Crypto Security Guide for 2023: All You Need to Know
Today, we will tell you about the key things of crypto security using examples of cryptocurrency scams, so that you can sleep peacefully.
Such an epic beginning suits well to describe the cryptocurrency market. Cryptocurrency is like the Wild West, a mythical land, where numerous scammers, enemies, and regulators (hi, US SEC!) operate at all levels. Think twice before making any decisions.
The boom of fraud began with mass adoption, somewhere around the time of the pandemic. Back then, every other developer who knew the basics of Node.js and blockchain architecture was creating their own project. Windfall profits allowed for the creation of pyramid schemes or copies of play-to-earn, move-to-earn, and so on. Many NFT raffles could be entered by completing simple social tasks: subscribing to this or to that. Many remember Gleam raffles for an airdrop of some no-name project, hoping for a couple of bucks.
So, without further ado, here’s our guide on crypto security based on real examples of scam.
Scams using Whitelist
When you fill out forms to get into a Whitelist, or even just follow a project, you join official Telegram and Discord groups (other social networks are also possible). Everyone would like to win at least once in giveaways. A guardian angel descends from the heavens and you receive a personal message saying “you have won” or “you have been chosen” shortly before the token is released on the market. They send you contract details or ask you to click on a link.
These will be 100% scammers. They monitor users who have joined the groups and start sending private messages.
Never click on links from private messages, do not respond to them, and immediately delete/block the chat to avoid losing your hard-earned assets. Here’s an example of a scam message in Telegram:
Example of a scam distribution in Discord:
How to avoid unwanted messages? You can minimize the occurrence of such messages through security settings in the applications:
- In Telegram, we recommend disabling the ability for others to add you to groups;
- In Discord, there is a function to prevent receiving private messages.
Don’t hesitate to close and delete private messages from unknown contacts because the administrators of the projects you follow will never message you first.
If you come across a phishing website, don’t be a “fish” and don’t let yourself be deceived. But how can you tell if a website is legitimate? Well, first of all, pay attention to the links. Often, they are strange domains like .io, .xyz, and so on. Also, look at the name – adding a couple of extra letters to the URL is a common trick used by phishing sites.
If the project is already launched, you can verify the information on CoinMarketCap or CoinGecko, where you can even find the token contract address.
OTC stands for Over-the-Counter, which is a flea market where crypto enthusiasts buy and sell whitelists or wallets with access to a project.
However, just like any market, there are scammers lurking here, ready to take advantage of you. The escrow (the person who moderates the transaction) may conspire with the seller, or the seller may withdraw your funds from the wallet.
We recommend using only trusted OTC platforms (the more subscribers, the better), always reaching out to escrows, and verifying if the escrow mentioned in the OTC matches the person you are communicating with. In general, it is highly recommended to carefully verify the sources of information to avoid losing your funds.
Such deception with fake QR codes occurs when scammers create counterfeit QR codes to trick users into authorizing actions and performing other operations.
Often, after scanning the code, users are redirected to phishing pages where assets are deducted. And if you kindly grant permission for the deduction, the scammer will drain your assets.
Sometimes scammers insert fake QR codes into announcements of hype airdrops or retrodrops. However, in reality, users are required to perform another operation to receive these tokens, and that’s when the trap is triggered. The scammer gains authorization to transfer assets, and the funds from your wallet start disappearing.
Scammers also like to send links or QR codes of fake wallets for you to use them to receive payments. Unknowingly, by clicking on all the buttons, you end up on a fake page with a transfer. And if you didn’t guess right, the scammer will swindle you out of money.
Therefore, after scanning a QR code to transfer funds to a wallet, carefully examine the details and icons on the page to avoid encountering a fake and ending up in a loss.
Suddenly appearing airdrops in your wallet are simply a way to authorize them in order to steal the balance of your wallet or withdraw your assets in the form of high miner fees, such as CGB on BSC.
Usually, you can verify such tokens through contract scanning. Copy the contract address and check it in an explorer — most of the time, they are quickly marked as scams. You can also use the following service to verify contract data!
By attempting to sell these tokens, you give permission to the contract to interact with your funds in the wallet. And such interaction usually has a negative impact on your wallet balance: the value tends to approach zero.
Very often, the name of such tokens includes a website (usually with the .io domain), where you will be offered to sell them. Never interact with these websites (we have already discussed phishing earlier, remember not to be a “fish”).
If you have still connected your wallet to an unknown website or even signed a transaction, granting access to your wallet, all hope is not lost. You can cancel/verify the permissions granted by using special services like Unrekt or Revoke.
It is an axiom that sharing your seed phrase is not allowed, or else you’ll be in big trouble! It is essential to write it down on a piece of paper and store it somewhere safe, not in notes on your phone. There are two most common ways to obtain a seed phrase:
- Phishing: Scammers can create a fake web page that looks like an official wallet site and ask you to enter your seed phrase for “security verification” or similar purposes. Once you enter your seed phrase, they can use it to gain access to your crypto assets.
- Phishing through apps or extensions: Scammers can create wallet clone applications that look and function exactly like genuine wallets but collect your seed phrase when you enter it.
Also, there is a rather amusing scam method: “F*ck crypto! Here’s my wallet”.
Imagine you’re in a chat, and someone writes, “I’M DONE! I’M LEAVING!” and shares their wallet seed phrase. Out of curiosity, you enter that seed phrase to check if there are any tokens in the wallet. And – JACKPOT – at least $500!!! Usually, such an amount is in some unpopular token on the BSC or ETH network. You notice that you can’t withdraw it without BNB or ETH because you need to pay the network fee.
You send a certain amount from your wallet to cover the fee, and immediately that amount disappears – the bot withdrew it, and you won’t be able to reverse it. Those are the fastest artificial hands in the Wild West! There have been cases where many people sent $100 to $500 during the peak of Bitcoin because the fees on the Ethereum network were exorbitant.
Used ‘Cold’ Wallets
Purchase cold wallets only from the official manufacturer’s websites. Marketplaces, online stores (even major ones), classified platforms, and especially used devices can pose a risk to your funds.
Pump Channels on Social Media
Pump groups or channels on platforms like Telegram, Discord, and others resemble the infamous scam of “I’ll teach you how to beat the casino.” In this case, the winnings remain solely with the group administrator. Such channels usually propose collectively “pumping” a rare and cheap shitcoin on exchanges or DEXs. These are coins that are hardly traded and are worth less than a fraction of a cent. Sometimes, they include larger coins with low liquidity.
There are two ways these channels operate:
- Pumping shitcoin on a DEX, such as PancakeSwap. In the end, the administrator withdraws all the liquidity, and subscribers cannot sell the coin, resulting in a loss of their invested funds.
- Pumping a larger altcoin on Binance and other exchanges, where the administrator opens a long position, provides a signal in their channel, and after the pump, pockets profits ranging from 10% to 30%. Subscribers sell their coins with a significant deviation from the market price and lose money.
Ultimately, you either end up in a loss or holding a worthless asset. Some people continue to dream of a wealthy life and don’t see past these naive dreams. Be smarter and more cautious!
Summary: 10 Tips
- Never entrust your funds to others for management;
- Avoid purchasing tokens that could turn out to be scams, especially on decentralized exchanges like PancakeSwap, regardless of promised returns;
- Never send funds to unfamiliar individuals;
- Stay away from unknown tokens and decentralized exchanges as they can compromise your wallet;
- Avoid acquiring NFTs from unverified sources as they can compromise your wallet;
- Don’t trust information about listings on Binance and other exchanges unless it comes from verified sources. Banners or posts can be easily manipulated in Photoshop;
- Never open links from unfamiliar individuals as they can infect your computer with malware;
- Don’t participate in IDOs/ICOs through unverified channels as it can lead to fraud;
- Avoid participating in “pump” schemes organized by channels as it only benefits the administrators of those channels;
- Never enter your wallet’s seed phrases for MetaMask and other applications when interacting with any websites, as it enables scammers to steal all your funds.
And an exclusive bonus tip that is implied in every above mentioned example – think twice or even thrice before making any decisions!
Always remember: no one can be certain they won’t encounter an unwanted scam. These crafty scammers will try to deceive you at every step. It’s impossible to list all the scam methods as they emerge like mushrooms after rain. Stay away from unverified sources and cultivate basic vigilance within yourself. In doing so, we’re confident that everything will be fine!
How can I protect my cryptocurrency from hacking and theft?
To protect your cryptocurrency from hacking and theft, there are several measures you can take. First, use a reputable and secure wallet to store your crypto assets. Enable two-factor authentication and use strong, unique passwords. Be cautious of phishing attempts and avoid clicking on suspicious links or providing sensitive information. Keep your devices and software up to date with the latest security patches and antivirus software. Use hardware wallets for added security, as they store your private keys offline. Regularly back up your wallet and keep the backup in a secure offline location. Be mindful of the security practices of crypto exchanges and platforms you use, opting for those with strong security measures in place. Lastly, stay informed about the latest security threats and best practices to protect your cryptocurrency effectively.
Are there any specific precautions I should take when using online crypto exchanges?
When using online crypto exchanges, it is important to take specific precautions. First, choose reputable and well-established exchanges with a strong track record in security. Enable two-factor authentication and use a unique, strong password. Be cautious of phishing attempts and carefully verify the website’s URL before entering sensitive information. Use secure and encrypted connections when accessing the exchange. Regularly monitor your account activity and set up alerts for any suspicious transactions. Withdraw your funds to a secure wallet rather than leaving them on the exchange.