10 Crypto Scams in 2024

Approximately 562 million people globally are thought to own crypto. And the ecosystem is growing – but so are crypto scams.

For scammers this burgeoning industry is a honeypot waiting to be exploited. The amount of crypto stolen each year through scams and hacks is on the rise, seeing a 53% year-over-year increase in 2023. The alarming trend underscores why crypto users must be aware and vigilant of the existing and emerging crypto scams. 

In this article, we document the most common crypto scams in 2024 so you know what to look for and how to avoid them.

Most common crypto scams in 2024

 

Fake crypto exchange and wallet apps

Scammers target users using fake crypto exchanges and sometimes fake crypto wallet apps. These scams are a type of phishing that rely on a legitimate-looking website or download button to con users into parting with their crypto

For example, scammers might set up a fake crypto exchange, promising unrealistic returns or bonuses in exchange for a “sign-up fee.” Of course, there is no bonus, and the sign-up fee goes directly to the scammers who set up the site. 

Similarly, you may encounter a fake wallet app. The bogus interface requests your seed phrase or prompts you to send your crypto to your “new wallet”, which is just the scammer’s wallet. A great example is the fake Trezor wallet app, which appeared in the Apple App Store and pretends to be a popular crypto wallet. The scammers requested users to enter their credentials, including their seed phrase, which could give scammers access to user accounts.

How to avoid the scam

Maintain skepticism towards too-good-to-be-true offers and verify the legitimacy of exchanges before you dive in. Check URLs and user reviews to verify that the platform is genuine. You should never be asked for any money to download a wallet or join an exchange. And remember: never share your Secret Recovery Phrase. Ever.

PayPal Bitcoin scam

The Paypal Bticoin scam involves scammers sending fake invoices to your Paypal interface for Bitcoin you never purchased. They lure you into calling a number and then request remote access to your account to “resolve the issue.”

Let’s use an example scenario. A PayPal user received an email with the platform’s logo claiming a Bitcoin purchase of $548.15 from Coinbase, a service they never used. The email, designed to create panic, offered a phone number to open a dispute, a classic tactic for getting victims to hand over critical account data. This set the stage for the malicious actor behind the scam to empty the victim’s account.

How to avoid the scam

Anyone can send an invoice on PayPal. The only way to verify your transactions is to log in to your account and check directly. If unsure, contact your account provider directly rather than using numbers from suspicious emails. Never give remote access or personal details over the phone.

Fake customer support scam

Scammers often impersonate crypto customer support agents from NFT marketplaces or wallet providers. They contact victims through social media to discuss fake account issues. Behind the trusted guise of “customer service,” the scammers then deceive victims into providing their recovery phrase or account credentials.

For instance, a user received a link that appeared to be KuCoin’s customer service on Telegram, but it was a scam designed to steal information.

Avoiding crypto customer support scams

Always verify the legitimacy of customer support requests through official channels of your NFT or crypto marketplaces and never share private keys or click on suspicious links.

Crypto romance scams

Also known as pig butchering, crypto romance scams involve fraudsters creating fake identities on dating apps. From there, they select a target and build trust to exploit victims financially down the line. This often manifests as convincing them to invest in fraudulent cryptocurrency ventures.

The FTC recently warned of crypto romance scams, citing it as one of the most common and lucrative approaches for scammers.

Avoiding crypto romance scams

So, how do you avoid this crypto scam? Be cautious of romantic interests asking for financial help or investments. Anyone can create a false persona online. Contact authorities if you suspect a romance scam.

Crypto pump and dump schemes

Pump-and-dump scams are an age-old investment scam. Fraudsters with an established position in a project make false or vastly exaggerated claims about it to drive up the price. At the peak of the market, they sell out, crashing the price of the project—leaving victims with a worthless asset. The rise of Web3, where anyone can develop a project and market its tokens, has given bad actors new opportunities to deploy this scam.

Scammers create fake projects and buy large positions in their native tokens. They then create fake excitement around the project online to inflate its price. This might include making false claims about its utility or the project’s roadmap and sowing a sense of urgency to pressure victims into buying. Unsuspecting investors buy in at the inflated price, but then the scammers quickly sell their holdings, crashing the price.

The Squid Game pump-and-dump scam saw its creators lock in investors and disappear with over $12 million after selling their tokens.

Steps to avoid crypto pump and dump scams

• Always verify token distribution to assess risk. You can do this on Etherscan or similar blockchain explorers.
• Investigate the project leaders’ history for red flags.
• Check out the project white paper to assess whether it has genuine utility.
• Look out for disabled comments and disproportionate engagement metrics.

Celebrity crypto shilling

As the name suggests, crypto shilling involves celebrities promoting crypto projects with false promises, creating hype to inflate prices. They often fail to disclose payment for endorsements or personal holdings.

For example, the SEC recently charged Lindsay Lohan, Jake Paul and a handful of other celebrities for shilling crypto projects without disclosing they were being paid. And crypto shilling is often even less obvious than this. For example, where an individual holds a huge stake in a given asset, and also has a huge audience, they can hype up the asset to their followers. By creating buzz and demand, the shill increases the value of their existing holdings, all thanks to a few Tweets. Some speculate that crypto whales like Elon Musk engage in this type of shilling.

Avoid crypto shilling scams

• Verify token legitimacy beyond celebrity endorsements.
• Look for clear disclosures of celebrity involvement.
• Treat extravagant profit promises with caution.
• Investigate whether the individual has a position in the asset they’re endorsing.

Crypto giveaway scams

The credibility of a trusted brand makes it a great tool for persuasion, and this is the crux of fake crypto giveaway scams. Here, scammers impersonate celebrities or companies, promising to double any crypto sent to their addresses. They use fake accounts and bots to create an illusion of legitimacy, exploiting your trust and the fear of missing out.

In 2020, Scammers took control of celebrity accounts like Elon Musk and Joe Biden on Twitter to promote fake crypto giveaways. The source made them believable, luring many victims in the process.

Avoiding crypto giveaway scams

• • Treat all crypto giveaways as potential scams.
  • Never send crypto to anyone you don’t know.
  • Never share your wallet login or recovery phrase.

Fast fact

Malicious smart contracts and token approvals

Web3 is built on smart contracts, and more or less, every interaction involves signing one. But clever scammers often use legitimate-looking smart contracts as a Troja Horse to disguise malicious code designed to empty your wallet. Interacting with a malicious smart contract risks your tokens, as it may spend them without consent. It’s a self-executing contract with terms in code, and permitting it to access your tokens is dangerous.

In February 2022, a phishing email tricked users into signing a malicious smart contract, transferring all their NFTs to a hacker’s address. The Opensea Malicious Smart Contract scam resulted in a loss of $1.7 million.

Avoiding malicious smart contacts

• Learn to read and understand different types of smart contract.
• Use tools to check and revoke permissions for suspicious smart contracts.
• Move tokens to a new account if you feel your current one is compromised.
• Regularly monitor your allowances and revoke them for any dubious contracts.

Man in the middle attacks

A Man-in-the-Middle (MITM) attack in cryptocurrency involves an attacker intercepting and altering the communication between two parties. For instance, an attacker could infiltrate your network and tamper with address displayed during a crypto transaction. The aim of this type of attack is to direct your funds to their wallet instead.

Andrew Schober, heavily invested in Bitcoin, downloaded a fake wallet app, Electrum Atom, through a malicious link. This malware launched a man-in-the-middle attack, stealing nearly $200,000 in Bitcoin by swapping copied addresses with the attacker’s during a transfer.

How to avoid crypto man in the middle attacks

• Use a hardware wallet with a tamper proof screen, which enables you to verify true transaction details even if a hacker has infiltrated your network.
• Use encrypted connections and two-factor authentication.
• Employ VPN services for secure browsing.

Hacks and protocol exploits

Protocol exploits occur when attackers find and exploit a protocol’s code vulnerabilities, leading to unauthorized access to funds locked in the protocol. This is particularly prevalent with blockchain bridges, which are protocols that lock-up huge amounts of crypto in a pool to create synthetic counterparts (wrapped crypto). 

The most famous (and severe) example of this is the Solana Wormhole Hack. Here, hackers stole $321 million in crypto by targeting a flaw in Wormhole’s bridge on the Solana blockchain – the biggest crypto hack of all time.

This same risk also applies to software wallets. The 2023 Trust Wallet hack saw users lose a total of $170,000 over six months thanks to a vulnerabillity in the wallet’s open source code. All of this to say that your wallet or crypto tool is only as safe as its underlying code.

How to avoid hacks and exploits

• Only use crypto wallets with a legacy of security.
• Research protocols such as liqudity pools and blockchain bridges before investing or interacting.
• Stay up to date on crypto hacks so you understand the risks.

Crypto scam categories

Crypto scams come in many forms, but they all share a similar goal: stealing your crypto. Here, we explore the three main categories these scams fall into, each using a distinct approach to exploit vulnerabilities and weaknesses to get to your valuable assets.

Phishing and social engineering

Social engineering and phishing scams prey on human psychology and trust. Scammers create a sense of safety and legitimacy, manipulating you into giving away critical information like passwords or private keys. It may involve impersonating a customer support representative or pressuring you to click a malicious link.

Crypto investment scams

Crypto investment scams aim to lure you into projects fueled by hype and urgency. They promise high returns or exclusive access; however, the only one profiting is the scammer. Here are some red flags:

• Be wary of projects guaranteeing astronomical returns.
• If you’re asked to send a small amount of crypto to receive a larger sum, it’s a trap.

Cybersecurity hacks

While social engineering scams exploit trust, cybersecurity hacks target technical vulnerabilities. This might include:

• Malicious smart contracts: These seemingly legitimate contracts can drain your crypto wallet if you don’t understand their functionalities.
• Man-in-the-middle (MITM) attacks: Hackers intercept your communication and redirect your crypto transactions to their own wallets.
• Protocol hacks: These exploit vulnerabilities within the underlying code of a crypto wallet or platform, potentially compromising user funds.

Understanding these different scam categories gives you enough information to become a more vigilant crypto user.

Avoid crypto scams in 2024

Educating yourself about cryptocurrency is crucial in 2024, as it can be the key to avoiding scams. Scammers are constantly devising new tricks to steal your hard-earned cash. The good news? A little education can be your shield. 

This guide’ll equip you with the knowledge to navigate the crypto world confidently and avoid falling victim to scams.

Verify sites and apps are genuine

Verify the legitimacy of websites and wallet apps. Here’s how:

• Scrutinize URLs: Double-check the website address for any misspellings, especially of the official company name.
• App Store Check: Download apps only from official app stores like Google Play or the App Store. Verify the app developer and any reviews before installing.

Official Sources: Visit the official cryptocurrency or project website to see if they recommend specific wallet apps.

Never share your private keys or recovery phrase

Your private keys and recovery phrase are like the master password to your crypto. Never share them with anyone. Customer support or anyone claiming to be from the platform must use official communication sources. Legitimate companies will never ask for your account information.

Question private messages and requests

If you receive a private message, especially from someone you don’t know, take a step back and question its legitimacy. Legitimate crypto platforms rarely use private messages to contact users about account issues or investment opportunities. 

They typically communicate through official channels like email or announcements on their platforms. So, if a stranger slides into your DMs offering investment advice or claiming a problem with your account, it’s a major red flag.

Don’t believe hype – do your own research

If it sounds too good to be true, it probably is. Don’t let social media hype cloud your judgment. Instead, do your research! Use tools like Etherscan to check a project’s fundamentals, like its transaction history and community activity. Additionally, dig into the project’s whitepaper to understand what you’re investing in.

Learn to read smart contracts and token approvals

Cryptocurrency wallets often ask you to approve transactions before interacting with a project. While it might seem simple, there’s more to it. Take time to learn about:

• Smart Contracts: These are the self-executing programs that power many crypto projects. While understanding the full code might be complex, basic knowledge can help you grasp what a project does and the potential risks.
• Token Approvals: When you interact with a project, you might permit it to access your crypto tokens. Learn how to review these approvals and understand how much control you give away.

Use a hardware wallet

Keeping your crypto safe goes beyond online vigilance. Consider using a hardware wallet – a physical device that stores your private keys offline. Hardware wallets are not connected to the internet, making them much less vulnerable to hacking attempts.

Do your own research before interacting with projects and protocols

Before venturing into the exciting world of blockchain protocols, remember the golden rule: Do Your Own Research (DYOR). Examine the project’s whitepaper, team credentials and community feedback. Verify the protocol’s security measures and audit reports.

Closing thoughts

Vigilance and knowledge are your armor in the cryptocurrency industry. Scammers may be cunning, but by arming yourself with information, you’ll be well-equipped to participate in the crypto market. Remember, crypto moves fast, so stay informed and never stop learning. With a healthy dose of skepticism and the right knowledge, you can transform yourself from a target into a savvy crypto investor.