If you’ve heard about cryptocurrency, then you’ve probably heard about crypto scams. Decentralized technologies are reshaping the financial landscape. Unfortunately, the rapid innovation, still-evolving regulatory structure, and complex nature of the industry is attracting plenty of digital asset fraudsters. The crypto industry is often compared to the Wild West or a gold rush.
Still, cryptocurrency itself is not a scam. Its profit potential and technological loopholes may attract those with malicious intent, but there are plenty of legit opportunities to be found. Staying informed about crypto scams is a great way to protect yourself against crypto con games.
What is a cryptocurrency scam?
A cryptocurrency scam is a fraudulent scheme that’s designed to deceive you (an individual investor or an organization) into parting with your digital assets. Crypto scams can take myriad forms and often play on emotions like fear or greed.
Cryptocurrency scams are somewhat unique because of the emerging nature of the industry. Blockchain technology is so new and complex that many people don’t understand it well enough to protect themselves from scammers. Furthermore, blockchain transactions are perceived as anonymous, making crypto even more attractive to those with criminal intent.
Why is the crypto industry susceptible to scams?
The same things that make crypto so alluring, with so much real-world potential, are the sources of its greatest risks:
- Privacy. Transactions on a blockchain are pseudonymous, meaning that they are traceable back to digital wallets but not necessarily to individuals.
- Irreversibility of transactions. Blockchain transactions, even illicit ones, generally can’t be reversed.
- Lack of regulation. Cryptocurrency regulation is lacking in most jurisdictions. Where regulations are weak or nonexistent, scammers can operate with impunity.
- Technological complexity. Many crypto holders don’t understand blockchain technology very well because it’s so complex. This knowledge gap can create opportunities for people looking to part you from your coins.
- High return potential. Investors seeking to get rich quick may be drawn to risky digital assets. Greed can sometimes cloud investors’ judgment, making them more susceptible to offers that are too good to be true.
- Rapidly growing industry. The rapid growth of cryptocurrency as an asset class and industry makes it difficult to keep tabs on new market entrants. Investors can be challenged to discern between legitimate opportunities and clever scams.
Cryptocurrency scams can occur in many different forms. Knowing all the ways that digital asset theft can happen is a great way to reduce your risk of becoming a victim. Let’s review eight common types of cons in the cryptosphere.
1. Fake ICOs
A fake initial coin offering (ICO) has all the trappings of a legitimate ICO but with none of the supporting technology or infrastructure. In other words, it’s like launching a coin that exists in name only.
The purpose of a real ICO is to release a new cryptocurrency to the public for the first time, with the expectation that the coin’s developers will use the proceeds to support the cryptocurrency network. A fake ICO ends with the developers vanishing with the ICO proceeds, revealing that the entire thing was a deception.
For example, Centra Tech was a fake ICO worth $25 million. The scammers claimed to offer a crypto debit card backed by Visa (V) and Mastercard (MA), and even received endorsements from boxing champion Floyd Mayweather and music producer DJ Khaled. The Visa and Mastercard partnerships were later revealed to be fake.
2. Fake wallets
A fake wallet scam tricks users into believing they’re using a legitimate digital wallet to store their assets. The fake wallet asks users to enter their private keys—information that should never be shared, by the way—and then scammers use those private keys to steal users’ crypto holdings. Fake wallet apps may live in app stores or be promoted through phishing emails.
A fake version of the Trezor digital wallet in the Google Play store impacted many users. Trezor is a well-known producer of hardware wallets, and the fake wallet was convincingly designed to seem like Trezor’s mobile app.
3. Crypto Ponzi schemes
A crypto Ponzi scheme is one that offers high returns by using capital infusions from new investors to pay the promised gains. Just like traditional Ponzi schemes, crypto Ponzi schemes deceive investors into believing that legitimate activities are fueling investment returns.
Bitconnect is an example of a crypto Ponzi scheme. The fraudulent platform promised returns on Bitcoin of up to 40% per month, requiring investors to exchange their Bitcoin for the platform’s own coins. The platform was revealed as a Ponzi scheme when it failed to continue operating.
4. Phishing and social engineering attacks
A social engineering attack manipulates people into divulging confidential information or performing actions that can give a scammer access to your crypto. Phishing for sensitive information—such as usernames, passwords, or your private keys—by pretending to be trustworthy is a type of social engineering attack.
Phishing attacks that target crypto holders may take the form of fake emails, messages, or websites. Misspelled URLs are another entry point for scammers. For example, the crypto exchange platform Bittrex.com was maliciously cloned by scammers, who simply targeted anyone who visited “Bilttrex.com” by mistake.
5. Pump-and-dump schemes
A scammer using a pump-and-dump scheme leverages various tactics to artificially inflate (or “pump”) the price of a digital asset. With the price inflated, the scammer immediately sells (“dumps”) their tokens into the open market. The rapid increase in the token supply causes its price to fall precipitously, but not before the scammer collects a profit.
Scammers can cause a low-value token’s price to increase by making false or misleading statements and simultaneously buying massive quantities of the token. GIZMOcoin is an example of an early pump-and-dump scheme that used this combination of tactics.
6. Cloud mining scams
Providing cloud mining services—otherwise known as mining-as-a-service—is a legitimate business, but some cloud mining companies are fraudulent. A company may claim to offer cloud mining services, perhaps with the promise of attractively high returns, in exchange for an up-front payment. The promised returns may never materialize, as the company owns no mining equipment.
Cloud mining scams are essentially a type of crypto Ponzi scheme. An example is HashOcean, which owned no crypto infrastructure but paid a generous signup bonus to attract new members.
Cryptojackers are scammers who secretly use your computing device to mine cryptocurrency without your knowledge. Proof-of-work mining for cryptocurrencies like Bitcoin is highly energy intensive, requiring significant power and computational resources. Cryptojackers aim to get all the benefits of cryptocurrency mining with none of the expenses, while you’re left with a device that hogs energy and operates poorly.
Visiting an infected website or downloading compromised software can cause your computer or phone to receive malicious code from a cryptojacker. Some users of the popular web plug-in Adobe Flash previously fell victim to scammers, who distributed a fake update that secretly installed mining software.
8. Blockchain-wide attacks
Scammers can target individual crypto holders or entire blockchains. Some of the most common types of attacks affecting whole cryptocurrency networks include:
- 51% attacks, which occur when a single entity gains control of more than half of a blockchain’s mining power or cryptocurrency.
- Sybil attacks happen when a single entity creates many fake identities (nodes) to maliciously influence the network’s operations.
- Routing attacks involve a malicious entity that manipulates data routing information to fraudulently intercept, modify, or block communication among blockchain nodes.
- Timejacking attacks occur when a nefarious actor alters the timestamps for a network’s nodes, causing confusion and potentially enabling the attacker to double-spend cryptocurrency.
- Eclipse attacks occur when scammers isolate one or more blockchain nodes for the purpose of feeding false information to the isolated node.
- Long-range attacks are a theoretical attack type involving scammers who create a new fork of a blockchain from a point far in the past, attempting to make fraudulent transactions appear legitimate.
- Selfish mining attacks occur when miners successfully process a new block but don’t broadcast that information to the network, enabling them to secretly begin mining the next block. Such an attack has not yet been observed, but in theory, it’s possible.
Best practices to avoid a crypto scam
What can you do to avoid becoming the victim of any type of cryptocurrency scam?
- Conduct plenty of due diligence before investing. Understand the cryptocurrency, its technology, the team, and more.
- Evaluate a cryptocurrency’s online presence. Look for a strong digital presence and avoid anonymous projects.
- Assess a cryptocurrency’s legal compliance. Make a conservative assessment of the project’s legality in relevant jurisdictions.
- Beware unrealistic promises. Don’t trust offers that seem too good to be true.
- Use established platforms. Use only the products and services of credible industry leaders.
- Secure your personal data. Practice safe browsing habits and never share your private keys.
- Stay well informed about industry changes. Protect yourself by keeping abreast of fraud developments.
- Ask for help if you need it. Use the services of financial professionals to avoid any additional pitfalls.
The bottom line
Anyone can become the victim of a cryptocurrency fraudster. But knowledge is power—and that’s especially true when it comes to avoiding crypto scams.
You can reduce your risk by staying informed about the common types of digital asset scams and following key best practices. And always remember: If it sounds too good to be true, then it probably is.