Start Investing

Bitcoin Scams and How to Avoid Them

robertstevens

Robert has reported for a variety of international publications including the Associated Press, The Guardian, Vice, and Decrypt. Current areas of interest include the political economy of technology, cryptocurrencies, and privacy. Robert has a Bachelor of Science from UCL, and a Master's degree from the University of Oxford's Internet Institute.

As of February 20, 2020, bitcoin is worth over 12,000 CAD. Given its value, which some speculators believe could increase if the market picks up, a lot of people have an interest in getting their hands on bitcoin. Specifically, your bitcoin. They’ll stop at nothing to get it, so any bitcoin purchased is at risk to a whole host of different attacks, from hackers installing crypto miners onto your computer, to dubious crypto exchanges sweeping your investments into private accounts. Here are the scams you ought to pay attention to, some notes on how to prevent scams, and what to do if you’ve been scammed.

Wealthsimple Invest is an automated way to grow your money like the worlds most sophisticated investors. Get started and we'll build you a personalized investment portfolio in a matter of minutes.

Types of bitcoin scams

Here are some common types of scams.

Ponzi schemes

Ponzi schemes often masquerade as bitcoin wallets or trading games. You’re invited to invest money into their software, which usually guarantees daily returns (which you’re encouraged to reinvest in the software), and often promise to invest all of the money they’ve collected into the bitcoin market. The creators of the software often promise to have cracked the crypto market by using some magic trading algorithm they’ve developed, which is advertised as an endless money stream.

Of course, the catch is that people have to invest lots of money, and invite all their friends to invest lots of money, for the platform to make a profit. And due to the way Ponzi schemes are structured, the amount of money invested into the platform has to keep rising, otherwise the scheme becomes unprofitable, and people start losing money. (Usually this is because that magical trading algorithm a. doesn’t work and b. doesn’t exist).

One example of an alleged Ponzi scheme is EXW Wallet. Here’s how BehindMLM, a website devoted to cracking down on Ponzi schemers, describes it: “EXW tokens are generated on demand by Exchange Wallet, and then sold to gullible affiliates on the promise of daily returns. EXW tokens themselves have no value outside of Exchange Wallet. What value they hold inside the Exchange Wallet is arbitrarily set by the company itself.” True to form, all 2,500,000,000 EXW tokens are, er, worthless, currently valued at $ 0.

Avoid Ponzi schemes, and pyramid schemes. If you’re ever promised unlimited returns—which you can only cash out once enough more people join the network—watch out.

Private key requests

Imagine this: You’ve just received an email that requests your private keys—essentially, your password to your cryptocurrency wallet. Send 'em over, it might say, for security purposes, or to finalize a purchase that nets you, generous reader, some free bitcoin. These emails could be coming from someone pretending to be a representative of an exchange or wallet you use, or a troubled Angolan army general who needs a quick loan.

The solution to this one is easy: Do not share your private keys with anyone you don’t know. In fact, private keys should never be shared—the clue’s in the name—and exchanges will never request your private keys, either.

Dubious ICOs

The scams are essentially this: A company promises to save the world through blockchain, and makes you feel like you’d be a fool not to invest. Excited by the prospect of a life of wealth, you invest. But you’ve been tricked: the company’s a dud, its owners are frauds, and they’re running away with your money. Some might promise to build the products (but won’t), others will simply run away without a trace. And because you’ve invested your money on the blockchain, it’s hard to trace where the money’s gone. Think before you invest in any newly established coin.

Crypto mining software

With this hack, bad actors install software into your computer that steals some of your processing power and uses it to mine cryptocurrencies such as Bitcoin. The software then sends these newly mined currencies back to the hacker. This slows your computer down and hikes your electricity bill.

In August 2019, security engineers discovered that eleven libraries of the popular programming language, Ruby, contained such software. These compromised libraries were downloaded more than 3,500 times. In February, 2020, security researchers also found that hackers had infected some smart TVs with crypto-mining software.

Famous bitcoin scams

Fairwin

Fairwin was a large gambling platform that was suspected to be a Ponzi scheme by crypto cybersecurity researchers. At its peak, around September, 2019, it accounted for 51 percent of all activity on a blockchain platform called Ethereum, and held $ 125 million of customer funds in its system.

It used a referral reward system to encourage new users to join the site. These rewards were given to the first person to use an invite code. When security researchers got wise to the platform, Fairwin’s operators got spooked, and drained the platform of funds before customers could safely withdraw their money.

QuadrigaCX

When QuadrigaCX, a Canadian cryptocurrency exchange, collapsed in 2019 following the sudden death of CEO Gerard Cotten, it left over CAD $170 million of customer funds unaccounted for. According to a report by professional services firm EY, Cotten created fake accounts and credited them with fake cryptocurrencies. Then, he swapped that fake crypto for genuine crypto that users held on his exchange, and redirected the real funds to his private wallet. "Some are suspicious that the CEO has faked his death to escape with the money.

Einstein Exchange

Einstein Exchange, another Canadian crypto exchange, went bust in late 2019. It owed over CAD $15 million to users when it shut down. This debt was far larger than the company’s assets, which totaled just CAD $45,000 .

Einstein Exchange was initially uncooperative with investigators. When investigators came to check up on the company, Einstein Exchange locked the elevators to every floor. And when the investigators asked Einstein’s legal counsel about the matter, they were informed that the legal counsel had quit following the allegations. Investigators are still working out where the funds have gone, but it’ll be a while until Einstein’s customers get their crypto back, if ever.

How to avoid bitcoin scams

1. Keep your private keys safe

If you’ve got some bitcoin, chances are you either have a cold wallet (which is essentially a USB crypto wallet), or a hot wallet (which is a digital wallet you can access online). Both come with private keys and a seed phrase, which are the two pieces of information you need to move your bitcoin around. In both scenarios, keep the keys and your seed phrase to your bitcoin secure, possibly in a vault, and certainly away from any laptop or phone cameras. Also, be careful when you plug a USB hardware wallet into a computer, as it could become compromised on an unsafe device.

2. Take funds off exchanges, particularly small ones

Exchanges are more vulnerable than private wallets for a few reasons. They might turn out to be scams or go bust with funds unaccounted for as, as alleged by customers of the Einstein Exchange. Exchanges are also susceptible to hacking. In May 2019, hackers stole over 7,000 bitcoin from one of the world’s largest exchanges, Binance, worth approximately CAD $88 million today.

Your funds are far safer if you store them in a hardware cold storage wallet such as the Ledger Nano S, and only keep your funds on exchanges when necessary.

3. Don’t download dodgy software

Always question software downloads you find on the internet. Make sure that your connection is secure. If you’re still unsure, look for unbiased reporting on the software or use anti-virus software. Only download software you are certain is legitimate and to be trusted.

4. Don’t trust. Verify

Always make sure that the people you are dealing with are who they say they are before giving out sensitive information or making financial decisions.

Look up emails to see if they’re associated with any scams, and don’t reply to emails in your spam folder. Make sure that websites are secure (check your URL bar for the padlock). As for ICOs, do extensive research on the team behind the coin before choosing to invest.

What to do if you’ve been scammed

Due to the nature of the blockchain, transactions can be made anonymously, and it can be difficult to trace down criminals. But don’t lose hope! It may be possible for it to be recovered. In the event of a hack, for instance, some exchanges will cover you. Binance runs a Secure Asset Fund for Users which protects against any losses.

If your bitcoin’s been stolen by other means: act fast. If your account is compromised, phone the relevant exchange and request your assets to be frozen, and make your best attempts to work out the real-world identity of the thief. Governments and large corporations sometimes use companies like Chainalysis, which traces funds through public keys and links them to real world addresses. Once they’ve been identified, you can take them to court, and judges will handle the rest. If none of the above applies, speak to a qualified lawyer, cybersecurity expert, or law enforcement officer.

Last Updated July 1, 2020

Wealthsimple is investing on autopilot.