These days, cryptocurrency investments are one of the hottest topics in the investing realm. Investors buy digital currencies such as Bitcoin, Ethereum, and Dogecoin through cryptocurrency exchanges like Coinbase, hoping to sell them later for a profit.
Cryptocurrency, or “crypto,” is a legitimate but risky investment opportunity. It’s a highly speculative investment, so you can make — or lose — a lot of money very fast.
But it also carries an even bigger risk: cryptocurrency scams.
Hackers use all kinds of tricks to get their hands on your money, from hacking your crypto accounts to creating completely fake coins. And as crypto grows in popularity, so do crypto scams.
According to the Federal Trade Commission (FTC), Americans lost over $80 million to cryptocurrency investment scams between October 2020 and May 2021.
Types of Cryptocurrency Scams
Crypto is a fertile field for scams because it’s both so alluring and so confusing.
Bitcoin prices are soaring, and investments by celebrities like Kanye West and Paris Hilton are creating tons of buzz around newer “altcoins.” Yet at the same time, most Americans don’t really understand what cryptocurrency is or how it works.
That’s a perfect combination for scammers, according to the FTC. There’s lots of interest in crypto investments, yet little understanding of how they work. Scammers’ claims sound believable because investors don’t know what’s realistic and what isn’t.
1. Theft by Hacking
In theory, crypto should be a completely secure investment.
All transactions must go through a blockchain, which routes them through multiple computers and checks them against a database on each one. To hack the system, a thief would need to break into the majority of the computers in the chain.
But in reality, nothing is perfectly secure. Hackers have repeatedly found ways to break into the various parts of the crypto market, such as exchanges, mining companies that create coins, and digital wallets where people store them.
And because crypto accounts aren’t covered by FDIC insurance, once the coins are gone, there’s generally no way to get them back.
The most notable crypto hacks to date include:
- The 2014 Mt. Gox hack, in which a Tokyo-based cryptocurrency exchange was looted of $460 million in cash and Bitcoin
- The 2016 DAO hack, in which a venture capital firm operated via the Ethereum blockchain lost 3.6 million ether worth about $70 million
- The 2016 Bitfinex hack, in which a Hong Kong-based exchange lost over $60 million worth of Bitcoin
- The 2017 NiceHash hack, in which hackers broke into the payment system of a Slovenian Bitcoin mining company and stole $64 million
- The 2018 Coincheck hack, in which hackers stole nearly $500 million in digital tokens from a Tokyo-based cryptocurrency exchange
There’s not a lot you can do to protect yourself from this type of attack.
The most important precaution you can take is one that makes sense with all investments: don’t put all your eggs in one basket. Don’t put your life’s savings into any one exchange or account, and you can’t lose it all to hackers overnight.
2. Fake Cryptocurrency Investments
In cryptocurrency investment scams, fraudsters set up fake sites for investing in or mining crypto. They have a variety of methods for luring victims to these sites.
Sometimes they pose as investors sharing tips online. In other cases, they send out unsolicited letters from “investment managers” offering to help victims grow their crypto investments.
Phony crypto investment opportunities can also attract potential victims through social media. In some cases, they hack into the accounts of celebrities or their marks’ personal friends in order to gain their trust.
Some scammers even attract victims by luring them into phony long-distance relationships on dating sites, combining a crypto scam with an online romance scam.
No matter how the scam starts, it plays out the same way. The investment sites promise huge returns and use fake testimonials to make them look legit.
Sometimes they offer multiple investment tiers, with bigger returns for bigger investments. Convinced they’ve hit on a good thing, the victims put in real money in either dollars or crypto.
In some cases, these sites string investors along for years. They periodically send fake reports to show victims how their “investment” is growing.
But the first time the victim tries to withdraw any of those funds, they discover their money is gone. Or worse, sometimes the site convinces them to pay a “withdrawal fee” to access their money and gives them nothing in return.
There are several variations on the basic crypto investment scam. For instance, instead of setting up fake sites, some scammers spoof (imitate) the sites of real cryptocurrency exchanges. For instance, the FTC says many people have lost money to sites posing as Coinbase.
3. Giveaway Scams
Another popular variant is the giveaway scam. Fraudsters pose as celebrities or well-known cryptocurrency investors offering to help small investors. They say if you send them your crypto, they’ll add some of their own to help you multiply your investment.
In reality, any money you send them goes straight into the scammer’s pockets. According to the FTC, in one six-month period, fraudsters posing as Elon Musk scammed investors out of more than $2 million in crypto.
4. Phony Job Offers
Some scammers don’t try to persuade you to put your money into crypto. Instead, they offer you a job handling it.
Fraudsters post fake job offers on employment websites seeking people to mine crypto, sell it online, recruit investors, or help with converting cash to Bitcoin.
What happens next varies.
In some cases, the scammers charge you a fee to apply for the job, then steal your money and sometimes your personal information too.
In other cases, they put you to “work” converting cash to crypto, except the cash transfers to you end up being canceled. This is a variant of the classic returned check scam often practiced on senior citizens.
5. ICO Fraud
An initial coin offering, or ICO, is the launch of a new cryptocurrency. It’s an exciting opportunity to get in on the ground floor of what might become the next Bitcoin.
Investing in ICOs is always risky because there’s no way to predict how the new coin will perform. But some ICOs aren’t just risky; they’re completely fraudulent.
There are two kinds of ICO scams. The first is a currency that’s totally fake. Criminals create what looks like a new altcoin and roll it out with great fanfare. Then they simply pocket any money investors put into it.
The most notorious fake crypto scam was OneCoin. According to the BBC, this phony cryptocurrency, sold via multi-level marketing, took in over 4 billion euros (close to $5 billion) from investors worldwide.
More recently, the U.S. Securities and Exchange Commission (SEC) shut down the $15 million ICO of PlexCoin, calling it “a full-fledged cyber-scam.”
In the second type of ICO scam, fraudsters spoof a legitimate cryptocurrency that’s having an actual ICO.
They create a fake website or social media account and use phishing emails to lure investors with a fake “presale” offer. Investors think it’s a chance to get in early on the new crypto coin, but they’re really sending their money directly to the scammers.
Spoofing scams aren’t limited to crypto. In 2017, Coindesk reports, scammers pulled the same trick on investors seeking to purchase the new digital tokens being launched by the social messaging company Kik. In just 40 minutes, they collected over $20 million in ether.
The best way to avoid these scams is to research ICOs carefully before you invest. Check sites like CoinDesk to make sure an ICO is legit, and be wary of emails and social media posts offering you a chance to buy in early.
6. Fake Crypto Wallets
You can’t keep crypto coins in an ordinary bank account. The standard way to store them is a cryptocurrency wallet, or crypto wallet.
A crypto wallet can be a device, a piece of software, or a service offered by a crypto exchange. It stores the digital keys you need to access your crypto investments and provides a digital signature for purchases you make with crypto.
As noted above, one problem with crypto wallets is the risk of hacking. But some thieves don’t go to the trouble of hacking into real crypto wallets.
Instead, they sell fake ones online or in mobile app stores. The scammers hold the master keys to these fake wallets, so they can help themselves to anything stored in them.
The 2017 Bitcoin Gold wallet scam is a good example. A clever hacker convinced the creators of Bitcoin Gold — a newly launched, legitimate spinoff of Bitcoin — to promote the site mybtgwallet.com for storing it. The creator of this site then stole over $3 million in Bitcoin and over $200,000 in other currencies.
The safest system is to have most of your investments in a “cold” wallet that’s not connected to the Internet. Transfer crypto from there to your Internet-connected “hot” wallet only when you need it to make a trade.
7. SIM Hacking
Another way for hackers to get into your crypto wallet is to hijack it via your cellphone. This scam goes by various names, including SIM hacking, SIM swapping, SIM hijacking, and phone porting.
Here’s how it works: First, hackers transfer your cellphone number to a new phone. Once they’ve done that, they can use that phone to pose as you and reset the password for your crypto wallet. Then, using this new password, they access the wallet and drain your account.
Since crypto transactions can’t be reversed, there’s no way to recover the money.
For example, former tech CEO Cody Brown tells Medium that he once lost $8,000 in Bitcoin within 15 minutes after hackers used his phone to get into his Coinbase account.
SIM can sometimes get control of your phone simply by calling your wireless carrier.
They pose as you and ask to have your phone number transferred to a new phone. They may “prove” their identity by providing personal information such as your date of birth (easy to find online) or your Social Security number (obtained through a data breach).
One way to prevent SIM hacking is to set a unique PIN and security question for your cellphone account.
However, hackers can overcome this barrier by bribing the carrier’s employees to provide them with customers’ PINs. According to VICE, they can get this info out of customer support people and store employees for as little as $80 to $100.
The best way to avoid phone-porting scams is not to link your cellphone number to your crypto wallet at all. Instead of relying on codes sent by text message to authenticate your account, use an authentication app such as Authy or Google Authenticator.
And if you have to provide a phone number when setting up your account, use a landline or a free Google Voice number.
8. Bitcoin-Stealing Malware
A final way for hackers to worm their way into your accounts is to install malware (harmful software) on your computer.
Malware takes all sorts of forms, including viruses that cause malicious damage, spyware that steals your personal info, and ransomware that holds your machine hostage.
Many types of malware are designed specifically for the purpose of stealing crypto. These programs can capture the login credentials for your crypto accounts, steal your entire crypto wallet, or get into the account while you’re in the middle of a transaction.
One of the latest crypto-stealing malware apps is WeSteal. According to Palo Alto Networks, it works by searching your clipboard for patterns that match the identifiers for Bitcoin or Ethereum wallets. Then it replaces those wallet IDs with a new code it supplies. Whenever you make a transaction, the money goes to this new, fake wallet instead of the real one.
To protect your computer from this type of malware, start with the same precautions you’d use against any other digital threat. Use a good antivirus program, plus a firewall to shield your incoming and outgoing data.
On top of this, consider taking some extra precautions for your crypto transactions. For instance, you can use a VPN (virtual private network) like NordVPN to keep your real Internet connection hidden.
If you want to be absolutely secure, you could even keep a separate, dedicated computer that does nothing but log into your crypto accounts.
How to Spot A Cryptocurrency Scam
Not all the scams fraudsters use to get their hands on your crypto are new ones. They’ve also adapted oldies like government imposter scams.
They pose as officials from an agency such as the IRS or Social Security Administration and convince you that you owe the government money. The FTC says many people have loaded money into Bitcoin ATMs to pay imposters claiming to be from Social Security.
In other cases, the scammers rely on plain old-fashioned blackmail. They claim to have compromising information, photos, or videos of you and threaten to expose them unless you pay them off in crypto.
The only thing that’s new about these scams is that the fraudsters are requesting payment in crypto — usually Bitcoin. They prefer this mode of payment because it’s untraceable, so almost impossible to recover.
The FTC says this in itself is a red flag. Anyone who insists on payment in Bitcoin or any other cryptocurrency — no matter what for — is almost certainly a scammer.
The other warning signs of a crypto scam are similar to those for any other kind of financial scam. These include:
- Promises of Huge Returns. There’s no such thing as a guaranteed return on any investment — especially a big one. With real investments, high returns come only with high risk.
- Offers of Free Money. Any time anyone offers you money for nothing, whether in cash or crypto, it’s pretty much guaranteed to be a scam.
- Lack of Detail. Crypto investment scams often gloss over the details of how the investment works. Legitimate investment advisors, by contrast, are usually eager to explain how they can make money for you.
What to Do About Crypto Scams
If you detect any of these warning signs, be wary.
At the very least, research the company and the cryptocurrency before you invest. Try searching for the name of the company along with words like “scam,” “complaint,” or “review” to find out what experiences others are reporting.
If you’ve already lost money to a cryptocurrency scam, your chances of recovering it are slim. However, you can help stop the scammers from hurting anyone else by reporting the crime.
Places to report these scams include:
- The FTC
- The SEC
- The Commodity Futures Trading Commission (CFTC)
- The cryptocurrency exchange you used to send the money
- The FBI for crypto-crimes involving blackmail
As interest in crypto grows, interest in crypto scams is sure to grow along with it. In addition to the scams listed here, there will probably be new ones.
The best way to protect yourself from these emerging scams is to be aware. For starters, learn as much as you can about all types of existing scams. That will help you recognize them when they pop up in new forms.
Also, take plenty of precautions when investing in or with cryptocurrency.
With any type of investment, it’s important to research the company, the product, and the investment advisor before putting money into it. However, all these steps are doubly important with crypto investments, because lost money is so hard to recover.
Likewise, it’s extra important to keep your crypto accounts secure.
Double down on all the precautions you’d take with other financial accounts, such as secure passwords and virus protection. Keep your crypto locked in a secure wallet, and keep multiple copies of the keys in places where you can easily access them — but thieves can’t.