Crypto Scams

Table of Contents

According to figures released by Chainalysis in January 2022, US$14 billion in cryptocurrencies has been taken from victims in 2021. The surge has been fueled by a rise in “rug pulls” predominantly found in the world of decentralized finance.

Did you know?

CNA938 has produced an award winning radio documentary titled: “Educate or Regulate: The Alarming Rise of Cryptocurrency Scams”.

It provides a good listen during your evening jogs. Listen to it FREE on omny.fm.

Common Crypto Scams

Copy and paste crypto scam

A malware on your computer replaces a wallet address copied from crypto platform’s webpage with another address belonging to scammers.

It is important to double check the destination addresses of transactions in order to avoid loss of funds.

Deepfake scam

To avoid deepfake scams:

If you’re watching a video, check whether the person’s lip and tongue movements sync up naturally with the audio.
Should you see someone famous promoting a cryptocurrency platform, visit their social media pages to determine if they’re indeed a brand ambassador.
If reputable mainstream media outlets are not reporting about the celebrity endorsing the platform, it’s a red flag.

Fake platforms

Fake crypto exchange platforms.

Case study:

I grew my cryptocurrency portfolio by 8 times. Then I blew it on a scam [ChannelNewAsia]
- person gets introduced to a fake platform to perform trading.

Giveaway scam

Con artists pose as celebrities or known figures in the crypto world. They promise to “multiply” the cryptocurrency that investors send.

E.g. “Elon musk free giveaway scam”

Phishing

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

Red flags:

Is the message urgent and threatening?
Does it ask for sensitive information?
Is it full of grammar mistakes?

Common types of phishing attacks include:

email spoofing
fake, malicious website
instant messages with a fake link
social media with fake link to exchanges and wallets
fake support team

Some examples below:

MetaMask (email spoofing / fake support team)

I receive MetaMask related phishing emails practically daily. Many are able to spoof the email domain to be “metamask.io”, and even escape from the junk mail detection logic. Another common source email address for these MetaMask phishing emails is “webinarinfo @ webinarjam.net”

Example of a MetaMask wallet verification phishing email:

I received the following email in my junk folder. The email looked legit with the sender email address listed as “MetaMask <noreply @ metamask.io>”.

A quick search on the internet with the email text revealed this to be a phishing scam though. Metamask Wallet does not require any verification to be done.

Phishing airdrops (malicious website)

In the scam, randomly airdropped tokens appear in your wallet. If you try to interact with them, you’re prompted to connect your wallet to a website that looks like a DeFi app — but actually gives hackers permission to drain your holdings. To protect yourself, don’t interact with airdropped tokens from unknown sources, don’t connect your wallet to websites advertised by airdropped tokens, and don’t keep too much crypto in a wallet you regularly use to interact with crypto apps.

Similar looking domain

Google AdSense scam leading to myetherwa1let.com instead of myetherwallet.com

Rug pull scam

For every legit project working on real objectives to bring about innovation, comes a series of scams looking for a quick way to grab investor funds. Rug pulls are a type of scam where developers first market a project, and then abandon it, taking their investors' money along with them.

Case Study: SQUID

Squid Game Crypto Went From $0 to $600 in Days and Back to $0 in Seconds

operates on Binance Smart Chain
based on the popular Netflix series.
the creators of the crypto had said the currency would be used in an online playable version of the Squid Game, where users could earn more coins, that they could later encash for real money.
red flags:
- creators of the crypto project were neither associated with the creators of the series nor Netflix
- spelling mistakes and grammatical errors on the website and the project’s whitepaper.
launched at $0.01 and value soared to $2856
buyers of the crypto coin could not sell them! The developers had created an “unusual ‘anti-dump’ mechanism” that prevented many investors from selling their tokens. Investors could only sell if the ratio of buyers to sellers was 2:1.
creators shut down the project after one week!
40000+ investors were estimated to have lost a total of $3.38 million
Binance blacklists Squid Game developer accounts, and reports that developers used coin mixers like ‘Tornado Cash’ to obfuscate their transactions to cover their tracks.

Virus

Storing your seed text on your computer is not safe as some malicious software may be scanning your hard drive for your crypto keys.

Avoid getting scammed or hacked

Rule #1 in crypto, never reveal your private key
Avoid using public WiFi networks and insecure connections. Bad actors can use these networks to steal your login credentials and other sensitive information.
Only install crypto platform apps from official sources like Apple App Store or Google Play. Apps downloaded from unverified sources might contain malware that could infect your device.
Protect your accounts with 2FA
Do proper research before joining DeFi projects.
For scam-related advice, call the anti-scam hotline 1800 722 6688 or go to www.scamalert.sg.
Bookmark the crypto platforms you frequent, rather than clicking on search engine ads which might redirect to malicious sites

Check links before clicking on them

Ensure that they go to the official site. Never click on links given by strangers and input sensitive information.

Learn to identify common scam tactics

Love scams

Here are some informative videos produced by Channel News Asia (CNA)

Scammers often create accounts that look very similar to the official brands, so be vigilant and check. Report fake accounts to get down shut down to prevent others from getting scammed.

Change your privacy setting in your messaging apps (e.g. Telegram) to prevent others from adding you to random investment chat groups.

What to do if scammed?

What should you do if you have fallen victim to a crypto scam? I came across a blog article from Tokenize Xchange addressing this.

Key points:

Preserve your transaction information
- these may be viewable in an online account, but you never know when they will be removed by the company.
- fraud investigations might take a long time, it’s critical to have a long-term strategy for safeguarding these records.
- investigators will need all of the transaction IDs identifying the monies sent to the scammers to begin tracing your assets.
Contact the company
Report to local authorities
- To provide information on scams, call the police hotline 1800 255 0000, or submit online at www.police.gov.sg/iwitness.
Warning other investors against the crypto scammers

Mental health and counselling support (Singapore)

National Care Hotline: 1800-202-6868
Fei Yue’s Online Counselling Service: eC2.sg website (Mon to Fri, 10am to 12pm, 2pm to 5pm)
Institute of Mental Health’s Mental Health Helpline: 6389-2222 (24 hours)
Samaritans of Singapore: 1800-221-4444 (24 hours) / 1-767 (24 hours)
Singapore Association for Mental Health: 1800-283-7019 (Mon to Fri, 9am to 6pm)
Silver Ribbon Singapore: 6386-1928 / 6509-0271 (Mon to Fri, 9am to 6pm)
Tinkle Friend: 1800-274-4788 (Mon to Fri, 2.30pm to 5pm)
Touchline (Counselling): 1800-377-2252 (Mon to Fri, 9am to 6pm)

Global help

For help wherever you are, contact:

Global Anti-Scam Organization https://www.globalantiscam.org/contact
Global Anti-Scam Alliance https://www.gasa.org/contact-4

Scam

Last updated on 20 Jun, 2024