Every crypto bull race coincides with a rise of scams, thefts and fraud. As more people put their money into digital assets, the pool of potential victims for scammers to target becomes bigger.
Whether stealing your private keys through carefully crafted phishing emails or exploiting FOMO by creating false investment opportunities with non-existent high returns, cyber criminals are creative in their attempts to part investors with their investments. To avoid losses, educate yourself and do your own research — especially if you’re new to the crypto space.
“Scrutinise every investment opportunity and be cautious when clicking links. Store your keys in a hardware wallet and never share it, your personal data or your secret codes with anyone. And always enable two-factor authentication. Always,” says Thomas Kralow, a crypto hedge fund CEO, financial markets expert, and founder of an online learning platform for traders and investors called ‘University Grade Trading Education’.
Five ways scammers will try to steal your crypto (and how to stop them)
Thomas shared with us his top five crypto scams, which he thinks are the most common in 2023, and his top tips on avoiding them:
1. Unknown Metamask attack: This wallet-draining exploit has seen more than $10.5 million in crypto stolen from unsuspecting users’ wallets — including experienced community members with ‘reasonable’ security. Metamask’s developer claims that “no one knows how” the exploit works.
How to avoid it: If you have assets connected to a single private key, migrate your funds or split up your assets. Community member Jacky Goh advised those holding over $1,000 for more than a week to move their funds to a hardware wallet. That’s a good crypto habit, whether you’re targeted or not.
2. Dusting attack: This attack sees small amounts of crypto, known as ‘dust’, sent to various wallets on the blockchain network. The aim is to track the movement of this ‘dust’ to gain information about the wallets’ owners. The traces often lead to centralised organisations that comply with KYC regulations. Once this information is known, scammers can use phishing, cyber-extortion and other targeted hacks to steal sensitive information.
How to avoid it: To detect dust, check your wallet’s transaction history. It will be small amounts of crypto unsuitable for spending or withdrawing. To prevent potential fraud, use privacy tools like TOR or a VPN to stay anonymous and secure. You can also use a hierarchical deterministic (HD) wallet to automatically create a new address for each transaction, making it harder for hackers to follow the trail.
3. Phishing attacks: Last year, crypto phishing attacks increased by 40% from 3.5m to 5m. They often begin with mass emails or messages that appear to be from real exchanges, but contain links to fake websites that will ask you to enter your login information, handing the hacker access to your wallet.
How to avoid it: Familiarise yourself with the legitimate organisations you deal with. Phishing emails typically contain red flags such as copycatting, spelling or grammatical errors, misleading links, incorrect email addresses, and content misalignment. Don’t click any links; download attachments, applications or browser extensions from untrusted sources; share your personal information; or use public Wi-Fi without a VPN. And keep your system and software updated to ensure all known vulnerabilities are patched.
4. Social engineering: Scammers are often masters of manipulation, tricking victims into revealing information or performing actions to unknowingly hand over their funds. Commonly, copycat social media pages using the branding of trusted crypto businesses attempt to lure people into fraudulent schemes. Fraudsters entice users to click malicious links and hand over login information using the promise of fake promotions and rewards. Even when two-factor authentication is enabled, scammers have tricks up their sleeves to extract the code.
How to avoid it: Verify the authenticity of requests made by strangers, regularly update your security software, enable two-factor authentication, and be skeptical of unsolicited offers and requests. And most importantly, no matter how big the promised reward, never hand over any codes, private keys, or personal and financial information.
5. Ponzi schemes and exit scams: Fraudsters often play on people’s FOMO, promising to skyrocket their income with 100-1,000% returns if they invest in crypto’s ‘next big thing’… Then they take off with their money. Alternatively, they pull ‘exit scams’, where they create a new cryptocurrency, pump the price up, sell their stockpile and ride off with their ill-gotten gains as the price plummets.
How to avoid it: Free cheese is only ever found in a mousetrap. Conduct thorough research on every investment you consider and be skeptical if the promised return is unrealistic. If you can’t find publicly available information on the project, its founders, and the legal licenses the company holds, it’s almost definitely a scam.
