Cryptocurrency has become a mainstay in the seasoned investors’ portfolio and a proactive, security-conscious approach is just what is needed to spot a scam from a distance and invest securely in these markets.
The crypto market has garnered a dubious reputation for nurturing a safe haven for sophisticated scammers and hackers.
In this article:
These malicious actors, empowered by the underlying anonymity and the decentralised nature of cryptocurrencies, are pulling off scams in the most inconceivable of ways.
The first half of this year alone witnessed a whopping US$681 million in major crypto thefts, hacks and frauds, according to research by leading cryptocurrency intelligence firm CipherTrace.
The unregulated nature of these markets, combined with the impulsive decisions made by investors, has helped scammers clean out the portfolio of many a novice investor.
Despite all this, cryptocurrency has become a mainstay in the seasoned investors’ portfolio, and a proactive, security-conscious approach is just what is needed to spot a scam from a distance and invest securely in these markets.
How prevalent are these scams?
Gary Gensler, chair of the US Securities and Exchange Commission, warned that the cryptocurrency market is “rife with fraud, scams and abuse” and that “a lot of people will be hurt” if the government doesn’t boost investor protections.
A recent report by the Australian Competition and Consumer Commission (ACCC) revealed that bitcoin payment frauds are ranked second only to the age-old technique of bank transfer fraud.
“Investment scams are more prevalent than ever, and scammers are capitalising on interest in cryptocurrency in particular,” ACCC deputy chair Delia Rickard said.
“More than half of the A$70 million in losses were to cryptocurrency, especially through Bitcoin, and cryptocurrency scams were also the most commonly reported type of investment scam, with 2,240 reports.”
“Be wary of investment opportunities with low risk and high returns. If something sounds too good to be true, it probably is.”
Impersonation and imposter scams
These types of scams typically occur where an investor is duped through social engineering exploits into making a crypto transaction, usually off a hacked social media handle, phishing link, or a cloned website.
A good example is the infamous July 15 Twitter hack last year, where a 17-year-old hacker allegedly pulled off one of the most viral scams by hacking into the verified Twitter account of celebrities and prominent figures including the likes of Elon Musk, Kanye West and Joe Biden.
Collage of tweets from accounts of several prominent personalities.
The hacker went on to tweet through the compromised accounts and shared links to his Bitcoin wallet, promising an offer to double all investments.
In the latest wave of scams, hackers are taking over Instagram accounts before forcing their owners to make hostage-style videos promoting the hacker’s money-making scams.
Rug pull scams
Rug pullers create a worthless token on a decentralised exchange, where the token is traded against an established crypto like Ethereum in a liquidity pool.
What ensues is a pump, where the scammers drive up the hype and price of the token using all methods possible, and, when the time is right, the scammers execute the rug pull by clearing out the liquidity pool and disappearing.
Rug pulls typically occur in the DeFi ecosystem, especially on decentralised exchanges (DEXs) such as Uniswap or Sushiswap, as fraudulent token creators can create and list tokens for free without audit.
One of the cryptocurrencies that garnered high traction last month was a meme coin known as SQUID.
It was inspired by the popular Squid Game Netflix series, with prices soaring over 300% since its introductory price of from less than one cent to an all-time high of $2,856 per coin.
And then, within a span of 24 hours, SQUID crashed and its creators vanished – a textbook example of a rug pull.
The Squid game rug pull.
DeFi – crypto’s wild west
In the past year, decentralised finance (DeFi) market-related hacks and scams have been on the rise, making up 54% of major crypto fraud volume, compared to 3% for all of last year.
The DeFi systems allow for financial products to become available on a public, decentralised blockchain network avoiding intermediaries such as banks or brokerages.
These markets are considered the wild west of the crypto world, where lack of regulation and promise of higher returns have attracted a mixed bag of traders.
Alarmingly, the latest data from CipherTrace confirmed that the $361 million netted from DeFi-related hacks through July already surpassed the $129 million stolen throughout all of 2020.
Things to note before investing
Here are some top tips to consider as you venture into the world of crypto investments:
CeFi vs DeFi
Choosing which platform you are going to operate in is a crucial first step when becoming a crypto trader.
Centralised Finance (CeFi) platforms like Binance and Coinbase would be the safest bet to start trading, as they are simpler and come with a more regulated setting.
However, centralisation also means a single point of failure: crypto exchanges are known for becoming victims to hacks as well.
Regardless, it is always recommended to consider cold storage (that’s taking things offline) when it comes to your crypto assets.
Check credentials of developers
If the developers are anonymous or have a pseudonym –– it’s a red flag.
You should be able to look up the developers, their credentials and past projects. If that information doesn’t add up, stay away.
It is also very interesting to note that Satoshi Nakamoto, the creator of Bitcoin, is a pseudonym.
Social media and telegram participation
Most cryptos will have an active telegram group, Reddit page and even social media handles.
New coin developers face a lot of scrutiny on social media, answering all queries from prospective investors and keeping a healthy online presence is a strong indicator for a legitimate token.
On the flipside, scam coin developers are notorious for removing anyone from groups for asking too many questions.
Auditing smart contracts
It’s always good to check if the cryptocurrency is audited by a reputed third-party organisation.
An external audit is a good indicator of the smart contract soundness, but not necessarily of the project’s soundness.
Check if smart contracts have a time lock to avoid rug pull, while smart contacts for scam coins will not have a lock.
Also, a good rule of thumb: if the white paper is bogus, the coin is bogus.
Invest a very small amount, and then try to pull it out.
Scam coins may modify their smart contracts, making it impossible to withdraw funds.
Finally, using a token explorer, check the distribution of the token.
If the token distribution is limited to a few wallets, and if the token is only listed on DEX platforms — stay away.