Common Cryptocurrency Scams And How To Avoid Them!
This is longer than our usual short-and-sweet articles, but the content regarding cryptocurrency scams is crucial for every beginner in the crypto world. We strongly recommend every new participant to carefully read and re-read this entire article – it may save you A LOT of money and grief in the future!
The crypto world is a decentralized playground, which means there is not much in the way of regulation. Because of this, people can and do fall victim to some of the many cryptocurrency scams floating around – and scammers are only getting more sophisticated.
In comparison to traditional, regulated, and centralized types of investing (like the stock market), cryptocurrency is a bit like the gold speculation of the Wild, Wild West. Luckily, you have us to help steer you around some of the common pitfalls.
Common Cryptocurrency Scams
MLM, Pyramid, HYIP, and Ponzi Schemes
MLM, pyramid, HYIP, and ponzi scams (Ponzi Scheme – Wikipedia) are each slightly different but share a common theme. Therefore, it can be hard to tell where a multi-level marketing (MLM) scheme finishes and a Ponzi begins. Usually, these types of scams involve lending/staking programs and encourage reinvesting your profits. They rely heavily on referral programs and tend to offer unrealistic gains (like doubling your Bitcoin in two weeks or 1% daily guaranteed profits).
There has been some media attention recently regarding USI-Tech and BitConnect fraud. These schemes target mom and pop or first-time investors by touting referral programs to be shared with peers, coworkers, friends, and relatives. These kinds of schemes are kept alive because, for a period of time, they look like a real business.
For example, as the money you generate by referring your friends and family comes in, the person who referred you takes their cut. Now, you’re excited about the people you just referred to pass it on so that you can collect your share too. But only those at the top of the pyramid will do well. Eventually, the pool of people who are willing to register will run out and the system collapses when there is no longer any more money flowing in.
The exit plan for those at the top is often staggered. First, the platforms will be down for “maintenance” for a few days at a time, to acclimate those in the pyramid to limited access of their crypto. This helps keep things calm when the real exit happens. The unwinding usually begins with cease and desist orders being issued, followed closely by the mysterious disappearance of the founding team, deactivation of social media pages, and the realization that you can’t withdraw your funds. Those who have been scammed will encounter all sorts of excuses when they ask why they can’t access their coins – i.e. the platform was hacked or the system is down for maintenance. This is when the price drops to almost zero, and anyone still invested loses all their money.
While you can do well with these schemes if you get in early and manage to get out in time, we highly encourage you to avoid these schemes altogether. As you can see, you would be profiting from the misfortune of others, and that may include your friends and family if you referred them as well.
Please read our other article for more information about these type of programs.
Phishing, Keylogging, Hacking
Phishing sites are also common sources of cryptocurrency scams. If your email address can be found publicly, you may receive emails containing links to phishing sites. These are emails pretending to be from a person or company that you trust, such as an exchange or wallet you really use, but phishers are really just trying to get your personal information.
The messages are often well designed and may contain information you’re used to seeing, like a logo. You will be instructed to click on a link to verify something on your account — perhaps confirming your email address. This may take you to a third-party website designed to look like the usual login screen to trick you into entering your login information. They may then take your password that they just collected and use it to access your account and withdraw all your coins.
You can avoid this by NEVER clicking on a link to an exchange from any email. Always bookmark the sites you use for cryptocurrency and ensure that the security (SSL) certificate is correct. If you receive an email asking you to confirm some information, use your bookmarked link to access the site instead.
In addition, be sure to enable Two Factor Authentication anywhere you store or transact with crypto. If you do receive an email that appears to be from your exchange, log in to the exchange (NOT by using the link in the email), and double check that the URL and security certificate are accurate. If the warning is legitimate, then it will be displayed on the site once you log in.
There are currently some phishing scams circulating Facebook from fake Stellar and Waves pages (though any coin can use this tactic) that tag you in a picture that congratulates you for winning free coins. They then require that you click on a link to accept them. Be sure to report these to Facebook as spam and block the page so that no one else gets scammed.
Another common tactic phishers use is to pretend to be the founder of a coin or ICO, and promise you a high bonus for investing early. It’s often hard to see the difference between the real source of a project and a fake one, and sometimes the email or social media account from a real crypto team gets hacked by phishers. They’ll then send out a phishing email asking you to send coins as an investor. Please be careful of anyone asking you to send coins, because it’s very difficult to tell what is or is not a scam. Also, be sure to double check any links and information you receive, especially donation addresses of ICOs, because hackers are very creative.
You may also want to consider using a free Protonmail email address for your crypto transactions or even upgrading to the paid version for added privacy and security.
But keep your eyes peeled for phishing links – they can appear elsewhere besides your inbox. You will find them in sponsored Google results, website ads, and fake social media profiles. You may even receive a text message with a link. Always double-check everything you click on, especially the URLs. Often, the phishing site URL looks very similar to the real one, but with minor differences like a “0” instead of an “O” or “.com” instead of “.io”. Make sure you check everything very carefully, and always log into your accounts via a bookmark, and never through a link that was sent to you.
Private Messages Via Social Media
Some of the most advanced scammers build relationships with individuals to get them to lower their guard. Be very, very skeptical if someone in a crypto group sends you a direct message. Usually, if they don’t want to share their message with the entire group, it’s because they want to hide the information from people who would easily identify it as a scam. The best thing to do is to report the individual to the group admin so they can be removed. It is also a good idea to block them from contacting you in the future.
The usual method of attack on social media is to engage you in a conversation to build trust. They’ll probably offer an opportunity with high returns. Remember, if it sounds too good to be true, it probably is. If they’re really making 30% returns every week, why do they need to tell you? They’ll claim that all you have to do is make a “small investment,” or send them the private key information to your wallet so they can link it to your payout. DO NOT HAND OVER YOUR PRIVATE KEY INFORMATION TO ANYONE, EVER.
Fake or Compromised Wallets
You need to be careful about the cryptocurrency wallets that you use. Whenever possible, get a link for a wallet from someone you trust, rather than via a search engine. Fake wallet addresses may look like the real deal, but you could be downloading malware to your computer which can allow a bad actor to access your account and steal your funds. It’s a good idea to always run your anti-malware software and check the website thoroughly before you download anything.
There are also trojan viruses which will change your wallet details to those of a third-party when making a transaction. Make sure to check your send and receive addresses several times before you send any money, to make sure they are correct and have not been changed. Simply using the internet on the same computer you use to trade exposes you to some risk of being infected with a virus. But common sense and regular use of a good anti-malware program will greatly limit that possibility.
Cloud Mining Pools
Fake mining pools, or “cloud mining,” are becoming more common. This one is a little trickier to identify, as not all cloud mining operations are indeed scams. There are a few that seem to be legitimate, and you’ll know this because they typically do not advertise too good to be true returns. Usually, it will take several months to recoup your initial investment through mining so be wary of anything promising shorter timeframes than that.
Unfortunately, scam sites and legitimate sites will both ask you to pay an upfront cost, and lock you into a contract that lasts from several months to more than a year as a sort of “rent” for your share in a mining machine, also known as “hashpower.”
So how can you tell fake mining pools from real ones? One of the golden rules in crypto is to assume everything is a scam unless proven otherwise.
- Is the website using HTTPS?
- Did you find out about it via a referral link on social media, or from a trusted friend?
- Are you able to choose what currency you want to mine?
- Are you being given insights into what pool they use and what the hashrate might be?
If you choose to get involved in cloud mining, it is a good idea to diversify which currencies you mine to minimize risk. Also, we recommend you stick to the well-known pools that have been around for several years. If they are heavily promoting referral schemes with bonuses based on how many people you sign up, it is most likely a Ponzi scheme and not a legitimate mining pool.
Pump and Dump Groups
Pump and dump groups are usually coordinated in social media platforms such as Telegram or Discord, where people are collectively encouraged to buy a low market cap coin with a low trade volume. When hundreds or even thousands of people buy that coin at the same time, the price becomes artificially inflated (i.e. the “pump”). Shortly after, the pump is followed by a quick sell-off (i.e. the “dump”). These groups rely on people buying a rising currency out of FOMO to boost the percentage gain, and then organizers sell off quickly to take profit. The people running these groups have bought the coins long before they release the name and details of the coin to pump, so they get the best price possible. If you get caught up in the excitement, you can be left holding a big bag of coins that never returns to the price you paid for them. These are known as “shitcoins” – coins with little, if any, purpose or future, and which often get delisted from exchanges and disappear into obscurity.
You might see the price of a coin increase rapidly and be tempted to buy, but don’t chase green candles. You can make a quick gain sometimes if you get in early and sell quickly, but bigger traders use bots and it’s hard to beat the trading speed of a computer. It is far more common to lose in this game than to make profits. Plus, pump-and-dumps are designed to be attractive to uneducated buyers. It is also becoming popular for pump and dump organizers to post in social media groups with innocent looking discussions, something along the lines of “I just joined this group to see how it’s done, what do you guys think?” Be wary of these posts – they’re trying to draw your interest and entice you to find out more.
Another way you may be approached to increase your trading returns is by being sold a trading bot. A trading bot runs code to execute trades based on the user’s parameters. The code is written by a third-party and can easily contain a virus or trojan, infecting your computer. They may also require access to your wallet and exchange, and siphon your funds without you noticing.
When signing up for a bot, you may be asked to link to a wallet address for payments to be deposited and you may have to turn your antivirus and malware off for the bot to “work,” leaving you vulnerable to attack. That said, there are some legitimate trading bots on the market, so as usual, make sure you do thorough research if this is something that interests you. In all honesty, most bots are programmed to interpret simple trading signals such as MACD and RSI, which you can learn and implement yourself without the associated risk of using a third-party bot.
Lastly, there are also numerous “investment” programs, cryptocurrencies, and services that CLAIM to have trading bots that produce huge profits on a daily basis. But you should beware because most of them don’t have an actual trading bot (or be able to prove its existence). Most of them, unfortunately, are just Ponzi schemes.
ICO Exit Scams
Participating in an ICO (Initial Coin Offering) is a way to potentially make quick and high returns. In many cases, you will be able to purchase several thousand coins during a token sale at a special rate before the coins are available on an exchange, potentially resulting in massive gains. By no means are all ICOs scams. However, for every legitimate ICO, there are several bad ones in the mix.
For starters, ANYONE can create an ICO. A quick scan of Fiverr shows that you can buy white-papers – the academic reasoning behind a new coin – for around $100. It’s worth noting that these white papers are likely plagiarized. You’ll also find people offering to promote an ICO, create a token sale website, or make videos to market it. Many times, all an ICO needs is a great marketing plan and it’s on its way to raising millions of dollars. So how can you tell if an ICO is not an exit scam waiting to happen?
Some questions you’ll want to ask are:
- Is the coin backed by a valid team that has an online presence? Can you check their credentials?
- Do they have LinkedIn profiles confirming previous companies and projects?
- Is there sufficient information online to validate that it’s a real coin, such as a website and white-paper?
- Has the white-paper been copied from another project or is it original work?
- Is the team concentrating on the tech behind the coin and do they have realistic and original ideas?
- Is the tech solving a real need or is it something we already have?
- Are the team’s goals unrealistically high?
- Is the project pushing referrals links?
- Are people shilling it excessively on social media?
- What does the online media coverage say?
- Is there a clear roadmap?
Research these questions before investing in an ICO and you’ll be off to a good start. Also, please watch the video below for a more in-depth discussion of detecting ICO scams.
Not all forks (changes to the original coin’s protocol or rules) are legitimate. The best-known cryptocurrency fork is probably Bitcoin Cash. The Bitcoin Cash fork was heavily supported by miners and resulted in holders of Bitcoin receiving free Bitcoin Cash, which today has a real value of its own.
Since the Bitcoin Cash fork, there seems to be a new fork every couple of weeks. Because the blockchain is open source, anyone can fork a coin. Forks can lead to a rapid increase in the price of the coin to be forked because people want the additional free coins. But not all forks are supported by miners and some will simply be dead on arrival with no community support. These are called “failed forks”.
These fake or unsupported forks usually try to benefit from the brand recognition of the original coin like Bitcoin, Ethereum, and Litecoin and are often intended to mislead buyers. Like most cryptocurrency scams, they’re especially targeted at beginners who don’t know yet the difference between the real coins and their forked, copycat spinoffs. Be wary of these forks. You don’t want to be left holding a bag of forked coins at an inflated price that will never be listed on any decent exchange and will never develop into anything substantial.
Phone Calls or Fake Support Numbers
There are also a few phone-related cryptocurrency scams to look out for. Usually, exchanges and markets do not have phone support and you will need to contact them via the support area on their website, the email you received on sign up, or their social media page to create a support ticket. Be warned: it often takes some time for them to get back to you. DO NOT then search for a contact phone number and give them a call, because the number may not exist. There are scammers waiting for you to do exactly that. It is not hard for scammers to put paid advertisements that appear in your search results so that your calls go directly to them. They’ll ask you for your wallet information or direct you to a phishing site to capture your login information, so they can “help you fix your problem”.
The same goes for anyone cold-calling you with special offers or registration deals. Do not give your exchange login information or any personal identifying information to anyone over the phone. And be very wary of the deals they offer, because those are usually one of the above-mentioned scams – or even another type of scam we haven’t covered, such as binary options.
There has been a recent cryptocurrency scam from a U.S. number 321-209-7162 claiming to be from Coinbase and asking for your details to avoid having your account closed within 48 hours. Hopefully, this sets off every scam alarm bell in your head – do not fall for it and be careful.
Common Red Flags of Cryptocurrency Scams
While we have covered the main types of cryptocurrency scams, this article by no means contains an exhaustive list. So how can you spot potential cryptocurrency scams? Here are some red flags you should watch out for when you’re interacting with any part of the crypto world:
- The project does not have a white paper (or it is very vague) and has no public profiles of the founding team, or has profiles that do not match what has been said about them in relation to the project. Fake profiles are very common.
- There is a lack of detail on how the technology actually works.
- The project doesn’t actually need blockchain to work.
- The website has a slightly different spelling than the true site, or something just feels off. Trust your gut! All sites should also have a valid SSL certificate.
- There is heavy shilling on social media and Facebook ads (although Facebook has recently restricted cryptocurrency related advertisements).
- The opportunity involves multi-level marketing (MLM).
- You are promised unrealistic ROI for your investment. For example, “1% per day” or “double your Bitcoin in 2 weeks.”
- You are asked to disclose your private keys.
- You have received an unsolicited private message via social media.
- You receive a phone call related to cryptocurrency trading and are asked to disclose personal or identifying information.
- The offer is too good to be true.
Please be vigilant and remember that crypto transactions are irreversible. In 99.9% of the time, there will not be someone you can contact to retrieve your lost funds and there are no laws to protect you. This playground is filled with scammers and they get sneakier by the day. Always be distrustful by default until you can prove that an opportunity is real. Read, learn, do your own research, and triple-check everything. Stay safe and avoid cryptocurrency scams!
May 17, 2018 Update
The SEC (Securities and Exchange Commission) just launched a fake ICO website to educate investors on how to avoid scam ICOs. The site proposes a sale for HoweyCoin, named after the Howey Test used to determine whether certain transactions qualify as securities. Anyone who tries to invest in the sale will be redirected to educational materials pointing out the fraudulent aspects of this “too-good-to-be-true” offer.
Check out the HoweyCoin website to learn common tactics promotors use to scam you out of your dough.
This article was written to the best of our knowledge with the information available to us. We do not guarantee that every bit of information is completely accurate or up-to-date. Please use this information as a complement to your own research. Nothing we write in any of our articles is intended as investment advice nor as an endorsement to buy/sell/hold anything. Cryptocurrency investments are inherently risky so you should never invest more than you can afford to lose.