The word “Bitcoin” was one of the most googled in 2017. Nowadays many people dream to make x10 profits with cryptocurrency trading. There are crypto-billionaires, while many amateur investors have lost their digital assets. How did it happen? Which steps to take to avoid scams, frauds and other threats?
Recently one of my friends lost all his crypto funds. He has been in crypto for 6 years and he was the creator of one of the first blog platforms on blockchain – Golos.io. This got me thinking.
I’ve interviewed friends and victims of online crypto-frauds and I’ve come up with the most common methods of scams.
There are many types of phishing. The most common example: an “official” email from service you use with the notification that you should fill in your personal data (password to the email) to verify your account, or because they are updating the website and security service need your login and password once again. Hard to believe, but many people are still buying into it – and the next day they see an empty balance in the hot wallet or on exchange.
The other phishing type is the “mirror” website. It is often used by scammers to get money out of successfully going ICO. For example, people have heard about promising HappyCoin ICO. The actual address of the project is happycoin.io. Fraudsters make the same website with the address happycoin.com and of course, write the address of the wallet there, offering people to send ETH and to get Happy Coins in return. Those who have ended up on a phishing website will never get anything in return – they’ll lose their Ether instead.
- Fraud on exchanges
The number of crypto exchanges is increasing monthly. Newbie traders are quick to register on a hyped exchange and after a while, their coins are gone. There are light-fingered platforms as well, which charge a small amount like 0.001 BTC every certain period of time for its services. And very often, the user cannot understand what is going on and why money is disappearing.
Another problem with crypto exchanges – high commission rate. According to online forums and crypto bloggers, Orangecoin.com can charge a commission up to 80% depending on the volume of the transaction (so if you try to change $20, they will take a whopping $16 as a fee).
While choosing a cryptoexchange, the user should carefully consider all the details, from the history of the creation of the platform and the conditions for deposit and withdraw of assets to the legal basis, the technological expertise of the team and compliance with the control of fraud. You should be looking for external and/or internal oversight of fraudulent trading operations on the exchange (for example, Irisium Market Surveillance systems, Nasdaq SMARTS, and NICE Actimize) – said co-founder of Bitlish Sergey Esipov .
- Fraudsters in Telegram chats
Many crypto-investors seek the lower commission rates; so they eagerly join random Telegram chats and trust “fellow” members who promise to transfer coins without any fee. So once the naive token buyer sends the money from his or her bank account to a total stranger, all the money’s gone.
Another popular type of fraud: selling tokens of ongoing ICOs.
Usually it works like this: fraudsters change their Telegram name and profile picture as if they are ongoing ICO team members,– says Kishan, ICO community manager. –Then they monitor the official Telegram chat of the project and start to write personal messages to active users, offering to sell tokens with the big discount. Of course, once the money transferred, they have disappeared. The other thing – clubbing together, to enter some ICO with the high entering border. Nowadays, it is a TON ICO. So, people trust some scummers that they will help to buy TON tokens. But it is never going to happen.
- Mobile phone crack
A lot of people confirm transactions with cryptocurrencies via a phone number. In the U.S., there is an increase in the number of cell phone accounts hijackingcases. Many phones in the States are tied to a certain provider. So thieves call AT&T, for example, and ask to tie up the number to another gadget making fake excuses. Millions of dollars were stolen just like that. That is why it is safer to use services with multi-FA, or specific algorithm to protect your phone number from hijacking.
- Trojan apps
There are special hacker programs, such as CryptoShuffler, that once injected on a target computer sits silently in memory and monitors your clipboard, and when you copy a crypto wallet address trojan immediately changes it to the attacker’s address. Sometimes, if you have the trojan app in memory of your device you can’t see the real wallet. So you unwittingly enter thief’s wallet number in the “Send to the wallet” field. How to avoid it? Always double-check the address of the receiving wallet or use QR codes.
- Scam pop-up windows
There are viruses and thief bots that create a small pop-up window on your screen asking to fill in the password of the wallet for “additional security.” Of course, it is a trap, but there are still people caught on this hook.
“All the security measures in the world are never enough”, – says Sergey Simanovsky, CEO of blocksult.com, co-founder Golos.io. “Everyone who uses crypto usually believes that his security system is the best that it can get. The reality is, that everyone can get hacked. More so, using crypto and thinking that no one will “ever see it”, is a bit like changing your clothes in the middle of the street and thinking that you are invisible.
I have been using crypto for over 6 years. Recently, due to a chain of events and what was possibly a keylogger, has led to a loss of all of my funds. And trust me when I say, that I was sure that my security system was safe.
What is most important is to understand the importance of basic privacy and basic security rules. Some of which are described in this article.
The main idea is to keep as many things offline as you can and in cold storage, and do remember to use multi-signature wallets”.
Summing it up: how to avoid mistakes?
- Use reliable crypto-services
Before you log in and trust your money to any crypto exchange or wallet, it is better to read feedback on the forums or ask the experts if the service is safe.
You should remember that the lowest commission rate is not the only criteria to choose the exchange, – says Andrey Peshkov, CEO of USDX Wallet. – I would recommend relying on overviews made by respectable experts from the industry in a well-known media (but you should pay attention to a “press-release” or “advertisement” marks!). Another piece of advice – to monitor the market carefully, because there are really good p2p services with the lowest commission, which revenue model is based on something else. And double-checking is the key point, especially in terms of money. Always check twice, if the website’s URL is correct, wallet address is right and you have read the terms and conditions.Also, if you can, check the keys for the site and keep updating your browser from main repository
- Read “Terms and conditions” (T&C) carefully.
Many mistakes can be avoided if you spend time and look over that long text usually called “Terms and conditions.” You can discover that commission rates are extremely high, for instance.
- Do not trust services with password confirmation only
The more complicated verification and transaction confirmation service have – the better. Preferably, verification via both email and phone number.
- Do not put all your coins in one service
Better to “diversify your portfolio” across different exchanges, wallets, apps. Even if one will be cracked, the rest of your digital savings is safe.
- Do not make any transactions via public Wi-Fi
Hackers can crack your wallet, steal your password or private-key file from your device if you somehow gave access to your data to a public network (you could have done it a long time ago while setting up a new laptop or searching for some info on the internet). Therefore, it is better to have all transactions done via a secured private network, at home. A good piece of advice is also not to enter personal accounts with saved passwords using public Wi-Fi (for instance, do not try to access any of your hot wallets).
- Don’t leave your laptop, tablet, or smartphone unattended in a public place.
Even if you’re working on a secure Wi-Fi network, that won’t stop someone from taking your property or sneaking a peek at your device.
- Protect access to your sensitive data
You should use password/fingerprint to access to your devices (phone or laptop). If possible, use crypto wallets that allow reliable encryption of your private keys and other sensitive data. Or ask for special help to encrypt data on your hard disk.
- Don’t install apps (mobile and desktop) from untrusted sources
Installed from unknown resource app may contain computer virus which can steal sensitive data or destroy it.
- Use hardware wallets whenever possible
Hardware wallets store all the data on a special hardware device, which is not available 24/7 on the web, hence, more protected.