Scams: How to avoid getting scammed in crypto

One of people's biggest fears in crypto is getting scammed. And rightly so. Many thousands of Bitcoin have been stolen and many hundreds of thousands of altcoins. The good news is that it can be avoided. Let's find out how you can avoid being scammed.

Firstly, there's only really two ways scammers can get your crypto:

1. They steal it
2. You voluntarily give them it

Note that there are of course many other ways to loose your cryptocurrency; form careless mistakes to lots passwords and ‘legitimate' errors. For now though, we'll look at ‘scams'.

How scammers steal your crypto

Beyond kidnapping you and demanding passwords and seed phrases, here are the three main ways scammers steal crypto;

1. Phishing

This is not unique to crypto but phishing is super-popular with crypto scammers. Phishing is socially-engineered theft; scammers gaining your details without you knowing, then login in and stealing your stuff. One of the most popular ways of ‘phishing' is via links and downloads.

A scammer will link you to a legitimate-looking site. This fake site will capture your data or get you to download something (possibly even a fake MetaMask) and potentially give the scammer enough information to empty your account.

Above is an example of a fake phishing site.

The link could be sent via any method such as social media, email or even a paid ad on a website or within Google search.

Ways to protect yourself against crypto phishing:

• Be especially cautious on any site that requires you to login or setup an account.
• Pay attention to the domain and URL — often hackers will be clever and the domain will only have a very subtle difference that the eye does not easily notice (eg swap 2 letters, use a similar letter or a different domain extension to the real one such as .biz instead of .com.
• Never click on links you are unsure about and always double/triple check the website you are logging into (or connecting to eg with Meta Mask) or downloading from is legitimate.
• Setup bookmarks in your browser to the official sites you regularly use.
• Always setup the full security eg Google Authenticator or SMS ‘two-factor' login.. Authenticator is more secure than SMS.
• Improve your crypto security at all possible levels and consider a hardware wallet. Some people even have a separate computer, only for crypto.
• Only buy a hardware wallet directly from the manufacturer, NEVER second hand or reconditioned or from a third party (eg a third party seller on Amazon). I've personally used Ledger since 2017 and have both a Ledger Nano S and a Nano X (I much prefer the X, however if you're tight for cash, the cheaper S model will do the job!).
• Improve your device security; keep your laptop antivirus up-to-date and scan regularly for malware.
• Be extra-cautious of the apps you download, especially on Android; go to the official website (and double check it!) to get the correct download link.
• Use a separate email only for crypto logins such as for exchanges — that way your email address is less readily-available to be compromised (ie it isn't all over Facebook, Twitter, the login to your football club, the supermarket and a zillion email subscriptions!).
• Be very cautious of public wifi and consider using a VPN.
• If you use MetaMask or another browser wallet tool, lock it when not in use.
• Don't brag – if you're suddenly a crypto millionaire don't go shouting about it! And if you are a crypto millionaire, you should be reading much more than this article! I'm only a wee fish!

2. Fake technical support / help

This phishing scam has became extremely popular recently, especially as many projects use social media and messaging apps for support. The scammer lurks in forums, social media platforms and messaging apps.

They wait for some poor soul to ask a question that would benefit from ‘support'. The scammer then messages the person with an offer of help or provides a link to a fake support site or form.

Sometimes these can be really obvious such as a link to a dodgy Google form asking for your secret keyphrase (aka '12-word phrase', aka ‘seed phrase', aka ‘mnemonic phrase'), password or similar. However others can be much more professional and many people have been caught out by legitimate-looking websites and fake usernames and profile images that look just like an admin – this method (pretending to be an admin offering support) is very popular on Telegram and Discord.

Once the scammer has your seed phrase, they steal all the crypto in your wallet 🙁

How to avoid being scammed by ‘tech support':

• Always contact support first and ideally directly via the official website
• NEVER NEVER NEVER give your crypto wallet recovery phrase (or private key, password/pin etc) to ANYONE.
• NEVER NEVER NEVER give your crypto wallet recovery phrase (or private key, password/pin etc) to ANYONE.
• NEVER NEVER NEVER give your crypto wallet recovery phrase (or private key, password/pin etc) to ANYONE.
• NEVER NEVER NEVER give your crypto wallet recovery phrase (or private key, password/pin etc) to ANYONE.
• NEVER NEVER NEVER give your crypto wallet recovery phrase (or private key, password/pin etc) to ANYONE.
• NEVER!

This includes being asked to input details to a form. DON'T DO IT.

Trust no one with these details…not me, not your friends and definitely not anybody who contacts you offering support!

This scam has become so popular, I've written a dedicated post here: ‘The technical support scam: How to avoid loosing crypto in Telegram (or any social / messenger app)‘.

Note that a wallet seed/recovery phrase CANNOT be changed. If you fear your phrase may have been compromised, carefully create a new wallet and transfer your funds to it.

3. Hacking

Although less common than the ‘social engineering' methods above, hacking is still one of the ways that scammers can steal your coins. This could be hacking into a central crypto exchange or hacking into cryptocurrency or blockchain ‘smart contract' code itself and draining accounts. Your computer could also get hacked, however I covered most of that under ‘phishing'.

How to avoid:

• Only use popular exchanges with high levels of security
• Only use decentralised exchanges with audited code
• Don't store crypto on exchanges – move them to a secure wallet

How scammers con you into ‘giving' them your crypto

There are many known scams that try to make people to hand over their money, usually based on greed or pity.

From the Nigerian prince emails, offering you a share in a massive fortune that they cannot get out of the country themself, to the hands-on fraudsters that get personal, prying on the vulnerable, often in dating sites, building relationships and then asking for cash, to much larger ponzi scams.

I'll not cover these methods here but be aware that any ‘real world' or internet scam has the ability to be carried out in crypto format too.

Here, we will look at those which you are less likely to be aware of and those that are more common in crypto (ie. generally based on ‘greed', rather than ‘pity').

1. Pump & dumps

These encourage you to buy a low-cap coin with the promise of a big pump (at which point you are supposed to sell and make a ‘massive' profit). However, the scammer has already purchased $$$$$ of the coin at a much lower price — your purchase (and all the other poor victims) is the real ‘pump'. The scammer sells and you're left holding a bag of worthless coin.

How to avoid:

Simple – do not get involved in ‘pump and dumps'.

2. Scammy shitcoins

The scammer creates a ‘fake' coin (often a ‘meme', DeFi platform or clone of something popular). They generate hype on social media using many fake accounts. This causes you plus many others to buy it. Later, the coin crashes or they pull funds from a liquidity pool — aka a ‘rug pull'. The creators have converted a big stash into a ‘real' crypto, or taken your staked coin and done a runner.

How to avoid:
Extensive research! Some things to watch out for when checking for scam coins include;

• Anonymous developers/team
• New domain or domain changed ownership recently (do a WHOIS lookup).
• Domain/website usage changed (check waybackmachine.org).
• Fake / paid social media interaction (look at the accounts of the people sharing — are most of the accounts new? Are they repeatedly ‘shilling' the coin and not much else?).
• Has a similar name to an existing coin (or uses the word ‘safe'!). They are probably trying to mislead you!
• Does not have any code audit by an independent entity such as Solidity Finance.
• Development activity is sudden and low (check out Github if they have one).

Always do lots of research and stick with experienced, public teams – ideally those who are KYC'd (Know Your Customer).

Note that legitimate failed coins can also be referred to as shitcoins!

3. Bitcoin blackmail

Although not unique to crypto, it is becoming a more popular online scam due to the ease of transferring crypto. The scammer will have gained a list of emails (and even passwords) from a website that has been compromised (hacked). They will contact you saying they have you on camera watching porn or something similar and tell you to send Bitcoin or another crypto. This can be very unsettling the first time it happens – especially if they have an old password that is familiar to you.

How to avoid:

Be wary of what sites you register with. However, there's not much you can do about it as even big ‘secure' sites have been hacked. Just don't panic and don't send them your Bitcoin!

4. Fake ‘investments' & ‘giveaways'

These range from what seem to be blatant scams eg a Tweet saying, ‘send your Bitcoin to this address and we'll double it within 24hours' to adaptations. eg they will start with a small amount and they do double it — then scam you on the big money, or disguise it as a giveaway, such as the famous fake giveaways riding off Elon Musk's name and those that are more elaborate MLM ponzi scheme setups, whereby the company are making no real money; everything is paid for by new members.

How to avoid:
Point-blank ignore any Tweets or people sending you messages asking you to send them Bitcoin or any other crypto. Never send anything to an address unless you are confident.

If you are presented with a business opportunity, do thorough due-diligence to assess it before jumping in.

Always be more wary of those with a MLM (Multi-Level Marketing) aspect — note that a MLM is not necessarily bad; Amway, Avon, Herbalife and Tupperware are marketed via MLM, however if your return requires you to refer other paying people, then give it special attention; what is the business purpose of the opportunity and were is the money coming from? Could it be a pyramid scheme ponzi scam? The MLM element of HyperFund (a crypto-based membership rewards program) was actually the main thing that initially put me off, however I'm glad I researched further!

Avoiding crypto scams: Roundup

Whilst there are a few new scams that never existed before blockchain, most crypto scams are based on age-old techniques and social engineering. They are similar techniques used by any online scammer to steal your details.

Learn about security and be cautious of phishing. NEVER give anyone your wallet seed phrase — with crypto, when it's gone, it's gone!

Here's a link to more info on the Technical Support Scam https://vanlifeincome.net/crypto-technical-support-scam – very important to know if you use any social media or messaging app.