Thief with crobar trying to pry open door

An Overview of Cryptocurrency Scams: Protect your Funds

According to the Wall Street Journal, cryptocurrency scams in 2019 resulted in a total loss of $4 billion. The same article describes how a man lost $86,000 in a Ponzi-like scheme that involved the platform PlusToken. Cointelegraph calls it “one of the largest scams…to rock the crypto sector” after millions of users found they couldn’t withdraw their funds.

Cryptocurrencies are becoming more and more popular. Unfortunately, this means that many people are out there looking to take advantage of you through crypto scams. This blog post will give you an overview of cryptocurrency scams so that you can protect your funds!

Private Key Theft

The most common scam is the theft of private keys. There are many ways to gain illicit access to a private key. Hacking is one way, but social engineering is another. Pretenders of company representatives may ask for your private key, or someone may subtlety ask for your private key instead of your public address. It’s always important to keep your private key secret and hidden. Never, ever give it away or expose it to the public. Don’t forget to protect it with a wallet, also.

Social Media Cryptocurrency Scams

Social media is a target for scammers to find new victims. Open social platforms like Instagram, Twitter, and YouTube have attracted crypto thieves looking for your funds. Other chat platforms such as Discord and Telegram are more popular hangouts for scammers.

YouTube is currently a hotbed for targeting cryptocurrency newcomers. Video creators will broadcast videos featuring interviews with famous financial and business experts. Some of the channels will take the name of well-known people. During the video play, a QR code for a public address will appear on the screen, as well as a guarantee that you’ll get double the amount of cryptocurrency (usually Bitcoin) you invest. They’ll also claim it’s a contest, even though no personal information is taken from the audience. The primary tenet of cryptocurrency is anonymity, which these scams violate. It’s not possible to refund crypto using a public address. Your private and public keys are scrambled, making reverse engineering impossible. Once you send funds, the transaction is irreversible. No one is sending cash back.

Telegram and Discord scammers pretend to represent agents of cryptocurrency projects or set up cloned channels of an existing project. Sometimes, they’ll create channels and rooms that have the exact name of an existing project to dupe victims. Then, one of two actions will usually happen:

  1. You will be sent to a website requesting funds to be sent to a public address. The website might be an imitation of the project. It’s important to remember that funds transferred to a public address guarantees nothing.
  2. An interface requests your private key. NEVER input your private key anywhere, unless it’s on a browser extension of a verified dapp (example: extension, Phantom Wallet, etc.). Even better, use the hardware connection feature so you don’t need to worry about providing private key details.

Social media is attractive for phishing scammers. For example, two Israeli brothers were arrested for pretending to be an exchange and luring investors by posting links on Reddit and other forums. Phishing can also be achieved by initiating direct communications with social media accounts and enticing individuals to deposit money into phony exchanges that appear genuine. The best way to avoid phishing is to conduct research:

  1. Find reviews about the company.
  2. On the exchange’s website, look for official certification and licensing information.
  3. Ask questions in third-party, neutral forums (such as Reddit forums dedicated to cryptocurrency).

If none of these approaches are successful, don’t provide any personal information or cash.

Fake Tokens

Fake tokens are a problem on decentralized exchanges (DEX). They’re false imitations of actual tokens. These scams are prevalent on chat platforms such as Telegram and Discord. Scammers will provide a fake token contract address to unsuspecting victims.

Spotting a fake token scam requires research. First, double-check the crypto project’s website to verify their token contract address. If you can’t find it on the site then go to CoinGecko or CoinMarketCap and search for the token. On the token’s stat page, the token’s contract address should be listed and an option available to import the token address into the Metamask browser extension. If those actions don’t work, then you can peruse the project’s social media accounts (Facebook, Twitter, Medium, Instagram, etc.) to discover if the project ever listed the token contract address in their content. If none of those sources reference the token’s contract address, then it’s very likely that a token doesn’t exist (yet) and tokens being advertised are fake.

Bitcoin ATM Scams

Scammers are using social engineering to solicit funds at bitcoin ATMs. A scammer might pretend to represent the government. They will ask for money or say that you have to pay them. They’ll direct the victim to a bitcoin ATM and force the victim to scan a public address QR code. After the payment is made, the victim will not hear from them again. Another variation of socially engineered bitcoin ATM scams is when the scammer places a fake “out-of-order” notice on the machine and directs users to instead send funds to a public address represented by a QR code.

Social engineering scams take advantage of fear and a loss of common sense. First, government agencies and institutions will never direct you to pay balances from an ATM or even by using cryptocurrency. Second, always remember that private keys are secret for a reason – no one can ever trace back your wallet, so no one can return cryptocurrency money after it’s been sent. By remembering the basics of cryptocurrency, you can avoid bitcoin ATM scams and most of the illicit schemes described. Third, only use customer support on the provider’s website. Anything else could be a fake phone number.

Cryptocurrency Trading Scams

Trading scams are the top cryptocurrency schemes. While private key theft, social media, and bitcoin ATM scams represent losses in the thousands and involve rudimentary knowledge of technology, trading scams have resulted in the equivalency of multi-million dollars being illegally obtained. Three common crypto trading scams require very close vigilance: pump and dumps, exchange Ponzi schemes, and fake coins/tokens.

Cryptocurrency Pump and Dump Signals

Spotting a pump-and-dump is tough. There have been attempts to determine whether a price movement signals the start of a new trend, and there’s even an attempt to use AI to identify and predict such schemes. But can human eyes and brainpower be enough to identify a pump-and-dump trend?

Excessive hype is the first step. Excitement is necessary to create excitement, with hopes that it’ll drive up the market price. One way is to pay influencers (sometimes called “shills”) to promote the coin; payment methods could be flat fees, free coins, or referral links that earn a commission. Influencers aren’t likely to reveal their relationship, so your only opinion is to research contradictory opinions about an altcoin. You could also conduct some research about the value of the coin itself. Does it solve a problem? Is there a preexisting market issue that necessitates the creation of this altcoin? If you can’t discover any significant purpose about a particular cryptocurrency, proceed very carefully.

Analyzing price and transaction volumes is another approach for spotting a pump-and-dump, a practice called technical analysis, using price and transaction volume charts to predict price trends. It’s the only quantitative way for analyzing cryptocurrency (no balance sheets and income statements exist for currencies). The key is to look for sudden rises proceeded by sudden drops and the pattern repeating itself in a short time. Here is a YouTube video below that provides a visual explanation:

Cryptocurrency Ponzi Schemes

Money that’s used to repay earlier investors, from new money coming in, is the simplest definition of a Ponzi scheme. The most famous example is the Madoff Ponzi scheme uncovered during The Great Recession.

Unfortunately, the cryptocurrency space has experienced its problems. The most recent example was the PlusToken scandal, a platform that posed as a wallet, and investors were promised 9-18% return if they purchased special tokens with BTC or ETH. The platform invented a referral scheme that lured in new investors. One day in June 2019, customers encountered withdrawal problems. Then, a message on the site appeared: “Sorry we have run.” Since then, there have been manhunts to track down all the criminal’s wallets and examine behaviors in their transfer patterns.

There are some lessons to learn from crypto Ponzi schemes:

  1. There is no clear purpose for the tokens other than as an investment vehicle.
  2. Any investments that divert control of cryptocurrency away from you are a risky bet.
  3. No smart contract is involved to guarantee money transfers.

PlusToken is also an example of a fake coin, a cryptocurrency that exists for no particular reason. An ICO will most likely be the source of a fake coin. One way to spot a fake coin is to browse their website and look for vague language. If you can’t precisely identify the purpose of a cryptocurrency, then it’s most likely a fake coin or the target of a pump-and-dump. One such example is HoweyCoins. It promises to upend the travel industry and replace points with crypto. Even reading the whitepaper seems wonky. Here is some nebulous language in its whitepaper:

  • “Travel is expensive, but we are at the cusp of a revolution that will democratize travel and leisure for everyone.”
  • “Capturing the value and the inherent efficiencies of cryptocurrencies compared to the current fiat structure.”
  • There’s even a long section associating the coins with a revolution against the financial system.

HoweyCoins is an example of a fake currency that promotes lifestyle instead of providing technical details about its token. It’s also from the imagination of the SEC, building the website to spoof and mimic illegitimate cryptocurrency issuers.

Scammers accompany every financial instrument. Someone will always exploit loopholes in a system or human psychology. Always remember to keep your private key safe. When you transfer funds outside of your immediate control, please don’t assume you will ever see them again. Nobody can manage your cryptocurrency investments; only you can. “Not your keys, not your crypto” and “don’t be too greedy” are two mantras you should keep close to your heart.