Scammers are the worst. Over the years they’ve honed their craft down to a science, and continue to evolve every day. But they aren’t untouchable, and staying a step ahead is definitely possible.
While some scams rely on romance or fake experts, others are more technical. The good news is that you don’t need to be a super technically inclined person to learn about and (more importantly) defend yourself from these. Check out part 3 of our series covering Common Crypto Scams below!
In the mining scam, someone will reach out to a victim (likely pretending to be a MEW/Enkrypt employee or engaging in a bromance scam) and let them know that there is a life changing opportunity to grow wealth. They offer absurd APR percentages via a “crypto mining program”, enticing any victims to try it out. Little do the victims know that once they deposit money into the website, the money is gone forever. They likely aren’t getting a penny of it back.
After the initial deposit, the scammer will try to milk as much as they can out of the victim by saying that now, their funds are locked, and they just need to deposit X amount more to unlock the funds. After a victim deposits the “unlock fee”, they’ll then be told that they actually under or over paid by a small amount. They’ll need you to deposit that again, but ‘the right amount this time’. This will continue, the scammers will come up with excuse after excuse as to why your money is locked up. In reality, crypto was being sent straight to the scammers pockets the whole time. Because this happens in a self custodial wallet, by the time a victim realizes what's going on, it’s far too late. The scammer has gotten away with the money and covered up their tracks.
How to avoid: Always double check a company's socials before speaking with anyone claiming to be from the team or “support”. Be wary of “too good to be true” APR percentages in crypto. If you ever stake your crypto in a protocol then later find out that your money is locked until you deposit more, do NOT put any more money in. That is a tell tale sign that you are being scammed!
Have you ever had to memorize your friends wallet address so that you could send them some crypto real quick? Unless it was a domain name, most likely not. In this situation, most people will simply copy + paste an address to make sure they have the right one. This is where the address poison scam comes into play.If you copied the wallet address straight from the “Recent Activity” tab in your wallet, you are vulnerable to this scam. The scammer has software that is able to create wallet addresses that are almost exact matches of one another. Specifically, they want the beginning and end of the address to be an exact match because that’s what wallets will typically display. Once the scammer sees you interacting with a specific address (they have software to detect this too), they’ll create a wallet address that is almost exactly the same as it, but with just a couple characters different. They then will send you $0 so they end up on your “Recent Activity” tab.
At this point, they’re hoping that you just copy + paste the address that is now on your “Recent Activity” tab rather than the correct address. Because transactions on the blockchain can’t be reversed, if you ever make this simple mistake your funds will be lost forever!
How to avoid: Before sending a transaction, check the address in an explorer like ethVM to make sure you have the correct one. Alternatively, double check every single character of the wallet address you’re interacting with before any transaction!
Have you ever received an airdrop into your wallet? Chances are you have, even if you’ve never noticed it.
In this scam, the scammer will airdrop tokens into your wallet. “Awesome, I finally qualified for one of those free airdrops!”, you think to yourself. But don’t get too excited. The tokens airdropped into your wallet not only have no real value, but will also drain your wallet of any funds if you interact with it. Either the smart contract itself is malicious or you’ll be directed to a claim website intended to drain your wallet.
How to avoid: Never interact with random tokens airdropped into your wallet! If you aren’t expecting an airdrop, or if you aren’t familiar with the project, it’s best to leave the tokens be. If you do get an airdrop, make sure to do extensive research before attempting to claim it!Reminder: The scammer can’t access your wallet just by sending useless tokens. Until you interact with the tokens you are safe. Even though it may be irritating to see all those valueless tokens, you should never try to send them out!
Malicious Contract Approvals
Building off of malicious airdrops, we have malicious contract approvals. This one is not as common as the fake airdrop but just as dangerous. In crypto, especially DeFi, we’re used to “signing transactions”. If you’ve been here for longer than a few days, you’ve most likely been through the process. Click on a button to begin a transaction, verify it in your wallet, and voila - transaction done. But what if the verification you just clicked in your wallet wasn’t what you thought it was?
That’s the cornerstone of the malicious contract approval. This scam relies on you “signing” or verifying a transaction that ultimately drains your wallet. Fortunately, there is no way to “intercept” real, actual transactions. This means that as long as a DApps is not hacked and its creators are acting in good faith, interacting with a contract won't hurt you. Malicious DApps are created on purpose, with malicious contracts built in to trick people.
How to avoid: Always make sure you’re on the correct website before signing a transaction. Remember that signing transactions and interacting with contracts is unavoidable if you want to interact with crypto. The best way to stay safe in this situation is to do a lot of research and due diligence, until developers of DApps and wallets find ways to make users safer.
One of the oldest scams in the book is the fake website. Scammers will replace hard-to-notice letters in a website so that it ultimately redirects you to a malicious website when you think you’re at the real one.
Some letters that are commonly swapped are lowercase “l’s” and uppercase “I’s”, along with other similar looking characters like “o” and “0”.
How to avoid: Always triple check a link before you click on it and after you arrive. Never connect your wallet to a site that is giving red flags. Bookmark commonly visited sites and check security certificates!
Phishing is another scam that has been around for years. Scammers will send you a malicious link that ends up giving your computer a virus or even worse - attempts to drain your wallet via keylogger or screen viewing software. The scammer will often pose as a company and tell you that you urgently need to take action. They’ll say that your account is at risk or that you’ve won a prize and need to claim it before it expires. In either case, they are trying to get you to click on that link. Do not!
How to avoid: Always have a “degen wallet” and a “HODL wallet”. Always keep your “grail” assets in your HODL wallet and never use that wallet for anything other than sending and receiving crypto. Only use your dedicated “degen wallet” while trying out new protocols and minting NFTs. Never connect to any protocols or mint anything with your “HODL wallet”. Never store your phrase/key online or in the cloud, and never to type it into websites!