4 Common Crypto Scams and How to Detect Them

Where money is involved, scams follow. In the case of cryptocurrency, where transactions are irreversible and the funds are not backed by banks, scams are especially frequent, and their effect can be devastating.

According to the Federal Trade Commission, over 46,000 persons reported losing over $1 billion in crypto in the period from January 2021 to June 2022. That figure includes only those users who shared the information about being scammed, so the real numbers are significantly higher.

This is connected not only to the fact that users are not aware of the basic safety measures that shall be taken, such as

• Keeping private keys in a safe place and not sharing them with anybody.

• Not sending cryptocurrency to somebody who guarantees returns or as a pre-payment for a service or product.

• Not accessing your wallet from a public network, and if you have to do so, use a VPN.

• Always checking that you swap your crypto, invest it, lend it, or perform any operations with cryptocurrency on a legit website.

  
  

The problem is that scammers are very creative. They are constantly inventing new schemes to lure the funds out, and even top cybersecurity specialists can fall for their tricks. This is why the aim of this article is not to discuss some typical scams but to check those that are specific to the world of crypto and to see how to avoid being scammed even if you face a completely new scam type.

Ice Phishing - One of the Most Popular Crypto Scams

If you have ever dealt with dApps, you know that to interact with them, you need to connect a wallet. Typically, MetaMask is used for that.

Ice phishing is a scam that exploits this specific feature of dApps. A scammer doesn’t try to get your private keys. Instead, he creates a website that mimics a specific crypto service. When you connect to it, you are requested to connect your MetaMask wallet to proceed - you sign a “token approval” transaction that grants the website certain access to your wallet.

The scam website sends many requests, and users click many times by granting access to more funds in their wallets.

This is why it is very important to double-check to which website you are connecting and what the aim of doing so is. After accessing the needed service, ALWAYS disconnect your wallet.

Address Poisoning - a Threat for Active Wallets

If you receive and send funds from your wallet often, you may have noticed that after a transaction, you get to your wallet small fractions of funds sent from addresses that look like those you interact most.

The idea is to insert into your transaction history an address that looks familiar to you so that you can copy it and paste it for the next transaction.

The advice to avoid falling victim to this scam type is obvious: always check what wallet addresses you are copying before sending funds. The best way is to scan a QR code provided by the recipient of the funds.

False Airdrops - One of the Most Dangerous Scams

It happens mostly with ERC-20 tokens because scammers can allocate a fraudulent token to a legit smart contract and send the fraudulent token to all holders of a legit token. Then, they announce that a project has an airdrop and request to exchange the old tokens, which are legit, for new tokens or to send the old tokens to an address where they would be burnt.

Of course, a website where such a swap can be made is also provided. As a result, users rush to the fake website and send their tokens to a scammer.

The only way to detect the scam is to contact the issuer of a legit token and ask whether there is an airdrop. But scammers create a sense of urgency. Users are given so little time to “exchange” their tokens that they simply don’t have time to check.

An example of such a scam is the airdrop of the tLINK token. Scammers sent the token to all holders of LINK, the official Chainlink token, and requested to send the original LINK tokens to a provided address where they would be burnt.

Shadow Workforce - a Note for Hiring Managers and Business Owners

This is not a typical scam targeted at crypto users. It is aimed at cryptocurrency companies that rely on remote workers.

It happens that criminals apply for a job in a crypto company and get insider access that allows them to steal funds, enable cyber attacks, or damage the business in any other way.

So, in 2022, shadow workers reached a Sky Mavis engineer who was posing as a recruiter. As a part of the job interview, the shadow worker created a document and gave it to the engineer to review. The document contained malicious code that allowed North Korean hackers from the Lazarus Group to break into the company’s system and steal $600 million in the Ronin bridge hack.

Final Thoughts

Crypto is evolving, and scammers invent more intricate methods to steal people’s funds and damage the reputation of businesses. While there is a hope that, over time, technology will become so advanced that hacks will become impossible or at least not profitable, I still believe that the future of crypto lies in the ethical application of the crypto space.