The US Federal Bureau of Investigation (FBI) estimates that, between January and March 2022, more than US$1.3 billion dollars in cryptocurrencies were stolen by cybercriminals. It is a significant amount, given that by mid-2022, the market cap of all combined cryptocurrencies sat just below US$1 trillion.
In this article, we discuss seven common scams, how they work, and precautionary measures you can take to protect yourself.
Key Takeaways:
- Investment/‘Get Rich Quick’ scams can involve messaging victims on social media with free crypto advice
- Phishing scams reach a user’s inbox with malicious links
- Remittance/Withdrawal scams require users to send money in order to receive money
- Romance scams are online relationships that culminate with a request for crypto funds
- Pig Butchering scams are the sophisticated evolution of romance scams
- Rug Pulls leave victims with worthless tokens or NFTs
- Cryptojacking is a hack that zaps a user’s computer memory to mine crypto for someone else
1. Investment/‘Get Rich Quick’ Scams
Investment or ‘Get Rich Quick’ scams have been around for a long time and aren’t exclusive to the crypto space. Yet, with cryptocurrency, scammers take advantage of the anonymity of wallets and the irreversibility of transactions.
These scams can take several forms. One of the most common involves the scammer reaching out to users in crypto communities via social media or instant messaging, alleging to represent a certain platform (e.g., a crypto exchange, crypto mining enterprise, or new coin project).
Sometimes scammers also use realistic-looking websites in their endeavour to trap as many unsuspecting users as possible and often manipulate search engine optimisation (SEO) results and/or advertising for their platforms.
Usually, scammers request that users invest an amount with unrealistic and allegedly ‘guaranteed’ returns. Some users — out of FOMO (‘Fear of Missing Out’) — may invest.
Scams of this type can happen at any scale, from scammers taking small amounts from a wide pool of unsuspecting victims to large-scale investment scams.
Measures to Help Avoid ‘Get Rich Quick’ Scams:
- Do your own research using trustworthy sources before deciding to invest your money
- If an investment appears to be too good to be true, it probably is
- Make sure the website you are visiting is legitimate, and the URL is not manipulated in a way to look like the legitimate one
- Pay attention to the last part of the URL. For example, Crypto.com’s URL is ‘https://crypto.com’, while a possible scam URL could be ‘https://crypto.com-premium.somescammerdomain.com’
2. Phishing Scams
This is another scam that has existed since the advent of the Internet and later adapted to crypto.
In this scam, a user is ‘phished’ after being contacted by a seemingly reputable platform — whether the victim is an existing user of the platform or not — or one of its representatives in a way that looks very convincing to the untrained eye.
Phishing can happen over email, SMS, instant messaging apps, social media, and even phone calls. Phishing scammers often create elaborate clones of the profiles, websites, and emails of the company they wish to spoof; this can make it challenging for users to easily identify such outreach as a scam. The goal of phishing attacks is to convince the user to click a link and/or provide their credentials in order to gain access to their accounts and funds.
Sometimes phishing messages and phone calls contain offers like a new promotion; other times, they attempt to scare users into clicking a link or providing sensitive information by telling them that their account has been compromised and they must reset their credentials, secure their account, or transfer their funds immediately.
Examples of Phishing Attempts:
- Phishing emails that require you to reactivate your account immediately or else you risk the loss of your funds
- Phishing emails that promise unrealistic returns on a new offer, promotion, product, or service
- Messages on instant messaging apps or social media from persons claiming to work for a crypto service, project, or platform, allegedly to assist the user with an issue
- Phishing links that require the user to enter their wallet private key/secret recovery phrase under the false pretence of connecting their wallet, validating/activating their wallet, qualifying for a free airdrop, or resolving a technical issue
- Phishing phone calls that require the user to make payments or provide sensitive information, such as login credentials or financial information
If you are targeted with a phishing attempt, you should report it to the appropriate platform via its official channels (e.g., customer support).
Measures to Help Avoid Phishing Scams:
- Reputable platforms like Crypto.com employ anti-phishing codes, which are words you can set that will be added to communications between you and the platform. If the email does not contain that word, then assume it is not legitimate
- Do NOT click any links you receive via SMS or email unless you confirm they are legitimate (e.g., by using anti-phishing codes, contacting the customer support of the platform to confirm it was indeed sent by them, or hovering your mouse over the link without clicking to inspect the full URL)
- Do NOT enter your credentials anywhere other than the official apps and/or official websites, and visit the website from your browser rather than the link you received
- If anyone reaches out to you via an instant messaging app, social media, or even phone, assume they are not a legitimate representative of the platform and do not provide them with any sensitive information, credentials, or PII (personally identifiable information)
3. Remittance/Withdrawal Scams
In these scams, the scammer will allege they are unable to withdraw or remit funds, and request the assistance of the victim in return for a share of the funds.
This scam can take several forms. For instance, the scammer may request help with withdrawal of actual funds (USDC/USDT tokens, for example) in a wallet controlled by the scammer, who will even give the victim access to the wallet, claiming they are having difficulties withdrawing.
The wallet credentials will usually be accurate, but the withdrawal will not be possible due to a lack of funds for gas fees (e.g., ETH on Ethereum, CRO on Cronos).
The unwitting victim will then send crypto to the wallet hoping to extract the funds from it. Little do they know that the scammer has employed a bot that monitors the wallet, which withdraws any funds transferred to it faster than any person could manually.
Alternatively, they may allege being in a crypto-hostile country and request help with buying crypto on behalf of the person in return for cash. In this scenario, the victim buys the crypto and sends it, only to have the remittance they received clawed back (as it was sent using fraudulent cards/accounts) or never having received one, to begin with.
Measures to Help Avoid Remittance Scams
- Avoid any ‘under the table’ dealings no matter how easy or lucrative they seem, as you could lose funds or run afoul of applicable laws in your jurisdiction
- If someone offers you the seed phrase to a wallet and tells you to take whatever is in it, ask yourself, ‘Is this too good to be true?’
4. Romance Scams
Romance scams are another traditional scam that has crossed over to the crypto space. In this scam, a con artist forms a relationship with someone they have met online. The relationship usually develops quickly, with professions of love soon made by the scammer. A tell-tale sign can be that the scammer never agrees to video calls under an excuse like a poor Internet connection.
Once the scammer has tightened their grip over the victim, they tend to employ tactics to extract money, such as distancing themselves and, when questioned, claiming it is due to financial hardship or caring for a sick family member who needs treatment they cannot afford. In other cases, they want to meet the victim but cannot afford the trip expenses. In all cases of this type of scam, the scammer claims they need funds urgently while promising repayment, which never arrives.
Measures to Help Avoid Romance Scams:
- Think rationally rather than emotionally if you meet someone whose behaviour fits the description above
- Never having seen the person (even on a video call) throughout the relationship is a red flag for scams
- Relationships that develop very quickly are another cause for concern that may signal this type of scam
- Use reverse image search to see if the scammer is using another person’s photo
- To hide their identity and location, the scammer often insists on funds being transferred in crypto or other non-traceable financial instruments like prepaid or gift cards
5. Pig Butchering Scams
As the ‘arms race’ between scammers and the public continues, scammers keep inventing new ways to scam their victims. The pig butchering scam is a novel cross between investment and romance scams.
In pig butchering scams, a con artist will approach a victim via dating apps, social media, or online communities, and begin a romantic relationship with them.
Once the victim’s trust is ‘earned’ by the scammer, rather than asking for money for themselves, their sick parent, or a flight ticket to see the victim, they will encourage the victim to invest in cryptocurrencies as a means toward financial freedom. The victim — generally with little to no experience in crypto — will seek the scammer’s ‘help’ to find a trustworthy platform in which to invest.
The trap closes as the scammer then directs the victim to a scam platform to invest their money. Once the victim parts with as much money as the scammer believes they can extract, they — and in some cases, the fake platform too — disappear.
One unique characteristic of this scam is that it usually happens over an extended period of time, allowing trust to be formed. The scammer will often direct the victim to use a platform that appears unrelated to the scammer to trick their victim and may even tell a victim that has already invested money into their scam that they have already made fantastic gains on their initial investment in order to deceive them into deploying additional capital.
Measures to Help Avoid Pig Butchering Scams:
- Avoid investing in unknown and unregulated platforms that are not reputable
- Tell the person that you do not have spare money to invest and are not interested in cryptocurrency investments; if they disappear, it likely is proof that their intentions were not genuine
- Do not let anyone FOMO you into investing, especially when returns are ‘guaranteed’ or unrealistically high
- The golden rule: If it is too good to be true, it probably is
6. Rug Pulls
Rug pulls are scams made for crypto. They are also one of the hardest to detect and most elaborately built.
Rug pulls usually take the form of a new crypto project, including a decentralised finance (DeFi) platform or project, or in some cases an NFT project. These projects can look legitimate at first glance, including having professional-appearing websites, white papers, roadmaps, and even robust online communities.
The project starts off promising to be the next big thing. Scammers will start shilling the project and artificially pumping its price by using their own funds to make purchases. Victims — driven by FOMO — rush to buy. In the rush, demand for the project inflates the price of the associated asset.
Rug pulls often run over a long time, and once there is enough exit liquidity in the project, the scammers will sell their assets, dumping them on the retail users and leaving them holding tokens or NFTs of little or no value.
The term ‘rug pull’ alludes to how fast this all happens, as if the rug was pulled from under the unwitting buyers. In many cases, the development team abandons the project and disappears, never to be found again.
Measures to Help Avoid Rug Pulls:
- Always do your own research. Read the project’s white paper and make sure it is not a replica of another project’s white paper
- Look for the project team. Are they doxxed (i.e., identity made public) or anonymous? The latter could be a red flag
- Be wary of projects that promise unrealistically large returns
- If the project claims partnerships with reputable entities, is there evidence to substantiate those partnerships or affiliations?
7. Cryptojacking
Cryptojacking is a type of cybercrime whereby a hacker co-opts an unsuspecting victim’s computing power to secretly mine cryptocurrency on the hacker’s behalf. Also referred to as ‘malicious cryptomining’, cryptojacking became a widespread problem during the 2017 crypto boom, as the value of bitcoin and other cryptocurrencies’ prices skyrocketed.
In order to mine cryptocurrency, special hardware and a lot of computing power are required — both of which are extremely costly. Cryptojacking, however, is very easy and cheap to implement — not to mention extremely profitable. Hackers need only sneak a few lines of JavaScript code into a vulnerable device to begin illicitly mining crypto coins. Tactics include viruses, phishing, unpatched vulnerabilities, malicious online ads, unsecured browser extensions, and infected apps.
When devices are infected with cryptojacking malware, the script runs complex mathematical problems on the victims’ devices without their consent or knowledge, sending any mined cryptocurrency to a digital wallet that the hacker controls. As a result, the hacker is able to compete against sophisticated crypto mining operations without the costly overhead and little risk.
Signs of having fallen victim to cryptojacking include slower computer response times, increased processor usage, overheating devices, poor battery performance, and unexplained higher electricity bills.
Measures to Help Avoid Cryptojacking:
- Only install software from trusted sources
- Ensure that all existing software and devices are up to date with the latest patches and fixes
- Don’t fall for phishing emails and messages (never click a link you’re unsure about)
- Consider using ad blockers in your browser and even disabling JavaScript
Conclusion
As crypto evolves, scammers continue to do so as well. Remain diligent and vigilant, and use only secure, reputable platforms like Crypto.com that employ strong security features, including multi-factor authentication and anti-phishing codes. Avoid investing in unknown platforms without doing your own research, trust your instinct, and remember the ‘too good to be true’ rule.
Due Diligence and Do Your Own Research
All examples listed in this article are for informational purposes only. You should not construe any such information or other material as legal, tax, investment, financial, cyber-security, or other advice. Nothing contained herein shall constitute a solicitation, recommendation, endorsement, or offer by Crypto.com to invest, buy, or sell any coins, tokens, or other crypto assets. Returns on the buying and selling of crypto assets may be subject to tax, including capital gains tax, in your jurisdiction. Any descriptions of Crypto.com products or features are merely for illustrative purposes and do not constitute an endorsement, invitation, or solicitation.
Past performance is not a guarantee or predictor of future performance. The value of crypto assets can increase or decrease, and you could lose all or a substantial amount of your purchase price. When assessing a crypto asset, it’s essential for you to do your research and due diligence to make the best possible judgement, as any purchases shall be your sole responsibility.