Top 5 Complex Crypto Scams to Watch Out for in 2024
2024-9-23 17:38:7 Author: hackernoon.com(查看原文) 阅读量:2 收藏

The more years we spend using crypto, the more cautious we become about potential frauds. Now “classical” stuff in this field includes fake trading websites and ICOs, blackmail emails, Ponzi schemes, phishing, rug pulls, and so on. A lot of users have learned to recognize malicious projects, and scammers have noticed it. That’s why they’re developing new creative and even more technical ways to steal our coins.

From private seeds and romance platforms to AI tools and QR codes, we need to be aware of new types of complex crypto scams to be able to avoid them. Let’s check how they lure their unsuspecting victims.

Private Seed Honeypot

Having the private seed, private keys, or secret recovery phrase from a crypto wallet (a string of twelve or more random words) ensures complete access and control to all funds stored in that wallet. That’s why the first thing you should learn in crypto is to protect your private seed. Considering this, now imagine that a stranger sends you a private message one day, sharing their private seed with you, and asking for help to exchange their funds.

First Contact of the Honeypot. Image by Oliver Renwick / Consensys
They have handed you complete control over their funds, out of nowhere. You can now open that wallet from your side, and make all the transactions you want to with the coins inside. Or almost all the coins inside. Here’s a thing: to make transactions, you need to pay transaction fees in the native coin of that network.

In this kind of fraud, you can find a lot of tokens in the wallet, but they’re internal tokens inside another network, which means you’ll need to pay transaction fees in another coin to move them out. So, for instance, they could be Ethereum-based tokens, and you’ll need to pay a fraction of ether (ETH) to make a transaction with them. There’s no ETH in the wallet, though, and you’ll need to deposit at least a bit if you want the rest of the funds.

However, after you send that ETH fraction, this one is transferred out of this wallet immediately. It’s so fast that you couldn’t have done a thing to stop it because it was done by what 's called a “sweeper bot”. This way, the scammer won’t let anyone transfer the internal tokens, while effectively stealing the native coins sent to the wallet.

It may not be that much per victim, but it’s there, as a sort of passive income for the fraudster(s). Avoid this trap! Nobody is gonna send their private seed to a stranger willingly.

Romance Subscriptions

At this point, we all likely know and hate romance scams. Someone messages you for months, pretends to be your friend or your date, and somehow ends up asking for money. Well, it seems like romance scammers also have a way to make the process quicker, but equally effective.

There are dating platforms around asking for high subscription fees only to access them. The clients are often from North America or Europe, looking for romantic partners in Latin America and Asia. They can see a wide selection of profiles with photographs, but they also need to pay even more to send them messages or receive more images.

Behind the screen, these profiles are all fake and handled by whole offices of underpaid (and illegal) workers, pretending to be the people in the photographs and urging the clients to spend as much money as possible on internal services, such as messaging. Even the people in the photographs work for the malicious company, so they don’t only sell their photos, but partake in the fraud through video when they’re asked to.

Payment methods include several cryptocurrencies. Multiple complaints __and warnings__have been made against these sites. In addition, one of our team members personally communicated with one of those workers behind the screen, who described and confirmed the fraud to us. It’s a trap! Don’t fall for it!

Discord Account Hijack

Discord could be a scam minefield even for experienced users, and moderators and admins of crypto communities on this platform aren’t immune. The scam starts when someone approaches the admin/mod, either through a direct message or in a public chat, offering opportunities to work as a freelance moderator or admin for crypto projects. They claim to be part of an agency that provides temporary moderation support to new ventures.

The approach is subtle and professional, with the scammer communicating clearly and not appearing aggressive. So far, this tactic has been seen in various languages like English, Italian, and German, indicating a broader reach. Once the offer is accepted, the target is invited to join the scammer's Discord server for more information. Upon entering, they are asked to verify their identity—something very common in larger communities.

However, this verification is actually a trap that compromises the user’s account entirely. The fraudster then uses the hijacked account to spread crypto scams across multiple servers. Worse yet, they pretend to be the victim, interacting with users and recommending fraudulent projects, making it appear as though these suggestions are genuine. This scam is particularly dangerous due to its convincing and familiar approach until it’s too late to stop.

If a victim falls for this scam, they should try to regain control of their account by resetting their Discord password as quickly as possible. If the account recovery process fails, they need to contact Discord's support team to report the hack and request assistance in securing the account. Additionally, the victim should inform all relevant server admins where they’re moderators or members, alerting them that their account was compromised.


Deepfakes to Invest

A lot of people would invest in a project if that project is endorsed by a celebrity. Or better yet, by an important political figure. Right now, in our slightly creepy era, it’s completely possible to “steal” a face online and make it talk in your favor, on video. It’s called a deepfake and it’s done with AI. See, for instance, this video of the UK Prime Minister Keir Starmer recommending a new crypto investment platform. If that sounds weird, it’s because the real Starmer didn’t do it, only his face on a deepfake.

The mentioned crypto platform is of course a scam, and the fraudsters made an investment of around $27,000 in Meta ads (Facebook and Instagram) to reach over 891,000 people, according to the research firm Fenimore Harper. Indeed, these fake ads represent at least 43% of all Meta ads about Starmer, threatening to surpass the real ones. Soon enough, a fake version of Prince William also joined to promote the malicious crypto investment website.

This is barely yet another incident, though. Elon Musk, Donald Trump, Michael Saylor, and other well-known public figures have been impersonated this way to attract potential investors to scammy crypto platforms. Luckily, some things can help you to detect a deepfake. Key signs include unnatural facial movements, like inconsistent blinking, awkward lip-syncing, or unusual skin texture that looks overly smooth or too perfect. Lighting inconsistencies, especially around the face and body, may also be a clue, as well as strange shadows or reflections that don’t match the surroundings.

A QR to Steal Everything

One bad moment you could be scanning a seemingly innocent QR code to make a small payment, and the next one you could discover that all the funds in your wallet are gone. This is the type of crypto scam described by the analysis firm Bitrace recently. It all starts when a scammer proposes an enticing peer-to-peer token exchange, bypassing traditional exchanges.

QR Code Scam. Image by Bitrace

They lure in their target by offering better-than-market rates and a small upfront payment in Tether (USDT). To further win trust, the scammer promises long-term cooperation and additional fees in TRON (TRX). After this initial transaction, the scammer asks the user to participate in a “small repayment test,” which involves scanning a QR code to return the initial USDT. However, this QR code redirects the user to a third-party website that tricks them into confirming the transaction. **The moment they hit “confirm,” their wallet’s authorization to spend everything is stolen, allowing the scammer to drain their funds. \ This scam has already affected at least 27 individuals, with losses totaling around $120,000. The stolen funds were funneled through various intermediary accounts before being laundered through a Cambodian crypto exchange. In these circumstances, it’s very unlikely for the victims to recover their money.

Protect Your Coins Against Scams

  • Review smart contract actions carefully: Before interacting with any smart contract or making transactions, take the time to read and understand its actions. This helps ensure that you’re not unknowingly giving permissions that could allow scammers to access or drain your wallet. In Obyte, smart contracts can be read by humans, from the same wallet.

  • Verify offers and projects carefully: Be skeptical of any unsolicited offers for work or investments, especially if they promise better-than-market rates or guaranteed profits. It’s not recommended to answer private messages on any platform if you don’t know who’s on the other side.
  • Don’t pay for romance:If you have to pay for it, that’s already a very bad sign. If you want to interact online with someone, at least make sure you can see them —not only photos or messages.
  • Use two-factor authentication (2FA): Enable 2FA on all accounts, including crypto exchanges and communication platforms like Discord. This adds an extra layer of security and can prevent unauthorized access. In Obyte wallets, you can do this by creating a multidevice account from the Global Settings or enabling a spending password to authorize each transaction.
  • **Beware of what you’re seeing:**Always question endorsements from celebrities or political figures. Some quick research could save you a lot of money.
  • Avoid scanning random QR codes: Only scan QR codes from trusted sources. Scammers can use QR codes to redirect you to malicious websites that can compromise not only your wallet but your entire device and data.

Finally, you can check our guides about how to recognize legitimate centralized projects (like crypto/fiat exchanges) and trustable decentralized projects (like DEXes).


Featured Vector Image by Freepik.


文章来源: https://hackernoon.com/top-5-complex-crypto-scams-to-watch-out-for-in-2024?source=rss
如有侵权请联系:admin#unsafe.sh