How to Avoid Cryptocurrency Scams

The limited regulation of the crypto space is one of its biggest assets – you can trade any number of experimental crypto derivatives with whomever you like. Unfortunately, this is also one of the market’s biggest liabilities. Without stringent oversight from governing bodies, traders are often victims of fraud from bad actors who want nothing more than for them to part with their money. Fortunately, all it takes is a bit of common sense and a smattering of technical know-how to keep yourself safe.

Common crypto scams and how to avoid them

The blockchains that power cryptocurrencies are decentralized, meaning that their value is largely based on supply and demand. This helps make these digital currencies incredibly volatile, and attractive for scammers hoping to make a quick profit. (Indeed, it can be hard to tell the difference between a scam and a legitimate cryptocurrency investment. And it doesn’t help that lots of people argue that cryptocurrencies themselves are nothing more than a giant scam.) But if you’re aware of some of the more popular scams, you’ll be less likely to fall for them.

Researching a cryptocurrency project before investing in it is one of the best ways to avoid being scammed. To effectively research a project, investigate the team behind the cryptocurrency. Delve into their work experience and the credibility of their advisors. If it’s a company, your investigation should check that the company has an established track record, and research the company’s financials and business model. You should also research online for the name of the company and the cryptocurrency name, plus words like “review,” “scam,” or “complaint.”

If things look dodgy—if the team uses stock images or won’t use their real names, for instance, there’s the possibility that it’s a scam. If the creators won’t tell you who holds the keys to the treasury, or if they won’t submit their code for an audit, exercise caution. That said, novel decentralized finance projects are often published anonymously, and Bitcoin was created by a pseudonymous coder called Satoshi Nakomoto. Some red flags are difficult to avoid.

Note that not all sources of research are reliable and objective. Some influencers do not disclose their holdings: famous celebrities, like Floyd Mayweather and DJ Khaled, have promoted cryptocurrencies without disclosing that they were paid by the projects—and have been fined for doing so.

Phishing

Phishing is when someone tries to scam you by using fake emails, websites, or social media accounts, often luring you in with claims about “free money” from an Initial Coin Offering (ICO) or cryptocurrency investment opportunity.

How to avoid phishing

If someone demands that, say, you send them a bitcoin and they will give you ten in return, they are likely trying to scam you. Similarly, think twice before responding to messages from an important person who would otherwise have no reason to message you. Is the co-founder of Ethereum asking you for a private chat, even though you’ve never spoken to him before? You can probably assume it’s not really him, but rather an impersonator trying to swindle you out of your money. Phishers are everywhere: Discord, Twitter, YouTube, Facebook, WhatsApp, and Instagram. If they come to you, run the other way.

Some phishing attacks may even try to impersonate Wealthsimple. Only contact Wealthsimple through our Help Center, and never give them remote access to your devices or 2FA (2-Factor Authentication) security codes or passwords. One caveat: Wealthsimple agents will ask to confirm a security code, but this isn’t the 2FA code that a hacker would need to access your account, and will be sent separately. Don’t tell strangers your confidential personal information, and never send cryptocurrency to external addresses on behalf of alleged support agents.

Ponzi schemes

Ponzi schemes promise extremely high returns on investments or profits (their graphs conveniently only go up). However, many Ponzi schemes don’t actually invest any of the money they receive; operators fake the profits to make the scheme look successful, and use money from new customers to credit the withdrawals of earlier ones. The whole thing falls apart when new investors stop signing up; eventually, the operators can no longer afford to pay for withdrawals. That’s usually when the schemesters run away with all the money that hungry investors have thrown at them, and disappear from the face of the earth.

Crypto’s home to several high-profile Ponzis. Take QuadrigaCX, the Canadian crypto exchange that shut down after its founder, Gerald Cotten, mysteriously died while on a honeymoon in India, locking all his customers out of the exchange. Forensic accountants from the Ontario Securities Commission discovered that Cotten had been gambling with customer money, using fresh deposits to credit existing customers. It turned out that Cotten had lost well over $100 million by trading customer funds.

More basic Ponzi schemes invite you to invest in, say, a robo-investor or mining pool that will make you rich within a month. But these unruly Bitcoin mining scams or cloud mining scams often turn out to be nothing more than a crypto con.

How to avoid Ponzi schemes

It may sound trite, but avoid buying into anything that seems too good to be true. Ponzi schemes usually offer unrealistic gains and benefits with nothing backing them up other than empty promises. If someone offers guaranteed returns on investments, remember that they might have a vested interest in your investment. The success of Ponzi schemes, after all, depends on the continued investments of suckers–don’t let that be you.

Before investing, try and learn how a coin, project, or company works. Think twice about jumping on board with a project just because everyone else is raving about it. If you’re investing in something without understanding how it works, you’re gambling with your money. Plenty of complicated decentralized finance protocols are incredibly arcane, and it’s easy to lose money in projects that are nothing more than veiled Ponzi schemes. If you don’t understand it, these DeFi coins are cryptocurrencies to avoid.

Rug pulls

A rug pull is when the developer of a cryptocurrency project encourages investments, only to disappear with all the money shortly after. Rug pulls are similar to Ponzi schemes, but the difference is that in a rug pull, the developer doesn’t use early investments to credit withdrawals. Instead, they promise the moon, often through an ambitious ‘roadmap’ that outlines their plans for the future of a project, and then disappear without a trace. According to December 2021 research from blockchain analytics site Chainalysis, rug pulls account for 37% of all crypto scams and drew in $2.8 billion in 2021 alone.

Take Frosties, an NFT rug pull whose co-creators were charged by the U.S. Department of Justice in March 2022 for fraud and money laundering. Marketing their project under pseudonyms, the pair sold 8,888 NFTs for $1.1 million, promising future utility. Just a few hours after they received the $1.1 million, however, the creators shut down the project’s Discord channel and ran away with the money.

How to avoid rug pulls

Research, research, research. If you haven’t heard of the people behind a crypto project, maybe steer clear until they’ve proven their worth. Even then, exercise caution: don’t invest more than you can afford to lose, and don’t put your money in anything you don’t understand. After the project falls apart, you might not be able to do anything. If you can, take your money out of the scheme as soon as possible, as the project’s native coin might have plummeted, and NFTs may quickly become worthless.

Pump and dump schemes

In pump and dump schemes, scammers spread false information about a certain cryptocurrency to inflate its price. When people buy the cryptocurrency in droves, the price of the coin rises astronomically. Unfortunately, that’s precisely when the scammer sells all of their holdings, causing the price of the cryptocurrency to plummet to a much lower price than before the scam started.​​

How to avoid pump and dump schemes

Think twice about who has asked you to invest in a coin, and what they are saying. Anybody who promises coordinated action around the investment of a coin should not be trusted—it’s often illegal to conduct these kinds of groups in the first place.

While not exactly pump and dump schemes — or even scams — there are a lot of coins that have little worth to anyone other than the small community that surrounds them. Such coins are created in a flash, then rise thousands of percentage points within an hour, only to be never seen again. Of course, some meme coins persist; Shiba Inu and Dogecoin, for instance, have become legitimate market forces. But several thousand others have sunk to nothing, often leaving investors holding worthless coins.

NFT Scams

The world of non-fungible tokens has attracted plenty of scammers, too. Non-fungible tokens, or NFTs, are digital assets with ownership rights written into their metadata. Often, NFTs are an image, video or .gif, but dreamers within the NFT industry believe that NFTs could one day represent ownership over your house, car, or an in-game item in a video game.

Before the industry reaches such lofty ambitions, it’ll need to weed out the scammers. NFTs are particularly great at showing who has authoritative ownership over an image, like a photograph of a car. However, while NFTs are one-of-a-kind, the images they point to are easily reproducible, and there’s nothing to stop someone from copying an image and turning it into an NFT of their own. To the undiscerning consumer, a “fake” NFT looks identical to the one that might sell for millions of dollars. But to the people who’d actually pay millions for, say, a cartoon of an ape, the fake NFT is worthless.

How to avoid NFT scams.

Before spending your money, verify that the smart contract of an NFT is the “official” version, and that you’re not buying a replica. Sites like OpenSea use blue checkmarks to help you identify if you’re buying from a legitimate project, and Etherscan lets you check if the NFT is part of the right set. You can also confirm the official collection by visiting the project’s official social media profile, such as Twitter or Discord.

Other NFT projects might scam you in different ways. Some developers might promise an ambitious “roadmap” for their project but run away once they’ve received the money and abandon the whole project, causing its price to crash. To avoid this, research is critical: only buy from artists you trust, or those with a strong reputation within the NFT industry.

Everything Else

Since so many crypto hustles are hard to spot, we’d suggest that you try to preempt some of the attacks by exercising caution. Even if you don’t buy into the newest coin craze or sink a bunch of money into work from a burgeoning NFT artist, here are a few things anyone on the blockchain can do to minimize their chances of getting ripped off:

First, don’t tell anyone your private key or seed phrase, the security codes to the digital wallet in which you keep your crypto holdings. Once that’s out, your crypto is likely to follow, since a hacker can use it to quickly drain your funds. Keep your private key hidden and in a safe place, ideally not on your computer. It’s best to have the seed phrase written on paper and hidden, never stored on any devices connected to the Internet. Even something like Dropbox is at risk, since a hacker could access it — and then access your funds. Wealthsimple Crypto, exchanges, software and hardware wallets will never ask you for your private key or seed words. If someone asks, run the other way.

Likewise, practice strong online hygiene. Install anti-malware services or turn on the ones that come with your computer. Don’t visit nefarious sites – avoid links sent by people you don’t know, or those that Google warns you against visiting, and always check URL links before clicking them – or download software from someone you don’t trust. Doing either could infect your computer with screen capturing programs or scripts that track the keys you input into your keyboard.

Although this might be impractical, to be extra safe you could consider using a different computer for your crypto trades. Alternatively, you could invest in a hardware wallet that only connects to the internet when you want to place a trade, and deposit a smaller amount in a so-called hot wallet – a mobile or in-browser wallet that remains connected to the Internet at all time. And even then, don’t tell anyone that you’ve got one or where you’ve hidden it. The less other people know, the better off you should be.

While you might think it’s safer to avoid a private wallet altogether and instead keep your money on a crypto platform, this is not always a great idea — especially if you have substantial crypto holdings. This is because trading platforms can be hacked or turn out to be scams themselves. If you must leave your money in one of them, do some research to ensure it’s credible, and then switch on two-factor authentication services. These force you to input, say, a code from a text message or email as well as your password, giving you an extra layer of security against anyone who has found your password.

If you use decentralized finance protocols via MetaMask or some other in-browser wallet, think about the permissions you are granting to that protocol. If it asks you to let it move coins from your wallet or place transactions, it’s probably not something you should be using. If you are simply letting the protocol read the amount that is in your wallet, you should be okay. But if the protocol asks you to sign transactions that you do not understand, reject them. This is why it’s best to use a hot wallet when signing transactions, which will avoid putting your main holdings at risk.

If you have been a victim of fraud or cybercrime, tell the police. If you want to report an instance of a scam, fraud or cybercrime, whether you are a victim or not, report it to the Canadian Anti-Fraud Centre.