In this guide, we'll break down the most common types and ways of stealing crypto, cheating, and other bad things that can hurt you.
Dictionary:
Scam - fraud.
The scammer - is a fraud.
Stiller – A program that steals your wallet or other information.
Seed phrase – 12 or 24 words with which to enter your wallet.
DeFi – A decentralized platform (e.g., 1inch).
Farming, steaking – providing liquidity to the project. When you give your money and you get interest on it.
There are a lot of ways to give your crypto to unscrupulous people. And they can either steal it themselves as the same drains, or they can take advantage of your trust and get a voluntary transaction from you, trick you into NFT mines, and so on.
We don't claim that our guide is a cure-all for all scams, not at all. But it will protect you 95% for sure, if you read it carefully, use the information from the guide in practice and forward it to a friend.
Phishing. It would seem, what does this have to do with fish?
This type of fraud involves luring out your crypto, your sido phrase, your wallet key by... how shall I put it, delusion. For example, you receive an email or message in discord, twitter, troll from a project you've been following for a long time and dream to get into it, buy its tokens first, and so on.
The account that I wrote to you looks like a real one. The message / letter states that you got a chance to mint or buy tokens, and there is immediately a link to the mint itself or the purchase. You switch - connect the wallet, and... that's it. Your money was crying! Scammers stole your money.
By the way, yes! Phishing comes from the word Fishing. That is, fishing. Basically, you're being hooked.
Projects themselves practically do not write first, and announce the winners in their announcement channels, and do not send a link to the mine in private messages.
From this follows a rule: very rarely do people write to private messages first, and if they do, they don't write with links.
Another phishing method to trick you is to create a fake website for some swapping or steaking platform. For example Pancakeswap or 1inch.
The original link of the same Pancake looks like "pancakeswap.finance". At the same time, scammers can create a site on the domain "pancakeswap . com" or "pancake . swap". And completely repeat the look of the site and its functionality.
The only difference is that your crypto won't go into stacking or pharming, but directly into the wallets of scammers. Sometimes this can even happen on a domain that looks like a real one, then we already check the https certificate.
This is the lock to the left of the link, if your DeFi does not have it, or it is red - it is better not to work with it now. Because this certificate ensures a secure connection between you.
From this follows the rule: always check the project links meticulously. Bookmark the DeFi browser, which you regularly use, so as not to get caught by scammers.
Regular checks will pay off financially and mentally at the first major phishing incident. And remember, fraudulent links often appear right in Google first!
Remember this
Twitter sometimes advertises them directly. Yes, yes, how does a red pill taste? Even giants like Google and Twitter sometimes unintentionally advertise scams.
Another point. If you want to buy some token on a conditional Uniswap, be sure to find the contract of that token and only after that look for that token by contract. For example, when $PEPE was in a HYIP, scammers created dozens of tokens with the same name (it took 30 seconds) and people lost large sums as a result. And all because they were looking for a token by name, not by contract.
You will find the contracts on the official sources of the project or on CoinGecko in the "Contracts" section.
Each blockchain has its own contract. For example, for USDT on Ethereum it looks like this: 0xdac17f958d2ee523a2206206994597c13d831ec7
But remember, CoinGecko may have a scam coin, and official sources may give you a fraudulent contract by accident or on purpose. That's why everything is always very neat.
To summarize phishing
The goal of this type of scam is to lure out the right data or transaction by pretending to be an original project, or a famous person.
It's also an important reminder that no project in this world will ask you for your seed-phrase or private key. Any necessary operation in crypto can be done without them.
Well-known accounts on social networks, messengers, or Discord never write first, but scammers who pretend to be them always do, and the same goes for letters to emails from projects with winnings. If a person from the project will write in personal messages, it is clearly not with congratulations on winning a million.
Banal scam schemes
This item will seem very very trivial to most, but nevertheless it still collects a lot of money from various cryptans, usually beginners.
Surely you are familiar with such messages in chats or personal messages tg: "I'll give you the arbitration scheme, teach you everything, by the hand will bring you to the first money. Income 9999 $ per second, working 50/50".
Arbitrage – is in fact a game on the difference in exchange rates. This type of earnings has many pitfalls, requires large sums, and also has its own risks. Those who write in chat rooms and offer to work with them are swindlers. No one will take you to the "working scheme-theme", alas. An example of arbitrage: on some exchange bit is worth 28,000, and on some exchanger 28,200. And you due to the difference in these rates transfer a large amount of money and for each such "circle" you get a profit of 0.5-1%.
The only thing is that such schemes are usually not leaked to the general public, and certainly not begging you to make money from them. They are used by arbitrageurs themselves.
And yet, what is the benefit to these spammers? They work with your capital, they give you a scheme in which their pocket exchanger will be sewn in. For example, the scheme "buy a bitcoin on the binanace for $ 28,000, go here You.Id*ot ... and sell it for $ 29,000". Scammers create the exchanger themselves, and of course, you will lose your crypto by entering it.
The second scheme, which is also very popular, is a site niche with the insite "I found a scheme to earn money". And it tells you that on a certain site you get 0.1 solana for burning an NFT on solana, and then a link to a scammer collection mint at a cheaper price than you "should" get for burning it.
It seems to profit, but no, you do not get anything, but just a mined empty scammer, which you can mince as much as you want.
Scammers also often write about "cryptocurrency courses. Like, here, passed the course - ready to give it away for free. As a rule, they will give you either a link to a fraudulent site, or will vparivsya their services after giving a link to the real normal course, which they downloaded somewhere on the Internet.
Example: In the chat room a certain person writes "Guys:) I took a course in crypto:) I'll share - no pity:)". You bite and asked him to throw you this course. Chelik throws a link, which asks you to plug in your wallet. Or it may be a PDF file with a virus.
* With PDF files, by the way, especially in crypto, very carefully. Very often they contain viruses. Don't open PDFs better ever, and ask for material to be sent to you in google doc form.
Or he throws you not a PDF file or a scam link, but a real course. Of course, if you are a beginner, one course to dive into crypto is not enough - and the man will offer you mentorship for a certain amount of money. You pay the money, the person disappears. There is a very subtle psychological point here. The man gave you something for free, and subconsciously you want to return the favor. Scammers take advantage of this to milk you for money and disappear.
A person creates an account that looks an awful lot like the account of a known cryptan. He puts his avatar and writes a similar nickname. For example, a scammer wants to copy CZ account.
And the guy starts writing to everyone and asking for a loan. Like, "Urgent, I'm in trouble!!! GIVE ME $500 TILL TOMORROW! Well, it's clear that you can't give anything to anyone until you confirm the identity of the person.
If you know the number, call it. If you don't know it, double-check the name of the account. And remember, the account can be hacked, so you better have ways to confirm the identity of the person asking, okay?
To summarize the trivial scam schemes
No one is going to bring you schemes or ways to make money "with one click". If someone offers you a scheme through which you can make money, always try to understand the benefit of the person to himself, and it is certainly not "a percentage of the output".
There are a million such schemes, and we will not list them all because there is no point. They all boil down to one thing: "buy this, sell it here, you get half the profit". We don't even consider options to give our capital to someone to "make more out of it."
Malware
Malware in crypto most often refers to stylers (from Steal). It waits and checks your entire clipboard. The clipboard is the part of the RAM where the files you copy/cut are stored.
And then, as soon as the styler sees that there are 12 or 24 separate words on the clipboard (one of the most common mechanisms of action, they themselves are different). He and passes this information to his creator.
From this follows the rule: don't copy the sid-phrases, only rewrite them.
This of course does not really refer to malware, but nevertheless: do not work with DeFi from public Wi-Fi hotspots, especially they are usually unprotected.
A trivial traffic interception can transmit all the necessary information to steal your crypto and other equally important information later. Be careful!
Summing up the results of malware
It is best to use different PCs/laptops for crypto and daily tasks. Or as a last resort, create a separate virtual machine.
It would also be good to work on the security of your Windows. Or ideally use closed operating systems, like OS X on macs. Obviously, this will not make you invulnerable, but you will avoid more than half of the viruses, and more than half of the malicious ones.
Also try your best to use licensed programs, because once you downloaded a cracked photoshop to process photos from the "sea 2008" folder can deprive you of crypto, which is also not cool.
And don't ignore the rule of public Wi-Fi grids.
And we also have to mention cold wallets! They have the advantage that they won't steal your money because they're secure and you can't interact with the wallet unless it's connected to the Internet. That's the beauty of them. You don't have to be afraid 24/7 that a drainer will steal a sid-phrase or make a transfer directly from your computer. But a cold wallet can be stolen physically, so don't talk too much about your profits.
Also, of course, a VPN. Not free, better to buy one if you can. This is where we picked up VPN's - click and click. Personally, we use Express and so far we're not complaining. Public wifi should be used EXCLUSIVELY through a VPN.
Captions
You leave signatures almost every time you interact with different DeFi.
Often you leave a signature in order to make a swap. What's the catch with signatures - leaving it even to a bona fide project, you still risk your assets, because if the platform is hacked, the hacker will have access to your funds, too.
And how do you protect yourself from that? First and most importantly, separate wallets for activities and storage of their main crypto.
The second one! Constantly check the signatures you've given through the services, and if anything, withdraw them.
You can also use different tools, they'll simulate your transactions before they're done and tell you the integrity of the service. Well, most of the time you need this if you suspect the site is a phishing site. Or if you're really lost in some weird stuff and not completely sure what this or that button will do.
Other possible scams
What is there to mention? For example, projects that are designed to get their hands on investors' or users' money.
No expansion will help with this, but luckily over time, such projects have become much easier to catch thanks to their own reserch.
Equally popular nowadays are "exit-liquidity" schemes. When someone creates a token, shills (advertises) it himself, or with the help of others. The price rumps, and then at one point the person withdraws all the liquidity. For example, there is a pair SCAM/ETH.
People have bought SCAM token for 10 ETH in total, that is, the liquidity of the token is 10 ETH. And then, the one who created the token withdraws these very 10 ETH, the token chart freezes, and those who bought the token cannot exchange it back to ether, because there is no necessary liquidity.
We all understand, sometimes you want to cash in on another shitcoins that half of Twitter shills and no one will stop you.
It happens that the token may be blocked, or has the ability to throw all addresses into blacklists, thereby not giving a chance to withdraw, even without a lock.
If such things are in his contract, the DeFi Scanner will show you that.
To summarize
Not getting caught by phishing and scam schemes that offer you millions from nothing is pretty easy. Because you don't have to do anything. And you have to do exactly NOTHING.
But with more technically complex types of fraud, it's more interesting. You have to be disciplined, have the fortitude to check out different projects and tokens, and not get in with both feet.
Also, constantly check your signatures, properly store your data, seed-phrases, etc.
Rules:
1) Ignore personal messages with all sorts of suggestions
2) Don't give anyone the seed-phrase or the key
3) Don't believe those who promise you easy money
4) Always check project links through services
5) Don't copy the seed-phrases, just rewrite them
6) Try to use a separate PC/note, or at most a virtual machine for crypto and all other tasks.
7) IMPORTANT to the point of impossibility! Different wallets for different tasks.
8) Don't use wallets, DeFi's, etc. when connected to a public Wi-Fi network.
9) Regularly check the signatures you've given on your wallets.
10) Look for the token by its contract, which you took from the official resources of the project or from CoinGecko. Also check with a scanner.
That's it. It is important to note that scammers are progressing and the rules above are BASE, but by no means 100% protection.