The buzz around crypto attracts not only decent users but also a dark army of scammers, fraudsters, and other cyber villains who strive to spot vulnerable points in crypto security systems or fish out personal data by foul means. Sadly, sometimes they are able to slip through security and grab digital money. What are the most frequent tricks of fraudsters, and how to avoid falling victim to cyberattacks? Read further to find it out.
In January 2022, Crypto.com users reported unauthorized withdrawals from their accounts that resulted in a loss of over $30 million. The reason for this incident is still being investigated, with the company claiming it enhanced the security measures to prevent any similar heists in the future.
Comparing this breach to PolyNetwork's theft of $600 million, it may seem like a minor mishap. In August 2021, the blockchain-based platform announced it was attacked, which resulted in a massive outflow of users’ funds. This story had an unexpected twist. The hacker dubbed Mr. White Hat returned the stolen money shortly after the attack. Allegedly, he did it just for fun. An alternative opinion is that the hacker wanted to teach the crypto community a lesson about the importance of uncompromised security, which he certainly succeeded in doing.
Another vivid example of a crypto scam is the leak of Trezor customers’ personal data. In April 2022, users of the wallet reported getting suspicious emails prompting them to update the Trezor Suite to the latest version. The link attached led to a fraudulent copy of the official Trezor website. Once downloaded and installed, the duplicate app required a seed phrase to connect to the wallet, thus seizing control of users’ funds. The incident would have caused a devastating effect were it not for the prompt actions of CoinLoan, an EU-licensed platform providing crypto loan services. After spotting the phishing email, the team members acted fast to prevent the further spread of the malicious software. Trezor blamed the Mailchimp newsletter platform for overlooking an insider compromise of its database.
The ever-evolving security systems are hard to break, so fraudsters have to come up with sophisticated methods with every new attempt to fool around digital money owners. Still, history can teach us a lot, so here are some of the discovered fraud schemes.
Fraudsters lure gullible followers into participating in giveaway campaigns by pretending to belong to high-profile individuals on social media. Participants are offered to transfer cryptocurrency assets to a wallet and receive twice as much money in return. There is no need to say that naive senders never see their money returned. One of the most scandalous cases featured Elon Musk. His reputation was exploited to run a giveaway on Twitter, promising to double the contributions of crypto enthusiasts.
Scammers target cryptocurrency wallet owners with dodgy links to shady websites to steal access to their wallets. These links expose crypto users' personal information, like a seed phrase, which may result in losing control of their digital funds. An example of such a scam was described above. Users were prompted to upgrade their Trezor wallets by downloading malware.
The old trick still works as many crypto users fearing the safety of their funds take the bait. There are several scenarios of this type of scam:
Spoofing. To fool victims into thinking they are interacting with an official company representative, scammers disguise an email address, a phone number, or any other contact details of the original source. Then, they contact crypto users on the pretext of warning them against a hack attack or reporting some problems with the software. The users blab sensitive data to scammers out of fear of being hacked, not suspecting they are actually giving away their money at their own will.
Social networks fake accounts. Scammers create fake accounts on Twitter or Telegram to find crypto users looking for technical help. Then they contact such users directly, pretending to be an official representative of some crypto project and prompting them to visit a fraudulent duplicate of the original website. Alternatively, they can just chat with their victims and eventually phish out a seed phrase.
Alarming pop-ups. Crypto users may see a pop-up on their devices alarming them about the hacking or malware risks and inducing them to call a number or contact via chat. Once they get someone to do this, scammers perform the actions described above.
Naturally, every fraud case hits a hard blow on the reputation of an affected crypto project and dents trust in the crypto sphere as a whole. That’s why honest members of the crypto community strive to mitigate scam risks and help others to avoid any severe consequences. The breach of Trezor users’ personal data has been mentioned several times herein, but let us take a closer look at this incident that clearly illustrates the algorithm of actions to be taken in any similar situation.
As said above, owners of the Trezor wallet started getting emails with dodgy links to a look-alike copy of the original website. That’s a classic spoofing scheme. A staff member of CoinLoan turned out to be one of the wallet users who also received the email and immediately took action to prevent hackers from doing more damage. First, he detected the IP address behind the fraudulent domain and contacted the hosting provider in order to disable the server. Fraudsters’ attempts to switch to other domains did not work, as those were taken down as well. Next, the CoinLoan team uploaded the malicious wallet software binaries to VirusTotal, a service analyzing information about malware and sharing it with the security community. This way, they managed to prevent a large-scale scam that would have caused massive losses.
If you get contacted by an official representative or receive an email urging you to upgrade software, the first thing you should do is visit the genuine website of the crypto project under question and contact their customer support.
A seed phrase is a key to your wallet that you should keep safe from anyone’s access. Technical support will never request a seed phrase from you. This is a trick only scammers use. Stop all contact with anyone who asks you for a seed phrase.
To protect your device from unauthorized access and a leak of your personal data, make sure you have high-quality antivirus software and a reliable firewall. Remember to run antivirus scans occasionally and use complex passwords. Be careful about sharing your personal details and never provide them to unverified sources.
Hardware wallets are generally thought of as the most secure ones because they store all private keys offline, minimizing the risk of having your assets exposed to online attacks. The story about Trezor data is proof that a cold-storage wallet is not impenetrable. After all, uncompromised security measures and multi-layer protection taken by a crypto project are what really matters. Keeping up with rising threats of attacks requires teamwork and timely responses, as demonstrated by CoinLoan. This is an example of what other projects can do to achieve zero security incidents.
In conclusion, those who prefer to keep their funds safe should keep a sharp eye out for potential perils in the crypto sphere. Following the simple rules outlined above will help you avoid the unpleasantness of being hacked and scammed and enjoy crypto's many benefits without worry.