“We all need to become Mr. Spock when it comes to investing. We need to be cold and rational and logical.”
This is the advice from Gerri Walsh, SVP investor education at the Financial Industry Regulatory Authority, in the wake of a growing concern of cryptocurrency scams. He warns against dealing with charlatans — and dismisses penny stocks and those guaranteeing a specific return.
Bitcoin scams are prevalent, but other important cryptocurrencies are also under threat. While this is certainly not an exhaustive list of scams out there, this post will help create awareness of the more common attacks and how to keep your money safe.
Calculate The Risk Involved
CyberSponse CEO Larry Johnson advises would-be cryptocurrency investors to know the risks before mortgaging their homes, citing volatile markets and preying fraudsters as major concerns.
Since Bitcoin’s launch in 2009, the markets have been hit by cyberattacks and scams costing investors millions. The added concern, Johnson says, is “cryptocurrency isn’t protected by the FDIC, so losses due to theft may not be covered.”
Johnson suggests hackers directly targeting investors tend to rely on a few common attacks.
Rogue Bitcoin Exchanges
David Balaban at Bitcoinist says social media ads offering bitcoin at less than market value are usually fraudsters trying to lure investors to a phony cryptocurrency exchange service.
The exchange site, if legitimate, should use HTTPS protocol for a secure connection, Balaban warns. This means your browser and the service is encrypted and secured. HTTP alone is a warning sign.
Another sign of a fake exchange is when the site provides a web form requiring the investor to enter their PayPal email and the amount they’d like to sell. A QR code appears to verify the transaction, but the bitcoin is never issued. Instead, the would-be investor’s PayPal account gets hacked.
Relying on the most popular crypto exchanges is a sound way to keep your investment safe.
Fake Digital Wallets
Cryptocurrency is often stored in virtual wallets, and hackers have of course learned to create fake digital wallets. They may appear online or in mobile app stores, so investors think they are getting the app from a reliable source.
Johnson’s advice: Research the wallet before putting your coins into it and consider an offline hardware wallet. On that last note, however, 99 Coins founder Ofir Beigel warns of scammers “selling hardware wallets to users with a ‘pre-configured’ seed phrase hidden under a scratch card.” Hackers can drain funds once the wallet with the compromised seed is activated.
The solution is to choose a wallet from a trusted provider. Sudhir Khatwani at CoinSutra says to look for the following, whether it is a software or hardware wallet:
- Control and own your private keys
- Two-factor authentication, seed backup keys and pin codes
- Active development community for maintenance issues
- Compatible on different operating systems
Twitter Fraudsters Are After Your Bitcoins
An old Twitter scam has been given new life with cryptocurrencies, Lily Hay Newman at Wired writes. While it’s not likely to rake in large sums or convince the more savvy investor, it is still a threat to some.
It works by setting up Twitter accounts closely resembling those of well-known figures like Elon Musk, John McAfee or Ethereum co-founder Vitalik Buterin. The fake accounts respond to a genuine tweet, making it seem as though they started the thread. They promise to send a significant quantity of cryptocurrency to anyone who sends a smaller amount to a particular wallet.
You all know what happens next. It seems so transparent, but Hay Newman gives the example of a wallet posted in a fake John McAfee tweet, promising 20 bitcoin for every 0.02 received. It scored 0.184 bitcoin or about $1,500 in a few hours.
Fake Cloud Miners
So far, we’ve got fake wallets, fake accounts and fake exchanges — but here’s another: fake cloud miners.
Wendy Connick at the Motley Fool explains how in the early days of bitcoin mining, when investors lent their computing power to validate transactions, they’d use software installed on their desktops. Most mining now is done by cloud mining companies, which are remote data centers that mine bitcoins and operate by subscription.
Users pay a monthly fee to get a share of the company’s bitcoin mining profits. Sounds good, except fake mining companies have joined the game. They pay out bitcoins until they have plenty of subscribers and then they disappear forever.
Connick advises researching a cloud mining company to confirm it is legitimate and is run by a known individual or individuals.
This is going to be a tough task though. Jordan Tuwiner at Buy Bitcoin Worldwide says 99 percent of cloud mining companies are acutally cryptocurrency scams. He lists Genesis Mining, which offers three different Bitcoin mining cloud contracts, as the only worthy of his stamp of approval, while full stack developer Jeremy Adams says Hashflare is the only one to trust.
It may be wise to steer clear of cloud mining altogether, but if you do choose to pursue it, be extremely careful of what you’re getting into.
Hacking Emails to Get Access to Storage Service Account
Think of bitcoin as money in a safety deposit box, Jeff John Roberts at Fortune writes. The important question is whether we want to look after it ourselves or hand it over to a third party for safekeeping.
Most people choose a third party service, such as Coinbase, to buy and store their coins. Roberts calls this a “sensible option” as those types of services use security features built into bitcoin. Investors who store it themselves would use the same features; the advantage of outsourcing is simply that it requires less knowledge of security issues.
Whether investors hold onto coins themselves or entrust third parties, Roberts warns that the only way thieves can get your bitcoin is by tricking you or the third party to give them access to it. One way to do this is by obtaining the password for your storage service account. Like any online banking, account holders have a username and password to access their money.
Thieves might also hack into your email account and ask Coinbase to reset your password in order to access your bitcoins.
Roberts advises two-factor authentication for your email account and bitcoin storage service. Sounds obvious, but he warns of SMS-based authentication running the risk of interception and suggests using an app-based verification option such as Google Authenticator.
Pump and Dumps, and Ponzis
Claire Downs at the Daily Dot reminds us of the heyday of the Wolf of Wall Street, Jordan Belfort, who made pump and dumps notorious. The scam operates by investors promoting stock they own, and selling it once the prices goes go up due to the increased demand.
“This is typically seen amongst altcoins (alternative coins) with low buy-ins—a penny per coin—and high return. In reality, buying these penny cryptos can be incredibly risky,” explains Downs.
These classic scams aimed at cryptocurrencies is a mark that “crypto has gone mainstream,” she adds, warning that it’s a red flag when a cryptocurrency business asks for anything more than your payment info, and that you buy coins and store them in a private wallet.
If a cryptocurrency business has you buying and selling items in exchange for tokens to be mined at a later date into a currency, as OneCoin did, that’s a scam, and is exactly the type of scam Downs warns against. There was in fact nowhere to exchange OneCoins, so investors lost the money they paid.
Cold Calls Are Not Just Annoying
Beware of the cold call says Ruth Jackson at Love Money. She points to a London scam in which a fraudulent cryptocurrency business had employees cold calling people to persuade them to invest in fake online money. Nine people lost a total of around $225,000.
While a more established crypto, such as bitcoin, is not likely to be used by cold-calling scammers, the newer cryptocurrencies are. Jackson says key signs of a cold-calling scam are “pressure to act immediately and a deal that sounds too good to be true.”
Keep Bitcoin Safe In Various Wallets
There are a number of wallet options available to investors to help keep their bitcoins safe, Nathan Reiff at Investopedia writes. In some cases they may be able to protect your assets from cryptocurrency scams. They include:
These are accessible from the wallet owner’s desktop with personal security keys installed on the desktop. While it limits where in the world the user can access his or her money, it does make it harder for hackers to get into. It is still not completely secure, desktop wallets are susceptible to hacks if the computer is infected with malware designed to steal bitcoins.
These are more secure than desktop wallets and come in the form of external devices like USB sticks. With no personal information linked to the hardware, transactions are anonymous. While the funds in lost wallets can be reclaimed by using a seed phrase, as noted previously, these phrases can be pieces of malware.
Users can generate a paper wallet online through dedicated websites or generate it offline. They are easy to store, anonymous and essentially “a bitcoin seed written in some way on a piece of paper,” Reiff says.
Images by: elnur/©123RF Stock Photo, 3dsculptor/©123RF Stock Photo, Fizkes/©123RF Stock Photo, Aleutie/©123RF Stock Photo