Cryptocurrencies: how to avoid online scams
December 30, 2021
This article is mainly for those who are not used to navigating the turbulent seas of the internet, but it is important for everyone to stay up to date on the types of scams we find in the world of cryptocurrencies and online in general.
We have already talked about phishing and ponzi schemes, and in this article we will talk more specifically about Apps and YouTube.
YouTube and fake live streams
YouTube is generally a popular portal for those interested in cryptocurrencies to find valuable technical content, news and market analysis. Major influencers and celebrities, who are almost always present on Twitter and YouTube, very often adopt the form of the “live stream” to better communicate with their audience and interact in real-time.
From time to time it happens that this format is exploited by fraudsters to try to cheat people.
So be careful of impersonations, i.e. when fraudsters pretend to be famous and influential people in the crypto world, such as an Exchange owner or a founder of a major cryptocurrency.
The scam is carried out by means of banners and inscriptions in the video or in the description, where you are asked to send a certain amount of money in order to receive a larger amount, all justified by the “generosity” of the impersonated celebrity.
Generally, it is sufficient to check that the channel is official, check the comments (often disabled) and do not send any money under any circumstances.
Even on official channels, however, it can happen that the comments are answered by accounts pretending to be the authors of the video. Generally, the scammers enter their own contact details, lure the victim and then open a private communication channel. In this case, too, you should avoid opening the message and report the account.
Fake mining apps
People’s high interest in mining is another lever exploited by cybercriminals.
Newcomers to the sector, who may not yet be fully informed, sometimes see advertisements and banners for supposed apps that “make mining easy” and straightforward.
Behind these fraudulent apps are almost always hidden ponzi schemes that are quite easy to spot, as they usually require the payment of a monthly subscription (average of about $15) to increase the computational power of the device being “rented” for mining (this is technically called Cloud Mining).
In reality, this money does not go to any mining company, but only to the authors of the app.
You should also be wary of apps that promise to let you mine using your smartphone battery.
You should know that real mining requires powerful hardware and specific software, and smartphones are not remotely capable of this.
Some computer security companies have analysed the source code of these applications and discovered that only the graphic interface resembles that of real mining software, but everything shown on the screen is the result of a random mining simulation. Basically, it looks like you are actually mining, but it is all fake.
How to tell these apps apart? Some of these apps simulate earnings, so all you have to do is restart your phone or clear your cache to see them disappear. Others, however, will accept any series of letters or numbers in the section where you enter your wallet address. They have no intention of sending you any earnings from mining.
The decentralised nature of cryptocurrencies has led to the emergence of so-called “crypto vigilantes”, i.e. users who try in their own small way to warn of possible scams.
In the cryptocurrency world, it occurs when a coin’s promoters disappear with investors’ money during or after an initial coin offering (ICO).
This phenomenon has always existed, but intensifies during periods of high interest by people in cryptocurrencies (usually when prices start to rise steadily). Typically, fraudsters create a new cryptocurrency that they claim is highly innovative and can generate very high returns in a short period of time. At the same time, you can see a very aggressive and typical marketing that focuses more on the hypothetical earnings and less on the innovative features of the project.
In order to avoid this type of scam as much as possible, it is advisable to ensure that the project’s source code has been audited by independent and accredited bodies, and it is always a good habit to check who the people in the project’s founding team actually are, paying particular attention to the authenticity of their identities. The project itself should be studied, as well as the business model, which is very important for its real economic sustainability and thus survival.
Clipper Apps: check wallet addresses
In 2017 or so, researchers at ESET discovered a new type of malware, called “clipper”. It is not widespread, yet its behaviour is difficult to recognise.
Basically, this type of malware goes and replaces the original text copied by the user, for example a Bitcoin or Ethereum address, with the scammer’s wallet address. The result is that you think you are making a transaction to one wallet but in reality, the coins are going to another wallet.
This type of scam can also affect people with good security habits, as it is a little more difficult to spot because, as is well known, wallet addresses are long and not made up of full words (they are alphanumeric strings) and therefore it is difficult at first glance to notice the difference between the real address and the one replaced by the malware.
It is, therefore, a good idea to always check the receiving address carefully, even at the cost of losing a few minutes of your time.
To prevent this and other malware, you should scan your devices frequently with a system – or reliable antivirus.
Some useful security tools
In the vast world of DeFi there are countless possibilities and projects, it is good to equip yourself with some useful tools to identify scams:
- Unicrypt – is a blockchain application that collects all the data on new tokens launched on the decentralised market, in a transparent way. By selecting a token from the dashboard or browser, you can check its tokenomics, liquidity, how it was distributed or locked and for how long. You can also see if the token smart contract has been audited.
- Blockchain Explorer – to examine tokens or smart contracts for anomalous data;
- Token Sniffer – a tool to validate the security of a smart contract and at the same time check whether it is a known scam, whether there are any audits and whether similar smart contracts exist.
Any final advice? Avoid any service that promises easy money in a short time, pay attention to details and above all DYOR.