A couple of months ago, I was keeping a close eye on a launch of a new AI token. The AI narrative was going strong and the token looked like it had potential.
One moment of inattention later, I landed on a scam website that I clicked on from a fake Twitter account.
Just before connecting my wallet to verify my “airdrop eligibility”, I remembered to check the URL. Sure enough, two letters in the project’s name were inverted. This was not the real website and there was no airdrop.
I’ve been involved in crypto for a while, but I avoided this scam by a narrow margin.
I’m sure you’ve been in a similar situation.
Scammers are like viruses. They quickly adapt to new environments. Being highly creative and manipulative, they regularly come up with new ways to make traders part with their money.
And not only newbies.
Even experienced traders can fall for these sophisticated manipulations.
Crypto scams spread online like fire. You’re likely familiar with the classical ones: Fake project administrators, scam Twitter accounts, too-good-to-be-true airdrops, rug pulls, phishing websites, honeypots.
The list goes on.
You know the basic guidelines to follow: don’t FOMO into fresh tokens with no whitepaper, never give out your secret phrase, and always triple-check the URL before connecting your wallet.
But some scamming techniques can catch you completely off guard because you’ve never heard of them or fathomed that they could exist.Let’s look at the top 3.
Address PoisoningAddress poisoning is a newer type of crypto scam where hackers send you transactions worth very little from an address that highly resembles yours.These attackers exploit the fact that crypto addresses are long and difficult to remember.Wallets such as MetaMask display only the first and the last few characters of your address, omitting the middle.
Hackers first monitor the blockchain to identify active addresses with sizeable funds. Then they use a program to generate a very similar address with the same beginning and end.
By sending a tiny amount of crypto from this address to the target address, they “poison” the user’s transaction history.
They rely on the fact that users often copy addresses from a blockchain explorer or their transaction history when making new transactions. Users can thus inadvertently send funds to a scam address instead of their own.
With blockchain transactions being irreversible, you can easily lose funds if you’re not paying attention.
How do you protect yourself?
The easiest way to avoid falling victim to a poisoning attack is to never copy short-form addresses from your transaction history.
Always manually verify that the address is an exact match before sending funds. You can also use your wallet’s contact book to manage addresses you use often.
Crypto Dusting
A dusting attack consists of sending very small amounts of cryptocurrency, known as dust, to thousands or even hundreds of thousands of wallet addresses.
Because dust is such a tiny amount of crypto, it often goes unnoticed by the user. Users can then unknowingly send the dust to other addresses when executing transactions. This gives hackers the chance to monitor these addresses and potentially identify their owners.
Crypto dust is used on almost all blockchains, such as Bitcoin, Litecoin, Bitcoin Cash, and Dogecoin, among others.
Criminals use dusting attacks especially to de-anonymize people with large crypto holdings. These whales can then be targeted through phishing scams or cyber-extortion.
Not all crypto dust is an attack. Sometimes you can receive small amounts of obscure tokens as part of a marketing campaign to promote a new cryptocurrency.
How to protect yourself?
The best way to protect yourself is not to hold large amounts of crypto in a single address.
Another important aspect is to always use a VPN when connecting your wallet to DeFi applications or using centralized exchanges. This way, your IP address changes often making your activity a lot more difficult to trace.
Be very selective with who you share your KYC information. If the application has security vulnerabilities and is hacked, your identity can be revealed.
If you’re a crypto whale, you should take extra precautions when transacting.
One is to use a hierarchical-deterministic (HD) wallet which generates a new pair of keys for every transaction, adding an extra layer of security.
Another is to regularly monitor your address transaction history on blockchain explorers or with special apps.
Remember that by sending you crypto dust, attackers don’t get access to your funds.
If you receive very small amounts of some strange token, the best thing is to leave it alone. If you don’t send it anywhere, hackers can’t trace your activity.
Withdrawal Scams
Withdrawal scams come in several forms. They’re ingenious because of their simplicity.
Imagine scrolling through a random Reddit thread and stumbling upon a secret phrase, usually to an Ethereum address. This phrase is publicly exposed and the post’s author appears as a complete newbie not having a clue what they’re doing.
Even the most honest person would be strongly tempted to connect to a wallet using this unexpectedly discovered secret key.
If you do connect, you find out that the address contains substantial funds in the form of a murky token.
But, darn! There’s no ETH to pay for the gas fees.
If you want to transfer the funds, you first need to send some ETH to carry out the transaction.
Little do you know that there’s a bot working behind the scenes. It automatically transfers any ETH to another address the second it arrives at the scam wallet.
Any ETH you send will instantly evaporate and there are no ways to get the funds out of the wallet.
You can come across the scam seed phrase in numerous ways. It can be publicly available or sent to you by someone asking for help via email or on social media.
How to protect yourself?
This one is simple. Don’t send funds to a suspicious address, no matter how lucrative it seems. You know how it goes: If it’s too good to be true, it probably is.
Bottom line
With crypto being so heavily under-regulated, not falling for a scam at least once is virtually impossible.
If you’ve been a crypto trader for some time, you’ve likely been scammed or at least come close several times.
Whether it’s pump-and-dump schemes, unsellable tokens, or fake airdrops, crypto scams are omnipresent.On social media, constant vigilance is mandatory to steer clear of fake accounts and phishing websites, especially for projects with lots of hype.But other types of scams exist. In this post, we covered 3 you might not have been familiar with.I hope this will raise your awareness to a new level and make you even safer when dealing with the fascinating world of DeFi.
