4 Common Crypto Scams and How to Spot Them

Where money is involved, scams follow. In the case of cryptocurrency, where transactions are irreversible and the funds are not backed by banks, scams are particularly frequent, and their effect can be devastating.

According to the Federal Trade Commission, more than 46,000 individuals reported losing more than $1 billion in crypto in the period from January 2021 to June 2022. That figure only includes the users who shared the information about fraud, so the actual numbers are significantly higher.

This is not only related to the fact that users are not aware of the basic safety measures that must be taken, such as

Keep private keys in a safe place and do not share them with anyone.

Do not send cryptocurrency to someone who guarantees returns or as an upfront payment for a service or product.

Do not access your wallet from a public network, and if you must, use a VPN.

Always check that you are exchanging your crypto, investing it, lending it or performing any operations with cryptocurrency on a legitimate website.

The problem is that scammers are very creative. They are constantly devising new schemes to extract the funds, and even top cyber security specialists can fall for their tricks. That is why the purpose of this article is not to discuss some typical scams, but to check the ones that are specific to the world of crypto and to see how to avoid being scammed even if you face an entirely new type of scam.

Ice Phishing – One of the most popular crypto scams

If you’ve ever dealt with dApps, you know that you need to connect a wallet to interact with them. Typically MetaMask is used for that.

Ice fishing is a scam that exploits this particular feature of dApps. A scammer is not trying to get your private keys. Instead, he creates a website that mimics a specific crypto service. When you connect to it, you’re prompted to link your MetaMask wallet to continue – you sign a “token approval” transaction that grants the site certain access to your wallet.

The scam site sends many requests, and users click many times, giving access to more funds in their wallets.

This is why it is very important to double check which website you are linking to and what the purpose of doing so is. After accessing the required service, ALWAYS disconnect your wallet.

Address poisoning – a threat to active wallets

If you regularly receive and send funds from your wallet, you may have noticed that after a transaction you get small fractions of funds sent to your wallet from addresses that look like the ones you interact with the most.

The idea is to insert an address into your transaction history that looks familiar to you so you can copy and paste it for the next transaction.

The advice to avoid falling victim to this kind of scam is obvious: always check which wallet addresses you’re copying before sending funds. The best way is to scan a QR code provided by the recipient of the funds.

Fake Airdrops – One of the most dangerous scams

This mostly happens with ERC-20 tokens because scammers can assign a fraudulent token to a legitimate smart contract and send the fraudulent token to all holders of a legitimate token. Then they announce that a project has an airdrop and request to exchange the old tokens, which are legal, for new tokens or to send the old tokens to an address where they would be burned.

Of course, a website is also provided where such an exchange can be made. As a result, users rush to the fake site and send their tokens to a scammer.

The only way to detect the scam is to contact the issuer of a legitimate token and ask if there is an airdrop. But scammers create a sense of urgency. Users get so little time to “exchange” their tokens that they simply don’t have time to check.

An example of such a scam is the airdrop of the tLINK token. Scammers sent the token to all holders of LINK, the official Chainlink token, requesting to send the original LINK tokens to a provided address where they would be burned.

Shadow Workforce – a note for hiring managers and business owners

This is not a typical scam targeting crypto users. It is aimed at cryptocurrency companies that rely on remote workers.

It happens that criminals apply for a job in a crypto company and get inside access that allows them to steal funds, enable cyber attacks or damage the business in any other way.

So, in 2022 shadow operatives reached a Sky Mavis engineer posing as a recruiter. As part of the job interview, the shadow worker created a document and gave it to the engineer to review. The document contained malicious code that allowed North Korean hackers from the Lazarus Group to break into the company’s system and steal $600 million in the Ronin Bridge hack.

Final Thoughts

Crypto is evolving, and scammers are devising more sophisticated methods to steal people’s funds and damage the reputation of businesses. Although there is a hope that over time technology will become so advanced that hacks will become impossible or at least not profitable, I still believe that the future of crypto lies in the ethical application of the crypto space.