Old timers will probably remember the dark day in 2014 when the world’s largest Bitcoin exchange at the time Mt. Gox collapsed with millions of dollars worth of Bitcoin. Over the years, several other smaller and bigger exchanges have been targets of high profile attacks that have resulted in the loss of tens of millions of dollars. Cryptocurrency hacking and phishing scam are as old as the technology itself.
The boom in cryptocurrency over the past two years has made the problem even worse with many cybercriminals now upping the ante in attacking users and stealing their crypto assets. When it comes to cryptocurrency hacking and phishing scams, what is at risk is not the blockchain technology anchoring the coins or tokens but the third party services such as cryptocurrency exchanges, wallets and other services.
Most people are vulnerable to hacking and other scams because they don’t understand how cryptocurrencies work and they fail to do their due diligence and take precautions online. As a holder, you control your own assets and most importantly, your own security. Vulnerabilities often occur because not everyone who invests in a crypto is an online security expert so hackers are able to compromise them successfully and steal their coins and probably a life’s worth of savings.
Cryptocurrency hacking will often happen at the points of connection with your cryptocurrency wallet. As experts say, what is most at risk is your attention. The blockchain setup is highly secure and it’s the users who drop the ball and expose themselves to hackers. Hackers use a variety of techniques to exploit your lack of attention in protecting your assets. Some of these are sophisticated technical attacks while others are the classic social engineering hacks where the attacker tricks you into divulging some critical information such as your wallet private key which they subsequently use to steal your coins.
Here is an overview of some of the most common hacks and phishing scams in the cryptocurrency world that you should be aware of:-
One of the latest cryptocurrency scams has been the use of cryptocurrency scambots that are shared on Twitter by fake accounts posing as well known personalities to trick users into sending coins to the scammers’ wallets. The attackers clone the accounts of some of the leading social media personalities such as Elon Musk and target users in the “replies” section of those personalities’ tweets. The fake account references the original tweet of the real account and announces giveaways that promise handsome rewards.
To get the giveaways, users need to send crypto coins to a stated address and they will supposedly get multiple times of that back in rewards. There are even bots that back up the fake account and post how the giveaway worked for them. This is probably one of the laziest and least sophisticated of the cryptocurrency scams out there although there are people who have already fallen victim to this.
Phishing scams are a bit more sophisticated although they still use an aspect of social engineering. They are also some of the most successful scams. In this case, the scammer buys a domain name that looks similar to that of a popular crypto exchange or crypto wallet and clones that exchange’s website. With numerous number of top level domain names to work with, scammers now have an easier time in fooling online users using fake websites. The clone website closely resembles the real one so if you are not keen enough, you are unlikely to tell them apart.
The clone website will prompt you to provide login details. After you have provided you login credentials, the fake website will redirect you to the real website. Meanwhile, the thieves use the credentials provided to log in into your real account and empty the contents.
Phishing can also take the form of email phishing in which case you will receive an email that looks like it has come from a reputable service you know with the exact format, design and template. Except that it isn’t. Sometimes you may not even be having an account with that service but you won’t even remember since you have probably subscribed to hundreds of internet services. You will unwittingly click a link in the email and expose yourself to a malware attack or a phishing website ready to drain away your money.
To avoid falling victim to this, memorize the domain name of your cryptocurrency exchange or wallet and make a point of typing it into your browser to gain access. You should also check the address bar and confirm that the URL is that of your real exchange website. Finally, try to enable some form of two-factor authentication on your wallets and cryptocurrency exchange accounts.
Fake wallets in Play Store
Scammers are also targeting users with fake Android wallets in the Play Store. Simply downloading and installing a random wallet from the Play Store is never a good idea because there is a high chance you could install a fraudulent one and you will end up losing a lot of money. The fake wallets will take your private keys or seed and use these to empty your real wallet.
There are also clones of more trusted Android crypto wallets. In a recent case, users lost lots of cash by unwittingly installing a clone wallet of the popular crypto wallet Coinomi. The best defense against this is due diligence. Read more about the Android wallet on other websites and read user reviews to establish whether the wallet is genuine one. In many instances, the scammers will even post fake reviews to dupe users so you ought to be savvy and thorough to tell the real from the fake.
Pump and Dump Groups
Pump and dump groups have always been prevalent in the traditional markets so it is no surprise that someone would be trying this technique in an industry where up to 50% rise in value is perfectly plausible. Pump and dump is a coordinated effort to artificially pump up the price of coin and then dump it at a profit.
Here is how a typical pump and dump strategy goes:
- A pump and dump group is formed and members join. Some of these are premium groups so you have to pay to be a member.
- The group leaders select the coin that members will pump and dump.
- All the group members rush to purchase the coin at a low price.
- As a result of the sudden demand, the coin price will start “pumping” or rising abnormally. Due to the fear of missing out (FOMO), outside investors will also begin buying the coin pushing the price up even further.
- Once the price has risen to a certain point, the pump and dump group will quickly sell their coins and the outside investors are left with coins whose prices are unlikely to hold for much longer.
- The group members make super profits.
Pump and dump is not really a classical hacking but it is a scam.
Some pump and dump groups con even the members. The insiders who are knee-deep into the
scam will buy the coin before the pump and sell it before the dump price is announced to the rest of the group members. Besides, not all pump and dump groups are going to hit the target dump price so it is generally common for group members to be left in the loop as well, still holding their coins.
Pump and dump is morally wrong and may soon be declared criminal. Outside investors should also be wary of coins that are suddenly and inexplicably surging in price.
The best way to determine if a coin may have been subjected to a pump and dump is by looking at its trading volume. If the trading volume is considerably lower than that of other coins as its price shoots up, chances are that the price rally could be artificial.
Initial coin offerings (ICOs) are currently widely popular. Many new cryptocurrency investors are pouring billions of dollars onto these hoping to latch onto the “next Bitcoin” and reap tremendous rewards. The main risk with ICOs is that the threshold is pretty low. Many investors don’t demand much. In fact, many ICOs are raising millions of dollars with a little more than just a white paper and that poses a significant risk.
Where there is no solid regulation and if you don’t have to deliver a proof of concept of your ICO or a working product, scammers could simply create a huge marketing hype and persuade investors to buy into air with little value. Many initial investors are hopping into these ICOs hoping to reap 100 times the return on their investment without even taking note of the obvious red flags such as:
- Largely anonymous project team
- No product or proof of concept
- Shallow white paper that is sometimes even plagiarized
- Breathless social media hype
- Lack of clear communication or lack of responsiveness from the project team
- No solid justification for tokenizing
- A hurry in execution
- Conflicting reports about the ICO
ICO scams have roped investors for anywhere from $300,000 to $32 million and the common thread is usually that the investors ignored obvious red flags and entrusted their money with scammers.
The Exit Scam
In the exit scam, a company provides users with a crypto-related service such as a wallet or an exchange where the customers can also open and maintain an account. Once it has roped in enough customers, the company simply disappears from the internet sometimes with claims that its platform has been hacked. Some of the fraudulent ICOs are also exit scams.
As with other financial transactions, only proper due diligence and awareness about the cybersecurity risks will protect you from potential scams or hacks. While some hacks are simply unavoidable for the average user, the weak link in most cases will be you. You must therefore read more, rely on trusted information sources and be a little more security-savvy in your crypto transactions.