Table of Contents
According to figures released by Chainalysis in January 2022, US$14 billion in cryptocurrencies has been taken from victims in 2021. The surge has been fueled by a rise in “rug pulls” predominantly found in the world of decentralized finance.
Common Crypto Scams
Copy and paste crypto scam
A malware on your computer replaces a wallet address copied from crypto platform’s webpage with another address belonging to scammers.
Fake crypto exchange platforms.
- I grew my cryptocurrency portfolio by 8 times. Then I blew it on a scam [ChannelNewAsia]
- person gets introduced to a fake platform to perform trading.
Con artists pose as celebrities or known figures in the crypto world. They promise to “multiply” the cryptocurrency that investors send.
E.g. “Elon musk free giveaway scam”
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
- Is the message urgent and threatening?
- Does it ask for sensitive information?
- Is it full of grammar mistakes?
Common types of phishing attacks include:
- email spoofing
- fake, malicious website
- instant messages with a fake link
- social media with fake link to exchanges and wallets
- fake support team
Some examples below:
MetaMask (email spoofing / fake support team)
I receive MetaMask related phishing emails practically daily. Many are able to spoof the email domain to be “metamask.io”, and even escape from the junk mail detection logic. Another common source email address for these MetaMask phishing emails is “webinarinfo @ webinarjam.net”
Example of a MetaMask wallet verification phishing email:
I received the following email in my junk folder. The email looked legit with the sender email address listed as “MetaMask <noreply @ metamask.io>”.
A quick search on the internet with the email text revealed this to be a phishing scam though. Metamask Wallet does not require any verification to be done.
Phishing airdrops (malicious website)
In the scam, randomly airdropped tokens appear in your wallet. If you try to interact with them, you’re prompted to connect your wallet to a website that looks like a DeFi app — but actually gives hackers permission to drain your holdings. To protect yourself, don’t interact with airdropped tokens from unknown sources, don’t connect your wallet to websites advertised by airdropped tokens, and don’t keep too much crypto in a wallet you regularly use to interact with crypto apps.
Similar looking domain
Google AdSense scam leading to myetherwa1let.com instead of myetherwallet.com
Rug pull scam
For every legit project working on real objectives to bring about innovation, comes a series of scams looking for a quick way to grab investor funds. Rug pulls are a type of scam where developers first market a project, and then abandon it, taking their investors' money along with them.
Case Study: SQUID
Squid Game Crypto Went From $0 to $600 in Days and Back to $0 in Seconds
- operates on Binance Smart Chain
- based on the popular Netflix series.
- the creators of the crypto had said the currency would be used in an online playable version of the Squid Game, where users could earn more coins, that they could later encash for real money.
- red flags:
- creators of the crypto project were neither associated with the creators of the series nor Netflix
- spelling mistakes and grammatical errors on the website and the project’s whitepaper.
- launched at $0.01 and value soared to $2856
- buyers of the crypto coin could not sell them! The developers had created an “unusual ‘anti-dump’ mechanism” that prevented many investors from selling their tokens. Investors could only sell if the ratio of buyers to sellers was 2:1.
- creators shut down the project after one week!
- 40000+ investors were estimated to have lost a total of $3.38 million
- Binance blacklists Squid Game developer accounts, and reports that developers used coin mixers like ‘Tornado Cash’ to obfuscate their transactions to cover their tracks.
Storing your seed text on your computer is not safe as some malicious software may be scanning your hard drive for your crypto keys.
Avoid getting scammed or hacked
- Rule #1 in crypto, never reveal your private key
- Avoid using public WiFi networks and insecure connections. Bad actors can use these networks to steal your login credentials and other sensitive information.
- Only install crypto platform apps from official sources like Apple App Store or Google Play. Apps downloaded from unverified sources might contain malware that could infect your device.
- Protect your accounts with 2FA
- Do proper research before joining DeFi projects.
- For scam-related advice, call the anti-scam hotline 1800 722 6688 or go to www.scamalert.sg.
- Bookmark the crypto platforms you frequent, rather than clicking on search engine ads which might redirect to malicious sites
Check links before clicking on them
Ensure that they go to the official site. Never click on links given by strangers and input sensitive information.
Learn to identify common scam tactics
Here are some informative videos produced by Channel News Asia (CNA)
Only interact with official, legitimate social media accounts
Scammers often create accounts that look very similar to the official brands, so be vigilant and check. Report fake accounts to get down shut down to prevent others from getting scammed.
Change your privacy setting in your messaging apps (e.g. Telegram) to prevent others from adding you to random investment chat groups.
What to do if scammed?
What should you do if you have fallen victim to a crypto scam? I came across a blog article from Tokenize Xchange addressing this.
- Preserve your transaction information
- these may be viewable in an online account, but you never know when they will be removed by the company.
- fraud investigations might take a long time, it’s critical to have a long-term strategy for safeguarding these records.
- investigators will need all of the transaction IDs identifying the monies sent to the scammers to begin tracing your assets.
- Contact the company
- Report to local authorities
- To provide information on scams, call the police hotline 1800 255 0000, or submit online at www.police.gov.sg/iwitness.
- Warning other investors against the crypto scammers
Mental health and counselling support (Singapore)
- National Care Hotline: 1800-202-6868
- Fei Yue’s Online Counselling Service: eC2.sg website (Mon to Fri, 10am to 12pm, 2pm to 5pm)
- Institute of Mental Health’s Mental Health Helpline: 6389-2222 (24 hours)
- Samaritans of Singapore: 1800-221-4444 (24 hours) / 1-767 (24 hours)
- Singapore Association for Mental Health: 1800-283-7019 (Mon to Fri, 9am to 6pm)
- Silver Ribbon Singapore: 6386-1928 / 6509-0271 (Mon to Fri, 9am to 6pm)
- Tinkle Friend: 1800-274-4788 (Mon to Fri, 2.30pm to 5pm)
- Touchline (Counselling): 1800-377-2252 (Mon to Fri, 9am to 6pm)
For help wherever you are, contact: