Common Cryptocurrency Scams, and How to Avoid Them

in #cryptocurrency7 years ago (edited)

security-protection-anti-virus-software-60504.jpeg

With the skyrocketing value of Bitcoin and many Altcoins, the scammers are focused on stealing yours. The scams are more abundant and getting more advanced every day. This article will introduce you to some of the more common scams in the Cryptocurrency world, and give you advice on how to avoid them.

Theft of Private Keys -- To paraphrase Tyler Durden from Fight Club, the first rule of Cryptocurrency is don’t give anyone your private key. The second rule of Cryptocurrency is DON’T give ANYONE your PRIVATE KEY! Your private key is a series of random letters and numbers which is the heart of your wallet. Although it looks similar to your address, your private key is different than your address. It is safe to give out your address, but if your private key is revealed to anyone, it would give that person full access to drain your wallet. This is especially dangerous with coins like Etherium, because your Etherium address is also linked to some very popular ERC20 tokens (such as Civic, OmiseGo, Basic Attention), if a thief steals your Etherium they will also be able to steal any tokens you hold at that address. Don't leave your wallet unlocked on your desktop unless you trust everyone with access to your computer. Don't print your private keys unless you have a secure place to keep them, like a safe. And never, ever, enter your private keys into web form or app, unless you absolutely trust it and it has been vetted by the crypto community.

Phishing for Private Keys -- This scam usually involves creating an authentic looking webpage or downloadable app or wallet that claims to be an official release of the development team. In fact, it is a fraudulent page or app that tricks you into exposing your private keys. An example of this scam which is very common right now is based on “myetherwallet”. Myetherwallet is a credible and trusted wallet, but scammer are taking advantage of its trusted name with fake versions and websites. The Scam often starts with someone sending you an email, claiming to be a developer, and including some warning like “you must update now or you’ll lose all your coins”. Look closely, because often the link you are being directed to is slightly different than the official website, such as “myeitherwallet”.

Trojan -- This often involves downloading some software that includes a key-logger or screen capture. Once on your computer, the hacker can monitor your use, see what wallets and websites you are using, and log your passwords. Keep your antivirus up to date.

Cut and Paste Hack -- This is a type of Trojan, but once installed on your computer, it modifies how your cut and paste command works. If it detects you have copied a coin address, the virus will change the address on your clipboard so that when you paste it, you are actually pasting the scammer’s address. So any sends and receives you do from the computer may be directed to the hacker’s address instead of your address. Memorize the first few digits your address and verify they are being pasted correctly.

High Returns -- It should be obvious to anyone that any service that claims to double your Bitcoins overnight, or return 15% an hour, forever, are “too good to be true”. Yet, the fact that these scams not only still exist, but are prevalent advertisements on Bitcoin related websites, tells me that people are still falling for them. Know this, if you ever send your Bitcoin to a site that offers to return more coins than you sent them, you are sending your coins on a one way trip.

Bitcoin Generator -- This is another common scam that usually appears in pop-up ads on crypto related websites. There are several variations of this webpage, but they all offer the same thing – they say they can generate Bitcoins quickly, and they will simply give them to you for free. Some claim they hacked Bitcoin, some claim they discovered a way to mine very quickly. It’s not true. The Bitcoin Generator pretends to mine -- or hack -- for several minutes, then tells you it is ready to send your new Bitcoins, all you have to do is pay a small transaction fee of $20-25. Well … as you can guess, if you pay the fee, no Bitcoins ever get delivered.

Fake ICO -- An ICO, or “initial coin offering” can be a legitimate way for a coin developer to launch a new coin. Investors send money to a Bitcoin or Etherium address, and on the day of the coin release, they receive a share of the coins. Unfortunately, scammers have discovered they can create a fake ICO, collect the money, and then disappear. There is no fool-proof way to spot a fake ICO, but it’s best to research, ask questions, and discover as much about the project and the team behind the project as possible before investing.

Fake Exchange or Service -- Another elaborate scam that involves the thief creating a website that appears to be an Exchange, Bitcoin Mixer, Gambling Site, "Cloud Mining" or some other common service. Again, if you send your coins there, they are going on a one way trip the scammer’s wallet. Before trusting a service, make sure you verify its veracity. These sites often use names that sound like well-known websites to confuse people.

Fake Tech Support -- This happens sometimes on Slack or other similar services. Slack is a chat service that is popular for Crypto Developers to reach out to their users. But if you happen onto the site while an official member is not present, you may end up getting scammed by another user. Here, a person posing as a team member will try to lure people in need of technical help into a private conversation, where they ask you post some of your info to help you resolve the problem. They will try to get your to expose your private key, often through a command called “dumpprivatekey”, so that they can drain your wallet. Make sure you are talking to an official member of the team, use cation when a slack user links a file for you to download, and never execute the “dumpprivatekey” command on slack.

Honeypot -- This one is almost justifiable. Here, a scammer posing as a newbie “accidentally” exposes their private key in a public forum. Of course, everyone that sees it checks their wallet for a balance, and finds there is some asset in their worth stealing. But the would-be thieves are foiled by the clever newbie. Some wallets require a small amount of Bitcoin to transfer any asset within wallet (even if it’s not a Bitcoin wallet). The scammer puts a non-bitcoin asset in the wallet, so in order to drain the wallet the thief must first put deposit some Bitcoin. However, the scammer has a script running that drains the Bitcoin as soon as it is deposited, and therefore blocks the thief from stealing the other assets. Scammer beats thief!

"Buy My Locked Wallet, I Forgot the Password" -- This one appears on BitCoinTalk quite often. A poster offers to sell an encrypted wallet DAT file which he/she claims if full of hundreds of coins, but he/she forget the password. All you have to do is crack the password, and it’s all yours! Well, even if the wallet is theirs, and even if there are coins in it, it is likely locked with a strong password, and there is nothing that would prevent the scammer from draining the wallet by the private key after you purchased it.

Sort:  

very informative

Congratulations @hashface! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!