Phishing emails Spoofed and imposter websites Tech support and security impersonation scams Crypto giveaway scams Employment scams Extortion Man-in-the-middle cyberattacks Investment frauds and pyramid schemes
Do you want to take a deep dive into all the latest versions of Bitcoin and cryptocurrency-related scams? Want to know how to recognize scams and prevent cyberattacks before they happen? Want to learn how to secure Bitcoin and other cryptocurrencies? Read the full article below. Between October 2020 and May 2021 — around Bitcoin’s off-the-charts bull run — phishing, company impersonations, and other Bitcoin-connected cyberattacks and scams surged by almost 200%. Bitcoin’s price shot up by almost 400% to nearly $65,000 during that time. If Bitcoin goes on another bull run, you better believe black-hatted cyber crooks will be coming along too. Looking to get up to snuff on Bitcoin scams? Want to know how to properly safeguard your investments? Read on to find out.
The Six Most Common Bitcoin Scams and Cyberattacks
If you’ve been HODLING (a term for long-term crypto investors who haven’t panic sold through the up-and-downs) you might be familiar with some of these scams and cyberattacks. But if you’re just entering the world of crypto, you need to be aware of the risks. Hackers and cybercriminals are constantly thinking up new inventive ways to steal Bitcoin and other altcoins. If you’ve been making good moves and gains with cryptocurrency, the last thing you want to do is hand it over to some fraudster online. Here are some of the latest crypto cyberattacks and scams to look out for.
1. Email impersonation: Spoofed websites and phishing attempts
This scam is the most common in the cryptocurrency world. Through phishing emails, scammers might impersonate representatives from popular cryptocurrency exchanges like Binance, Huobi Global, or Coinbase. They could also impersonate Bitcoin wallets or other cryptocurrency apps. Oftentimes, they’ll issue a “security alert” in an attempt to alarm you and lure you to a fraudulent site to enter your security and account credentials. This allows them to gain access to your Bitcoin or cryptocurrency account. Fraudsters have become quite talented at recreating websites and making them look like the real deal. They use social engineering to convince people to hand over their personal details too.
How to protect yourself against phishing attempts
Avoid suspicious links: Be wary of clicking links. If a hacker has copycatted a site and changed something minor in the URL — like adding a zero instead of the letter “O” — you could be redirected to a spoofed site. Also, look for grammatical errors, strange wordings, and misspellings in emails. Type it yourself: To protect yourself, it’s a good idea to manually type in the name of the website into your browser to ensure you get to the right one. A little extra time spent to ensure your protection is worth it. Use hints in your browser: Before entering confidential data like passwords, always check the browser. Is there a locked padlock icon in front of the URL? When you look at the full domain name, is there an https:// before the site address? Is the URL the correct name of the site? If this isn’t the case, you could be on a malicious site.
For more tips on how to spot phishing attempts, take a look at our full article about phishing.
2. Phone impersonation: Security and tech support scams
Fraudsters sometimes create false customer support phone numbers for cryptocurrency exchanges, wallets, or apps. Through spam emails and phishing attempts, they’ll try to bait Bitcoin owners into calling with phony security alerts or customer service queries. But beware, because scammers can also call you. Outbound calls are particularly dangerous because fraudsters can spoof real support numbers. Never provide any confidential information when a representative calls you.
What information are phone impersonators after?
Cryptocurrency transactions: A fraudulent customer support agent might ask you to send a transaction to an external blockchain address to “verify” your address. Never make any transactions unless you’re sure of the reason. Passwords and login info: Never give an account password or login information for “verification” over the phone or in an email. You should only enter it in secured parts of legitimate websites. Private keys: Your Bitcoin or crypto secret key is for you and you alone. Never give it to anyone. Remote access: Scammers could request remote access to your device to “fix an issue” you might have. You should never give a cryptocurrency customer service rep (or anyone) remote access to your computer. Two-Factor/multifactor authentication info: Fraudsters could be hunting for 2FA codes or passwords to access your account. Never give these up. They’re there to offer an extra wall of protection in case your passwords are compromised.
3. The man-in-the-middle Bitcoin attack
A man-in-the-middle attack isn’t a scam at all, but a cyberattack that can happen when you’re using public Wi-Fi. This could be at the airport, train station, or a restaurant or coffee shop. A hacker intercepts the data between your device and the internet router. This allows cyber thieves to read any data you send — including passwords, login information, and private keys. If you’ve logged into a Bitcoin app, wallet or account, the thieves can gain access to your Bitcoin or other cryptocurrencies. It’s even possible this could happen at home or on a trusted network if a hacker is close enough to intercept the signal from your Wi-Fi.
How to protect yourself against a man-in-the-middle attack
The best way to stop a MITM attack is to block the middle man. This is easy with a good, reliable VPN. A VPN encrypts all data going to and from your device. So if a hacker intercepts your data at the airport, they won’t be able to read it due to that encryption.
A VPN also protects you from snooping by your internet service provider (ISP). If an employee is abusing access, or someone hacks the ISP, they also won’t be able to decrypt your information due to the VPN. When it comes to security, we recommend NordVPN. They rank at the top of our review list when it comes to security and protection. They’re also our number 1 no logs provider for privacy-conscious users.
4. Social media cryptocurrency giveaway scams
There are countless frauds running fake Bitcoin giveaways on Facebook, Instagram, and other social media outlets. They show off bogus screenshots with fake messages from companies or celebrities like Elon Musk promoting the giveaway. Bot accounts swarm the fraudulent posts, seemingly confirming its legitimacy. However, once you’ve found your way to the fraudulent website, they’ll need your “address verification.” You verify your address by sending Bitcoin to the fraudulent giveaway’s blockchain address. They claim they’ll send you the giveaway after they’ve received the verification payment, but you won’t get that far. The best-case scenario is that you send them Bitcoin and get nothing in return. The worst thing that can happen is you wind up clicking a malicious link, scanning a fraudulent QR code, or entering your account information on the fraudulent site, which can result in a great loss of money.
What to do when you see a Bitcoin giveaway
Don’t use blockchain address verification: Never “verify” your blockchain address by sending Bitcoin or cryptocurrency. Be wary of social media: Manipulated screenshots and forged messages are quite common. Make sure you’re looking at an official social media page, and not a fraudulent one. Do research: There are real opportunities to earn cryptocurrency, like referral programs for crypto startups. Use Google to research the company or entity doing the giveaway. Is it legitimate? Check domains and websites: Check the giveaway URL to make sure it’s legitimate and not a phishing or spoofed site. Report: Always report scams and frauds when you see them.
5. Bitcoin extortion and sextortion scams
Unfortunately, “I know your password” and other extortion scams are making a comeback. What once were low-tech, simple coercion emails have become more sophisticated. Fraudsters and hackers can purchase passwords and corresponding emails on the dark web from old data breaches. So you might see one of your old passwords in the subject of an email. While these scams can make your heart jump, they’re almost always fraudulent. They might also claim to have accessed your computer and its camera, and obtained sexually explicit video or images of you. This is called a sextortion scam. These spam emails are just looking to shake victims up. The end game here is for the perpetrator to get you to send Bitcoin to their blockchain address.
What to do when you receive an extortion or sextortion email
Don’t reply: Don’t answer, and don’t send any payments. You can report the email to the FBI’s Internet Crimes Complaint Center IC3 if you’re in the US. Report international scams at eConsumer. If you receive the message through your work email, tell your company’s IT department. Change your passwords: If you haven’t changed your passwords in a while, now’s the time to do so. Make sure they’re different across each account, and that they contain a combination of uppercase and lowercase letters, symbols, and numbers. Mark as spam: After you’ve reported the email, mark it as spam and delete it. That way future messages from the sender won’t find their way into your main inbox. Run a malware scan: Run a scan to check your computer or device for any malware, just to make sure you’re safe. Check out our full article on antivirus software and have a look our top five picks for more information and tips.
6. Bitcoin investment and business opportunity scams
American consumers reported losing more than $80 million to cryptocurrency investment scams during Bitcoin’s last bull run, according to a study from the Federal Trade Commission (FTC). That’s ten times higher than the year before. Almost half of those victims were between the age of 20 and 39, the FTC said. With this type of scam, companies or individuals will approach you, offering outrageous investment returns and “financial freedom.” Usually, the investment is actually a scheme involving Bitcoin or other cryptocurrencies. There are different kinds of investment scams.
Pyramid schemes
These are recruiting schemes. The idea is that you pay an upfront Bitcoin or crypto payment for the right to recruit. For each new member you recruit for the program — which could provide access to cryptocurrency investing advice, early access to new ICOs (Initial Coin Offerings) or other incentives — you’re promised cryptocurrency rewards. Let’s say you pay $500 in Bitcoin to join the program. For each person you recruit, you might get $100 in Bitcoin back. You offer your recruits a similar deal. The more people you recruit, the more money you make. If you come across a scheme in its early stages that actually pays out, sure, you could make money. But pyramid schemes are illegal for a reason: at some point, the number of recruiters outweighs the potential recruits. Scammers often take advantage of this pay-to-play model without ever actually paying up.
Phony investment managers
In this scheme, you’ll be contacted by “investment managers.” They’ve apparently made millions and are well-versed in cryptocurrency trading. They can also make you millions if you let them manage your cryptocurrency. If they’re looking for small scores, they might ask for upfront fees. If they’re ambitious, they might try to hustle large sums for “investments.” Of course, the chances that they’ll actually win you anything are very slim. Instead, you’ll just lose money by paying them and giving them access to your financials. Be wary of any social media cryptocurrency “experts” reaching out to handle your investments.
Job offers and employment scams
Scammers might also impersonate recruiters and human resources, targeting job hunters. If your resume or CV is posted somewhere online, you might receive an interesting “job offer” letter. Most commonly, fraudsters ask for a cryptocurrency payment to start job training. Or they might be looking for cryptocurrency investors or fund managers. Either way, you’re paying up Bitcoin and won’t get anything in return.
Celebrity endorsement investment scams
The UK removed nearly 300,000 links to fake celebrity endorsement scams this year. These are similar to the giveaway scams in that they use celebrities to rope in victims. Fake news stories are circulated on social media from seemingly legitimate sources like ABC or the BBC. Scammers use real photos with false testimonials from celebrities about huge gains from cryptocurrency investments. In the UK, fraudsters used Richard Branson and Ed Sheeran to push phony investment opportunities, while in Australia, fake versions of Mel Gibson and Chris Hemsworth dolled out testimonials. It’s one of the most common tactics employed when launching crypto pump and dump schemes. Check out this article for a comprehensive list of NFT scams and how to protect your digital assets.
How to Protect Your Bitcoin and Cryptocurrency
Now that you’re up to date on scams and cyberattacks, it’s time to protect your investment. First of all, you should never store your cryptocurrency on an exchange like Coinbase, Binance, or Gemini. Exchanges are for trading, no storing. While these trading platforms have heightened security protocols, they’re a huge target for hackers. Binance was hacked in 2019 and had $40 million in Bitcoin stolen. Fortune estimates that hackers have tried to steal nearly $2 billion in Bitcoin over the past decade and mostly succeeded in doing so by targeting exchanges. So what’s the safest way to stash your Bitcoin and cryptocurrency? And what other ways to protect your money are there? If you’re looking to hold long-term, or just safely store your crypto before it’s time to sell, you’ll need a good digital wallet.
Protect your Bitcoin with a digital wallet
These wallets interact with the blockchain network that cryptocurrencies run on. Each has a private key and a public address. The private key allows you to access the wallet to make purchases, send crypto to other parties, or move it to exchanges. The public blockchain address allows you to receive transactions. There are different kinds of wallets that meet consumers’ different needs.
Cold wallets
Cold wallets are stored offline and are not connected to the internet. These wallets are actual hardware (they look like USBs), are considered the most secure, and carry the least risk. They’re best for long-term investors who want to hold. These could best be compared to safes, vaults, or safety deposit boxes. You can store a lot of money or valuables in them and they’re extremely secure, but it takes more time to get them out. Take a look at the Ledger Nano S Plus to get an idea of a cold wallet. Sidenote: Paper wallets (physically printed on paper with keys and QR codes) were popular in Bitcoin’s early days. However, since the advent of hardware wallets, they’ve fallen out of favor. You’re not physically printing out and storing Bitcoin as a currency, but rather just printing out a digital wallet’s Bitcoin information. Since paper wallets are easy to damage, misread, or lose, they’re not generally recommended. If you are mining Ethereum or Bitcoin, using a cold wallet is a wise idea.
Hot wallets
Hot wallets are connected to the internet and are more suited for purchases, transactions, and active traders. They’re easy to set up and easy to access. Usually, investors and traders will keep large sums on cold wallets, and smaller amounts on hot wallets. Here are some hot wallet options:
Desktop wallets: This is software downloaded, encrypted, and stored on your laptop or desktop device. If your device is connected to the internet, make sure to get good antivirus software. Check out Exodus or Coinbase’s wallets to get an idea. Mobile wallets: Mobile wallets are similar to desktop wallets, but for smartphones and mobile devices. They provide more convenience and can offer QR transactions for those that use and trade digital currency regularly. Since they’re connected to the internet, they are slightly less secure. Web-based wallets: These are wallets that you access through the internet. While these are the most convenient, they’re also the most insecure. They’re susceptible to DDOS and other kinds of cyberattacks. If the storage site suffers a data breach, your information will also be at risk.
For more information on how to buy and sell Bitcoin safely, have a look at our in-depth article.
Security starts with a strong password
Experts tell you to make your passwords strong for a reason. This especially goes for your Bitcoin and cryptocurrency accounts. The average person has around 25 accounts they need to remember passwords for — which can be quite daunting. We’ve all fallen into bad habits of reusing passwords for different sites. We also tend to make weak passwords and don’t change them for years. You want to make sure your Bitcoin and cryptocurrency-related passwords are strong, changed often, and aren’t reused for other sites. Don’t use anything that could be linked back to you easily — like schools you’ve attended, jobs you’ve worked, or children’s or pets’ names — and make it a combination of uppercase and lowercase letters, symbols, and numbers. The question is: how are you going to keep track of all those good passwords? This is where password managers come in. They help you create, store, and manage your complex and strong passwords. In case you’re looking for the best password manager: 1Password came out on top of our password manager reviews.
Keep your crypto software up to date
Strong online security is a lot like getting a new car: it takes routine maintenance to keep everything running smoothly. Hackers never rest in their attempts to break software security. When vulnerable code is discovered, software makers update the security to close the loophole. But no matter how good they are at closing the vulnerability, it won’t do you any good unless you get the update. Staying on top of updates can seem like a dull chore, but almost all hacked software lacked the latest fix. Stay on top of keeping your crypto-related software up to date to prevent losing your valuable Bitcoin. Some cryptocurrencies use advanced technologies to maintain privacy, so it’s important that you regularly update the exchange software (such as the Ledger), to prevent any hiccups.
Think Like a Con Artist
To avoid these common crypto scams, it’s a good idea to put yourself in a hacker’s shoes (or maybe at their laptop). The entire point of cons and scams is to rattle the victim and distract them from the criminal’s end game. Scammers and con artists want to alarm you and get you moving quickly before you’ve had time to think about the scenario. It’s only after falling victim and having time to settle down, that people begin to question how odd the situation was in the first place. Understanding how scammers think will help you stay ahead of them. So what do these scammers really want?
They want you to send Bitcoin and cryptocurrency
The end game for a lot of these scams is to have you send Bitcoin or cryptocurrency to a fraudster’s blockchain address. Traditional banking methods allow you to stop payments or reverse transactions. If you think you’ve made an error or been defrauded, chances are you can get that money back by communicating with your bank. However, that’s not the case with Bitcoin and other cryptocurrencies. Bitcoin is a digital currency that no institution has control of. You’ve got to have total confidence that the party or merchant you’re sending cryptocurrency to is an entity that can be trusted. Once you’ve sent it to a blockchain address, there’s no going back, and no one to turn to for help. This is good news for scammers: once they’ve fooled you for just a moment, they’ve won.
They want access to your Bitcoin or cryptocurrency accounts
Fraudsters also want to gain access to your Bitcoin wallet or account. Once they’ve got access, they can send cryptocurrency wherever they want. Through the different scams and cyberattacks we looked at earlier, they hope to get:
Private keys: Cryptocurrency wallets have a secret key (or keys) that only the owner should know. Getting hold of this key allows fraudsters to spend money and make transactions. Passwords and login info: They’re looking for access to victims’ cryptocurrency accounts and apps. Remote access: Scammers could request remote access to your device to “solve a problem.” Once a scammer has control of your device, they’re able to access your cryptocurrency accounts, your online financial accounts, and your entire online life. Two-Factor/multifactor authentication info: They could be hunting for 2FA/MFA codes or passwords to access your Bitcoin accounts and apps.
However, scammers will be more than happy to take other things to use against you if they can’t get to your Bitcoin. Many scammers are getting increasingly better at social engineering. Through trickery and manipulation, they could pry all kinds of personal information from you — like pet names, important dates, or schools you attended — to put into password or security question-guessing software.
The Takeaway
Venturing into the cryptocurrency world can be a life-changing experience — for good or ill. You may garner great gains with the perfectly timed trade. Or you may learn a hard lesson in patience by jumping into a FOMO frenzy. You may believe that ten years from now, your partial bitcoin safely stashed could be worth millions. Whatever the reason you decide to jump into the world of cryptocurrency, make sure to take the precautions necessary to cut your risk. You can even buy Bitcoin with PayPal now! Whether it’s a scam or lax security efforts on your behalf, you don’t want your hard-earned digital currency to fall into the hands of cybercriminals and hackers. For greater security, check out our best VPNs for crypto trading and the most private cryptocurrencies today.