Crypto fraud is nothing new, but scams in this category have reached new heights. More than 4000 of the biggest cryptocurrency accounts have obtained their earnings through illicit means, and crypto criminals now account for 3.7% of the world’s crypto millionaires. How do you protect against seamsters that exploit cryptocurrency to dupe unsuspecting victims? For April Fool’s Day 2023, we list four such crypto scams to protect against.:
1. Crypto rip deals target startups and Web3 entrepreneurs
There are several up-and-coming Web3 companies working on many new ideas. A lot of these projects, however, fail to see the light of day due to a lack of finance. A new generation of crypto-scammers sees this as a potential opening to prey on distressed enterprises that are financially vulnerable.
Often, scam artists pose as seed capitalists or small-scale venture capitalists. Typically, they seek out the creators of companies looking for investment using networking sites. They request numerous specifics, including proof of concept, roadmaps, etc. But, at the final stage, they require the firm to present evidence of assets before the investment is made.
To provide this evidence of funds, the fraudsters ask that the victims set up a fresh wallet and transfer monies across. Yet, after the funds have been transferred, the wallet is mysteriously emptied.
Ahad Shams, the co-founder of Webaverse, provided one of the most renowned instances of this cryptocurrency fraud. According to him, the thieves stole $4 million in stablecoins from the wallet he established to offer proof of payment.
The unique aspect of Shams’ case seems to be that he constructed a new Trust Wallet, a renowned Binance cryptocurrency storage option.
Moreover, Shams created the wallet personally and had full access to its private keys. The first and only action the scammer took was to photograph the wallet’s balance. There was no cause for concern since no important information was visible on the dashboard of the wallet. The fraudster then excused himself, left, and never returned. When Shams subsequently checked his wallet, the funds had vanished.
The most effective defense against these crypto frauds is to be suspicious of unsolicited investment proposals. Always undertake exhaustive and careful research on any potential investor eyeing your project. Anyone asking you to create a fresh wallet – and not use your existing one – should be viewed with suspicion.
2. Crypto Scammers bait employees through Google Workspace comments
Avanan, a cybersecurity firm, has recently uncovered a campaign aimed at luring customers into Bitcoin fraud. As reported by the organization, the business email compromise (BEC) was capable of targeting almost 1,000 companies in only 14 days, which translates to an average of seventy businesses every day.
This crypto scam is distinct from other scams of its kind since it may employ legitimate solutions and does not need them to impersonate any brand.
Using the comments feature offered in Google Workspace, attackers distribute spam redirects. The fraudsters’ website connection is produced by Google Script, a software tool that aids in the development of legitimate business applications. The victim is directed to a fraudulent cryptocurrency website.
Scammers begin the operation by creating a Google account, which they then utilize to publish comments using Google Sheets, in which malicious Links are included. Potential victims are afterward enticed to access the associated URL. The assaults may be direct, including the instantaneous theft of wallet credentials, or their cryptocurrency accounts may be utilized for mining.
What is frightening is that the entire fraudulent scheme will be performed in the garb of an official undertaking, shielded by the trustworthiness of services. Not only customers, but even security providers, will be unable to recognize them as hoaxes.
Cross-checking the email addresses accessible in the comments is the only method to avoid such crypto-scam attacks. Grammatical mistakes, which are typical in scam messages, may also be examined. If you are still uncertain about the validity of the communication, ask the sender if it was intended for you; the scammer will likely not respond.
3. Crypto scammers use airdrops to steal millions from reputed crypto exchange
Popular decentralized cryptocurrency exchange Uniswap lost almost $8 million dollars ’ worth of Ethereum to a sophisticated phishing attempt in this huge crypto fraud. The threat actors utilized the temptation of free UNI tokens (delivered via airdrops) to deceive users into authorizing a transaction that granted hackers complete access to victims’ wallets.
The trap was a camouflaged “setApprovalForAll” mechanism that assigns or revokes the operator’s complete approval powers, thereby enabling the hacker to redeem any Uniswap v3 LP token in the victim’s wallet for ETH. The intention was to lead recipients to a fraudulent website hosted on the name “uniswaplp[.]com,” which impersonates the legitimate Uniswap domain “uniswap.org.” In total, the fraudsters moved 7,574 ETH to an account under their control!
Both crypto exchange operators and customers must take precautions against such schemes. When clicking any button while receiving an airdrop, consumers must confirm everything, beginning with the domain names of landing pages. Companies also need to keep a close watch on scammers and impersonators who cause not only financial losses but also irreparable damage to reputations.
4. Crypto rug pulls to take advantage of the hype around new coins
Rug pulls are a species of exit scam to which DeFi and NFTs are highly susceptible. When you combine the fact that DeFi eliminates middlemen from monetary transactions with the relative simplicity of issuing a new token, you have an environment that is ripe for exploitation by scam artists.
Without undergoing a code audit or any other kind of background check, fraudsters may quickly generate a crypto token and have it published on a decentralized exchange (DEX). Almost 117,000 fraudulent tokens were generated between January and December of 2022, plundering the equivalent of billions of dollars from unwitting investors.
Often, the price of newly listed currencies soars, and enthusiastic speculators may utilize criteria like “recently added” or “top gainers” to seek new, trendy coins without conducting an investigation on the projects. Whenever the creators of the bogus cryptocurrency scheme determine that the value has crested, they will vanish with investor funds, leaving coin holders without any value.
Research is the greatest approach to prevent this from happening. Follow the procedures to properly examine each new cryptocurrency and NFT project, especially with regard to the white paper — that seeks to explain the nature and validity of the project — and the founders. The absence of these collaterals is a surefire red flag.
No More April Fool’s: Security Products to Combat Crypto Scams on the Rise
Even as scammers take advantage of the hype (and lack of regulation) around crypto, industry majors are also stepping up to provide better security measures. Mastercard, for instance, intends to offer a new piece of software that assists banks in identifying and blocking transactions from fraud-prone cryptocurrency exchanges.
The solution, dubbed Crypto Safe, employs “advanced” AI algorithms to assess the risk of criminal activity linked with crypto trades on the Mastercard payment network. The system utilizes data from across the blockchain, an open ledger of crypto transactions, in addition to information from other sources. CipherTrace, the blockchain security company that Mastercard purchased last year, powers this service.
Dextools is also an excellent platform for rapidly determining the status of a token, and it’s compatible with Ethereum as well as Binance Chain. Following a search for the token contract address, users will be able to organize the list of all token purchases and sales by selecting the “Type” column. There is a probability you are witnessing a rug pull if you do not observe any sell orders.
Final Thoughts
April Fool’s Day (and the beginning of a new quarter) is a good time to take stock of the crypto segment, your involvement, and your exposure to risk. The market is rife with crypto scams like rip deals, rug pulls, phishing scams, and more, often taking advantage of trustworthy channels. Just like one shouldn’t be spooked by overcautious crypto trends and myths, it is equally important to not let your guard down and look out for – and report– crypto scams!