The most common crypto scams & how to avoid them
- Fake crypto giveaways
- Fake crypto trading bots
- Crypto phishing scams
- Crypto security best practice
With parabolic price increases, stories of fortunes being made overnight and the increasing endorsement of celebrities and high-profile entrepreneurs, new adopters are rushing into the crypto space. Most unfortunately, are unprepared for the risks of being scammed, so we’ve pulled together a list of the most common crypto scams and how to avoid them.
We've broken down each of the main crypto scam tactics, looking at how they work, recent examples and how best to avoid falling victim.
As a general rule, the best way to avoid being scammed is to simply learn more about crypto before investing. We are the first generation with access to financial sovereignty. This is a huge privilege, but comes with significant responsibility, so make sure you do the necessary research. Scams rely on ignorance and inexperience to succeed.
A good place to start is learning about crypto security, and the basics of safe storage. Crypto offers a secure way to store your wealth but there is no customer support, the best line of defence against crypto scams is awareness and education.
Don't be afraid to ask questions on places like Reddit, Twitter or Discord. You'll generally find people are helpful and supportive.
Fake Crypto Giveaways
Here's what fake crypto giveaways generally involve:
- Scammers hack or impersonate big Twitter accounts & use networks of accounts to amplify messages or lend credibility
- They promote giveaways the most common invites people to send crypto & get double back
- They link to professional looking websites often fake versions of very popular services
- Those that are tempted into sending crypto receive nothing & never hear back
How do fake crypto giveaways work?
Fake crypto giveaways generally involve scammers gaining access to verified social media accounts; creating fake versions of verified social media; creating fake versions of genuine websites to promote the scam.
Fake crypto giveaways have been very common since the ICO boom of 2017. Usually found on social media, these scammers attempt to get people to send cryptocurrency to an address with the promise of receiving an increased amount of currency in return.
The scammers often use social media accounts pretending to be big celebrities such as Elon Musk to trick people into believing the offer is real. Due to the nature of crypto wallets, once the funds are sent it is very difficult, nearly impossible, to get the funds back.
Recent examples of crypto giveaway scams
The most high-profile example of this kind of crypto scam happened in July 2020 when Twitter accounts of big celebrities and politicians, like Elon Musk and Joe Biden, were hijacked and used to promote a giveaway.
As the tweets came from the actual accounts, it lent some credibility to the promotions, duping many people.
The same approach was used more recently, in May 2021, when unused but verified Twitter accounts were hacked and used to promote a fake giveaway in connection with Elon Musk's appearance on US tv show, Saturday Night Live. Scammers reportedly made $100,000.
How to recognise fake crypto giveaways
These scams can be easy to spot once you know what you’re looking for. Firstly, they are too good to be true. There is no reason anyone is going to offer to double your money in this way. What would their motive be? Engage your scepticism, ask for an outsider’s opinion, try not to be seduced by the money, that is exactly how these scams hook people.
If it seems too good to be true, it probably is. As a general rule, no one is going to give you free cryptocurrency.
They tend to pose as celebrities or famous businessmen, but fake accounts can be spotted by the absence of a blue checkmark. Sometimes a fake blue checkmark can be used, or the genuine account hacked, so be sure to check the username and search to find if there are any other accounts under the celebrities name that look like the legitimate one.
Dig into the comments and replies because often more savvy users will see the scam for what it is and try warning people off. The scammers will use other fake accounts to try and create legitimacy but if there is any doubt whatsoever, you should assume it is too good to be true.
If you are tempted to click on the links take a close look at the urls, which are often close copies with minor differences and the absence of the SSL certification, the lock symbol which should be present in the browser address bar, just before the start of the url.
If none of this puts you off, listen to words of this unfortunate German who got scammed for 20 Bitcoin, as reported by the BBC.
I realised then that it was a big fake. I threw my head on to the sofa cushions and my heart was beating so hard. I thought I'd just thrown away the gamechanger for my family, my early retirement fund and all the upcoming holidays with my kids. I went upstairs and sat on the edge of the bed to tell my wife. I woke her up and told her that I'd made a big mistake, a really big mistake.
Whale Alert estimates that fake crypto giveaway scams generated $18million in the first 3 months of 2021. The image below is a fake BBC website promoting a Tesla giveaway.
Trading bot crypto scams
Here's what trading bot crypto scams generally involve:
- Tempt investors in with unrealistic monthly returns
- Payout existing users with deposits from new users
- Once a crucial threshold is reached rewards stop, funds cannot be withdrawn & the scheme collapses,
How do trading bot scams work?
Fraudulent trading bots have been around in crypto for years. They usually promise investors guarantees of very high rates of return for investing funds with them, but in reality have no trading function.
These use a pyramid scheme approach, attracting deposits from new investors to pay the returns on earlier investors. This can work for long enough to keep earlier investors happy and allow the scammers to accumulate enough funds and plan their exit when the scheme inevitably collapses.
Examples of trading bot scams
One of the most famous example of a trading bot scam is Bitconnect, which stole an estimated $250 million from investors who were promised a monthly return rate of 40%.
It encouraged users to stake Bitcoin and receive Bitconnect token rewards generated from a fake trading bot. At one point it was among the top 20 cryptocurrency tokens, and the price went from $0.17 to an all-time-high of $463 in December 2017, only to crash by over 90% within a month, before eventually collapsing entirely.
Despite Bitconnect's high profile collapse there have been other examples of projects successfully masquerading as genuine cryptocurrency projects, such as OneCoin, which has been estimated to have defrauded investors of several billion euros.
What makes trading bot scams hard to detect is that early users receiving the promised returns will want the scheme to continue, and often defend it. They are often incentivised to attract new users, through what is known as a downline system, and can be aggressive in attacking anyone trying to expose the scam.
How to mitigate against trading bot scams
The telltale signs of these trading bot crypto scams are numerous.
- They promise of unrealistically high rates of return
- They lack any documentation on the trading strategy; ignore requests for this or make weak excuses why it cannot be shared
- Absence of details of trading history
- Nothing meaningful about the team behind the projects
- Spelling mistakes & generally lack of professionalism of website/marketing materials
Again, if something seems too good to be true it probably is. To ensure your security, do due diligence on any trading scheme you are thinking of investing in, try and gain an understanding of who is running the scheme through sites like LinkedIn. Research how the scheme works through its documentation. Check to see if anyone has already raised red flags on places like Reddit or Bitcointalk.
Phishing email crypto scams
Here's what phishing email crypto scams generally involve:
- Emails are sent that impersonate genuine services and either ask for private keys/seeds or try to infect the user with malware
- Sometimes genuine services are hacked and users get requests to reveal private keys/seeds
- Sometimes the emails can be veiled threats asking for crypto in return for not revealing personal information
How do phishing email crypto scams work?
Phishing emails are common scams in most industries and crypto is no different. Unfortunately these scams are becoming more and more sophisticated in their ability to create seemingly legitimate emails.
Most rely on users clicking on a link within an email. This link will then either directly download malware onto the target’s device or will send them to a site that asks for personal details such as passwords/seed phrases or requests cryptocurrency.
They work by either gaining access to the email distribution systems of genuine crypto service providers, and sending emails intended to gain access to wallets, or by obtaining lists of emails from other hacks and sending emails/texts that look like they have come from genuine services.
As with other scams, they usually involve sending users to fake versions of the genuine service provider's website where they try and harvest user credentials or private keys/seeds.
Recent examples of phishing email crypto scams
The Ledger Hack in July of 2020 is a very high profile example. Their customer database was compromised, allowing hackers to send customers emails and texts attempting to access their hard wallets. It also exposed details of customers' home addresses, adding another level of threat/vulnerability.
Something similar happened with Celsius in 2021 when hackers accessed a third-party email tool to send a genuine email but for a fake promotion. The most obvious sign this was a fake was that they asked for users to grant access to their crypto wallets, which no legitimate service will ever do.
Some variants of this scam have resorted to blackmail. These emails claim that they have control of users' email accounts and computers, and have some sort of compromising video footage of them. The phishing scam then asks for Bitcoin in return for not releasing these details / footage.
Coindesk, the most credible crypto news provider, has suffered from scammers faking their newsletters and inserting stories which promote airdrops or giveaways which require users to provide private keys or seeds.
How to mitigate against phishing email crypto scams
As a general rule, any email from an unknown address that has an external link should be treated with suspicion. Furthermore, emails that ask for personal details out of the blue are almost always a scam. If you are unsure about an email, head to the official website and contact customer support before engaging with any links or requests that the email has sent you.
Being aware of these common scams should help keep your crypto safe, but you should employ some standard tactics regardless of potential threats. We have a whole article on securing your crypto but he’s the TLDR:
- Understand how crypto custody works and the risks
- Use a hard wallet when storing large amounts of crypto
- Think carefully about how/where you store your credentials
- Always use two-factor authentication, biometrics & anti-phishing codes where offered
- Have a recovery plan for losing your phone
- Avoid using SMS code verification due to SMS hijacking
- Use strong passwords, unique to each service & encrypted email services like Protonmail
- Check the sending address within the email matches previous emails from the service
Crypto scams are constantly evolving, so this is by no means an exhaustive list of scams within crypto. To stay ahead of threats follow credible accounts on twitter, keep reading and listening to crypto podcasts, but don’t be afraid.
Ultimately, your own security is your responsibility but a few sensible measures and a healthy dose of scepticism are enough to keep your crypto safe from scams
The best way to avoid falling prey to a crypto scam is to drum into your head the mantra that if something seems too good to be true, it almost certainly is. Scepticism is the best form of defence. There is no such thing as a free lunch, so be alert, otherwise you’ll end up on the menu.