The CryptoCurrency Scambook
Scams in general, have been around ever since humanity existed; and around a decade ago, it looks like scammers found another industry to make money off — the cryptocurrency space.
While bitcoin and cryptocurrencies sure have their advantages — unfortunately, just like with any other technology, there will always be some downsides. The cryptocurrency space is infested with scams simply due to the pseudo-anonymous nature of bitcoin and cryptocurrencies, which allows scammers to get away with huge heists with potentially little to no trace if they know what they’re doing.
The best way to not get caught up by these scams is to simply educate yourself and be extremely cautious in everything you see online in general, inside and outside the cryptocurrency
Listed and described below are most of the common scams that are currently being used in the cryptocurrency space.
Phishing Scams 🎣
One of the most effective scams until today; not only in the cryptocurrency space but on the world wide web in general.
A phishing scam is an attempt to steal account login information, credit/debit card information, your bitcoin or crypto wallet’s recovery phrase, or whatever valuable information that a bad actor can take advantage of, mostly through fake clone websites and software.
How the scam works
One simple way scammers spread phishing sites is through the Google ads platform. You do a simple Google search query, typing up “Binance”, and if you don’t use an ad blocker, there’s a decent chance that the top search result would be an advertisement.
It clearly says “www.binance.com/“, on the link text, but when you click on the link and take look at your browser’s address bar, there’s a decent chance that the site you’ve just opened is going to be something like “binancel.com“, “binancesite.co“, or something else that isn’t the legitimate “binance.com“.
Some of these methods are so tricky, as they use domains like “biṇaṇce.com“. You might not have noticed it immediately, but it’s actually an ‘ṇ‘, a Latin character.
Google ads are just one way of spreading phishing sites and software though. Other ways and methods of them spreading phishing sites and software include:
- social media: scammers could create fake accounts on Facebook, Twitter, Instagram, or other social media sites and communities in general, masquerading as certain companies(Ledger, Coinbase, Trezor, etc).
- hacked YouTube accounts: scammers have been hacking YouTube accounts with a decent number of subscribers and changing the YouTube channel name to a certain company. They would then say that they’re conducting a “crypto giveaway” or something similar while posting a video(live or not) with a link to a phishing site or a download link of fraudulent software.
- fake customer support: this is mostly happening on Reddit and Twitter, but it could happen on all social media sites. Scammers would target people who had made a post concerning issue(s) with certain services(Binance, Ledger Nano S/X hardware wallet, etc) by messaging them and sending them a link to a phishing site or a download link of fraudulent software.
Always keep your eyes peeled. Some hackers and scammers are extremely smart, and they can create other more convincing ways to trick people into opening their phishing links. It’s heavily recommended that people always check their browser’s address bar if they’re actually on a legitimate website.
Fraudulent mobile apps
Pretty much the same with phishing sites, but in the form of apps. Especially on the Google PlayStore for Android devices, there are A LOT of fraudulent mobile apps made to steal your funds.
Mostly faked apps include:
- Coinbase
- MetaMask
- Ledger Live
- Binance
- etc
How to protect yourself
- always do a double or triple-check on your browser’s address bar to confirm that you’re actually on a legitimate website.
- install a well-known and reputable adblocker like uBlock Origin on your browser, or use the Brave browser instead.
- Prevent clicking on ads.
- Make sure that you’re downloading legitimate apps.
Twitter Giveaway and “doubling” Scams 🐦
Fortunately, Twitter giveaway scams have died down a bit, though they could still appear on Twitter once in a while.
Twitter giveaway scams are pretty straightforward. The scammer makes a fake Twitter account masquerading as a famous person(mostly people in the tech industry). The scammer would then reply to the legitimate person’s tweet, saying something along the lines of:
As you can see, Elon Musk’s legitimate Twitter handle is @elonmusk whereas the scammer is using the Twitter username @elonmusk___.
While this scam should be pretty obvious, unfortunately, some people still fall for it.
NOTE: While such scams mostly take place on Twitter, they can take place on any other social media site or website in general.
How the scam works
- You see a famous(fake) persona posting on social media about how you can multiply or double your coins.
- You send the coins to the provided address.
- The scammer simply runs away with your coins.
How to protect yourself
- Don’t be delusional. If something’s too good to be true, it probably is.
Investment Scams & Ponzi Schemes 🎩
Investment scams have existed pretty much even before the birth of the internet and the world wide web.
Investment scams and Ponzi schemes mostly have well-designed websites that claim to give you a 10% profit daily from your initial deposit or something along those lines.
They ask you to deposit a certain amount of money(or crypto, in this case), and promise a certain amount in return daily, weekly, or monthly. Some investment scams allow you to withdraw your profit for a while, in the hopes of you depositing more money, then they simply lock up your account after a while. Losing your access to your funds.
Common types of Investment and Ponzi schemes
Fraudulent Trading Bots
The victim is asked to “invest” in a trading bot, claiming that the trading bot can make the victim a certain amount of money in a certain period. Usually something enticing but unrealistic like 50% in 3 days or something similar.
Cloud Mining Scams
Similar to fraudulent trading bots where the victim is asked to deposit a certain amount of money for “cloud mining”, again, mostly with unrealistic promises of profit.
Bitcoin & Cryptocurrency Investment Scams
Again similar to the previous two, the scammer asks for a certain deposit, with unrealistic promises of profit. This scam is mostly used for people who have little to no idea and are totally clueless about what Bitcoin and cryptocurrencies are, and how they actually work.
How the scam works:
- You see an advertisement on Google and or social media about a trading bot, investment site, or cloud mining site, whereas the website claims that they can multiply your money in a short period.
- You create an account and deposit some money.
- The scam website will then try to get more money from you by convincing you to deposit more money.
- The scammer runs away with your money.
How to protect yourself
- Don’t be delusional. If something’s too good to be true, it probably is.
- If you want to invest in bitcoin or other cryptocurrencies, simply buy them off reputable exchanges.
- If you want to mine bitcoin and cryptocurrencies, buy the mining hardware yourself.
Some famous crypto-related ponzi scams in the past
- BitConnect
- DavorCoin
- HashOcean
Pump And Dump Schemes 📉
Pump and dump schemes are pretty easy to spot, as pump and dump group leaders usually advertise them as “trading signal groups“, or sometimes even straight-off shamelessly advertise them as “pump groups”.
The scheme is pretty straightforward: The group leader asks his/her members to buy a certain coin/token that is quite low in market cap to make the price far easier to manipulate, claiming that it will rise or “pump” in price.
Before the group leader announces which coin/token to buy, the leader already bought a significant amount of that certain coin/token, so the leader can sell them at a significantly higher price. The price of that coin/token does then increase because the group members buy loads of the specific coin/token, while the leader is selling at higher prices; earning the group leader significant amounts of profit, sometimes even as high as 10x.
How the scam works
- You see a “trading signals” group being advertised on social media or some forums.
- You join the group, mostly on Telegram.
- The group owner buys an amount of a certain cryptocurrency and tells the whole group to buy it, claiming that it will rise in price.
- The price does increase due to the people in the group buying the coin.
- At some point, the group owner sells or “dumps” everything, making vast amounts of profit while immediately dropping the price.
How to protect yourself
- Don’t join pump-and-dump groups masquerading as “trading groups”.
- Do your own research.
Scam ICOs 🪙
Initial Coin Offerings or ICOs are quite similar to crowdfunding where the company/team accepts BTC/ETH from the people in exchange for a certain amount of their coins/tokens, depending on how much you sent them.
An ICO in itself isn’t necessarily a scam as some are definitely legitimate, but a big percentage of ICOs are indeed either a scam or are bound to fail. Unfortunately, some well-made ICO scams are quite hard to detect as a scammer could create a legitimate well-thought project and simply just not deliver the product and run away with the money. Though some characteristics could be enough proof for you to stay away from certain ICOs.
For a more in-depth guide about ICO scams: Detecting Scam ICOs
How the scam works
- You see an advertisement for a cryptocurrency ICO on social media or some forums.
- The cryptocurrency team makes some outrageous claims like “bitcoin killer”, “ethereum killer” or that the whole world will use that cryptocurrency.
- You invest your money in the ICO.
- The project team fails to accomplish its promises.
- The coin’s price slowly goes down in the long term, effectively losing your money, most of the time more than -95%.
How to protect yourself
- Do your own research.
- Be very wary of ICOs.
Gambling/Exchange Site Deposit Scams 🎰
This scam usually takes place by someone asking the victim to use a certain gambling site and then saying that they gave the victim some free bitcoin to start playing/gambling with. If the victim attempts to withdraw the funds, the website then asks the victim to deposit a certain amount of bitcoin, claiming that deposit to be for the “withdrawal fees”; but in fact, the victim is sending the bitcoin to the hacker’s bitcoin wallet. After the victim made a deposit, the scammer then runs away with the deposited bitcoin.
This scam usually is attempted via private messages on forums and some social media sites.
If someone on social media messages you that’s describing a similar scheme, take a few seconds and report the account to hopefully prevent other people from getting scammed.
How the scam works
- A scammer messages you on forums or social media.
- The scammer says that he/she is giving you some money through this exchange site.
- The scammer asks you to create an account on the scam exchange.
- The scammer tells you that he/she has given you some coins on your account(mostly .5 BTC to sometimes up to 5 BTC to be more enticing).
- To be able to withdraw the funds, the scam exchange would then require you to deposit some bitcoin for the withdrawal fee, whereas the coins being demanded are mostly worth a decent amount of money (0.01+ BTC).
- After you deposit the BTC for the “withdrawal fee”, the scammer simply runs away with your money.
How to protect yourself
- Ignore such messages.
Airdrop Scams 🪂
A very common misunderstanding when taking part in cryptocurrency airdrops is that you have nothing to lose. Where, most of the time, you actually do have something to lose.
Private keys
Some scam airdrops take advantage of some people’s ignorance of how wallets work, by telling them to hand over their wallet’s private keys, effectively giving access to their funds to the scammers.
Email Accounts
The most common thing that an airdrop(scam or not) asks for.
For the more unethical scams though, they collect their participant’s emails, and either send them spam or sell the emails they collected to other companies.
Personal Documents
Some airdrops require the submission of personal identification documents like photos of your driver’s license, passport, birth certificate, etc.
While some legitimate airdrops require the submission of these documents for legitimate reasons like to prevent hoarders from claiming airdrops using multiple emails, most of the airdrops collect personal documents to either sell them or commit identity theft.
How the scam works
- You see an advertisement on social media or some forums about a cryptocurrency airdrop.
- You sign up for the airdrop and submit your personal documents.
- The website owner then sells all the personal information and documents they collected.
- Your identity could then already be used for criminal activities.
How to protect yourself
- Don’t submit personal details, documents, or your wallet’s private keys to airdrop websites.
Fake Mining Hardware Sites ⛏️
Due to the hype of bitcoin and cryptocurrencies, bitcoin mining is also a hot topic from time to time.
Scammers take advantage of this hype by scamming people online who are trying to buy Application-specific integrated circuit(ASIC) miners from manufacturers like Bitmain.
The scammer simply creates a fake website, lists some ASIC miners like Bitmain’s famous Antminer, and accepts bitcoin payments as bitcoin payments are non-reversible. The scammer simply takes the money and doesn’t ship anything to the buyer, effectively stealing the buyer’s money.
Scammers mostly spread their fake mining hardware websites through:
- Google ads
- Google search results
- Social Media
- etc
How the scam works
- You search for a website that sells mining hardware.
- You come across a shady website claiming to sell mining hardware.
- You order one or a few, and you pay using bitcoin.
- The website owner runs away with your coins.
How to protect yourself
- If you’re planning on buying ASIC miners, it’s heavily preferred to buy from the main source, Bitmain.
Fraudulent Paper Wallet Generators 📄
A paper wallet is a type of bitcoin and cryptocurrency wallet that you generate through an open-source HTML page, and simply print out on a piece of paper.
The way scammers take advantage of this is that they create their own version of a paper wallet generator, whereas they have access to every single paper wallet that you generate through their website.
They simply wait for a bitcoin deposit to the paper wallet’s address, and they either simply steal the money immediately, or sometimes they wait till the paper wallet holds a significant amount of bitcoin before they steal it.
Though we’re against using paper wallets in general due to the level of difficulty in creating an actual secure paper wallet, stick to the legitimate ones like bitaddress.org.
Hardware Wallet Scams 💾
A common misconception with hardware wallets is that when you’re using a hardware wallet, it’s going to be next to impossible for your funds to get stolen. But in fact, while reputable hardware wallets are secure, there are still some ways that scammers can steal your funds.
Fake Hardware Wallet Software
Hackers and scammers create almost exact duplicates of existing hardware wallet software like Ledger Live and create their own methods in attempting to steal their victim’s funds.
The most common way is by asking their victims to enter their wallet’s 24-word mnemonic phrase, effectively gaining total access to their victim’s money.
Tampered Hardware Wallet Packages
While there is currently no proof of someone managing to successfully tamper with a Ledger hardware wallet, hackers and scammers can take advantage of someone’s lack of knowledge of how wallets work.
In the case of the victim in the screenshot above, instead of the wallet buyer generating his own set of 24-word mnemonic phrase on the hardware wallet itself, he/she followed the fraudulent instructions of the scammer. Whereas the scammer included a pre-generated list of 24-words, a wallet that the scammer has access to.
QR Code Generator Scams 🔲
It’s safe to assume that some people prefer using QR Codes rather than wallet addresses simply because it’s quicker to do a QR Code scan using a mobile phone.
Due to this, some people resort to using “QR Code Generators” or “converters” to convert a wallet address to a usable QR Code.
How the scam works
- The victim opens the fraudulent bitcoin address-to-QR code converter.
- The victim enters his/her wallet address.
- Instead of giving the victim the QR code of the wallet address he/she entered, the scammer instead displays a QR code of a different wallet address that the scammer owns
- The victim then unintentionally sends funds to the scammer thinking that he/she’s sending the funds to his/her own wallet.
How to protect yourself
- Always double-check if the service you’re using is actually giving you the correct and legitimate QR code.
Fraudulent Bitcoin Forks 🍴
To put it simply, Bitcoin forks are different versions of Bitcoin; the most famous being Bitcoin Cash(BCH). And while the original Bitcoin(BTC) is what really matters, people can sell their forked bitcoin in exchange for a certain amount of money.
To be able to claim Bitcoin forks though, you’d need to enter your Bitcoin(BTC) wallet’s private keys into the Bitcoin fork’s wallet. And while there are legitimate Bitcoin fork wallets out there, there are also a lot of fraudulent ones.
How the scam works
- You’ve learned about a recent Bitcoin fork, and you’re planning on claiming the airdrop for you to be able to sell them.
- You download the Bitcoin fork’s software, and you enter your recovery phase.
- The fraudulent Bitcoin fork then gains access to your wallet and takes away your coins.
How to protect yourself
- Make sure the software you’re using is safe, or don’t collect bitcoin forks at all as it’s mostly not worth the risk.
Ransomware Attacks 🦠
Ransomware is a type of malware that once your device gets infected, the malware locks up your device’s operating system, rendering it unusable. The malware then demands a certain amount of bitcoin or other cryptocurrencies for your device to be usable again.
If your device has been infected with ransomware, all you need to do is to do a fresh install of your operating system and you’ll be good to go.
How to protect yourself
- Always think twice when opening websites and downloading software
Clipboard hijacking attacks 📋
A clipboard hijacking attack is when a hacker gains access to your device’s clipboard, allowing the hacker to replace your clipboard with whatever the hacker wants.
While this is more of a “hack” than a “scam”, a hacker could get the malware to be installed on your device through various methods that scammers use.
How the scam works
- You download and install the malware through a fraudulent website
- The malware then waits till you copy a bitcoin address to your clipboard
- Once you copy a bitcoin address to the clipboard, the malware then replaces the Bitcoin address that you copied with the hacker’s bitcoin address
- You then paste the supposed address that you copied(which is now the hacker’s address)
- You send the funds without double-checking the address
- The hacker now has your bitcoin
How to protect yourself
- Always think twice when opening websites and downloading software
- Always double-check the address you’re sending your coins to
Chargeback scams ↩️
A chargeback scam is a way for scammers to purchase bitcoin or cryptocurrencies(or other stuff online), pay for the purchase, and get their money back in the end.
This scam is mostly done using PayPal, as people can claim that a certain transaction wasn’t made by them, and there’s a good chance that PayPal will reverse that transaction.
How the scam works
- You plan on selling some bitcoin or cryptocurrencies to person X
- Person X sends you the money
- You receive the money, and you send over the coins
- Once person X receives the coins with ample transaction confirmations, person X then attempts a chargeback to get his/her money back
How to protect yourself
- Only trade with reputable people
- As much as possible, prevent from accepting PayPal for payments
Testnet scams 🧪
A “testnet”, regardless if it’s for Bitcoin or any other cryptocurrency, is an alternative blockchain, specifically to be used for testing purposes.
Since testnets use a different blockchain from the live blockchain of a specific cryptocurrency, coins from the live blockchain can’t be sent to the testnet version and vice versa. Hence, testnet coins can’t be used to pay for merchant payments and are pretty much worthless.
Mostly done using bitcoin testnet coins, unfortunately, scammers take advantage of people who don’t know what testnet coins are(regardless of how obvious it is due to the name “test-net”), and sell them these coins as if they’re actual “real” coins.
How the scam works
- Someone offers you to buy some bitcoin, sometimes for a discount
- You agree with the price and the amount
- The scammer then convinces you to download a testnet wallet
- The scammer sends you the coins, and you then pay the money
📙 Final Thoughts
While we covered a lot and most of the existing scams in this article, remember that hackers and scammers are very creative, and will invent more ways of tricking people in the future. This a reminder to always make it a habit of being skeptical.