Top 5 Crypto Scams to Avoid in 2024
Types of Crypto Scams
Most scams can be classified into specific categories: human-related, system-related, and curiosity-driven, with occasional combos of several categories. We will take a closer look at the scam types within each category.
1. Human-related Scams
These types of scams usually originate from having someone reach out to the victim. It is usually initiated through a phone call, direct messaging via social media, or in contact with someone who can "answer your questions". Sometimes it might be a bot at the other end, and even if that's the case, it's still mimicking a human presence.
Fake Romance
The MO: Someone approaches you through a social media platform via direct messaging, a dating app, or even something completely innocuous like a language-exchange website. They'll strike up a conversation, the photo on the profiles are usually cribbed from somewhere else on the Internet, and will almost immediately request to move to a messaging app like WhatsApp/Signal /Telegram. Then, when asked to have a face-to-face conversation, they will give a zillion excuses ranging from job privacy, secrecy ("let's keep things mysterious for it to be more fun") etc.
You'll get a lot of attention from the person initially, creating a heightened state that can be used later. Usually, within a month or less, they will start asking for financial details. Some might even want to ask for your full name or date of birth (so they can send you a present). Soon, they put the squeeze on you with investment opportunities or insider information for a great trade, and they're doing this for both of you. There's also the "can you send me money to buy a plane ticket so that I can see you?" line, which is also used often. When you sound hesitant to comply, they will play the trust card ("Don't you trust me? Is this how you treat your partner?" etc.). If it's a guy scamming women, the doubts will be met with contempt, making you feel awful at the same time. They may even ask/coerce you to set up an account with a cryptocurrency exchange or set one up on your behalf and have the funds processed in this manner. At this point, not only is it a romance scam, but you may also unwittingly be part of a money-laundering scheme.
It's essential to keep a level head when your doubts are met with dismissal. If you're looking for a caring partner, that's jerk/bitchy behaviour, which already tells you this is not a nice person.
What you can do:
- Always demand a video call. If they say no, that's a big red flag.
- Be careful what kind of information you share with the "potential date". It's even ok to give them an alias/handle instead of your real name. Keep content superficial like hobbies/interests, current news, TikTok vids etc. Try not to mention anything work or family-related. If they insist, play the mystery card back at them. Even things like aspirations, hopes and dreams are dangerous because they can be used as angles for the scam to play out.
- Don't be afraid to ask lots of questions regarding any financial arrangements. Even if you don't want them to think you're an idiot, if it's someone who truly likes you for who you are, this won't faze them.
There have also been cases where they might say that they've put your real name down on some legal-sounding document and that if you don't oblige, you're going to get sued/go to jail/your family will find out (moving into shame territory) etc. It's easy to panic in times like these, so stay calm, give yourself a few moments for some deep breaths, and try not to sink into the fear. Usually, the fear of something is greater than the actual thing.
Fake Technical Support
The MO: You need help with something, whether it's navigating a DeFi platform or you have a question posted in a general forum, but no one has answered your question yet. Suddenly, you get a message from someone offering to help. A variation of this is that you've already been scammed, and you come across a website or someone (through some nebulous grapevine) who can help you recover your funds for a fee.
Most of the projects' community channels will have a pinned message saying something like "We will never reach out/DM anyone". And it's true. In the interest of transparency, all help provided will be publicly available for everyone else to know. If this sounds a bit too much, like you don't want other people to know your business, you might want to consider growing a thicker skin. No one knows everything, so ignorance is not a cause for shame.
What you can do:
- People are publicly nice but not always privately nice when it comes to strangers. Politely decline offers of private help or suggest posting their request on public channels. Tell them you want the whole world to know how nice they are.
- Even if you started engaging with them privately when caught unawares, pay attention to their offers to help. No tech support needs to know your private keys/seed phrases. It's even more important that you don't enter them anywhere on a website unless you are trying to recover your wallet (more on that in a section below).
- If they offer to help you but need you to install remote access software like TeamViewer or AnyDesk, on your computer, politely decline.
Employment offers and Fraudulent Employees
The MO for Employment Offers: If you are a disgruntled employee looking for a better job offer, you might fall victim to this. You might likely be contacted via LinkedIn or someone who knows you're looking for a change (because you posted this on social media) and approaches you to put you in touch with a recruiter etc. You answer some cursory or basic-sounding questions, and you soon learn you've got the job with incredible-looking pay, super-flexible hours etc. However, all this occurs via text, so there is no face-to-face interaction.
Following that, you might be asked to receive some funds into your account and then asked to withdraw a portion of that money with the remaining as a commission. They will then ask that you convert the cash into the crypto of their choice and send it to their wallet address. All of these requests will be placed under urgency. They're literally urging you to either do this now or lose the job offer. All they want is to hurry you along as much as possible.
Once the funds have been sent as crypto, your bank might notify you that the bank cannot accept the deposit and that the money will be deducted from your account.
What you can do:
- Request for a face-to-face interview, even if making such a request might mean you could lose out on the job offer.
- When the arrangement is for someone to pay you a chunk of money and then ask for it back later, there is plenty to pause for thought. Aren't they concerned that you might not return their funds?!
- Ask as many questions as you need. Get advice from friends and talk about the offer. No harm in doing so if it's legit.
The MO for Fraudulent Employees: Someone contacts you, claiming to be from a legitimate business like Amazon or a company affiliated with a legitimate business and says there is a refund for an item you've just bought. They want to refund the money directly to your bank account. They will ask you to either provide account details or go to a website to enter the details or even ask to install remote access software such as TeamViewer or AnyDesk.
Another variation involves a call from a courier company like FedEx/UPS etc., and they have a package for you that got held up in customs, and you need to pay the tax before you can get the package. Instead of going to the local tax office to pay the taxes, they offer to do it for you either for a small fee or free of charge as part of their excellent customer service.
You could even be getting a call from someone claiming to be the bank staff of your local bank and wanting to verify your details to process some payments being deposited into your account.
Once they have access to your bank details or your device, they may set up an account with a cryptocurrency exchange on your behalf and convert your money into cryptocurrency, which gets withdrawn to their wallet. Since crypto transactions are irreversible, there's nothing anyone can do now.
What you can do:
- Check that the number they call from is actually from the company's official website. Take care that this is the real website and not a website link provided by the caller. If it's your local bank, for example, reach out to the bank via phone or in-person to verify what is going on. If the bank says no, chances are it's a scam.
- Instead of relying on the search engine for the number, search for the company or go on social media to look up their support channels. Verify that the information you have matches different sources.
- Hang up on calls in which you know nothing about, i.e. if you're not expecting a package and got a recorded voicemail message claiming there's a package for you. In some cases, you might even be getting calls from someone claiming to be from the embassy. Just ignore. They won't send the police after you for ignoring a call, even if it's real.
- Politely decline all offers of assistance that use remote access software.
Social media Cryptocurrency Giveaway Scam
The MO: You're browsing on YouTube one day, and suddenly you come across a live chat with a crypto influencer that's been going on for a while. You can rarely catch a live chat, so you click on the video link. You're likely met with something that looks like the image below:The video featuring the celebrity is embedded in the middle of the screen, while the scam website is underneath it, together with the "mechanics" of how the giveaway works. Other variations of this are on Twitter, where the accounts have a verified blue checkmark to make them appear legitimate. These videos are designed with placement, etc., to generate a FOMO reaction from the user.
There is a famous experiment called Pavlovian Conditioning. It involves us making presumed connections between two images. A picture of a man facing left paired with a McD sign results in the natural conclusion of the man thinking of getting some fast food. In this case, the image of a celebrity paired with words around it makes it easy to create the illusion of a relationship between the celebrity and the message surrounding it, which is the actual scam.
The second part of the scam involves a fake website. Somewhere on the website will be a list of "people" who have participated in the offer. There will also be a wallet address waiting to receive payments. However, if you look up the address on the blockchain explorer for the crypto asset, you will either see a lot of entries or none. If there are a lot of entries, I guarantee you won't be able to match up any of the wallet addresses with what you saw on-screen.
What you can do:
- It's okay to miss out on a deal, no matter how good. If you hear the FOMO bell ringing in your head, the best thing to do is to walk away or put your phone down, get a drink of water, and take deep breaths. Wait until the FOMO bell subsides before returning to your device. Then try to think it through carefully.
- When in doubt, tell someone you trust about it. Ask them their opinion.
Once you're out of the throes of FOMO, it would be easier to see through it as a scam.
3. Ponzi schemes
In a nutshell, the definition of a Ponzi scheme is where old investors get paid with huge returns by using the funds from new investors. The underlying product/service sold is vague in nature. One of the most famous Ponzi schemes in crypto was OneCoin back in 2014. If you're interested in the story, check out this video from Guy, where he talks about the top 5 podcasts to listen to. One of them details the whole project from the beginning.
While it's debatable whether the Crypto Queen is a true crypto influencer since she's only shilled for her own project, other crypto influencers in the space are also out to grab your money and run. They entice you into putting up some initial investment, in the form of a fake ICO or something similar, promising exorbitant returns "due to the volatile nature of crypto," which is what outsiders think crypto is well-known for. Of course, during a bull run, you can have legitimate returns that are often over what traditional investments tend to yield, so if you don't understand the space, it's not improbable. And that's where the tragedy happens because sometimes it is difficult to tell the difference.
Meanwhile, once enough people have FOMO'ed in, they are ready with their exit plan, leaving everyone else holding the bag, similar to a pump-and-dump scheme.
What you can do:
- Do more research on your own. Guy has a great video here on how to do so if you don't know how to get started.
- Some basic questions to consider: where's the demand coming from? How are the returns generated? What happens if no new investors join the club? How does the project stay afloat?
Crypto Investment Schemes
Anything that falls under a third-party investment company, registered broker, or financial expert is considered a crypto investment scheme. It relies on the presence of an expert to provide guidance in exchange for a fee. I call this the "trust the experts" scam. It's an acceptable norm that there are financial professionals we consult with to tell us how we can invest and get the maximum returns for our investment.
The MO: You're asked to deposit funds into a company where a financial expert will be there to work with you on how to grow your wealth.
In order to entice you to deal with them, they will offer you too-good-to-be-true promotions and offers, including bonuses for sizeable deposits. There is also the pressure to invest immediately because these offers are only for a limited time to the "discerning few". They might even ask that you create an account with a well-known exchange and fund your account with them through that.
When it comes to making withdrawals, they could either send you a fake token that has no value in place of the crypto deposited, taking a leaf from the LP token playbook, or provide some excuse that may require you to put more money down to get to your funds. Somehow, you'll end up not getting your hands on the returns you were promised even though you could see it on their webpage or system.
What you can do:
- If you feel more comfortable having someone handle your money, make sure it's a legitimate company by looking up all the affiliations and associations to which the company should belong. If it doesn't belong to any, that's a big red flag.
- Google Search the company to death - put in keywords like "scam" "fraud" etc and look up any reviews about the company, especially the ones where people complain about having difficulty making withdrawals. Some of them purposely pick names very close to the actual reputable ones, making it even more difficult to tell the difference. Pay close attention to every word in the company's name.
- Get as much information about their fees and rates upfront as possible.
4. System-related Scams
For this type of scam, there is very little human contact involved. Most of it has to do with technology such as websites, emails, and mobile apps. The general approach is to be vigilant when engaging with these things. Pay close attention to typos and anything else that seems to be off. Try not to ignore these signs even when the FOMO bells are blaring in your head.
Phishing scams
The MO: You receive a text message or email that asks you to sign in to a webpage that you know of, you were in a hurry and didn't pay enough attention. Without realising it, you'd already entered your login credentials into the webpage. Sometimes, you might even be asked to key in your seed phrase for your crypto wallet, especially if you are trying to retrieve lost funds.
Sometimes, the links themselves allows them to install some malware in your computer like recording keystrokes. This lets them capture your sensitive information without you knowing about it.
What you can do:
- When you see a link, resist the urge to click it right away. Think, pause before clicking on it.
- The only time you ever disclose your seed phrase is when you're trying to recover your wallet. No other circumstances warrant it. When you need to do so, triple-check that it is the right website.
Spoofed Websites
Usually, in tandem with the phishing scam are, spoofed websites. These websites look almost identical to the official ones they are trying to mimic. You might come across this website through a search engine or a phishing email/text message. Similar to what is mentioned above, you enter sensitive and secure information on the website while you are under the impression that it's the official one. The scammers gain access to your details and have their merry way with it.
What you can do:
- Bookmark sites that you frequent that require you to log in with credentials.
- Only go to the official sites to do anything instead of arriving via the email/SMS link.
- Look out for typos or anything that seems off or unusual. The devil is in the details.
Fake mobile apps and dApps
Similar to spoofed websites mentioned above are fake mobile apps and dApps. Chances are these usually come from a phishing scam, asking you to click on a link or download this mobile app to do something. If you're asked to do it, please don't. If it's an app you seek out on your own accord, please check that this is the actual app and not a really good fake.
Man-in-the-middle Attack
As the name suggests, this kind of attack is a malicious third-party inserting itself between two routes passing information to each other. It often happens when using public WiFi networks where scammers can intercept sensitive information such as log-in credentials.
What you can do:
- When in public, always turn on your VPN. This software anonymizes your actual location with IP addresses different from where you're at. It's worth investing in a good one, and it's not as expensive as you think.
- Try not to do any financial transactions in a public setting. This includes, but is not limited to, logging into banking sites, resetting your passwords or recovering your wallet. These sensitive actions should best be done in the comfort of your home (with the VPN on!).
5. Curiosity-driven Scams
I classify these scams as curiosity-driven ones because there's an excellent chance you came across them through your research. Not that it's the only way for others to find out about it, but it's not always initiated by someone bringing it to your attention.
Pump-and-dump
In the early days of finance, this happened quite a lot to stocks or any speculative investment. You heard, through the grapevine, that so-and-so stock's price has been going up, and there are no signs of it stopping. While it might not be evident because it is so, most people put their blinkers on and FOMO into it. Early investors "pump" the market with (mis)information about the investment and generally get others to FOMO. Then, after reaching a fevered pitch, they sell off what they have in hand, thus causing a "dump" in the market.
Due to the losses many of the common folk sustained, regulation stepped in to outlaw this kind of behaviour. In crypto, we love decentralisation, but it also means we are susceptible to this kind of shenanigans. Purists might argue that in keeping decentralisation intact, there should be little to no regulation and let the market regulate itself. In contrast, others vouch for some form of regulation to prevent this scheme from happening. Debate aside, these behaviours benefit almost no one and give the industry a bad rep.
Crypto Rug Pulls
Many of you may have heard of the Squid token fiasco. Riding on the coattails of the popular Squid Game TV show on Netflix, the Squid token was created, perhaps as a meme coin, but the developers said they want to do a play-to-earn version of the game with some modifications. Lots of people bought into the vision, and then boom! The project went south with loads of angry bag holders holding worthless tokens.
The difference between a rug pull and a pump-and-dump is that rug pulls are often designed from day one with the exit plan in mind. At the end of a rug pull, the token is essentially dead. A pump-and-dump, on the other hand, is more of a phenomenon, externally encouraged to some degree, for the price of something to rise to stratospheric levels before crashing down, but the token might not be dead and could live to see another pump-and-dump moment.
What you can do:
- Stick to investing in reputable crypto projects. Anything in the top 100 is usually safe.
- When doing research, investigate the worst-case scenarios and whether the likelihood of it happening is high.
- Centralised exchanges usually do some due diligence before listing a token for trading. Use that to your advantage. Stick to trading listed tokens when using a decentralised exchange.
- Look out for token distribution patterns and lock-up periods. Few investors/holders and short to no lock-up period are big red flags.
- If a token has already made huge gains, wait for the price to go down a fair bit before jumping in, even if, while waiting, the price continues to go up. You never know when you're buying near the top.
Fake cryptocurrency exchanges
The MO: You came across an ad, or you heard someone mention on social media that a new exchange in town offers super-low fees and a sign-up bonus. In some cases, you might even find yourself in a text conversation with someone who offers to teach you how to trade crypto in exchange for a commission.
You sign-up for an account, and it usually only takes crypto, no fiat, so you need to convert your cash into crypto first. Then, the sign-up bonus appears in your account, and you start "trading". They might waive all fees for new customers up to a specific period. Along the way, other offers appear to get you to deposit more money into the account.
When it comes to making a withdrawal, though, that's when all sorts of obstacles appear, including a request for a trading license to prove you're a professional trader before allowing for withdrawals. This is, of course, another scam in itself. In short, you're never getting any of your initial investments back, much less any "gains" you might have made.
What you can do:
- Stick to exchanges you know or are listed on reputable sites like Coingecko.
- While it's normal for exchanges to have slight price differences within 2 to 3 decimal points for the same asset, anything sizable is very suspicious. There are plenty of bots out there doing arbitrage trades. If the difference is significant, how is it that no one has jumped on it yet?
- Anything else that seems off about the website, such as only bots for support and no other channel to seek help, typos etc.
- Community websites are too silent or new, despite the many followers listed.
- Look up the domain names of the addresses to check their legitimacy.
Case Study: The Worst Crypto Scams of 2022
Below are the top crypto scams of 2022 highlighted here to show you that even people we think of as experts can also fall foul of a scam.
1. Day of Defeat Project
According to Molly White, founder of Web3 Is Going Just Great, this project had red flags up the wazoo. First, the project billed itself as a "radical social experiment token mathematically designed to give holders 10,000,000X PRICE INCREASE" (🚩🚩🚩). Really?! For everyone? Where are the gains coming from? Another red flag is a "mystery plan" that results in a 1,000,000x price increase as part of the roadmap. How? Details are essential. Wishy-washy talk is always highly suspicious. Finally, the team "promised" not to pull the funds (no smart contract backing this up) in their FAQ, but of course, they did, to the tune of $1.35 million.It started with a crypto investment project called Orfano, founded by Hanad Hassan, a UK crypto investor. His first claim to fame was turning £50 into millions (mad trading skills?!). With Orfano, he intends to give back to the public, donating 3% of its profits to charitable causes. It was likely this intention that caught the BBC's eye. Not content with an article, they made a documentary about him that was scheduled to air before it got pulled when word of the scam got around.
Months after launching the project, the founder and money disappeared, only to resurface later with another project, OrfanoX, with a similar set-up and results. It does make you wonder: did the people in BBC not do enough due diligence? Or was the scam so sophisticated that even they were fooled?
2. Seth Green's Bored Ape went a-traveling
Earlier in the year, Hollywood actor Seth Green, who held a Bored Ape, two Mutant Apes, and a Doodle, was stolen in a phishing attack. This piece of news, other than the holder being a celebrity, is probably not enough of a news article to raise any eyebrows. On a side note, owners of the Bored Apes NFT have the right to commercialise the ape images they own, among other rights.
The interesting twist was that Seth planned to use the Bored Ape as the star in an upcoming animated series. Once the Bored Ape had changed owners, it became debatable whether he could continue with his plans for the series. Long story short, he managed to get the Bored Ape back for $297,000. Given that he paid six figures for the initial purchase, it may sound like a pretty hefty price tag. But if you think about the potential future revenue his Ape can make for him, maybe he could write off the initial loss as a tax loss and the second purchase as a business investment!
3. Axie Infinity hack
Axie Infinity is famous for two things in the crypto world. One is being the project that popularised the play-to-earn genre, putting the P in both. The second was its Ronin hack worth $613 million, one of the most high-profile hacks ever. Ronin was developed as a sidechain to deal with the scalability issue faced by Axie due to Ethereum being the hosting chain. The hack was not due to a smart contract bug but through "swiping cryptographic keys owned by Sky Mavis, the team behind Axie Infinity, and a third-party validator run by Axie DAO". It was discovered when a user could not withdraw funds earned from playing the game.
It's widely rumoured that the people conducting the hack were the Lazarus group from North Korea. The second speculation was that this enormous amount of funds benefited the country for the attention of the US government. So the Tornado Cash sanctions could be the chain reaction triggered by this event. It's the beginning of another rabbit hole; you've been warned.
4. Cancellation of Airdrop from Ukraine
During the early days of the Ukrainian war, the Ukrainian government announced an airdrop for those donating to its fundraising efforts to raise funds. In exchange, donors will be given an airdrop as a kind of reward. This announcement attracted both good and bad actors, like anything else. Grifters sent tiny amounts of ETH to qualify for the airdrop. They're likely looking to flip what they get and make some quick, easy cash. Once the Ukrainian government caught on to this, they decided to cancel the airdrop.
If any project were to pull something like this, it would be classified as scam No. 1 and used as a cautionary tale. But, as things go, people who truly wanted to support the war effort weren't counting on getting the airdrop, so they weren't bothered. The ones who were depending on it inadvertently did a good deed.
For the victims
If you're a victim of a scam initiated by a human, there could be an added sense of personal responsibility which adds to the burden. All of us have our blind spots. Triggers could include concern for loved ones, desire for acceptance or a better life, masked by FOMO. When triggered, the fight-or-flight survival instincts take over, pushing our rational thought process aside. Unfortunately, that's also when we are at our most vulnerable, making us susceptible to things we would not even consider when in complete control of our faculties.