As with anything, whenever there is something promising going on in society, there always has to be at least one person who ruins it for everyone. This certainly seems to hold true for the cryptocurrency space, which has been witnessing more and more sophisticated scams and frauds as the cryptocurrency space itself has grown more legitimate. Last year alone saw massive hacks such as the Axie Infinity hack for $540M worth of NFTs by North Korea, as well as the global FTX fraud that lost billions of its investors’ funds, and many smaller rug-pull schemes.
Table of Contents
1. Check for substantiation
The first step to spotting a scam is to read the whitepaper and verify that there is an existing coherent plan. This includes looking into whether this project is a copycat of another project and whether they have a realistic strategic plan with defined periodic goals.
There are thousands of existing decentralized applications (dApps) and many more being released daily, so it is impossible for there not to be similar projects that already exist to the one that you are currently looking into.
So too, if the whitepaper is only a page or two long and filled with vague ideas and hyperbolic language, that is likely a good sign to avoid the project. A famous example of this is TRON.
TRON released its whitepaper in January 2018 and reviewers were quick to point out that much of their whitepaper’s content seemed to be plagiarized from at least two whitepapers that were released by Protocol Labs for their IPFS and Filecoin blockchain projects.
While the text was not copied word-for-word, the gist of the paragraphs and layout of certain sections made it pretty clear that they were just copying and changing up the work produced by Protocol Labs.
Later on, it turned out that that was due to laziness on the translators’ part, and the TRON team quickly removed those whitepapers and found someone else to translate their whitepaper more accurately and without missing crucial information that the original version omitted.
2. Research the team
A basic step that many people overlook is to thoroughly research all the team members. Even if the whitepaper and presentation seem compelling, that does not mean that the project will come to fruition. This is because a lot of projects depend on the reliability and cohesiveness of the team behind them. Therefore, it is important to examine their credentials.
This includes asking yourself questions like whether they have worked on successful blockchain projects or businesses in the past, whether they have a history of fraud or suspicious activities, and whether they have traceable identities.
Someone who pops up out of nowhere and whose identity and credentials cannot be verified is highly suspicious.
Furthermore, if someone does have a history of mismanagement, fraudulent behavior, or jumping from one get-rich scheme to another, those are clear warning signs that should not be ignored, regardless of how wonderfully they have apologized or sworn to have learned from past mistakes.
An example of this is the Logan Paul and the CryptoZoo saga. Logan Paul is a controversial YouTuber who has a reputation for poor judgment and mild misdemeanors that have had him banned from YouTube and de-monetized a few times in the past.
These include filming a dead body in Japan’s suicide forest, illegally flying a drone over Rome’s Colosseum, and tweeting about the Tide Pod challenge. On all occasions, he apologized, seemed to have calmed down, and was soon back to more attention-grabbing mischief.
While these in themselves may not seem too bad, an expose by ‘blockchain detective’ CoffeeZilla revealed that some of the people on his CryptoZoo project, such as Eddie Ibanez, who was the lead developer of the project, had a history of scamming and failure to fulfill their financial obligations, although that required a lot of digging to discover.
3. Are the developers anonymous?
If the developers are unknown, that should be a red flag for most people. Although it is tempting to believe that it fits in with the ethos of blockchain and that even the progenitor of cryptocurrency, Satoshi Nakamoto, is anonymous, those considerations apply to different aspects of the cryptocurrency space.
In the former case, anonymity is fine where direct transactions are conducted via smart contract because the human element is removed from the equation since it is the coding that verifies the existence of the cryptocurrency in each wallet, and which also irreversibly conducts the transaction once both address holders sign on it.
In the latter case, Bitcoin was not worth anything, and blockchain had no real-world application prior to its launching the Bitcoin blockchain. Hence, his decision to remain anonymous could have no ramifications on participants, since there were no investors.
But, when it comes to anonymity with a development team for a project that is meant to earn you money or provide you with some kind of product, the lack of transparency is concerning. After all, why would a legitimate businessman choose to conceal their identity, when their identity would help to gain investors’ trust? Indeed, many, but not all rug-pull scams, are run by anonymous actors.
A well-known instance of this is the Squid Game Token scam of November 2021, where the anonymous developers promoted the token sale with the promise of creating a Squid Game-style game where only one player would remain; the winner of all the tokens.
In all fairness, they did make good on this promise, since they were arguably the sole winners who made off with all of their victims’ capital when they dumped the tokens on the market at their all-time high (ATH) price.
As a side note, the project also raised some crypto community members’ concerns due to their unpolished and weak whitepaper.
This scam saw over $3.3 million USD being stolen, with no trace of ever being found. Of course, there are many rug-pull scams conducted by influencers as well, but at least it is easier for victims to take legal recourse against them.
4. Beware of fake websites
Another common scam is sponsored Google or social media ads that claim airdrops or investment opportunities from famous companies or franchises. However, the link will then take you to a fake phishing website.
The best way to confirm whether these offers are legitimate is to visit the company’s official social media accounts or website to check for announcements or press releases confirming the legitimacy of the offer. If there is no mention anywhere, then ignore it. But if there is an offer, then use the link listed on the official site.
In general, it’s better not to take risks with unknown third-party sites.
Check the website URL closely. Legitimate URLs will be clear, not an odd jumble of characters or collections of words. Sometimes a scam will use a URL close to the official website’s URL as well, so it is worth double checking you are at the official website.
The fake NFT Pokémon game called ‘Pokémon Card Game’ is a good illustration of this. Although there is an official Pokemon card game called Pokemon: The Trading Card Game Online (Pokemon TCG Online), it is not a blockchain-based game. There never was an NFT Pokemon game.
But this fake game came up as a promoted ad on Google and social media platforms. Clicking the link led you to a professional-looking and completely fake website that contained trojan malware. A program called “NetSupport Manager” was then downloaded and buried in unsuspecting users’ computers.
This software allowed the scammers to access victims’ personal information and data. This included access to email, online stores, and social media accounts that they were logged into at the time, as well as any passwords that they may have saved on their device.
A simple way to verify whether this game is authentic would have been to visit Pokémon’s official website, since every online game that they have released is listed on and accessible through that site. Additionally, they could have reached out to customer support to ask whether the project was real or not. You should beware of similar opportunities offered to you via email.
5. Beware of fake apps
These scams work the same way as fake website scams. There are advertisements on social media sites and Google ads for the fake application and when you download it, the spyware or malware will allow the scammers access to your private keys or financial data. Some of these fake apps can even be found on Google Play and iOS stores.
These are typically in the form of a fake crypto wallet or other DeFi apps such as malicious duplicates of Trust Wallet or MetaMask. As with fake websites and links, the best way to ensure that you are downloading the authentic app is to visit the platform’s official website and then follow the mobile link from there.
Another aspect to look out for is the reviews. An established app will have thousands of reviews which are mostly positive. If there are only a handful or none, then that is a red flag.
NFT God, a well-known crypto influencer, fell for this scam in January 2023 when he Google searched for a link to the free OBS streaming suite. However, when he did so, a malicious advertisement popped up at the top of the screen, which he clicked on and inadvertently downloaded spyware and phishing software instead.
He initially thought the software simply wasn’t working on his computer and left it at that. This meant that it took a while for him to realize that something was wrong.
It was only after 16,000 of his fans had been sent phishing emails from the hackers; over $30,000 USD worth of NFTs were stolen from his wallet, and the scammers had Tweeted two malicious links on his Twitter account that he realized what had happened.
NFT God revealed the entire story over a series of Tweets after he deleted the phishing Tweets.
6. Celebrities and influencers are not reliable sources for investment advice
We have already looked at the example of Logan Paul, but a general rule is that an influencer cannot be trusted when they are shilling their own product. But even if it is not their own product, you should be skeptical about the projects that they are promoting.
Whenever anyone promotes a project as a quick way to make cash, you should be wary, regardless of whether this is in the cryptocurrency space or a more mainstream investment opportunity. With a few exceptions, there are very few ways to make a lot of money fast, and even then, it’s mostly luck.
Furthermore, influencers and celebrities are often paid to promote a certain project or given free tokens by the developers. This automatically makes them biased and therefore unreliable regarding the project. Essentially, you should be wary of people who have a stake in the success of the project.
This recently came to light with Bored Ape Yacht Club and the celebrities issued with a class action lawsuit after creating artificial hype around the NFT project.
The basis of the allegations was that the crypto community had been led to believe that the celebrities themselves, such as Justin Bieber, Madonna, Snoop Dogg, Gwyneth Paltrow, and Jimmy Fallon, had spent hundreds of thousands of dollars on their BAYC NFTs. But in fact, they had received them for free on condition that they signed non-disclosure agreements regarding where they received these NFTs from.
The headline-grabbing attention generated by these celebrities owning BAYC NFTs sent prices skyrocketing. Investors were left exposed when prices subsequently plummeted.
7. Beware of phishing scams
Another common con is when a scammer contacts the victim through email or direct message with a ploy to get the victim’s private key. This can be through ransomware threats, posing as a member of the wallet’s security team, or even just creating a believable story whereby the victim thinks that they will be making a large profit by helping out the bad actor.
Remittance scams also fall under this category. These entail the scammer asking for help to unlock locked funds with the goal of tricking the victim into sending them their crypto or redirecting it to another address hidden in the smart contract coding.
This is similar to giving someone unlimited access to your bank account, only worse in that all transactions are irreversible. And it is even harder to track down the scam artist than it is with more typical scams.
Never give your private key to someone. No one is entitled to your keys, especially over the phone or by email.
Bored Ape Yacht Club (BAYC) NFT owners are often targeted for phishing scams. One of the earliest instances was on August 25, 2021, when a Twitter user who goes by Sohrob.eth Farudi was tricked into revealing his MetaMask private key on Discord. This resulted in him having 250 ETH worth of NFTs being swiftly siphoned from his wallet.
8. Beware of free offers
A general rule for anything in life: anything that seems too good to be true generally is.
With crypto and NFTs, this is especially true if the offer requires an up-front fee. Additionally, sometimes free tokens sent to you contain malware that could siphon your account if the transaction is approved. Airdrops from a company’s official site or from official sources such as cryptocurrency exchanges are generally ok. But avoid clicking random YouTube ads or pop-ups on websites for free drops.
This is a common ploy with reverse phishing scams where the scammer will attempt to win the victim over by offering them their own private key as a token of goodwill. These scams usually involve the user verifying that the scammer’s wallet does indeed contain the promised crypto.
However, when they try to send it to their own account, they discover that this requires a transaction fee. But when they attempt to pay the fee, it gets redirected to another wallet. They are thereby tricked into losing a comparatively small amount of crypto.
9. Do not engage with DMs
These scammers usually reach out to the user in a DM on a social media platform in various forms. Most people are aware of the ‘Nigerian prince’ and ‘someone stuck in a foreign country,’ but the main type usually used nowadays is the romance scam.
This entails the scammer reaching out to the victim via social media and catfishing or tricking them into believing that they are involved in a real online romance with someone.
This person will slowly win their victim’s trust before either convincing them to invest in a non-existent project or Ponzi scheme or to send them some crypto to help them out with a tough financial scrape they are in.
These scammers can also take on the guise of investment advisers. It is important to realize that neither beautiful women nor investment advisors usually reach out to random strangers on the internet. Women will usually use a dating site or app, while investors are typically approached by interested parties, especially if they are successful advisors.
In January 2021, the BBC reported on such a case. The hapless victim fell for a romance scam that cost him £150,000 ($184,000 USD). The man was the perfect target; someone who had just suffered a break-up and was looking for companionship online. In his case, he was catfished through a dating app where the ‘woman’ named ‘Jia’ won him over and claimed that she wanted to move to the UK to be with him.
Jia tricked him into revealing that he owned BTC and then into downloading a trading app that she recommended. He used the app and made money on almost every investment she recommended, which lulled him into a false sense of security until he finally invested all of his BTC, which was quickly wiped from his account. This was a mix of several scams, romance, get-rich-quick, and a fake trading platform.
10. Keep a low profile and secure your mobile device
Another scam that people can fall victim to is SIM swapping, where the scammer will exploit a vulnerability in two-factor authentication (2FA) to access their victim’s account. This is a difficult scam to avoid since the scammers will usually contact your service provider and trick them into gaining control of your phone number. This means they will receive all of your messages, including mobile 2FA codes for verifying financial and cryptocurrency transactions.
This happened to Michael Terpin in January 2018 when a group of scammers, including 15-year-old Ellis Pinsky, managed to trick mobile operator AT&T into conducting the SIM swap. This gave the scammers access to Terpin’s crypto portfolio, valued at $24 million, which they siphoned. There was a happy ending to this story, though, as Terpin successfully sued the mobile operator and was awarded $75.8 million in restitution fees. The scammer ring was also tracked down and arrested and is currently serving time.
The best way to avoid these scams is to try to remain anonymous. Once people know you have crypto, it makes you a target, both in cyberspace and in real life.
Another tip is to avoid sharing personal information online. To commit fraud, scammers need the basic information that service providers request to verify a customer’s identity. So it is vital to keep your social media profiles as private as possible – strangers should not be able to view your Facebook profile, for instance.
Next, make sure that your phone and SIM are password protected. Fingerprint and facial recognition are also useful tools for keeping your phone secure. That way, if stolen, it is harder for criminals to get into your phone to access your email and other 2FA codes.
Another method is to lock your phone number with your service provider. You can call them to Number Lock your number from unauthorized SIM swaps. This will mean that the only way to perform a SIM swap will be for you to either provide the password or physically visit their store.