CertiK Logo
CertiK Logo
Products
Company
incident-response
Back to all stories
Blogs
What is a Crypto Scam?
3/7/2022
What is a Crypto Scam?

Early this year, CNBC reported that scammers around the world netted a record $14 billion in crypto in 2021. With an influx of new users and the DeFi boom, crypto scams were more prominent than ever. Not only is this bad for the users who lose funds, but it is also damaging to crypto’s reputation from many people on the outside looking in.

There are a few things that users can do to protect themselves from these crypto scams, but first we need to know what types of crypto scams there are and what to look out for. Given the exponential rise in reported crypto scams, awareness of the common types of scams and what kinds of things you can do to protect yourself from being cheated are more important than ever. First, we need to be aware of some of the biggest types of crypto scams to know what to look out for.

Phishing Scams

Phishing is a type of social engineering attack often used to steal user data, including login credentials and wallet info. The user is tricked into giving up their sensitive data, typically through a phishing website, in an attempt to trick a victim into disclosing sensitive information or connecting their wallet to a fake browser extension for example. The target of a phishing attack may be limited to an individual but in most cases the attacker’s broader goal is to compromise one or more systems the victim has access to.

Giveaway Scams

If you browse crypto related content on social media such as Twitter or Youtube, there is a very high chance that you have seen a “Send me 1 bitcoin and get two back!” related posts or comments. While many users understand that something like this is too good to be true, there are still people who fall into the trap with their hopes high and thinking they can’t pass that opportunity up. These scammers often impersonate people or celebrities and make their accounts almost exactly the same, sometimes even having a verified badge! For example, in the six months prior to March 31, 2021, there had been reports of more than $2 million in crypto scams transferred to Elon Musk impersonators.

Fake Crypto Wallets

Another crypto scam that has been more prominent lately is the use of fake crypto wallets. These scammers will create fake ones online or in mobile app stores. The scammers hold the keys to these fake wallets, so they can steal all the funds in them whenever they want. In 2017, there was a crypto scam involving Bitcoin Gold shortly after it launched where a scammer convinced the creators of Bitcoin Gold to promote the site mybtgwallet.com for storing it. The creator of this site then stole over $3 million in Bitcoin and over $200,000 in other currencies. One way to avoid having your crypto stolen by a scammer is to use well-known crypto wallet services with a proven track record. Use wallets with a ton of downloads and good reviews from app stores and only follow legitimate links. The safest system is to have your investments in a cold wallet that’s not connected to the Internet. Transfer crypto from there to your Internet-connected “hot” wallet only when you need it to make a trade.

ICO Fraud

While this type of crypto scam was much more prevalent in the 2017 ICO (initial coin offering) wild west, there are still similar scams today. This is when scammers pretend they have created a new type of crypto coin that promises to be the next big thing and there will be huge returns, to then just vanish into thin air with investors' funds. Once enough money has been collected, the scammers take the users funds and disappear. These scams are more rife in the crypto space due to easier listing requirements and the fact that it’s harder to trace the missing funds. This type of scam is similar to a rug pull, but the scam project does not even have a token yet and users lose their funds while waiting for it to arrive in their wallet.

Rug Pulls

Rug pulls are a scam almost everyone in crypto has heard about or even been a victim of. Whereas DeFi hacks involve an outsider exploiting a protocol from the outside, a project can be said to have been rugpulled if the founders of a project pulls the rug out from under their investors by dumping all the tokens they control on the open market and abandoning the project. With the right mix of marketing hype and eager investors, token prices can shoot up extremely fast. When the founders think that they’ve made enough money, they dump the rest of their tokens on the market and claim all of the “real” assets it was being traded against. This craters the price and makes it very clear to investors what has happened - they’ve been left with a worthless token, while the founders have taken off with all the token people bought their token with.

What to Watch For

  • Oftentimes these scams make promises of huge returns. Unfortunately there’s no such thing as a guaranteed return on any investment, especially a big one. If it's too good to be true, then most likely it's not true.

  • While there is a strong tradition of anonymous developers in crypto (e.g. Satoshi Nakamoto) you should stop and ask yourself why developers of certain projects choose to remain anonymous. Are they working in a country where the revolutionary product they’re creating may attract unwanted attention, or are they preparing for their upcoming exit scam? Through CertiK’s Skynet, project owners never have to dox themselves to the public if they don't want to. We securely and privately store their information. They can now give communities peace of mind without fully exposing their identity.

  • Extensive marketing tactics.If relentless marketing makes up 90% of the project’s activity on Twitter or Telegram, that’s a potential red flag. Marketing is important once you’ve got a working product to raise awareness about, but shilling a token that has no meaningful function is not marketing, it’s most likely scamming.

  • Offers of Free Money. Any time anyone offers you money for nothing, whether in cash or crypto, it’s pretty much guaranteed to be a scam.

  • Lack of Detail. Crypto investment scams often gloss over the details of how the investment works. Legitimate investment advisors, by contrast, are usually eager to explain how they can make money for you.

At the very least, research the company and the cryptocurrency before you invest. Try searching for the name of the company along with words like “scam,” “complaint,” or “review” to find out what experiences others are reporting.

If you’ve already lost money to a crypto scam, your chances of recovering it are slim. However, you can help stop the scammers from hurting anyone else by reporting the crime. Whether you’ve fallen for a crypto scam or just seen one online, it’s really important to report them as it helps officials investigate fraudulent companies and stop them from targeting other people.

As interest in crypto and the market grows, interest in crypto scams is sure to grow along with it. In addition to the scams listed here, there will probably be new ones. It is important to always do your research and if you think something is too good to be true, there is a good chance that it is. Always DYOR!