Avoid Crypto Scams: Best Practices To Protect Yourself
Interests in Cryptocurrency have boomed over recent years, and so has the number of scammers and impersonators. From videos featuring Ethereum founder Vitalik Buterin used to lure people into giving up cryptocurrencies to CoinDesk's email hacking incident, the examples are countless.
If there is anything we can learn from these events is that we can always do better in security. Online scamming is not something new. Phishing emails and fake profiles have been part of the Internet culture since its inception.
Let's identify the most common threats so you know them when you see them and then give you the best solution.
Common Crypto Scams and Threats
⚠️ Fake MetaMask Extension
The MetaMask extension is an Ethereum wallet plugged into your browser for accessing distributed applications. The extension connects the Ethereum web3 API to your website's javascript so that dApps can read from the blockchain.
According to Kaspersky research, a notorious hacker group known as BlueNoroff manipulated the popular MetaMask extension to steal funds from that user: they intercepted the transaction process and injected their own line of code to drain the accounts.
How To Protect Yourself
You should always keep your MetaMask up to date and ensure that all updates take place within your browser. The original download should come from the official website.
___
⚠️ Malicious NFT Airdrops Target OpenSea Vulnerability
OpenSea is the biggest online non-fungible token (NFT) marketplace, according to Statista. Almost a year ago, many users fell victim to a scam that saw hackers airdropping" free NFTs" to users, only to see their funds disappear from their wallets. Check Point Research went into a detailed analysis and worked closely with OpenSea to resolve the problem and prevent this from ever happening again.
How To Protect Yourself
You should always be careful when receiving external requests to sign your online wallet. Don't be eager to approve requests; ensure you know where the request is coming from. If in doubt, reject the request until you are absolutely sure this is a request you trust and approve.
___
⚠️ Honeypot and Rug Pull Scams
Let's start with rugpulls. The name comes from the real-life scenario of pulling the carpet underneath someone's feet. How does that translate into the crypto world? Scammers will launch a new currency attached to a liquidity pool and wait for people to start buying/selling the coin. Once enough money is in the pool, scammers will withdraw the funds and flee before you know it.
Now, let's move on to honeypots. Again, the name stems from a real-life scenario where your funds get stuck, and you can't get it out. Here's how honeypots work: scammers will incorporate a piece of code into the smart contract that only allows their wallets to sell the coin. Everyone else can buy, but they are the only ones that can sell. What happens next?
Performance graphs indicate a steep buying curve encouraging investors to buy. The value keeps going up, and market sentiment shows a coin that rises in valuation. The hard realisation that you have been scammed comes when you decide to sell. The scammer code does not allow you to sell, and your money is essentially trapped forever.
Honeypot scams can last from days to weeks to months, depending on how long it takes people to realise they can only buy and not sell.
How To Protect Yourself
Avoid trading or getting involved with coins that are under the radar. Instead, check that your coin of choice ranks amongst the top on CoinMarketCap and their trading volumes. Other ways to spot mischief and stay away are:
- Revert from currencies where a few purses have the majority of the tokens
- They are audited by a renowned company
___
⚠️ Phishing Emails and Ads
If you think Google Ads are annoying and just clog the top of your search results, wait till you read about the crypto scam associated with them. Fraudsters follow the designated procedure and bid on keywords on Google Ads, setting traps for cryptocurrency enthusiasts that are thirsty for content that will give them a competitive advantage, according to the Check Point investigation. So how did the scam work exactly?
People searching for MetaMask and Solana were presented with links to phoney lookalike websites. Once they landed on the fake website, there was no way to tell they shouldn't create accounts. The level of detail in the design and behaviour of the website led people to create and fund accounts, only to see their funds disappear.
When it comes to email phishing, it usually involves a malicious link in an email that loads a piece of code on the computer infecting it immediately.
How To Protect Yourself
Never navigate to a website through ads. Instead, type the name of the website yourself and ensure the URL is SSL-protected and corresponds to the real name of the brand. Sometimes, scammers are able to make the real and scam URL look exactly the same.
Regarding emails, check the sender and ensure all emails you open come from contacts and people you recognise and know. Emails containing links should be treated with caution, and so should PDFs and files you need to download on your device.
___
⚠️ Impersonators Pretending To Be Telegram Admins
Telegram groups are littered with scammers trying to impersonate high-profile influencers, company staff or group admins to get in your good graces. They might ask you for personal information, transfers, receive odd calls or even be added to groups without asking to.
These are all signs you should be wary of, and here is how you can protect yourself.
How To Protect Yourself
Check your Telegram privacy settings and hide information such as your telephone number that shouldn't be shared with the public. Moreover, you should identify admins on the Telegram channel member list by clicking on "members" or "info".
If someone contacts you, click on the photo/avatar of the person you are talking to, check the username and compare it with the list of admin usernames. Furthermore, you should only interact with official social channels in the channel.
We advise you to change your privacy settings accordingly to avoid being added to groups or receiving calls from strangers. Here's how:
Telegram > Settings > Privacy and Security > Calls, then Groups & Channels
👉 Set "Who can call/add me" to "My contacts" rather than "Everybody";
👉 You can also check the list of official Admins: type /adminlist to the chat;
___
More Ways To Protect Yourself From Crypto Scams
Never share your seed phrase with anyone. Nobody will ever ask you to share it - no company, person or platform. This is strictly personal information and should not be shared under any circumstances.
Use a hardware wallet to hold and keep assets secure. It adds an extra layer of security as they are unaffected by viruses if they were to be stored in a digital form.
Use a password manager and never reuse passwords. Password managers allow users to use stronger, more complex passwords as they don't have to rely on memory.
2FA on all accounts (emails, exchanges, platforms). Ideally, the phone with the 2fa codes should be external to your day-to-day phone.
Last but not least, ensure you follow a project's official links. In the case of Polkastarter, go to a project's dedicated page and scroll to the bottom of the page.