple authorities, and only using trusted, well-known sources.
Scams and traps permeate the internet, but they are all easily identifiable and avoidable if you know what to look for. Keep these tips in mind, and never fall victim to scammers again!