If it’s good enough for Jack Dorsey, Elon Musk, and Tim Cook, surely you can also win big in the crypto game, right? If you’ve got some money to burn, perhaps, and we have a guide for getting started. But you could also be just a few mouse clicks away from losing your retirement funds to a cartoon dog or a “coin” tied to a popular streaming TV show.
With changing prices, coin-based scams, and misinformation from influencers, cryptocurrency is a volatile market, and you need to be careful. According to the Federal Trade Commission (FTC), US consumers lost more than $80 million to cryptocurrency scams in the six-month period between October to March 2020. And the grifts continue; those behind the Squid Game cryptocurrency took off with about $3.38 million earlier this month.
While some scams are pretty easy to spot, others aren’t as obvious. And because the protections in place for fiat currencies like the US dollar don’t typically exist for crypto, once that money’s gone, it’s gone for good. Here’s what to look out for, and how to avoid getting scammed.
Best Practices for Avoiding Crypto Scams
How can you protect yourself from crypto scams? Here are a few things to consider before going all-in on Bitcoin, Ethereum, or other digital currencies.
- Don’t take any information at face value. Investigate the claims being made around any investment, especially if they seem too good to be true or promise overnight windfalls. The 2020 Twitter hack had scam written all over it.
- Don’t trust anyone—government officials, public figures, strangers—who contacts you directly asking for payments in cryptocurrency or offering you an “investment opportunity.”
- Never share your private key or the seed phrase to your cryptocurrency wallet with anyone, and store that information somewhere offline, aka a cold wallet.
- Enable two-factor authentication whenever possible on whatever kind of crypto wallet and exchange you use. But be aware that this is not a sure-fire solution, as we saw when Coinbase was hacked.
- Double and triple-check website URLs. Scammers attempting a phishing scam will copy the URL of legitimate sites and swap letters and numbers—an “l” for “1” or “0” for the letter “O,” for example.
- Reject any offer that requires an up-front fee no matter what, but especially if that fee has to be paid in cryptocurrency.
How to Identify Common Scams
While some crypto scams are unique to the world of digital currency, many of them are twists on existing scams. Some target people looking to invest in cryptocurrency, while others rely on spreading digital cash around in order to steal money without getting tracked.
If someone contacts you with a “once in a lifetime” investment opportunity, chances are you should run the other way. They’ll often claim their company or app is the next big thing, and that you can get rich if you get in on the ground floor. They’ll sell you hard on their product and couple that sales pitch with a sense of urgency, then disappear with your money.
Sometimes this scam takes the form of “investment managers” offering to help grow your assets by giving it to them to invest. They’ll set up what they claim is an investment account for your crypto, but you won’t be able to access your money unless you pay them a fee.
Other investment scams in the crypto space operate like pyramid schemes. The scammer will convince you to pay them in crypto for the right to recruit other people into their program, claiming you’ll make even more money once you bring in others. They claim the more you “invest,” the more you’ll make down the line, but all you end up with are broken promises.
Sometimes a scam company will launch a new cryptocurrency coin or token, claiming it solves some critical unmet need in the market. They’ll pitch you on their product and ask you to buy into their coin as an investment that will pay off a hundredfold later on, then vanish. The Squid Game-based coin is a perfect example of this.
When investing, check out the company’s website to see what they do to protect their customers. Be on the lookout for abundant grammatical errors and typos, which can signal a scam. Search for verifiable reviews from public sources. Searching the company name with “review” or “scam” is a good way to start.
Where conventional phishing scams go for your email or banking login credentials, crypto phishing scams try to get the keys to your crypto wallet. These can also be labeled “technical support scams,” since the person running the scam will often pose as tech support to try and get your information.
Representatives from fake companies—or claiming to be from legitimate ones—will contact you and offer to help manage your crypto if you’ll give them your login credentials. They might also say they need remote access to your computer or other device, or want you to send crypto to a suspicious wallet address.
Never provide sensitive information to people who make unsolicited contact, no matter how convincing or urgent they may seem. If they say they’re with a legitimate company, double-check their information. Coinbase, for example, tells people only to accept calls from the help number or email listed on their website.
Since some celebrities and public figures talk about crypto fairly often on their social media accounts, scammers will organize fake giveaways using their names and likenesses to get money from people. They may even respond to the giveaway post with other fake accounts to make it seem legit. This is what happened when hackers compromised the Twitter accounts of high-profile users with bogus crypto promotions. If it seems weird or too good to be true, steer clear.
The scam posts will often include screenshots designed to make the giveaway seem real, and a link (or even QR code) to a website where people can go to enter. Once there, you’ll be required to “verify” your crypto wallet address by sending a payment. Never trust giveaways that require you to pay anything.
If you get a message on social media or a messaging app like Telegram asking for crypto, ignore it. Legit companies will never contact you unsolicited asking for payments or login credentials.
Some scammers will contact you claiming they have embarrassing or incriminating information about you and threaten to release that information if you don’t send them payment in cryptocurrency.
To make the scam more convincing, they might show you something they obtained via a data breach, like an old password. This will often be all they have, and the person is simply bluffing to get you to give in to their demands. If this happens, it qualifies as criminal extortion, and there are a few actions you should take.
First, mark the email as spam. You can then report the incident to the FBI’s Internet Crime Complaint Center (IC3) and local authorities. Make sure you run a malware scan on your computer or device, just to be safe. If the scammer shows you they have a password you’re currently using, change that password immediately wherever it’s being used. Remember, these scam messages are designed to scare you, which is why it’s called scareware. Don’t fall for it!
Loader/Load Up Scams
These scams are pretty brazen, and consist of someone asking you for your crypto wallet or credit card credentials because they need a higher account limit. In return, the scammer offers a portion of the proceeds they say they’ll make from their investments.
Instead, the victim’s crypto is stolen and they’re often left holding the bag on fraudulent credit card charges. They “load up” the victim’s account with crypto and then take it all for themselves, leaving the victim responsible for the transactions made with their wallet credentials.
Never provide your credentials to a third party, even if they say you can trust them. If you see this kind of behavior on a legitimate, regulated exchange, report it so they can put a stop to it.
How to Report Crypto Scams
If you encounter any of these scams or think you’ve been the victim of a scam, contact the FTC, the Commodity Futures Trading Commission, or Securities and Exchange Commission.
It’s also a good idea to report scams to the platforms people are operating on. If you see a scammer claiming to represent the exchange Kraken, for example, the exchange should know about it. If someone is spreading fake giveaways on Twitter, report it to Twitter.
As with all scams, protecting yourself from crypto-related fraud comes down to keeping your data secure and your eyes open. Remember, no legitimate company will approach you asking for money, and you shouldn’t send currency to random strangers either.
If an investment opportunity seems too good to be true, it probably is. And if someone requires you to pay in crypto (or gift cards, or wire transfer), it’s a scam. Report them, and ignore any further messages.