Forewarned is forearmed: four safety rules for cryptocurrency owners

The cryptocurrency community is growing exponentially – the number of crypto users already exceeds 100 million. At least 14 million more users are projected to enter the market during 2021. However, not only newbies, but also experienced owners of cryptocurrencies can become easy targets for cybercriminals and fraudsters if they do not observe the basic rules of network security.

According to
analytics company CipherTrace, cryptocurrency criminals stole $1.9 billion in 2020, and $4.5 billion the year before. More often than not, cryptocurrency users fell victim to fraudsters and pyramid schemes, and lost their cryptoassets during hacks of decentralized finance (DeFi) projects.

In 2019, cryptocurrency pyramid scheme PlusToken
brought in $2.9 billion for fraudsters, and in 2020, a similar scheme, WoToken, enriched criminals by $1.1 billion. Although the number of major frauds has decreased significantly, they still accounted for 73% of the total amount of damage from cryptocurrency crimes last year. There has also been an increase in sophisticated phishing attacks: spoofed emails used to spread malware or force cryptocurrency users to disclose sensitive information.

Fraudsters are getting craftier and working on new ways to steal cryptocurrencies. How to protect yourself from such attacks, not to fall prey to fraudsters and to save your cryptocurrencies?

1. Signs of common cryptocurrency scams

There are three main types of fraud, which sooner or later every participant of the cryptocurrency industry will face. It’s important to learn to recognize them so you don’t lose assets.

Fake cryptocurrency giveaways

Most often such “free” cryptocurrency giveaways are advertised in social networks. The message calls for transferring cryptocurrency to a specific address with the promise that the sender will receive several times more in return. This type of fraud has been implemented since the ICO boom of 2017 and is still popular with criminals. Such fraudulent campaigns are easy to identify if you know what to look out for.

• Messages are published purportedly on behalf of a celebrity. Fraudsters create a fake account with a name, profile description and photo as similar or identical to the celebrity’s profile as possible. Last March, a fake video appeared on YouTube
  a fake video on behalf of Ripple CEO Brad Garlinghouse appeared on YouTube last March. Attackers encouraged users to contribute XRP 2,000 to 500,000 to participate in the token giveaway. The account was obviously fake, but the video racked up over 85,000 views.

Last summer Twitter saw a massive hack of
about 130 accounts of some major exchanges and founders of cryptocurrency projects. Fraudsters posted and forwarded messages about giving away 5,000 BTC. Accounts of Apple, Uber, Ripple, Binance, Ilon Musk, Barack Obama, Bill Gates, Kim Kardashian and other popular personalities were hacked;

In the first hours of the attack, gullible crypto-asset owners transferred more than 10 BTC in over 300 transactions to the scammers’ address. That’s why you should always be wary, even if the information about the distribution of cryptocurrencies is published in an account verified by the social network.

ETH giveaway scam using Ilon Musk’s fake Twitter profile.

Top tip: The best way to recognize a scam is to look for inconspicuous changes in the author’s name. In the example above, the scammer created a Twitter account @elonmmusk, whereas the original username is @elonmusk. The extra “m” is easy to miss at a glance. In addition, most social networks usually have a checkmark next to the name of the verified user to verify the identity of the account holder.

Example of a verified account on the social network “VKontakte

Cryptocurrency pyramids with trading bots

Pyramids with trading bots – another classic example of cryptocurrency fraud. These include platforms that promise extremely high returns on a monthly/daily/every hour basis. These sites operate according to a pyramid scheme: the money deposited by new users is paid to those who invested earlier. As soon as the creators of the platform raise enough money, they disappear and close the website.

One of the most famous examples of such scams is Bitconnect. The creators of the platform promised investors 40% of profit each month, as well as additional interest for people who have invested larger sums. The platform worked for more than two years, and its own token even made the top 10 cryptocurrencies by market capitalization, before regulators shut down the scheme. Experts estimate that the founders of Bitconnect stole more than $250 million.

The creators of Bitconnect promised investors gigantic and unrealistic profits.

The main signs of a cryptocurrency pyramid:

• Scheme operators always promise extremely high returns – several percent weekly, hundreds of percent annually.

• Lack of real information about the project team. If the platform has a page about the creators of the project, you need to check for links to Linkedin, Twitter, Facebook, email addresses. If there are no links or information in social networks is incomplete, it is worth looking for more detailed data on the Internet.

• The site has no documentation explaining how bots work and how they achieve high returns.

• The presence of spelling and stylistic errors also indicates that the site was created in a hurry and it can be managed by fraudsters.

Phishing emails

Phishing attacks are becoming harder and harder to detect as attackers pay more and more attention to creating seemingly real emails from real companies. Scammers typically encourage users to click on links that instantly infect the device with malware, giving the attacker full access to the information stored on the device.

Often the links in phishing emails lead to fake sites that resemble the original site of the real company as much as possible. The site may ask the user to “reset their password” in order to take over their credentials, send them money, or enter a Sid phrase.

Late last year, a Moscow resident lost
6 BTC and 70 ETH because he went to a phishing site that copies the cryptocurrency wallet blockchain.com. Ledger wallet users lost
more than 1,150,000 XRP after customer data leaks and phishing attacks.

Screenshot of the email Ledger wallet users received after the 2020 database leak. The email prompts users to “install an updated version of the software” – go to a phishing site to download malware.

If you receive a suspicious email asking you to reveal sensitive information, send a payment or click on links, it’s important to remember three basic rules:

• Always check the sender’s email address.

• Never click on links in an email from an unknown sender.

• Never give out your personal information, passwords, or Sid phrases to anyone.

Top tip: If you have any doubts about an email you received, go to the company’s official website and contact support. In addition, follow the news of the cryptocurrency firms whose services you use. If a company has reported a leak of personal data, be prepared for a phishing attack to be launched by fraudsters.

2. Don’t store data to access cryptocurrencies digitally

One of the biggest mistakes both novices and experienced cryptocurrency users make is storing wallet passwords, sido phrases or backup codes on a digital device connected to the internet. This could be a screenshot stored on a laptop, a photo containing sensitive information on a smartphone, a password stored in an email sent to yourself, a note with a Sid phrase on your phone, and so on.

If an attacker gains access to the device, they can use the sensitive data to steal cryptocurrencies. The best way to securely store your cryptocurrency-related information is to write it down on paper, away from people and cameras, or if you want to memorialize it, engrave it on a metal plate.

There are a variety of services that provide a secure storage solution for sensitive information:

• Cryptotag
  – Allows you to engrave a password/syd phrase on a plate that fits into a metal box. Worldwide shipping, can be paid in BTC.

• Coldbit – metal plate for self-engraving of a cid phrase for a wallet. The company deletes personal data from the system after sending the order, if the customer wishes. FedEx shipping, you can pay in BTC.

• Cryptosteel
  and Simbit – devices for offline storage of passphrases, passwords and other sensitive information. The kit comes with engraved letters, from which the user types the desired password or code and inserts it into the device. Worldwide shipping.

3. Activate two-factor authentication

When creating a new account on a cryptocurrency platform, it is important to enable two-factor authentication (2FA) if this option is available. 2FA means that in order to access your account, you need to confirm login from two different devices.

Two-factor authentication can involve receiving an SMS or code via email. However, the vast majority of cryptocurrency platforms ask the user to download a mobile app that cryptographically communicates with the account on the site and generates a random six-digit password that changes every 30-40 seconds. Basic two-factor authentication applications that are widely compatible with cryptocurrency platforms:

• Google Authenticator

.

• Authy

.

To activate 2FA through the app</nbsp;you need to download it and then go to the account settings on the cryptocurrency platform. Usually the 2FA activation is on the Privacy tab or similar. Turn on two-factor authentication, find the QR code option and select it.

Then go to the 2FA mobile app, find the “+” icon and the “Scan QR Code” button. Clicking on it will open the smartphone camera. Point it at the QR code on your computer screen and the account will automatically be added to your 2FA app, and a password will be generated to log in.

Screenshot of the Google Authenticator mobile app.

When you set up 2FA for the first time, you must enter the password in your account, which is displayed in the mobile app. After that the activation of two-factor authentication will be completed. Each time you sign in to your account, you will need to enter your login password and two-factor authentication password.

4. Use a different password for each platform

Leakage of personal data of cryptocurrency platforms’ clients is quite a common situation. Many users use the same email address and password for all their accounts, even those without two-factor authentication enabled. In this case, if at least one platform’s personal data is stolen from a user, attackers can access all of the user’s accounts at once.

Using different passwords for cryptocurrency accounts is important to reduce the damage from possible data breaches. If you have a lot of accounts, you can use free extensions and applications to manage passwords.

These services enable you to host and create strong passwords for a large number of platforms-you just need to remember the one password that gives you access to the app. Most password managers automatically fill in any previously saved login information when you log on to the platform, and prompt you to add any new login information when you create it. Major password management services:

• Lastpass

.

• 1Password

.

• Dashlane

.

Always be aware of the fact that the cryptocurrency industry is full of crooks and cybercriminals who want to get their hands on other people’s cryptoassets.. Be careful, follow simple rules and remember to do your due diligence before investing your money in a little-known project, even if it seems very promising.