Crypto Scams

Table of Contents

According to figures released by Chainalysis in January 2022, US$14 billion in cryptocurrencies has been taken from victims in 2021. The surge has been fueled by a rise in “rug pulls” predominantly found in the world of decentralized finance.

Did you know?

CNA938 has produced an award winning radio documentary titled: “Educate or Regulate: The Alarming Rise of Cryptocurrency Scams”.

It provides a good listen during your evening jogs. Listen to it FREE on omny.fm.

Common Crypto Scams

Copy and paste crypto scam

A malware on your computer replaces a wallet address copied from crypto platform’s webpage with another address belonging to scammers.

It is important to double check the destination addresses of transactions in order to avoid loss of funds.

Giveaway scam

Con artists pose as celebrities or known figures in the crypto world. They promise to “multiply” the cryptocurrency that investors send.

E.g. “Elon musk free giveaway scam”

Phishing

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

Common types of phishing attacks include:

  • email spoofing
  • fake, malicious website
  • instant messages with a fake link
  • social media with fake link to exchanges and wallets
  • fake support team

Some examples below:

MetaMask (email spoofing / fake support team)

I receive MetaMask related phishing emails practically daily. Many are able to spoof the email domain to be “metamask.io”, and even escape from the junk mail detection logic. Another common source email address for these MetaMask phishing emails is “webinarinfo @ webinarjam.net”

Example of a MetaMask wallet verification phishing email:

I received the following email in my junk folder. The email looked legit with the sender email address listed as “MetaMask <noreply @ metamask.io>”.

A quick search on the internet with the email text revealed this to be a phishing scam though. Metamask Wallet does not require any verification to be done.

Metamask Wallet phishing scam
Metamask Wallet phishing scam

Phishing airdrops (malicious website)

In the scam, randomly airdropped tokens appear in your wallet. If you try to interact with them, you’re prompted to connect your wallet to a website that looks like a DeFi app — but actually gives hackers permission to drain your holdings. To protect yourself, don’t interact with airdropped tokens from unknown sources, don’t connect your wallet to websites advertised by airdropped tokens, and don’t keep too much crypto in a wallet you regularly use to interact with crypto apps.

Similar looking domain (fake website)

Google AdSense scam leading to myetherwa1let.com instead of myetherwallet.com

Rug pull scam

For every legit project working on real objectives to bring about innovation, comes a series of scams looking for a quick way to grab investor funds. Rug pulls are a type of scam where developers first market a project, and then abandon it, taking their investors' money along with them.

Case Study: SQUID

Squid Game Crypto Went From $0 to $600 in Days and Back to $0 in Seconds

  • operates on Binance Smart Chain
  • based on the popular Netflix series.
  • the creators of the crypto had said the currency would be used in an online playable version of the Squid Game, where users could earn more coins, that they could later encash for real money.
  • red flags:
    • creators of the crypto project were neither associated with the creators of the series nor Netflix
    • spelling mistakes and grammatical errors on the website and the project’s whitepaper.
  • launched at $0.01 and value soared to $2856
  • buyers of the crypto coin could not sell them! The developers had created an “unusual ‘anti-dump’ mechanism” that prevented many investors from selling their tokens. Investors could only sell if the ratio of buyers to sellers was 2:1.
  • creators shut down the project after one week!
  • 40000+ investors were estimated to have lost a total of $3.38 million
  • Binance blacklists Squid Game developer accounts, and reports that developers used coin mixers like ‘Tornado Cash’ to obfuscate their transactions to cover their tracks.

Virus

Storing your seed text on your computer is not safe as some malicious software may be scanning your hard drive for your crypto keys.

Avoid getting scammed or hacked

  • Rule #1 in crypto, never reveal your private key
  • Avoid using public WiFi networks and insecure connections. Bad actors can use these networks to steal your login credentials and other sensitive information.
  • Only install crypto platform apps from official sources like Apple App Store or Google Play. Apps downloaded from unverified sources might contain malware that could infect your device.
  • Protect your accounts with 2FA
  • Do proper research before joining DeFi projects.

Only interact with official, legitimate social media accounts

Scammers often create accounts that look very similar to the official brands, so be vigilant and check. Report fake accounts to get down shut down to prevent others from getting scammed.

Ensure that they go to the official site. Never click on links given by strangers and input sensitive information.

What to do if scammed?

What should you do if you have fallen victim to a crypto scam? I came across a blog article from Tokenize Xchange addressing this.

Key points:

  1. Preserve your transaction information
    • these may be viewable in an online account, but you never know when they will be removed by the company.
    • fraud investigations might take a long time, it’s critical to have a long-term strategy for safeguarding these records.
    • investigators will need all of the transaction IDs identifying the monies sent to the scammers to begin tracing your assets.
  2. Contact the company
  3. Report to local authorities
  4. Warning other investors against the crypto scammers

Mental health and counselling support (Singapore)

  • National Care Hotline: 1800-202-6868
  • Fei Yue’s Online Counselling Service: eC2.sg website (Mon to Fri, 10am to 12pm, 2pm to 5pm)
  • Institute of Mental Health’s Mental Health Helpline: 6389-2222 (24 hours)
  • Samaritans of Singapore: 1800-221-4444 (24 hours) / 1-767 (24 hours)
  • Singapore Association for Mental Health: 1800-283-7019 (Mon to Fri, 9am to 6pm)
  • Silver Ribbon Singapore: 6386-1928 / 6509-0271 (Mon to Fri, 9am to 6pm)
  • Tinkle Friend: 1800-274-4788 (Mon to Fri, 2.30pm to 5pm)
  • Touchline (Counselling): 1800-377-2252 (Mon to Fri, 9am to 6pm)