Approximately 562 million people globally are thought to own crypto. And the ecosystem is growing – but so are crypto scams.
For scammers this burgeoning industry is a honeypot waiting to be exploited. The amount of crypto stolen each year through scams and hacks is on the rise, seeing a 53% year-over-year increase in 2023. The alarming trend underscores why crypto users must be aware and vigilant of the existing and emerging crypto scams.
In this article, we document the most common crypto scams in 2024 so you know what to look for and how to avoid them.
Top 10 crypto scams 2024 |
---|
1. Fake crypto exhchanges and wallet apps |
2. Paypal Bitcoin invoice scam |
3. Crypto customer support scam |
4. Crypto romance scams |
5. Crypto pump and dump schemes |
6. Celebrity crypto shilling |
7. Fake giveawways |
8. Malicious smart contracts and token approvals |
9. Man in the middle (MITM) attacks |
10. Protocol hacks and exploits |
Scammers target users using fake crypto exchanges and sometimes fake crypto wallet apps. These scams are a type of phishing that rely on a legitimate-looking website or download button to con users into parting with their crypto
For example, scammers might set up a fake crypto exchange, promising unrealistic returns or bonuses in exchange for a “sign-up fee.” Of course, there is no bonus, and the sign-up fee goes directly to the scammers who set up the site.
Similarly, you may encounter a fake wallet app. The bogus interface requests your seed phrase or prompts you to send your crypto to your “new wallet”, which is just the scammer’s wallet. A great example is the fake Trezor wallet app, which appeared in the Apple App Store and pretends to be a popular crypto wallet. The scammers requested users to enter their credentials, including their seed phrase, which could give scammers access to user accounts.
Maintain skepticism towards too-good-to-be-true offers and verify the legitimacy of exchanges before you dive in. Check URLs and user reviews to verify that the platform is genuine. You should never be asked for any money to download a wallet or join an exchange. And remember: never share your Secret Recovery Phrase. Ever.
The Paypal Bticoin scam involves scammers sending fake invoices to your Paypal interface for Bitcoin you never purchased. They lure you into calling a number and then request remote access to your account to “resolve the issue.”
Let’s use an example scenario. A PayPal user received an email with the platform’s logo claiming a Bitcoin purchase of $548.15 from Coinbase, a service they never used. The email, designed to create panic, offered a phone number to open a dispute, a classic tactic for getting victims to hand over critical account data. This set the stage for the malicious actor behind the scam to empty the victim’s account.
Anyone can send an invoice on PayPal. The only way to verify your transactions is to log in to your account and check directly. If unsure, contact your account provider directly rather than using numbers from suspicious emails. Never give remote access or personal details over the phone.
Scammers often impersonate crypto customer support agents from NFT marketplaces or wallet providers. They contact victims through social media to discuss fake account issues. Behind the trusted guise of “customer service,” the scammers then deceive victims into providing their recovery phrase or account credentials.
For instance, a user received a link that appeared to be KuCoin’s customer service on Telegram, but it was a scam designed to steal information.
Always verify the legitimacy of customer support requests through official channels of your NFT or crypto marketplaces and never share private keys or click on suspicious links.
Also known as pig butchering, crypto romance scams involve fraudsters creating fake identities on dating apps. From there, they select a target and build trust to exploit victims financially down the line. This often manifests as convincing them to invest in fraudulent cryptocurrency ventures.
The FTC recently warned of crypto romance scams, citing it as one of the most common and lucrative approaches for scammers.
So, how do you avoid this crypto scam? Be cautious of romantic interests asking for financial help or investments. Anyone can create a false persona online. Contact authorities if you suspect a romance scam.
Pump-and-dump scams are an age-old investment scam. Fraudsters with an established position in a project make false or vastly exaggerated claims about it to drive up the price. At the peak of the market, they sell out, crashing the price of the project—leaving victims with a worthless asset. The rise of Web3, where anyone can develop a project and market its tokens, has given bad actors new opportunities to deploy this scam.
Scammers create fake projects and buy large positions in their native tokens. They then create fake excitement around the project online to inflate its price. This might include making false claims about its utility or the project’s roadmap and sowing a sense of urgency to pressure victims into buying. Unsuspecting investors buy in at the inflated price, but then the scammers quickly sell their holdings, crashing the price.
The Squid Game pump-and-dump scam saw its creators lock in investors and disappear with over $12 million after selling their tokens.
As the name suggests, crypto shilling involves celebrities promoting crypto projects with false promises, creating hype to inflate prices. They often fail to disclose payment for endorsements or personal holdings.
For example, the SEC recently charged Lindsay Lohan, Jake Paul and a handful of other celebrities for shilling crypto projects without disclosing they were being paid. And crypto shilling is often even less obvious than this. For example, where an individual holds a huge stake in a given asset, and also has a huge audience, they can hype up the asset to their followers. By creating buzz and demand, the shill increases the value of their existing holdings, all thanks to a few Tweets. Some speculate that crypto whales like Elon Musk engage in this type of shilling.
The credibility of a trusted brand makes it a great tool for persuasion, and this is the crux of fake crypto giveaway scams. Here, scammers impersonate celebrities or companies, promising to double any crypto sent to their addresses. They use fake accounts and bots to create an illusion of legitimacy, exploiting your trust and the fear of missing out.
In 2020, Scammers took control of celebrity accounts like Elon Musk and Joe Biden on Twitter to promote fake crypto giveaways. The source made them believable, luring many victims in the process.
Web3 is built on smart contracts, and more or less, every interaction involves signing one. But clever scammers often use legitimate-looking smart contracts as a Troja Horse to disguise malicious code designed to empty your wallet. Interacting with a malicious smart contract risks your tokens, as it may spend them without consent. It’s a self-executing contract with terms in code, and permitting it to access your tokens is dangerous.
In February 2022, a phishing email tricked users into signing a malicious smart contract, transferring all their NFTs to a hacker’s address. The Opensea Malicious Smart Contract scam resulted in a loss of $1.7 million.
A Man-in-the-Middle (MITM) attack in cryptocurrency involves an attacker intercepting and altering the communication between two parties. For instance, an attacker could infiltrate your network and tamper with address displayed during a crypto transaction. The aim of this type of attack is to direct your funds to their wallet instead.
Andrew Schober, heavily invested in Bitcoin, downloaded a fake wallet app, Electrum Atom, through a malicious link. This malware launched a man-in-the-middle attack, stealing nearly $200,000 in Bitcoin by swapping copied addresses with the attacker’s during a transfer.
Protocol exploits occur when attackers find and exploit a protocol’s code vulnerabilities, leading to unauthorized access to funds locked in the protocol. This is particularly prevalent with blockchain bridges, which are protocols that lock-up huge amounts of crypto in a pool to create synthetic counterparts (wrapped crypto).
The most famous (and severe) example of this is the Solana Wormhole Hack. Here, hackers stole $321 million in crypto by targeting a flaw in Wormhole’s bridge on the Solana blockchain – the biggest crypto hack of all time.
This same risk also applies to software wallets. The 2023 Trust Wallet hack saw users lose a total of $170,000 over six months thanks to a vulnerabillity in the wallet’s open source code. All of this to say that your wallet or crypto tool is only as safe as its underlying code.
Crypto scams come in many forms, but they all share a similar goal: stealing your crypto. Here, we explore the three main categories these scams fall into, each using a distinct approach to exploit vulnerabilities and weaknesses to get to your valuable assets.
Social engineering and phishing scams prey on human psychology and trust. Scammers create a sense of safety and legitimacy, manipulating you into giving away critical information like passwords or private keys. It may involve impersonating a customer support representative or pressuring you to click a malicious link.
Crypto investment scams aim to lure you into projects fueled by hype and urgency. They promise high returns or exclusive access; however, the only one profiting is the scammer. Here are some red flags:
While social engineering scams exploit trust, cybersecurity hacks target technical vulnerabilities. This might include:
Understanding these different scam categories gives you enough information to become a more vigilant crypto user.
Educating yourself about cryptocurrency is crucial in 2024, as it can be the key to avoiding scams. Scammers are constantly devising new tricks to steal your hard-earned cash. The good news? A little education can be your shield.
This guide’ll equip you with the knowledge to navigate the crypto world confidently and avoid falling victim to scams.
Verify the legitimacy of websites and wallet apps. Here’s how:
Official Sources: Visit the official cryptocurrency or project website to see if they recommend specific wallet apps.
Your private keys and recovery phrase are like the master password to your crypto. Never share them with anyone. Customer support or anyone claiming to be from the platform must use official communication sources. Legitimate companies will never ask for your account information.
If you receive a private message, especially from someone you don’t know, take a step back and question its legitimacy. Legitimate crypto platforms rarely use private messages to contact users about account issues or investment opportunities.
They typically communicate through official channels like email or announcements on their platforms. So, if a stranger slides into your DMs offering investment advice or claiming a problem with your account, it’s a major red flag.
If it sounds too good to be true, it probably is. Don’t let social media hype cloud your judgment. Instead, do your research! Use tools like Etherscan to check a project’s fundamentals, like its transaction history and community activity. Additionally, dig into the project’s whitepaper to understand what you’re investing in.
Cryptocurrency wallets often ask you to approve transactions before interacting with a project. While it might seem simple, there’s more to it. Take time to learn about:
Keeping your crypto safe goes beyond online vigilance. Consider using a hardware wallet – a physical device that stores your private keys offline. Hardware wallets are not connected to the internet, making them much less vulnerable to hacking attempts.
Before venturing into the exciting world of blockchain protocols, remember the golden rule: Do Your Own Research (DYOR). Examine the project’s whitepaper, team credentials and community feedback. Verify the protocol’s security measures and audit reports.
Vigilance and knowledge are your armor in the cryptocurrency industry. Scammers may be cunning, but by arming yourself with information, you’ll be well-equipped to participate in the crypto market. Remember, crypto moves fast, so stay informed and never stop learning. With a healthy dose of skepticism and the right knowledge, you can transform yourself from a target into a savvy crypto investor.