What bitcoin scams look like and how to stay safe online.
Scammers have been fleecing people since the invention of money, and every new generation of technology sees scammers taking full advantage.
And bitcoin in particular is a scammer’s dream for several reasons:
- Very few people really understand it. This makes it easier to make false promises and unusual moves without getting caught.
- It’s mostly anonymous. It’s a lot easier for scammers to cover their tracks. Once bitcoin or other cryptocurrencies have been stolen, they are probably never coming back to their rightful owners.
- It’s largely unregulated. There are ways for scammers to steal bitcoin without breaking the law, and there are few authorities that will ever go after them.
Fortunately, most of the same rules apply. A bit of common sense will keep you safe from most scams, and a bit of know-how can keep you safe from the rest.
What do you need to look out for?
There are some common scams to watch out for. Most are rehashed versions of age-old tricks, but there are also a few new risks to watch out for.
- Your everyday scam attempts
- Virus and malware downloads
- Ponzi schemes
- Fake and imitation wallets and exchanges
Let’s review each of those in turn.
Your everyday scam attempts
If a Nigerian prince emails you to say that he just came into a fortune in bitcoin and wants to share it, it’s a scam.
If someone claims to be with the Australian Tax Office, and threatens you with legal action unless you send them some bitcoin right away, it’s a scam.
Watch for these kinds of attempts to get hold of your money. Don’t send money or bitcoin anywhere unless you know exactly who you’re sending it to.
The Internet age brought a lot of viruses, malware and other nasties into the world.
Unfortunately, the value, anonymity and entire digital nature of cryptocurrency means scammers can now make money a lot easier with dangerous downloads.
As always, you shouldn’t click on unknown email attachments or potentially dangerous links.
You should also be very aware of bitcoin being used as bait. For example, a post on social media where someone says you can mine bitcoin just by downloading a program or a link to a supposed bitcoin exchange that offers freebies to get you started should always be treated with suspicion.
There are plenty of safe, legitimate and secure cryptocurrency exchanges, but you probably won’t get to them by following strange links.
Instead, do your own research. Do your homework with Google or sites you know you can trust, and seek out your own services rather than trusting the ones that come to you.
The following are two ways to help ensure your security, even if you do get malware:
- Use two-factor authentication every time.
- Use a “cold” offline wallet. A “hot” wallet is one that’s connected to the Internet, while a “cold” wallet is one that’s held offline. Having multiple physical cold wallets in separate locations is usually considered best practice. This is often how exchanges, traders and other people secure the most valuable wallets.
These easy security measures, plus some common sense, can give you the upper hand over malware even if you’re not particularly tech savvy.
To steal from people, malware usually needs to be subtle and sophisticated. For example, the “Cryptoshuffler” trojan.
This trojan has been around since 2016, according to Kaspersky. It infects computers and then sits almost invisibly in the background until the right time.
The right time is when the user copy-pastes a string of characters and digits that looks like a cryptocurrency wallet address. When they do, it simply replaces that address with the Cryptoshuffler’s own wallet address.
Unless the user spots the difference in the address, they’ll end up sending coins to the Cryptoshuffler wallet rather than the intended one.
At the time of writing at the beginning of November 2017, about 23 bitcoin (over US$180,000) in total has been reported sent to the Cryptoshuffler wallet address.
Fake initial coin offerings (ICOs), Ponzi schemes and other get-rich-quick scams
Scammers use many ways to get at your cryptocoins, so let’s shine a spotlight on some of them:
Fake ICOs invite people to get in on a newly created coin that’s going to take off and be the next big thing. These can be tricky because sometimes the creators themselves might not even know that they’re peddling junk.
Avoid ICO scams by knowing exactly what you’re getting into each time. You need to decide for yourself whether a new coin has the potential to take off, and whether the developers know what they’re doing. If you don’t have the know-how to make a judgment, you should probably avoid all ICOs.
How bitcoin Ponzi schemes work
Someone offers an opportunity that promises an incredible return on their money thanks to the magic of bitcoin. A lot of people buy into it, and then someone runs off with all their money.
At first it might look as though it actually works. The numbers in your account might be increasing as promised, and occasionally someone might come out to talk about “how it really works” and changed their life.
But when you actually try to get those funds back, you might find that the “customer service” isn’t very responsive, or that there are technical issues, or that the money will be returned soon or a number of other excuses. Then one day the company simply disappears and the money is never seen again.
Ponzi schemes can be nefarious in the world of cryptocurrency. Most people know very little about cryptocurrencies, other than that it’s making millionaires. This makes selling big promises easier than ever.
BitPetite claimed to be a bitcoin tumbling service. Tumbling is a real service that mixes up coins to hide their origins, much like a kind of blockchain money laundering operation, but BitPetite wasn’t really a tumbler.
It promised an incredible 4% per day return on people's money, explaining that it needed a flow of fresh bitcoin to tumble, and in return it gave you the 4% commission that it charged for the service.
Like most Ponzi schemes there was an explanation for how it all worked, and it made a kind of sense.
The scammers organised a social media and advertising campaign to attract new users, and they even seemed to actually offer tumbling services and provide different professional-looking investment packages.
Eventually word got out that it resembled a textbook Ponzi scheme, and the flow of new “traders” slowed down. That was its cue to take the money and run.
So one day it announced some routine downtime for maintenance and never came back online again. Everyone who was trading there at the time lost their money.
How to avoid falling for a cryptocurrency Ponzi scheme
- Beware of too good to be true offers. Think about whether the promised returns are really sustainable, and what the numbers actually mean. If it seems too good to be true, it probably is.
- Do your homework. If it resembles a Ponzi scheme, you might be best off avoiding it – especially if there are hundreds of people who agree. Some legitimate services might be accused of being a scam, while some scams might go undetected for a while. When in doubt, don’t spend any money that you can’t afford to lose.
- Check for the signs of legitimacy. Check whether the company is a registered corporation, and whether you can identify the owners. Scammers probably value their anonymity.
Pyramid schemes are popular because they work. Even before cryptocurrency they could still take in millions of dollars for the operators, at the expense of everyone else who gets sucked in.
And there are still plenty of pyramid schemes out in the world, operating in a legal grey area under the guise of legitimate businesses.
Fake and imitation wallets and exchanges
The number one way to avoid the fakers might be to stay on the well-trodden path, and use only the biggest and best-known services.
Better known services are generally safer, but they’re also more likely to attract imitators. These imitations try to trick people into logging on, at which point they’ll take the account details and use that to try accessing your real account.
This used to be a fairly common online banking scam. People would receive an email claiming to be from their bank, inviting them to follow an included link. But the link would instead take them to an imitation site. At a glance it would look like the real bank website, but if an unsuspecting customer logged in, the scammer would get their real online banking username and password.
The same scam can now be found in the world of cryptocurrencies.
- Avoid the new. Let the early-adopters take the risks, and don’t get involved until you can be sure it’s legitimate.
- Use the most popular. There’s safety in numbers.
- Make sure you know what to expect. Once you know what to expect from an exchange or a service, you can more easily spot problems and imitators.
- Always use two-factor authentication. This usually involves having a unique code sent to your phone whenever you need to log in. It can be a hassle, but offers significantly increased protection.
- Check the URL before you sign in. If nothing else, get in the habit of scanning the URL bar to look for the HTTPS and “secure” lock symbol, and checking that the URL is correct.
Poloniex is a large, prominent and legitimate crypto exchange. On one hand, this makes it safer. On the other hand, this also makes it more of a target. One day, some Poloniex users discovered that people were sharing links to the Poloniex mobile app.
The only problem was that Poloniex didn’t have a mobile app. By logging into the imitation app, Poloniex users handed scammers their account details.
Those who used two-factor authentication as a matter of course might have been fine, but those who didn’t would have lost everything in their accounts.