Web3 Scams: Protecting Your Crypto Assets

How to avoid common hardware wallet scams

Scams are an unfortunate reality in the crypto space. With the rapid growth of the crypto ecosystem, the number of scammers has also increased. While there are measures you can take to stay safe, they are not foolproof. Even a hardware wallet, which protects you from hacks, cannot shield you from falling victim to a scam.

Crypto scams come in various forms, but they all have one goal: to steal your digital assets. These thefts are often not as straightforward as a physical mugging on the street. Scammers may be skilled hackers who gain access to your web2 device (computer or mobile phone) through your internet connection. Alternatively, they may be adept manipulators who convince you to willingly hand over your funds. In some cases, scammers use a combination of methods throughout the scam.

Since blockchain transactions are pseudonymous, finding the culprits behind crypto crimes can be challenging. Your best defense is to know how to avoid risks in the first place. So, let’s explore some of the most common crypto scams in 2024 and how you can spot them.

The Most Common Crypto Scams in 2024

While it’s impossible to list every scam you may encounter, here are some of the most prevalent ones you should be aware of:

Rug Pulls

Rug pulls are perhaps the most well-known type of scam in the crypto space. In a rug pull, founders launch and market a token, attracting investors through FOMO-style marketing. Once the coin’s price inflates, the founders sell a significant portion of their shares, depleting liquidity and leaving investors with worthless coins. In some cases, the founders continue communication with investors and blame the project’s failure on mistakes rather than malice. Regardless, the outcome is the same: investors hold worthless coins, and the founders siphon off funds gradually.

Pump and Dumps

Pump and dumps involve groups strategically manipulating the price of a coin. These groups, composed of friends or investors who have never met, collaborate to hype up a specific asset through social media. When unsuspecting investors start buying the coin, the original group dumps their holdings, leaving new entrants with worthless coins.

Phishing

Phishing scams occur both within and outside the crypto space. Scammers pretend to be someone else, such as a reputable platform or service, to trick you into revealing your login details, secret recovery phrase, or approving malicious transactions. Always double-check the URL of websites and confirm the blockchain address of any site you interact with.

Airdrop Scams

Airdrop scams involve bad actors airdropping tokens directly into your crypto account. These tokens may lead you to phishing sites, install malware on your device, or initiate malicious transactions to drain your funds. Avoid interacting with any unknown tokens or suspicious airdrop offers.

Compromised Accounts and SIM Swapping

Compromised social media accounts due to SIM swapping are prevalent scams in 2024. Scammers gain control of legitimate figures’ social media accounts by redirecting two-factor authentication codes to their devices. They then post links to malicious websites, often disguised as exclusive digital asset offers or limited edition opportunities. Be cautious of time-sensitive offers from famous individuals and always do your research.

Cloud Mining Scams

Cloud mining companies rent their mining hardware for a fee and a share of revenue. However, many cloud mining services turn out to be scams. You can’t oversee their actions transparently, leaving you unsure of the number and cost of their mining rigs. Research a cloud mining service’s reputation before investing to avoid these scams.

Investment Schemes

Investment schemes exist both inside and outside the crypto realm. Scammers trick you with enticing investment opportunities, often promising quick wealth. They may ask for crypto payments or downloads of apps that grant them access to your wallet. Avoid “get rich quick” schemes and exercise caution with investments.

Fake Crypto Job Adverts

Scammers exploit people’s desire for crypto-related careers through fake job listings. They may request crypto payments to initiate your role or ask you to download malware-infected documents or software. Always verify the legitimacy of job opportunities and avoid sharing your private keys or recovery phrases.

Fake Apps

Scammers create fake crypto apps available for download on reputable platforms like the Apple App Store or Google Play Store. These apps convince users to deposit cash or make crypto purchases but result in financial loss. Beware of apps requesting payment to allow withdrawals or claiming tax obligations before accessing your crypto.

Giveaway Scams

Giveaway scams entice victims by promising free money or prizes in exchange for following instructions. Scammers often pose as influencers or celebrities to gain legitimacy. The scam involves signing up on a malicious site or clicking deceptive links, resulting in the loss of your crypto assets. Be wary of any giveaways that require you to provide personal information or access to your wallet.

Impersonation Scams

Scammers impersonate high-profile individuals or reputable organizations to gain access to your funds. They may pose as government officials, claiming your assets are frozen and demanding payment in crypto to resolve the issue. Others pretend to be from well-known companies or services, tricking you into revealing your private keys or making unauthorized transactions.

Blackmail or Extortion Scams

Extortion scams involve fraudsters threatening to publish explicit personal content unless you pay them in crypto. They emphasize urgency, giving you a limited time to send the crypto before they expose the material. These scams prey on fear and exploit personal vulnerabilities.

Romance Scams

Romance scams target individuals through deceptive online relationships. Scammers create fake profiles, establish connections, and manipulate victims into sending crypto or investing together. Once the scammer achieves their goal, they disappear, leaving victims deceived and defrauded.

How Do Crypto Scams Work?

Scammers employ various methods to target individuals and steal their assets. They may use one or multiple tactics simultaneously to achieve their goal: taking your money. Let’s dig deeper into how crypto scams work.

Malware or Spyware on Your Internet-Connected Device

Many common crypto scams exploit malware or spyware, leading you to download malicious software on your internet-connected device. Malware changes your device’s screen, tricking you into approving malicious transactions. Spyware allows attackers to access your system files, including private keys stored on your device. Hardware wallets mitigate this risk by enabling offline transaction signing, ensuring your private keys remain secure.

Exposing Your Secret Recovery Phrase or Private Keys

Scammers may target your private keys or secret recovery phrase through malware or social engineering. Revealing this sensitive information compromises your wallet’s security. Never share your secret recovery phrase with anyone or input it into suspicious apps or services. Hardware wallets provide an additional layer of protection by ensuring your private keys remain isolated and encrypted within the device.

Approving Malicious Smart Contract Functions

Bad actors exploit blind signing to deceive you into signing malicious smart contract functions. They leverage the complexity of these functions, such as the SetApprovalForAll function, to gain access to your assets. Approving these functions allows them to execute tasks involving your wallet without your knowledge. Carefully review all transactions and contracts before approving anything.

How to Mitigate Risk When Interacting With Web3

While it’s impossible to eliminate all risks, you can take steps to mitigate them when interacting with Web3.

Use a Hardware Wallet

Invest in a hardware wallet to protect your crypto assets. Hardware wallets store your private keys offline and enable offline transaction signing, shielding your funds from malware and spyware attacks. They offer physical confirmation, ensuring only the true owner can approve transactions. Hardware wallets, like Ledger devices, employ secure elements to protect against physical attacks.

Keep Your Most Valuable Assets in a Cold Account

Segregate your crypto assets into multiple accounts, with one account reserved as a cold account. A cold account operates separately from other accounts and avoids interacting with smart contracts or unknown wallets. By keeping your most valuable assets in a cold account, you reduce the risk of exposing them to malicious approvals or smart contract manipulations.

Don’t Click Any Links

Avoid clicking any links associated with crypto transactions or interactions. Malicious links can lead to phishing sites, malware downloads, or unauthorized transactions. Always verify the legitimacy of websites and platforms before proceeding. Hardware wallets eliminate the risk of clicking malicious links as transactions are signed offline.

DYOR (Do Your Own Research)

Always conduct thorough research before engaging in any crypto transactions or interactions. Verify the trustworthiness of projects, individuals, and platforms. Check official websites, block explorers, and contract details. Don’t rely solely on recommendations or claims from influencers or celebrities. Trust only verified information and exercise caution.

Final Thoughts on Crypto Scams

Crypto scams are prevalent, but they should not deter you from participating in the crypto space. By using a hardware wallet, keeping a cold account, refraining from clicking links, and conducting your own research, you can significantly reduce the risk of falling victim to scammers. Protect your assets, stay vigilant, and enjoy the opportunities that Web3 offers.

Crypto Scam FAQs

Can you get scammed if someone sends you crypto?

Receiving crypto from someone does not automatically mean you’re being scammed. However, scammers can target you by sending scammy assets with malicious functions. Avoid interacting with unknown tokens or suspicious offers to ensure your safety.

I just fell for a crypto scam… What now?

If you’ve been scammed, take steps to protect your wallet based on the type of scam. If a scammer stole a single asset, revoke approvals on the account and consider moving your assets to a new account. If a scammer has access to a single account, move your assets out and create a new account. If a scammer has access to multiple accounts, set up a new wallet with a new secret recovery phrase and transfer your assets to the new account.

Can you report crypto scams?

Laws regarding crypto scams vary globally, but scammers are increasingly facing consequences for their actions. Check your local laws and report scams to the police. You can also report scams through on-chain methods, such as chainabuse or Etherscan, to help protect others. Consider reaching out to blockchain sleuths who investigate crypto crimes, as your case may help uncover larger scams and bring justice to more victims.