Crypto scams are steadily becoming the new standard for online fraud. An increasing number of cybercrooks target assets such as cryptocurrency, utility tokens, non-fungible tokens (NFTs) and even entire crypto wallets.
Although Web3 still has a long way to go in terms of infrastructure, security and optimization, it’s becoming clearer that, ultimately, we’ll adopt it. Decentralization looks tempting, and many companies and individuals rush to embrace it without fully understanding or assessing the risks.
Scammers, con artists, fraudsters, crooks and hackers are currently among the most significant threats to Web3 adopters. It’s not much different than before; they just adapted their techniques.
More alarming, cybercriminals can seemingly shift from the centralized (Web2) Internet to its decentralized (Web3) analog. Sometimes they even combine techniques to unleash devastating attacks against unsuspecting victims and steal their crypto assets. Some of the most common crypto scams include:
One of the most frequently used crypto scams is the fake website. Perpetrators create a decoy website, often mimicking a legitimate one, to trick unsuspecting victims into handing over their crypto assets.
Fake airdrops, for instance, are a popular scheme nowadays. Users are promised free crypto assets, but they’re required to link their wallets to the fake website to receive them. A sense of urgency is also involved, as the airdrops are often accompanied by countdown timers or an amount counter that keeps dropping.
Users who fail to recognize the scam quickly become victims after not only linking their wallets but also handing their recovery phrases or signing malicious transactions without checking them thoroughly.
Pump and Dump
A crypto scam with a different approach, the pump and dump, is just as dangerous for one’s crypto assets. This scheme works by creating a lot of hype around a new crypto product using various channels such as email or social media.
Enthusiasts who don’t want to miss out on the seemingly promising asset hurry to buy it, which naturally drives its price up. This, in turn, creates more hype, which could attract buyers who were initially hesitant. Once the price reaches a certain threshold, scammers sell their coins, triggering a crash of the crypto asset’s value.
Fake apps are no novelty; for years, scammers have been creating malicious versions of a legitimate app and tricking users into installing it on their devices.
Fake crypto wallet apps are by far the most common. While they’re easy to mitigate, they’re also largely effective. To entice people into downloading and installing malicious apps, scammers pair them with giveaways, airdrops and bonuses that will never be handed over.
Most of the time, users have to download the apps from external sources, but sometimes fake apps slip through undetected even on Google Play Store and Apple’s App Store. Although legitimate stores quickly catch on to the scheme and remove the malicious content, fake apps can inflict significant damage in the meantime.
In this scenario, perpetrators craft seemingly legitimate websites with malicious forms the victim needs to complete. Most of the time, scammers use login forms to trick their targets into handing over their credentials.
One of the most critical assets in a crypto environment is the wallet’s recovery phrase. Therefore, crypto phishing attempts usually ask for it.
Crypto scams mitigation tips:
- Never hand out your wallet’s recovery phrase, regardless of the context
- Use a hardware wallet such as Ledger or Trezor
- Never keep your wallet’s seed phrase online or on any Internet-enabled device
- Avoid taking photos of your seed phrase with your phone and saving them in the cloud; if the cloud or your device is compromised, so is your crypto wallet
- Check the website’s spelling; most of the time, phishing websites have almost identical spelling to their legitimate counterparts to deceive victims
- Don’t sign unknown transactions; not even a hardware wallet can protect your goods if you willingly hand them to scammers
- Be cautious when connecting your wallet to crypto websites, especially if they’re not well-established
- If you’re using Discord for crypto trading, disable your DMs and leave them like that; most Discord hacks take place through malicious DMs
- Avoid downloading apps from external or untrusted sources
- Avoid installing shady apps, even if they’re on the Play Store or the App Store (e.g., crypto wallet apps)
- Don’t claim airdrops if you don’t trust the organization behind them
- Do your own research (DYOR) on new investment opportunities; if it’s too good to be true, it’s usually a scam
- Avoid trading crypto assets on unverified platforms
Dedicated software solutions such as Bitdefender Ultimate Security can help you fend off scamming attempts, with features like:
- All-round real-time protection against e-threats (trojans, worms, viruses, zero-day, ransomware, spyware, rootkits, exploits)
- Network threat protection (brute force, botnet, malware, exploits)
- Anti-phishing module that detects and blocks sites that purport to be legitimate to steal your credentials or assets
- Anti-fraud filtering system that notifies you about potential website scams
- Breach monitor
- Real-time fraud monitor
- Password manager
- Cross-platform protection on Windows, Android, iOS, and macOS