When it comes to money, scams always follow. The same goes for cryptocurrency.
In February 2022, the Wormhole cryptocurrency exchange platform lost $320 million after a cyber attack. In addition to this attack, cryptocurrency fraudsters have stolen over $1 billion since 2021, according to report of the Federal Trade Commission .
Digital currency is a form of currency stored in a digital wallet, and the owner can convert the currency into money by transferring it to a bank account. Cryptocurrency, such as Bitcoin, is other than digital currency . It uses blockchain for verification and doesn't go through financial institutions, so it's harder to recover from theft.
Although cryptocurrency is a newer trend, thieves are using old methods to steal. Here are some of the common cryptocurrency scams to watch out for.
1. Bitcoin investment schemes
In Bitcoin investment schemes, scammers contact investors who claim to be experienced "investment managers". As part of the scheme, so-called investment managers claim to have made millions investing in cryptocurrency and promise their victims that they will make money on investments.
Scammers require an upfront fee to get started. Then, instead of making money, the thieves simply steal the advance fees. Fraudsters can also request personal identification information, claiming to transfer or deposit funds, and thereby gain access to a person's cryptocurrency.
Another type of investment fraud involves the use of fake celebrity endorsements. Scammers take real photos and place them on fake accounts, ads, or articles to make it look like the celebrity is touting a big financial gain from the investment. The sources for these claims appear legitimate, using reputable company names such as ABC or CBS with professional-looking websites and logos. However, the confirmation is fake.
2. Carpet pulling scams
Carpet pulling scams involve investment scammers who "pump" a new project, non-fungible token (NFT) or coin to get funding. Once the scammers get the money, they disappear with it. Coding for these investments does not allow people to sell bitcoin after purchase, so investors are left with a priceless investment.
A popular version of this scam was the Squid coin scam, named after the popular Netflix series Squid Game . Investors had to play to earn cryptocurrency: people would buy tokens for online games and earn more later to exchange for other cryptocurrencies. The price of the Squid token went from a value of 1 cent to around $90 per token.
Eventually the trade stopped and the money disappeared. The value of the token then went to zero as people tried and failed to sell their tokens. Scammers made about 3 million dollars from these investors.
Carpet pulling scams are also common for NFTs, which are one-of-a-kind digital assets.
3. Romance scams
Dating apps are no strangers to crypto scams. These scams involve relationships – usually at a distance and strictly online – where one party takes time to gain the other party's trust. Over time, one party begins to convince the other to buy or give money in some form of cryptocurrency.
After receiving the money, the dating scammer disappears. These scams are also called "pig slaughter scams".
4. Phishing scams
Phishing scams have been around for a while but are still popular. Scammers send emails with malicious links to a fake website to collect personal data, such as key information cryptocurrency wallet .
Unlike passwords, users only receive one unique private key to digital wallets. But if a private key is stolen, changing that key is difficult. Each key is unique to the wallet; so to update this key the person needs to create a new wallet.
To avoid phishing scams, never enter secure information from an email link. Always go directly to the site, no matter how legitimate the website or link looks.
5. Attack man in the middle
When users log into a cryptocurrency account in a public place, fraudsters can steal their personal, sensitive information. A fraudster can intercept any information sent over a public network, including passwords, cryptocurrency wallet keys, and account information.
Every time a user is logged in, a thief can collect this sensitive information using the approach for a “man in the middle” attack ". This is done by intercepting Wi-Fi signals on trusted networks if they are in close proximity.
The best way to avoid these attacks is to block the man in the middle by using a virtual private network ( VPN ). A VPN encrypts all data that is transmitted, so thieves cannot access personal information and steal cryptocurrency.
6. Social media cryptocurrency giveaway scams
There are many fraudulent social media posts promising bitcoin giveaways. Some of these scams also involve fake celebrity accounts promoting the giveaway to attract people.
However, when someone clicks on the gift, they are taken to a fraudulent site asking for confirmation to receive Bitcoin. The verification process involves making a payment to prove the account is legitimate.
The victim could lose that payment – or, even worse, click on a malicious link and have their personal information and cryptocurrency stolen.
7. Ponzi schemes
Ponzi schemes pay older investors with the proceeds of new ones. To attract new investors, cryptocurrency scammers will attract new investors with bitcoins. It is a circular scheme as there is no legitimate investment; it's all about targeting new investors for money.
The main lure of a Ponzi scheme is the promise of huge profits with little risk. However, there are always risks with these investments and there is no guaranteed return.
8. Fake cryptocurrency exchanges
Scammers can lure investors with promises of great cryptocurrency exchanges – maybe even a few extra bitcoins. But in reality there is no exchange and the investor doesn't know it's fake until he loses his deposit. Cryptocurrency uses a blockchain for verification and doesn't go through financial institutions, so it's harder to recover from theft
Stick to known crypto exchange marketplaces – like Coinbase, Crypto.com, and Cash App – to avoid unfamiliar exchanges. Do your research and check industry sites for details on the exchange's reputation and legitimacy before entering personal information.
9. Job offers and fraudulent employees
Scammers will also pose as recruiters or job seekers to gain access to cryptocurrency accounts. With this trick, they offer an interesting job but require cryptocurrency as payment for job training.
There are also scams in hiring remote workers. For example, North Korean IT freelancers try to take advantage of remote work opportunities by presenting impressive resumes and claiming to be based in the US. The US Treasury issued warning about this North Korean scam targeting cryptocurrency companies.
These IT freelancers look for projects involving virtual currency and use access to exchange currency. They then hack into the systems to collect money or steal information about the Democratic People's Republic of Korea (DPRK). These workers also do other skilled IT work and use their knowledge to gain inside access to enable the DPRK's malicious cyberattacks.
Learn more about ongoing employee background checks, to protect organizations.
How to Protect Bitcoin and Cryptocurrency
To protect yourself from cryptocurrency scams , here are some of the common red flags:
- promises of large profits or doubling of investments;
- accepting only cryptocurrency as payment;
- contractual obligations;
- spelling and grammatical errors in emails, social media posts or other communication;
- manipulative tactics, such as extortion or blackmail;
- promises of free money;
- fake influencers or celebrity endorsements that seem out of place;
- minimal details of cash flow and investment; and
- several transactions in one day.
Protect digital wallets from fraudsters by practicing good digital security habits such as strong passwords , using only secure connections or VPNs, and choosing safe storage. There are two types of wallets: digital and hardware. Digital wallets are hosted online and have a higher hack rate. Hardware wallets store information, such as the cryptocurrency wallet and keys, offline within a single device.
Cryptocurrency is not insured by the Federal Deposit Insurance Corporation, so its preservation is vital. Never give wallet keys or passcodes to anyone.