Cryptocurrency has become an increasingly popular investment option, but with this comes an increase in the number of scams related to it, especially when markets pump and the resulting FOMO lets even the savviest investor drop their guard at times. Scammers and fraudsters use various tactics to deceive and steal from investors.
A 2022 report by the FTC showed that cryptocurrency is a common method for scammers to get people’s money. Crypto transactions lack a centralized authority to flag suspicious transactions and cannot be reversed, making them an attractive target for scammers.
Since 2021, over 46,000 people have reported losing over $1 billion in crypto scams, with a median loss of $2,600. The real number is likely much higher, as many victims do not want to give up their anonymity. The report also revealed that:
- Bitcoin is the top cryptocurrency used to pay scammers, followed by Tether (USDT) and Ether (ETH).
- 50% of reported crypto fraud losses began with an ad, post, or message on social media
- Surprisingly, Instagram is the top platform for losses, followed by Facebook, WhatsApp, and Telegram.
- Investment scams are the most common type of crypto fraud loss, accounting for $575 million since 2021
- Romance scams come in second with $185 million lost, with a median individual loss of$ 10,000.
9 Common Crypto Scams to Avoid
As an investor, it’s important to be aware of these threats and take steps to protect yourself from falling victim to fraud. Here are some of the biggest crypto scam threats you need to know about in 2023 and beyond, and how they work.
Please note that there are some overlaps between these threats, for example, phishing attacks and other methods are also considered to fall under social engineering scams.
1. Social Engineering Scams
Social engineering refers to the tactics used to illicitly access confidential information, crypto wallets or accounts, or to manipulate victims into downloading malware onto their computers and networks, thereby causing further harm.
Social engineering scams use psychological manipulation to trick the victim into giving scammers access to their cryptocurrency. To sidestep this type of scam, always be wary of any unsolicited offers or requests and verify the identity of the person or entity you are dealing with.
These techniques encompass a range of strategies such as:
- Baiting- where a person’s greed is used against them, such as free media downloads
- Pretexting - where an attacker pretends to be a trusted figure such as a policeman or doctor
- Tailgating- where a scammer gets physical access to a company by deceiving an employee to let him or her in
- Quid pro quo attacks- where a reward is promised in return for sensitive information, such as a study
2. Phishing Scams
Phishing scams have one main purpose, to steal sensitive personal data from crypto holders such as their crypto exchange login details or a private key/recovery seed through deception, then use it to steal users’ funds. Fraudsters do this by sending emails or social media messages with malicious links to fake websites or apps that gather information. Be cautious of any indirect links and always visit the website directly.
Phishing scams have yielded great success in the past, first breaching the personal user information databases of companies like Coinbase, OpenSea and Ledger, and then targeting their unsuspecting customers through emails, social media and SMS messages (Smishing).
a) Personal Email Phishing
Phishing scams are probably the most common way for hackers to steal your private information, and now they are using this tactic to gain access to your cryptocurrency funds. By sending you an email that looks legitimate and contains a link to a fake website, scammers can get you to enter your private key or recovery seed and steal your funds. To avoid this type of scam, don’t click on links in emails received from unknown senders. It also helps to check the associated domain and actual email address of the sender and not just their displayed name.
b) Business Email Compromise (BEC) Scams
BEC scams target businesses that perform wire transfers. The attacker gains access to the email account of a senior executive and sends an email to the accounting department, requesting a wire transfer to a fraudulent account. To avoid falling victim to this type of scam, always verify the sender’s email address and double-check any wire transfer requests.
c) Social Media/Messaging App Phishing Scams
Social media platforms like Facebook, Twitter and Instagram as well as messaging apps like Discord, Telegram and Whatsapp are popular breeding grounds for scams, thanks to the lack of ID requirements and ease to setting up fake profiles. It’s especially rampant on Twitter, where the tweets of popular crypto figures get bombarded by comments promoting fake projects and giveaways.
Hackers now especially NFT collectors by sending malicious links, usually on popular channels or applications like Discord, that ask for details or credentials. By the end of 2022, stolen NFTs accounted for over $86 million in value.These links are behind legitimate-looking pages that hide keyloggers or spyware used to access your accounts.
Always be cautious when clicking on links or attachments from people or accounts you are not familiar with, as you can lose your whole portfolio. Also, be cautious when minting NFTs and check that you’re on the right URL. Scammers will often create urgency by showing a timer running down for minting or only a few NFTs remaining to be minted, something which this author fell for himself during a particular sought-after NFT mint!
d) Call Center Fraud
Call center fraud is a type of social engineering attack where the attacker poses as a customer service representative of a crypto exchange or custodian and requests personal information from the victim. To avoid this type of scam, never give out personal information over the phone, especially if you didn’t initiate the call.
e) Fake Websites and Wallets
Fraudsters create duplicates of legitimate crypto-related websites and apps, even somehow ranking on Google, to lure inexperienced investors. These ads are especially prevalent on Google and YouTube, where scammers run fake sponsored ads to get users’ attention. Be cautious of any crypto trading website that promises numerous advantages and benefits in a short time frame.
3. Seasoned Investor Scams
Investment scams are also rife in crypto. Smooth-talking scammers post as seasoned investment experts promising you high returns on your investment (see MTI Trading) and asking you to transfer funds to them. They may offer you a fake ICO or a pyramid scheme that looks legitimate but is actually a scam.
To avoid falling victim to this type of scam, always do your research (DYOR) before investing in any project. There are many variations, with most involving gaining the victim’s trust and then exploiting it by getting them to reveal their private credentials directly or indirectly through infected malware.
Here are a few popular techniques:
a) Investment Manager Scams
One of the most common crypto scams is when fraudsters contact investors and claim to be seasoned “investment managers.” These scammers offer to help investors make millions by investing in cryptocurrency but require an upfront fee before disappearing with the money. In some cases, they may also ask for personal identification information, which they use to gain access to the person’s cryptocurrency wallet. Be cautious of anyone offering high returns on investment and always do your research before investing.
b) Ponzi Schemes
Ponzi schemes are probably the second oldest profession in the world and are now customized for crypto investors. These scams involve tricking new investors into paying older investors, and there are no legitimate investments in this process. Scammers promise huge profits with lesser risks to lure new investors. The following Ponzi scams drained billions of dollars from investors.
- Bitconnect: This lending and exchange platform promised investors high returns on their investments. However, it was revealed to be a Ponzi scheme, and it collapsed in 2018, resulting in a loss of over $2 billion for investors.
- OneCoin: This cryptocurrency promised to rival Bitcoin but was found to be a fraudulent scheme. The founders of OneCoin were arrested, and investors lost an estimated $4 billion.
- PlusToken: A mobile wallet app that claimed to offer high returns on investments in cryptocurrencies, PlusToken was exposed as a Ponzi scheme in 2019, and investors reportedly lost over $2 billion when the founders were arrested.
To stay clear of Ponzi schemes, be wary of any investment opportunities that promise unusually high returns and always do your research before investing. Familiarize yourself with how Bitcoin really works and check the credibility of any crypto investment firms before investing.
c) Fake Crypto Exchanges and Wallets
Another variation of the seasoned investor scam is often seen during especially bull markets, and works as follows: Scammers pose as expert investors and promise great cryptocurrency exchanges with additional bitcoin. After an investor makes a deposit, the scammer disappears with the money. Stick to known, authentic crypto exchange markets and check the legitimacy of any crypto investment firms before trusting them.
4. Romance Scams
Scammers also target investors through dating apps like Tinder, Hinge and Bumble by forming online romantic relationships and then convincing them to invest in cryptocurrency. With artificial intelligence (AI) technology like ChatGPT and Google Bard rewriting all the rules in 2023, there are also AI chatbots proliferating that are programmed to fool suitors and empty their wallets.
They gain the investors' trust over time and use emotional manipulation to convince them to part with their money. Don’t trust anyone who tries to convince you to invest in their trades, and always use authentic platforms. Ask your match to do a friendly face-to-face meeting or video call to ensure they are who they say they are.
In cryptocurrency, ransomware attacks are a growing concern in 2023. Comparitech researchers reported that the number of publicly-reported ransomware attacks in 2022 was 381, with an average ransom demand of $4.15 million. It has become such a problem, that the US government specifically began to target both the perpetrators and the services they use, most notably crypto mixers like now-sanctioned Tornado Cash, due to the money laundering and terrorism funding (ML/TF) they facilitate.
Ransomware is a type of malware that encrypts your computer files and demands a ransom payment to restore access and is usually installed when computer and phone users are tricked into clicking on a malicious email or message link. It’s vital you ensure your anti-virus software is always up to date and to refrain from downloading files from untrusted sources.
General Bytes, a cryptocurrency ATM manufacturer, lost millions due to a ransomware attack that exploited a vulnerability in the master service interface. Authorities are taking action- ChipMixer, a cryptocurrency mixing service, was also dismantled for laundering over $3 billion in ransomware-related cryptocurrency.
To protect against crypto-ransomware scams, it’s crucial to use strong passwords, verify vulnerability reports, apply patches promptly, research opportunities, and stay informed.
6. SIM Card Scams (Smishing)
One of the most dangerous types of crypto scams is SIM card scams. This scam allows scammers to access all the information stored on the victim’s SIM card, including cryptocurrency account passwords and two-factor authentications (2FA).
Don’t become a victim- Always protect your personal information and avoid giving out sensitive information to unknown sources. Avoid using SMS authorization OTPs and rather use 2FA generator apps such as Google Authenticator and Authy when logging in to your sites. Use all the biometric verification tools your phone has on offer, such as fingerprint or facial recognition.
7. Fake Crypto Exchanges and Wallets
Scammers create fake exchanges and wallets that look legitimate and convince investors to transfer their cryptocurrency to them. Once the scammer has the victim’s cryptocurrency, they disappear, leaving the victim with no way to recover their assets. Always use a reputable exchange or wallet provider and verify the authenticity of the exchange or wallet before transferring any funds.
8. Fake Initial Coin Offerings (ICOs)
Some ICOs are fabricated, featuring phony bios of fake team members and technical whitepapers copied from legitimate cryptocurrency markets. Do thorough research on all team members of any ICO project before investing any money.
9. Pump-and-Dump Schemes
Fraudsters spread fake news involving celebrities, big crypto figures, and influencers to lure people into investing in small cryptocurrencies with low liquidity. They use these schemes to pump up the coin’s value before dumping it, leaving investors with losses. It’s essential to conduct thorough research on all cryptocurrency coins and wallets before investing in them to protect yourself from such scams. Don’t be fooled by big names, as they use their social clout to get you to invest in return for millions of dollars. High-profile celebrities such as Tom Brady, Floyd Mayweather, Shaq O’Neal, Kim Kardashian, Logan Paul, and DJ Khaled have all come under fire or been investigated by US federal agencies for their involvement in fraudulent crypto projects.
Checklist to protect yourself from crypto scams
Here are some tips to identify fake cryptocurrency red flags and protect yourself from scams:
- Be cautious of guaranteed money returns: Financial investments do not promise guaranteed returns or profits. If someone promises sure money returns in big gains in less time, it is likely a scam.
- Flag extreme marketing: While all companies invest in marketing, fraudsters go to great lengths to trap as many people as possible in the shortest time frame. If a crypto company is doing extreme marketing and promising good returns, be sure to do your research before investing.
- Look for a comprehensive whitepaper: Every cryptocurrency must have a whitepaper that discusses how the cryptocurrency works. A poor or non-existent whitepaper is a red flag and should make you think twice before investing.
- Check the company members: For any reliable business, you should be able to find the biographies of the team members running the company. They should have an active social media presence, and if you can’t access their names or biographies, it’s best not to invest your money.
- Get a hardware wallet: Using a cold storage device ensures that your private keys remain offline at all times, and that no transaction can be executed without your physical authorization on the device. Be sure to avoid blind-signing transactions where possible, and move your long-term portfolio over to your hardware wallet, to ensure you access these funds as little as possible.
Crypto scams are ever-evolving in their quest to outsmart retail users and even institutions who struggle to keep up with the insanely fast pace of the cryptocurrency sector. Staying informed is crucial when it comes to protecting yourself from crypto scams. Apply common sense tips like being cautious of unsolicited offers, verifying the authenticity of websites, wallets, and exchanges before transferring funds, and keeping your antivirus software up-to-date. Use a cold storage device as a last line of defense to ensure your portfolio’s safety.