Cryptocurrency Scams and Hacks
The Cryptocurrency space is often been referred to as ‘wild west’ territory and in a lot of instances, this does appear to be the case. It is important for users to be aware of the many ways that crooks and other less scrupulous individuals, and organisations, are out to steal your coins!
A Brief History of Hacks (or scams?)
Crypto Exchanges are mostly centralised. This opens them up to criticism and more importantly, vulnerability to hackers – they are easy targets for those with the right knowledge and determination.
Exchanges do get hacked, but sometimes this may not from an outside malicious attempt. Cases have been cited in the past where the culprit is on the inside, so in effect rendering it a scam rather than a hack.
One of the most controversial cases was that of Mintpal in December 2014. At one point, Mintpal was one of the most successful trading platforms. An announcement was made to users that the platform had a new owner – Alex Green, who many believed was a shady scammer. The fact is a vulnerability most likely existed at the time of the sale and was never detected and patched. Others believe that Alex Green simply took advantage and ‘hacked’ himself!
Whilst all exchanges have the possibility of an attack (especially centralised exchanges) you can help guard yourself by ensuring you use all the security available to you. Keep everything private, especially those all-important Private Keys. Always use 2FA if it is available.
The ICO and MLM Scams
2017 has been labeled the year of the ICO. During this year there was a massive explosion of interest in bitcoin and all things crypto. This led to the usual greed by many individuals, lured by skyrocketing returns on established and newly released altcoins. The biggest gains were always from the newly released altcoins and so led to some huge scams. One of the largest, and most recent was the case of Pincoin & iFan.
Unbelievably, both were run by the same Company – Modern Tech, operating from offices in Ho Chi Minh, Vietnam. Both ICOs have been classified as multi-level marketing scams. iFan was advertised a social media platform for celebrities to promote their content to fans. Meanwhile, Pincoin was promising 40 percent monthly returns on investments made. The project claimed to be building an online platform encompassing an ad network, auction and investment portal and peer-to-peer marketplace built on Blockchain technology. Investors totaling 32,000 lost around $660M. The old adage ‘if its too good to be true’ obviously needed to be considered in this case – 40% returns per month – come on, wise up people!
There are many other examples, some quite large and some not so. Some of the more infamous ones include:
- OneCoin – the subject of numerous investigations across the globe. India officially labeled OneCoin as a Ponzi scheme and Italy fined the operation €2.5M. Other countries including China, Finland, Norway, and Thailand have issued warnings.
- Plexcoin – if the thought of a 40% return per month from Pincoin cast doubts then how about 1300% per month! Plexcorp was closed down by the US SEC in December 2017 and thankfully all of the funds were frozen and founder Dominic Lacroix was jailed for running a Ponzi scheme.
Obviously, the crypto community needs to wise up and be far more aware and diligent whilst we are still in the very early stages of cryptos and regulations. It is a learning curve for all concerned including world wide governments. This is one of the raison d’êtres for this site.
As with the explosion in new altcoins so it follows there is a need for wallets to hold these coins. Even though we ALWAYS recommend using a Hard Wallet and cold storage, there will be coins that these wallets don’t support. Any ICO worth its salt will offer a proprietary wallet to enable users to store their coins.
One famous wallet scam was that of mybtgwallet.com. Bitcoin gold (BTG) wallet duped investors out of $3.2 million in 2017 by promising to allow them to claim free bitcoin gold. The website allegedly used links on a legitimate website (Bitcoin Gold) to get investors to share their private keys or seeds with the scam, as this old screenshot from the website shows.
Before the scam was finished, the website was able to scam $107,000 worth of bitcoin gold, $72,000 of litecoin, $30,000 of ethereum, and $3 million of bitcoin, according to CNN. Bitcoin Gold, the site’s wallet used in the scam, began investigating shortly after, but the site remains controversial. The firm did release a warning to bitcoin investors.
“It’s worth reminding everyone that it will never be truly safe to enter your private key or mnemonic phrase for a pre-existing wallet into any online website,” Bitcoin Gold wrote. “When you want to sweep new coins from a pre-fork wallet address, best practice is the same as after other forks: Send your old coins to a new wallet first, before you expose the private keys of the original wallet. Following this basic rule of private key management greatly reduces your risk of theft.”
Even Hard Wallets, as safe as they are, have been the target of scams. Read about how one scammer managed to target a Hard Wallet and how to ensure you don’t end up the same way. Always buy from a reputable source or better still direct from the manufacturer.
Phishing and Scam Emails
The Nigerian Prince or businessman now seems to have a fortune in BTC lying around rather than the good ‘ole Greenback. It’s an old scam reinvented for the new crypto world gullible and greedy.
Another, more sinister email doing the rounds recently claims to have gained access to your computer and recorded you watching pornography. The email is extremely threatening in nature and seems to be able to offer at least one piece of accurate information about you such as a phone number. The sender is asking for money to be sent to a BTC wallet address or they will release the information and screenshots to your friends and co-workers. Another variation, and even more sinister, is that they have been contacted by a competitor or rival and paid to kill you unless you pay up.
As with any of these scams check online and see if there is any other record of people receiving them. If it appears they are commonplace then the likely hood is you are one of many thousands being phished – just delete it.
General Advice to Avoid Scams and Stay Secure
No matter what, you will never be completely 100% safe from attack. What you can do is make sure your defenses are strong enough to defend the attack and take action to save the day.
Some safe practices to follow in general are:
- Avoid anything new. Let the early-adopters take the risks, and don’t get involved until you can be sure it’s legitimate.
- Make sure you know what to expect. Once you get to know how an exchange or a service operates you can more easily recognise problems and spot when something appears wrong.
- Use the most popular. There’s safety in numbers, exchanges such as Binance have been attacked but are strong enough to defend themselves and not lose funds.
- Always use two-factor authentication. This usually involves having a third party app to generate a random code – Google Authenticator being one of the popular ones.
- Confirm the URL. As an absolute minimum get into the habit of scanning the URL bar to check you’re at the correct site.
If you have been victim to a scam and want to alert others about any particularly new or devious methods then please let us know below.
Share this post with your friends so they can learn how to safeguard themselves.