MORITZ PUTZHAMMER
02 January 2022 • 13 min read
Since I have been unsuccessful in locating the relatives for over 2 years now I seek your consent to present you as the next of kin of the deceased since you have the same last name so that the proceeds of this account valued at US$15.5 Million Dollars can be paid to you and then you and me can share the money, on the ratio of 50% for me, and 50% for you. Please get in touch with me by email and send to me your telephone, fax and account numbers to enable us discuss further about the details of this transaction.
Who doesn’t enjoy a good old-fashioned Nigerian scam e-mail promising millions? Endlessly inventive and entertaining, they’re the stuff of legend. They’re also extremely easy to spot.
But what about cryptocurrency scams? How confident are you in your ability to sniff out the most diabolical and sophisticated ones, or even those run-of-the-mill scams promising moderate returns rather than millions? After all, the history of money is a history of unscrupulous individuals and organizations trying to obtain as much of it by any means possible. Can anyone say “subprime mortgage crisis?”
Cryptocurrencies are high-tech stuff, but the old adage still applies: If something sounds too good to be true, then it probably is. In the following article, we’re going to highlight a range of common and not-so-common scams circulating in the world of crypto in order to keep you and your hard-earned assets safe.
Initial coin offerings (ICOs) are an important element of the cryptocurrency ecosystem, providing a strategic opportunity for investors to get in on the ground floor of a particular asset while enabling cryptocurrency startups to secure the requisite levels of funding to launch their coins or tokens.
Given the substantial sums of money involved as well as the relative ease with which a cryptocurrency token can be created using Ethereum, however, the process has attracted a fair number of scammers. Typically, the anatomy of an ICO scam is quite simple and involves: 1) creating a token, 2) hyping it via false and/or misleading claims, 3) providing limited or opaque information, and, finally, 4) diverting the funding in order to use it for other purposes.
One notable example involved the fraudulent initial coin offerings (ICO) by Ho Chi Minh City-based cryptocurrency company Modern Tech to the tune of $658 million from 32,000 people. Another extreme example is the start-up Confido, which ran off with $375,000 via its ICO.
Luckily, there are a number of red flags that you should never ignore. In fact, the presence of any of the following means that you should proceed with extreme caution (or abandon your interest entirely). These include a lack or a white paper (or one short on details), limited, if any, details about the actual team members and their respective backgrounds and qualifications, embellished or baseless claims (often seasoned with a pinch of FOMO or “fear of missing out”), an unrealistic budget structure, unrealistic projected returns, and a general lack of feasibility.
Due diligence is the name of the game here. Begin with Google and social media and keep digging, paying close attention to conflicting or lack of information. Feasibility, verifiable information, and transparency, on the other hand, should serve as confidence boosters.
As their name suggests, peer-to-peer transactions can often involve removing the intermediary (in the case of crypto, the exchange platform) from the trading equation, leaving you free to buy and sell crypto directly. While there is nothing inherently wrong with this approach, it does result in certain levels of exposure, which can increase your chances of inadvertently falling prey to scammers. As with most things, caution is key.
In a recent blog entry, for example, Binance P2P flagged up a number of common scams such as triangulation (using a third-party’s payment account) and reverse payments (transferring funds but then cancelling the transfer within 72 hours). Generally, you should practice a methodical approach to trading, one that involves sequential steps: trade requested>trade accepted>escrow>payment confirmed>escrow released.
Of course, there are a range of clever tricks that scammers can use to dupe unsuspecting traders on peer-to-peer trading platforms, from mixing dots and commas (e.g. 2,900 versus 2.900), the use of ghost platforms and address spoofing to chargebacks and man-in-the-middle attacks, among others.
Remember that e-mail from our Nigerian friend promising millions at the beginning of this article? That’s a classic phishing scam in which the sender attempts to reel you in by tricking you into providing private information that can then be used to compromise your financial accounts and personal identity. However, Nigerian lawyers and princes flush with millions in recent cash don’t have the market cornered when it comes to phishing scams. The crypto space is swimming in phishing scams (see what we did there) and below we take a look at some of the more prevalent ones.
In 1996, Dolly the sheep was the first mammal to have been cloned successfully from an adult cell—the same animal but nevertheless an entirely different one. Clone sites operate under the same principle—a site that seems the same, but is completely fake. Scammers will take a legitimate site and clone it, hoping that unsuspecting traders won’t be able to spot the differences before entering and uploading their personal information. One way to avoid this scam is to pay close attention to the website’s URL. If there are any anomalies, then you might very well have identified a phishing site.
Don’t feel too bad, though, if you find yourself having a hard time discerning crypto fact from crypto fiction. Even Google has been unable to keep up with the increasing number of websites that are clones of the official web page from companies that provide mining device sales, wallets, full nodes, paper wallet tools, and popular trading platforms.
However, there’s more to phishing scams than spoofing websites. In 2017, for example, the South Korean government and local financial authorities warned investors about the emergence of fake cryptocurrency and Bitcoin exchanges. The fake exchange “BitKRX” was named after Korea Exchange (KRX), the largest financial trading platform in South Korea, which had been established by KOSDAQ, South Korea Futures Exchange and South Korea Stock Exchange. Through a bit of clever branding, the fake exchange was made to look like the largest trading platform in the country, but it was as real as a Louis Vuitton bag in a Chinese marketplace.
According to one estimate, there are approximately 504 crypto exchanges currently in operation (as of this writing). That’s a lot of exchanges, and choosing the safe and secure one to meet your needs can be confusing. As a helpful primer, we’ve written an article covering the best ones for 2022 based on criteria such as reputation, fees, payment options, KYC verification and geoblocking.
Hello, I’m the account administrator with XYZ Coin and we need to verify some of the details of your account as well as reset your password for improved security. For your safety and convenience, we can do this by e-mail in a matter of minutes.
By now, everyone should know that any confidential information already stored by traditional financial companies and fintech or cryptocurrency platforms will never need to be “verified” by someone from that company or service, especially by e-mail. As with cloned websites, scammers will try to make the e-mail message look official by borrowing logos, creating an e-mail address that seems almost identical to the company’s address and using similar usernames.
When in doubt, always communicate directly with the platform and verify any and all communication to ensure the safety of your confidential information.
Vishing is just like phishing, you’re thinking to yourself. Well, you’re partially right. Vishing is phishing using a phone, but scammers can deploy high-tech methods such as automated voice simulators and harvesting information that might have been leaked on the dark web. But there’s more to vishing than meets the eye.
Some vishing scammers will not contact you directly, but rather your phone company. After finding out your phone number and even your identification number and address thanks to something as benign as a stolen invoice, the attacker contacts the company to transfer your line to a new SIM card, which they control.
If it sounds far-fetched (after all, telecom companies can’t be that lax with their security), then you’ll want to read Cody Brown’s account of how he lost $8,000 in Bitcoin in fifteen minutes with Verizon and Coinbase. And then there’s Jered Kenna’s tale, as reported in Forbes:
“A hacker had faked his identity and transferred his phone number from T-Mobile to a carrier called Bandwidth that was linked to a Google Voice account in the hacker’s possession. Once all the calls and messages to Kenna’s number were being routed to them, the hacker(s) then reset the passwords for Kenna’s email addresses by having the SMS codes sent to them (or, technically, to Kenna’s number, newly in their possession). Within seven minutes of being locked out of his first account, Kenna was shut out of up to 30 others, including two banks, PayPal, two bitcoin services — and, crucially, his Windows account, which was the key to his PC.”
There once was a man who came across a Tweet by Elon Musk’s team asking for any amount of bitcoin, and in return they would send back double the amount. As you might have guessed already, this fairy tale doesn’t have a happy ending. The man lost £407,000.
Earlier this year in March, the BBC covered the case of a German man from Cologne named “Sebastian,” who clicked on a Twitter notification from what he thought was Elon Musk’s account. His click landed him on a professional-looking website with the giveaway already underway. Fearing that he might miss out on the opportunity to double his holdings, he sent 10 Bitcoin.
And waited. And waited.
As the sweepstakes timer wound down to zero, Sebastian was forced to face the reality of the situation: the Tweet, website and sweepstakes were all one big scam. As the BBC reported, “133 miles away in Amsterdam, analysts at Whale Alert had watched in horror as Sebastian's 10 Bitcoin were transferred and then cashed out anonymously a few days later. The blockchain analysis company has tried to get authorities to take action against the scams for months, but says nothing is being done.”
“Giveaway gangs” are thriving. During the first three months of 2021 alone, they’ve already hauled in more than $18million (analysts estimate the total for 2020 was in the region of $16million), with tens of thousands of people falling victim to these scams annually.
Remember the scene in the film The Wolf of Wall Street in which Leonardo DiCaprio, playing the real-life Jordan Belfort, cold calls “John” about some worthless penny stock, hyping it as the next big thing that would help the unsuspecting John pay off his mortgage? It’s a classic tactic that has been used for decades and it made Belfort incredibly wealthy. But it also landed him in prison.
The same applies to crypto markets, especially during a bullish period. A coin or token is hyped by a group of individuals through an e-mail blast and social media such as Telegram, Facebook and Twitter. Fearing that they might miss out (FOMO) on this incredible opportunity, traders rush to buy up the coins, thereby driving the price up until the coins are eventually dumped by the group of scammers. A crash ensues, with the value of the asset plummeting.
Pump and dump schemes have attracted a great deal of attention in the crypto sphere. A few years back, the Wall Street Journal examined the anatomy of these scams, writing:
“These schemes became more pervasive following the recent explosion in initial coin offerings—the securities-like digital tokens sold by startups to fundraise for projects...Big Pump Signal’s strategy is straightforward, like others pumping coins: announce a date, time and exchange for a pump; at the set time, announce, or “signal,” the coin being pumped, let the traders create a buying frenzy, and then quickly sell. It can all happen in minutes, and successful traders publicly gloat about their profits.”
A newbie trader fell for Big Pump Signal’s scam, writing a piece about it for Vice.
Given their ubiquity, we’ve written a separate article: “How do crypto pump and dump scams work?” in which we highlight what to keep in mind when considering a red-hot asset.
99% of crypto signal providers are fake, and beginning traders should be especially wary. Crypto trading signals groups are targeting you in particular because of your limited experience, hoping that you’ll trade your hard-earned coin for an “easy” or “certain” pathway to trading success.
First they’ll gain your interest and trust and then charge you a monthly subscription fee for their “service.” Not only will you not learn anything from having others spoon-feed you information or strategies, but you’re also opening yourself up to things like pump and dump scams (be particularly wary of Telegram signals groups). You also have little idea where these groups are actually getting their information and have no way of determining if their performance record has been manipulated.
Instead, focus on learning and education in order to become a knowledgeable and informed trader rather than one that relies on dubious, anonymous groups selling snake oil signals.
In March 2020, the world of crypto was buzzing with stories about a network of fake QR code generators that were stealing people’s bitcoin. Security solutions provider Sophos, for example, warned: “Typing in an address – any address – spat out the same handful of QR codes, which had nothing to do with the addresses entered. Instead, they pointed to the attacker’s own addresses. So when anyone used that QR code as a payment address, the person sending them bitcoin would have sent it to the attacker’s account rather than their own.”
ZDNet reported similar findings, noting:
“ From the initial website, Denley [Director of Security at the MyCrypto platform] said he found eight other sites, all sharing the same interface, suggesting they were created by the same scammer:
It’s a remarkably simple scam, which is what makes it so effective.
Apps have become one of the latest ways that scammers can get their digital hands on your crypto wallet. A story in the Washington Post describes just how easy it is to fool people into inputting their confidential information, even when using a “trusted” source such as Google's Android Play Store and Apple's App Store.
“Phillipe Christodoulou wanted to check his bitcoin balance last month, so he searched the App Store on his iPhone for “Trezor,” the maker of a small hardware device he uses to store his cryptocurrency. Up popped the company’s padlock logo set against a bright green background. The app was rated close to five stars. He downloaded it and typed in his credentials. In less than a second, nearly all of his life savings — 17.1 bitcoin worth $600,000 at the time — was gone. The app was a fake, designed to trick people into thinking it was a legitimate app.”
Unfortunately, this scam seems to be proliferating, with increasing numbers of victims. Let’s hope the corresponding increase in coverage will educate people about the dangers of fraudulent apps.
Unless you have access to geothermal energy (yes, we’re looking at you, readers from Iceland), then mining crypto might make you consider taking out a loan to pay your electricity bill.
One company, Mining Max, saw an opportunity to scam investors and set up a pyramid scheme to carry out its fraud. South Korean authorities, however, caught on to the scam, indicting over two dozen company employees, who were accused of “embezzling about $250 million from 18,000 investors in 54 countries, including the United States, South Korea, China and Japan.”
Last but certainly not least in our list of crypto scams are DeFi rug pulls. Can’t tell a rug pull from a Persian rug? Well, according to CipherTrace, rug pulls were crypto’s top fraud scheme in 2020.
This type of attack is specific to decentralized finance exchanges (DEXs) in which a vulnerability to the smart contract is exploited (the vulnerability means that the contract can be bought but never sold). As a result, the token loses all of its value.
As CipherTrace’s report indicates, “Half of all 2020 crypto hacks were of DeFi protocols—a pattern that was virtually negligible in all prior years—and nearly 99% of major fraud volume in the second half of 2020 stemmed from DeFi protocols performing “rug pulls” and other exit scams in a pattern eerily reminiscent of the 2017 ICO craze. In a rug pull, which is similar to a pump and dump, some investors will liquidate the entire DeFi pool, leaving the remaining token holders with no liquidity and unable to trade, wiping out the remaining value.”
Due diligence is the name of the game here. Begin with Google and social media and keep digging, paying close attention to conflicting or lack of information. Feasibility, verifiable information, and transparency, on the other hand, should serve as confidence boosters.
Crypto trading is a marathon, not a sprint. There are no shortcuts. The fastest way to lose money is thinking that you’re going to make a lot of money quickly. Just like many things worth doing well, crypto trading rewards patience, knowledge, diligence and a dose of calculated risk.
At Trality, we believe that an educated trader makes the best trader. That’s one of the reasons why we’ve outlined the various types of crypto scams, so you can spot them and avoid them.
One of the safest ways to avoid falling prey to any (or a combination) of the above-mentioned crypto scams is to ensure that the platform with which you decide to trust your trading needs is up to date with the latest security protocols.
Unlike the vast majority of other trading platforms, Trality’s Marketplace is a one-of-a-kind space that brings together crypto trading bot creators and investors for mutually beneficial purposes. While most platforms rely exclusively on anonymous bot makers and unproven bots, Trality ’s Marketplace is a carefully curated space with hand-picked creators and the best bots available, enabling both creators and investors to earn solid passive income returns.
Investors can rent profitable bots tailored to specific risk tolerances (low, medium, and high) and individual investment goals. A full suite of metrics is available, allowing investors to decide on a bot based on clear, quantifiable data. Bot Creators can monetize their bots and earn passive income from investors around the world by having their bots listed on Trality’s Marketplace.
Founded in 2018 by Moritz Putzhammer and Christopher Helf, Trality is fast becoming the go-to platform for anyone wanting to experience the power and flexibility of trading bots. And we’re based in the centre of Vienna in the heart of Europe, meaning that you can have absolute confidence in our commitment to safety, security and transparency.
Check out all of our Documentation for free. Read more about our expert team and our vision for the future.
And we’re particularly excited to announce that all of our new users receive a complimentary invitation to join our Discord community, where you can hang out and interact with a growing number of Trality users via free voice and text chat.
Among our moderated forums (co-founder Moritz is the space’s Admin), you’ll find loads of useful information, from the latest announcements and release notes to dedicated channels for newbies. We even have purpose-built channels for all of your questions and comments related to our state-of-the-art Code Editor and Rule Builder. And for those of you that just want to shoot the breeze, you can head over to the unmoderated discussion channels to discuss trading, request features or take things off topic.
Trality brings the speed, intelligence and autonomy of bots to private investors like you. Anyone should be able to benefit from the use of powerful automated trading bots and we make that happen.