In this article we are going to cover:
- Seed Phrase Phishing
- Free Giveaways
- Ponzi Schemes
- Scams Target Newbies
- 1. Seed Phrase Phishing
- 2. Free Giveaways
- 3. Ponzi Schemes
- 4. Rugpulls
- 5. Malware
- Lessons Learned
- Have You Already Been Scammed? We Can Help!
In this article, we’re going to cover the top five most common Bitcoin and crypto scams, ending each lesson with a tip on how to avoid losing your money so you can continue taking advantage of all that crypto has to offer well into the future.
Scams Target Newbies
Emerging markets are full of information asymmetries that make it easy for unscrupulous scammers to take advantage of those new to the space.
Crypto scams are no different.
They often target those who are still learning the technical ins-and-outs of the ecosystem and don’t know what they don’t know.
That’s why so many people who enter the space buy a few coins and get them stolen. They get burned, and then leave with a bitter taste in their mouth.
However, with a little bit of education, we can greatly reduce the number of people being preyed upon by scammers. With a little education, we can teach you to identify these scams before you fall for them.
If you are reading this because you have already been scammed, then we may be able to help you out with that as well!
1. Seed Phrase Phishing
Your seed phrase is the key to the safe that contains all your crypto-assets. As such, it’s worth protecting. Someone who gets their hands on your seed phrase has access to every coin within your wallet.
Your seed phrase is even more important than your bank password, as there’s no one with the power or authority to reverse the transactions that are draining your wallet. Seed phrases are unique to cryptocurrency, and so many new users don’t treat them with the importance they deserve. But there’s need to learn that lesson by falling for one of the many seed phrase phishing scams out there.
The number one way that people compromise their seed phrases is by entering it on a phishing website or application.
And this is easier than you might think.
Scammers routinely create malicious Google ads that appear at the top of searches like “ledger wallet” or “MyEtherWallet”.
These advertisements link you to phishing websites or browser extensions that are designed to look exactly like popular wallets such as Metamask.
The only time you really need to use your seed phrase is when migrating an existing wallet to a new device: from a paper wallet to a new hardware wallet, for example.
So before entering your seed phrase into any online form or app, think it over once, twice, twenty times.
There really are very few situations where your seed phrase is required.
Of course, it’s better to just avoid these situations altogether.
To avoid ending up on one of these not-so-obvious scams, triple check the URL of any website you’re interacting with. Also make sure to use bookmarks to direct you to your most used applications.
Even if you never share you seed intentionally, someone might find it.
That’s why many people opt to split their seeds into two-of-three shards.
You don’t want anyone to gain access to the 24 words that make up your seed phrase.
For this reason, many people opt to split their 24 word seed phrase up into multiple pieces, and then store each of those segments in different locations. The Billfodl Multishard makes this easy.
Using a product like this protects you in case someone finds your seed. They would need to find at least two of the three shards to get your entire seed. If they find just one, they are not getting your coins.
Additionally, to protect yourself from either of these attacks, try not to advertise the fact that you own crypto.
This will make you less likely to be targeted by individual phishing attacks (called spear phishing).
Scammers lurk Telegram, Discord, and Twitter and often pose as members of a project’s support team, directing you to a fraudulent website where you’re asked to input your seed phrase to claim a reward, unlock your wallet, or interact with an application. From there, they just rely on you to make mistakes.
Best not to attract their attention.
2. Free Giveaways
Free giveaways are one type of scam that generally target people new to the crypto world.
While those who have been around for a while may find it hard to understand how someone could fall for it, people who have heard rumors of the amazing power of cryptocurrency to double your money overnight may find themselves unwittingly giving up their ticket to the real gains that crypto can offer.
If you’ve watched any crypto-related livestreams on YouTube recently, you may have noticed the proliferation of simulcasts offering FREE BITCOIN!
If you send 0.25 BTC to the scammer’s address, you’ll get 0.5 BTC back. Send 0.5 and you’ll get a whole Bitcoin in return, and so on.
Sometimes, as was the case with The B Word’s live broadcast of Elon Musk, Cathie Wood, and Jack Dorsey’s Bitcoin discussion, these scams appear at the top of the search results.
Fake giveaways were also the scam of choice for the Twitter hackers of July 2020.
More than 130 high-profile accounts – including Musk, Barack Obama, Kanye West, Joe Biden, and many more – were compromised.
The hackers used these celebrities’ accounts to offer a too-good-to-be-true money-doubling offer, but for the next 30 minutes only.
Better act fast!
Luckily, not too many people fell for the scam.
About $100,000 of Bitcoin was found to have been sent to the scammer’s wallet.
The best way to protect yourself from falling for one of these fake giveaway scams is to step back and think about it rationally for a second.
You’re giving away your hard-earned crypto to someone you don’t even know, much less trust, in return for a promise that you’ll get everything back and more.
Sounds too good to be true, doesn’t it?
Of course, when that offer is coming from the blue check verified Twitter account of the current president of the United States, it’s easier to be a bit more trusting.
But if you take a breath and ask yourself how likely it is to be a real opportunity, you’ll save yourself a lot of pain in the future. Acting on FOMO – the fear of missing out – often leads to real missed opportunities down the line.
3. Ponzi Schemes
Ponzi schemes are not a crypto-native scam, unlike seed phrase phishing. Traditional finance has been the domain of the vast majority of Ponzi schemes so far.
The scam derives its name from Charles Ponzi, who operated a famous scam in the 1920s.
Mr Ponzi’s scheme focused on buying cheap international postage stamps in Italy and then reselling them in the U.S..
He claimed to have made more than 400% on each transaction – making it an extremely successful form of arbitrage. Ponzi promised initial investors 100% returns within 90 days.
Though the bank interest rate at the time hovered around 5%, some early investors did actually get their astronomical returns.
However, Ponzi soon ran into difficulties exchanging the huge amounts of postage stamps he was buying for cash. For a while that didn’t matter, as his clients were reinvesting their returns.
This allowed him to pay out the promised dividends while maintaining a lavish lifestyle.
Soon enough, as it tends to do, everything came crashing down. Facing life in prison for 86 counts of mail fraud, Charles Ponzi was eventually released after only three and a half years.
The golden rule of Ponzi schemes (and investing in general) is: If it seems too good to be true, it probably is.
It’s not always easy to think that clearly when presented with the potential for huge financial returns, however. And when the investment is in an industry that has in fact given gains in the tens of thousands of percent for early investors, it’s not surprising that Ponzi schemes have found their way to cryptocurrency.
While Bitcoin itself is a currency or commodity (not a Ponzi as some detractors like to allege), there have been a number of destructive crypto Ponzi schemes that have hurt the industry’s reputation and stolen money from unwitting investors.
Bitconnect is one of the most infamous crypto Ponzi schemes. Launched in 2016, the project promised investors returns of up to 40% monthly.
This was made possible by Bitconnect’s proprietary Price Volatility Software, which would actively trade for users.
All they had to do was stake their BCC tokens and watch their returns compound.
The hype this generated was massive. It pushed the Bitconnect token into the top 20 by market capitalization.
Yet the whole operation was fraudulent and built on the recruitment of new members by Bitconnect “educators.”
After regulatory scrutiny, Bitconnect received cease and desist notices from the British Registrar of Companies and Texas State Securities Board.
The Bitconnect Ponzi schemers announced the closure of their operation in January 2018 and the price of the BCC token instantly dumped 96%, wiping out nearly the entire value of thousands of people’s investments.
While Bitconnect is not the largest crypto Ponzi scheme ever (that distinction belongs to PlusToken, which defrauded investors of over $4 billion), it is one of the most famous.
This is partly due to the unforgettable videos their aggressive marketing produced…
Rugpulling refers to the act of a developer suddenly and unexpectedly dumping all the tokens their treasury holds on the market. This has the effect of cratering the price and effectively ending the whole project.
The developer pulls the rug out from beneath their unsuspecting investors.
This type of scam reached its peak in early 2021 with the proliferation of memecoins on Uniswap and Binance Smart Chain’s PancakeSwap.
Meerkat Finance, which launched on Binance Smart Chain, rugpulled after just one day of operation for more than $31 million. The devs made off with 13 million BUSD and about 73,000 BNB, leaving their users holding a worthless token.
A “good” developer will make their project seem as legitimate as possible to draw in as much money as possible before removing all the liquidity they provide on the decentralized exchanges (DEXs) where the token is traded.
Some solutions to the rugpull problem have cropped up. One example is Unicrypt, which allows developers to lock their liquidity for a certain period of time or establish vesting schedules. This is one way for well-intentioned developers to help create some trust in their project.
The other way to protect yourself from rugpulls is to thoroughly research any project you’re considering putting your money into. Anonymous developers are not necessarily a red flag – there are many anonymous or pseudonymous devs – but it does make it easier for them to get away with a rugpull.
The last of the most common crypto hacks and scams is luckily one of the rarest, but also one of the most frightening. Malware that takes over your computer can compromise unencrypted private keys, passwords, and just about anything else on your device.
A keylogger can capture the password you use to unlock your wallet, and a remote access tool (RAT) allows the attacker to take control of your computer to send your funds to their own wallet.
If you’re transacting regularly, a hardware wallet is a must-have. Hardware wallets store your private keys in a secure chip, so you could plug it in to the most malware-infected computer in the world and still theoretically be safe.
A more common form of malware used to steal crypto these days is Ransomware. This type of attack is more targeted to institutions with valuable data, though individuals are not completely immune.
Ransomware encrypts all the data stored on your device, with the attacker promising to provide a decryption tool after the payment of a ransom with cryptocurrency such as Bitcoin (BTC) or Monero (XMR).
A slightly more benign form of crypto-malware is cryptojacking.
This involves an attacker infecting your computer with a virus that then mines ASIC-resistant cryptos like Ethereum on their behalf. It will slow your computer down, though the attacker has an incentive to keep their activities as low-profile as possible.
At the end of the day, no malware is good.
You want to protect yourself as much as possible. Antivirus software will help, as will utilizing good security practices when visiting potentially insecure websites and opening links from unknown contacts.
Seed phrase phishing, fake giveaways, Ponzi schemes, rugpulls, and malware are all risks to crypto investors. The freedom afforded by retaining control of your funds also means you’re responsible for securing your assets appropriately.
You can lower your risk of falling victim to these Bitcoin and crypto scams by doing the following:
Keep your seed phrase as secure as possible. Use a hardware wallet and keep the private key created by this wallet on a steel seed phrase backup device like a Billfodl.
No-one is going to double your crypto. Don’t send anything to an external address unless you’re selling it or happy to lose it all. Free giveaways are always scams.
Think about the realistic returns of investment schemes. If you don’t understand it, don’t invest in it. The marketing may be flashy, and you may hear stories of huge returns from early investors, but at the end of the day every Ponzi scheme collapses. If it sounds too good to be true, it probably is.
The same goes for newly-listed projects on Uniswap, PancakeSwap, and other DEXs. Do your own thorough research into any project you’re considering investing in. Learn about the team, and use blockchain explorers to check the largest token-holding wallets. Inquire about these wallets’ relation to the developer team. If you get half-answers or non-answers, move on - it’s hard to invest in them if you’re trying to bounce back from being rugpulled.
Use common sense and standard antivirus protection to keep your computer secure. A dedicated machine that’s used only for crypto is best, but a hardware wallet will provide you with many of the same guarantees (and a few more) with much more convenience.
Above all, remember that it’s your responsibility to avoid falling for any of these common Bitcoin and crypto scams. Self-custody gives you back control over your assets and financial future, but it also means the responsibility to protect yourself is all yours.
This article should have given you a primer on some of the most common Bitcoin and crypto scams, so now you can venture forth armed with a little more knowledge of how to protect yourself as you explore all that crypto has to offer.
Have You Already Been Scammed? We Can Help!
Let’s talk. The team here at The Crypto Lawyers are very experienced at tracking down lost or stolen coins and trying to bring the scammers to Justice.
The best thing you can do right now is schedule a time to talk to us.
Time is really of the essence here. The longer your coins are out of your possession, the harder it is to get them back.
What are the most common Bitcoin and crypto scams?
Some of the most common Bitcoin and crypto scams include seed phrase phishing, free giveaways, Ponzi investment schemes, rugpulls, and malware. There are many different types of each scam, so read on to learn how to recognize them and protect yourself.
How can I protect myself from Bitcoin and crypto scams?
The exact answer varies depending on the type of scam, but there are some general rules you can use to keep yourself as safe as possible. First and foremost, keep your seed phrase in a secure location. A piece of paper is much too fragile to store any real amount of money on, so use a Billfodl for cold storage, and a hardware wallet if you transact often. Apart from that, keep the fact that you own crypto to yourself, if possible. A low profile makes you less of a target. And finally, use common sense. If it seems too good to be true, it probably is.
How much money has been lost to crypto hacks and scams?
The answer is hard to determine exactly, but it’s in the billions of dollars. The 850,000 BTC lost from Mt. Gox alone would today be worth over $32 billion.