Back to research

Safety first!

November 8, 2021

Table of Contents

Bitcoin related scams are on the rise. Where there are large concentrations of money, there is crime. As you get started, it’s difficult to tell what’s legit and what’s not. When money is riding on your ability to assess threats, things get stressful. We’ve compiled a list of common hacks and scams to look out for, in addition to security tips vetted by experts.

One of the best ways to fend off attacks is to download software updates. Make sure that all of your systems are operating on the latest release. If systems are out of date, they can be vulnerable to attacks.

Hacks and scams: an overview

Fake giveaways

No one wants to give you free money. This seems fairly common sense, but scams where people impersonating celebrities ask for a small sum in return for a larger one are surprisingly successful. The only plausible scenario where someone would want to give you free money is if an emerging altcoin is doing an airdrop. Absolutely no one wants to give you free bitcoin. If they say they do, run in the opposite direction.

Phishing

In the world of cybercrime, phishing is a tried and true standby. Phishing refers to an attack where someone entices people under false circumstances to give up personal information that can then be used for nefarious purposes. There are many different types of phishing attack, but a common vector is via email. 1
Customers of the reputable hardware wallet service Ledger were targeted by phishing attacks in 2020. An overview of the case proves that phishing attacks can be incredibly well thought out, elaborate, and creative. Attackers registered domain names that were incredibly similar to the official site, ledger.com. 2 They then created websites identical to the Ledger site, and sent urgent sounding emails to customers requesting that they enter their 24-word recovery phrase. Once the attacker has access to the phrase, they can immediately drain all funds associated with the wallet.

Always make sure to check the sender’s address for misspellings, and don’t click on any links unless you’re completely satisfied that they have been sent by a trusted source. Try hovering over a link before clicking it to see where the link goes to. Don’t open email attachments unless you trust the sender, as they can contain malware.

Fake exchanges

People will go to great lengths to defraud others, up to and including creating entire fake exchanges. These exchanges offer incredibly competitive prices that lure customers in. Always research exchanges before making a choice. If it looks like they popped out of nowhere, steer clear. Stick to exchanges that have received coverage from reputable sources.

Exchange and wallet hacks

Of course, bitcoin in an exchange is only as secure as the exchange itself. The cryptocurrency ecosystem has a long and fascinating history of heists, hacks, and general bad behavior. We’ll cover that a bit later in the book.

Blackmail

Scammers often send emails claiming that they have compromising information, photos, or videos about you. They usually threaten to send the material to all of your contacts unless you pay up via cryptocurrency.

These emails frequently contain user passwords to add weight to the threat. Passwords are often leaked when websites get hacked, so the scammer doesn’t necessarily have access to all of your accounts (unless you reuse passwords, which we’ll talk about later.)

Pyramid / Ponzi schemes / Investment scams

If someone promises you a high-yield investment in return for something, whether that’s recruiting new users or an upfront deposit, it’s probably a scam. The crypto ecosystem is rife with investment scams as ill-informed investors fall for get rich quick schemes.

Be wary of cold callers or internet pop-up ads that promise fast and highly profitable returns on an investment with low risk. If it sounds too good to be true, it is.

Ransomware

Ransomware typically refers to a type of malware that blocks or encrypts access to a device unless you pay a ransom, often in bitcoin. With ransomware, the important thing is prevention. If it’s already happened, you should probably consult a professional. Always be cautious about what you download, and make sure that all applications are legitimate. If an application requests administrator access, quadruple check it.

Safety tips

Ok, that’s a lot of scams! What are a few steps you can take to make sure this doesn’t happen to you?

  • Use a password manager! It’s highly likely that a website you’ve logged into has been hacked. Hackers typically sell and dump personal information, including emails and passwords, online. People often reuse weak passwords across sites, allowing hackers to get into multiple accounts. It’s better and easier to use a password manager. With a password manager, you only need to remember one strong password. The rest are automatically generated. This protects you from password reuse attacks. When choosing a password manager, do your research. Popular ones include LastPass, Dashlane, and 1Password, among others. The website https://haveibeenpwned.com/ maintains a database of leaked password and email combinations. Try checking it regularly to make sure that your data hasn’t been exposed as part of a breach. If you’re working with large amounts of cryptocurrency in a password-protected account, consider using an offline password manager like KeePassXC for cold storage. This is less convenient but adds an extra layer of security. Above all, do not reuse passwords. Just don’t do it. Don’t even think about it.
  • Exchanges often offer extra security features, particularly two-factor authentication, or 2FA. 2FA refers to an extra layer of security added to the login process, where the person logging in is required to provide an additional form of authentication. This often takes the form of SMS messages to a trusted phone number, an authenticator app, or a physical security key. Take advantage of every safety precaution offered by exchanges – they’re there for a reason.
  • Don’t keep more than you’re willing to lose on an exchange. The reasons for this will be explained later, in our history of exchange hacks. Long story short, if your bitcoin is in a wallet that you don’t control the private keys for, it’s not really yours. Only keep amounts you’re actively trading and willing to lose in exchanges.
  • Think carefully about your password reset functions. Exchanges often provide a password reset function for people that have forgotten their passwords. This often takes the form of a link sent to a trusted email. If the email account associated with the exchange is breached, hackers can reset your password and make off with your bitcoins. Every account trusted by the exchange should be secure, with a great, non-reused password, 2FA, and a security question that cannot be guessed by browsing your social media for 10 minutes.

References

  1. https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
  2. https://www.ledger.com/anatomy-of-a-phishing-attack