When it comes to cryptocurrency scams, ICOs usually hog the limelight—and for good reason. In January, multinational professional services firm Ernst & Young estimated that 10 percent of ICO proceeds of $3.7 billion had been stolen.
While that revelation is definitely alarming, it still pales in comparison with the sheer amounts spirited away from crypto exchanges over the years. Nearly $2 billion worth of cryptocurrencies have been lost in 12 documented hacking attacks on cryptocurrency exchanges since 2013.
But even more alarming is the fact that the crime is showing no signs of fizzling out-- $534,800,000 (523,000,000 NEM) was hacked from Coincheck in January, a figure only rivaled by the $700,000,000 (850,000 BTC) stolen from Mt. Gox in 2014.
Coincheck wallet holders though were incredibly lucky that the company agreed to compensate them to the tune of $425 million (about 80 percent of lost funds). No other exchange is on record offering any kind of compensation to owners after a heist.
Whereas banking customers can count on FDIC to refund up to $250,000 per account if a bank goes belly up, and stock investors have Securities Investor Protection Corporation (SIPC), the SEC and FINRA to cover them if their broker/dealer goes bankrupt, crypto investors are all on their own. Related: Netflix Struggles To Take Off In Asia
In other words, there’s a quarter of a trillion dollars worth of cryptocurrencies out there at the mercy of exchanges and whatever firewall and encryption technologies they can muster.
According to Ben Schmidt of PolySwarm (a distributed threat Intelligence platform),“Securing platforms against less [funded] attackers can be difficult, but not unreasonably so. However, when attackers with resources begin attempting these kinds of attacks, it can become nearly impossible to prevent all compromises. The focus here should be to reduce the potential impact of compromise by keeping less funds in hot wallets and better isolating and monitoring all systems involved with funds transfers.”
Not much of a consolation, but it gives you an idea of how bad the problem has become.
While the average investor is virtually powerless to prevent their exchange from being hacked, there are other crypto scams that directly target the end-user. Here are some common ones to be on the lookout for:
#1 Malware Downloads
This is a simple enough scam but don’t let its simplicity fool you. It’s proven quite effective, especially with crypto newbies.
The user receives a download link--usually a post in an email or social media--prompting them to click on a link to a program or supposed bitcoin exchange. Of course, sometimes the links are genuine ones by marketers or affiliates but sometimes they are nothing more than malware. To protect yourself against malware:
> There is no justifiable reason why you should use an unknown link to access a legitimate and secure cryptocurrency exchange instead of accessing it directly. Better be safe than sorry.
> Use 2-factor authentication every time—this sends a unique code sent to your phone when login in.
> Use a “cold” offline wallet, preferably physical cold wallets in several locations. ‘‘Hot’’ wallets are the most susceptible to hacking attacks.
#2 Fake Wallets/Crypto Exchanges
This used to be a fairly common scam in online banking where unsuspecting users received an email from a sender purporting to be their bank. A link would then direct them to a website with an almost identical name and URL. The scammer would then be able to steal the user’s name, password and other login detail.
The same scam has now come to cryptoland, only the bank has now been replaced by a fake wallet or exchange with a similar intention to steal the user’s private data. To avoid falling victim to this type of fraud,
> Carefully check the URL of your wallet or exchange whenever signing in, making sure the “https” and “secure” lock symbol are present.
> Use 2-factor authentication.
> Only use well-known exchanges and wallets.
#3 Pump and Dump Schemes
Pump and dump schemes in the world of crypto are elaborate schemes usually hatched and executed in secure messaging apps such as Telegram and Discord. Little known altcoins are usually the target and the purpose is to engage the recruited member in a flurry of buying activity of a particular coin so as to push the prices up and then exit a few minutes later and book large profits.
The winners are mostly the scam leaders who receive buy and sell signals a couple of seconds before everybody else. The losers are the unwitting followers who help to push the prices up but rarely enjoy the ensuing profits before prices come crashing down.
The panacea for this one is fairly straightforward—ignore any invites to participate in any pump and dump scheme no matter how juicy the promised returns.
By Alex Kimani for Safehaven.com
More Top Reads From Safehaven.com: