Private keys give not only full control over cryptocurrencies, but also impose on the owner the responsibility for their protection and safe storage.. How to avoid becoming a victim of scammers and save your money? The crypto community is growing exponentially — the number of users of crypto assets already exceeds 100 million. At least 14 million more users are forecast to enter the market during 2021. However, not only beginners, but also experienced owners of cryptocurrencies can become an easy target for cybercriminals and scammers if they do not follow the basic rules of online security. Crypto criminals stole $1.9 billion in 2020, up from $4.5 billion a year earlier, according to CipherTrace.. Most often, cryptocurrency users became victims of scams and pyramid schemes, and also lost their crypto assets during hacks of decentralized finance (DeFi) projects. In 2019, the PlusToken cryptocurrency pyramid brought fraudsters $2.9 billion, and in 2020, a similar WoToken scheme enriched criminals by $1.1 billion. Although the number of major scams has decreased significantly, they still account for 73% of the total damage from cryptocurrency crimes last year.. There has also been an increase in sophisticated phishing attacks: spoofed emails used to spread malware or force users of cryptocurrencies to reveal sensitive information. Fraudsters are getting smarter and are working on new ways to steal cryptocurrencies. How to protect yourself from such attacks, avoid becoming a victim of scammers and save your cryptocurrencies? one. Signs of common cryptocurrency scams There are three main types of scams that every participant in the cryptocurrency industry will encounter sooner or later.. It is important to learn how to recognize them so as not to lose assets. Fake cryptocurrency giveaways Most often, such “free” cryptocurrency giveaways are advertised on social networks.. The message contains a call to transfer the cryptocurrency to a specific address with the promise that the sender will receive several times more in return. This type of scam has been around since the ICO boom in 2017 and is still popular with criminals.. These scam campaigns are easy to identify if you know what to look for. The message is published ostensibly on behalf of a famous person. Fraudsters create a fake account whose name, profile description and photo are as similar or identical to the profile of a celebrity as possible. In March last year, a fake video appeared on YouTube on behalf of Ripple CEO Brad Garlinghouse.. The attackers urged users to deposit between 2,000 and 500,000 XRP to participate in the token giveaway. The account was apparently fake, but the video got over 85,000 views. Last summer, Twitter experienced a massive hack of about 130 accounts of a number of large exchanges and the founders of cryptocurrency projects.. Fraudsters published and forwarded messages about the distribution of 5000 BTC. The accounts of Apple, Uber, Ripple, Binance, Elon Musk, Barack Obama, Bill Gates, Kim Kardashian and other popular personalities were hacked. In the first hours of the attack, gullible owners of cryptoassets transferred more than 10 BTC to the scammers' address in more than 300 transactions. Therefore, you should always be on your guard – even if information about the distribution of cryptocurrencies is published in an account verified by a social network. A promise to return users more money than they transferred. Such an offer is a sure sign that it is being distributed by scammers and in no case should you send money to the specified address. Fraudsters post as many positive comments as possible under the original cryptocurrency giveaway post. This is another tactic to convince real social media users of the legitimacy of the offer.. Fake accounts are usually deleted shortly thereafter. ETH giveaway scam using a fake Elon Musk Twitter profile. Top Tip: The best way to spot a scam is to look for subtle changes in the author's name. In the example above, the scammer created the Twitter account @elonmmusk while the original username was @elonmusk. The extra “m” is easy to miss at a glance. In addition, next to the name of a verified user in most social networks, there is usually a checkmark confirming the identity of the account owner. An example of a verified account on the VKontakte social network Cryptocurrency pyramids with trading bots Pyramids with trading bots are another classic example of cryptocurrency fraud. These include platforms that promise monthly/daily/hourly extremely high returns.. These sites work on a pyramid scheme: the money deposited by new users is paid out to those who invested earlier. Once the creators of the platform raise enough money, they disappear and shut down the website. One of the most famous examples of such a scam is Bitconnect.. The creators of the platform promised investors 40% profit every month, as well as additional interest for people who invested larger amounts.. The platform ran for over two years, and its native token even made it into the top 10 cryptocurrencies by market capitalization before regulators shut down the scheme.. According to experts, the founders of Bitconnect stole more than $250 million. The creators of Bitconnect promised investors gigantic and unrealistic profits. The main features of the cryptocurrency pyramid: Scheme operators always promise extremely high returns – a few percent weekly, hundreds of percent per annum. Lack of real information about the project team. If the platform has a page about the creators of the project, you need to check for links to Linkedin, Twitter, Facebook, email addresses. If there are no links or information on social networks is incomplete, you should look for more detailed data on the Internet. There is no documentation on the site explaining how trading bots work and how high profitability is achieved. The presence of spelling and stylistic errors also indicates that the site was created in a hurry and may be run by scammers. Phishing emails Phishing attacks are getting harder to spot as attackers focus on creating seemingly real emails from real companies.. Typically, scammers urge you to follow links that instantly infect your device with malware, giving the attacker full access to the information stored on it. Often, links in phishing emails lead to fake sites that closely resemble the original website of a real company.. On the site, the user may be prompted to “reset password” in order to take possession of his credentials, send money or enter a seed phrase. At the end of last year, a resident of Moscow lost 6 BTC and 70 ETH due to the fact that he went to a phishing site that copies the cryptocurrency wallet blockchain.com. Ledger wallet users have lost over 1,150,000 XRP after client data leaks and phishing attacks. Screenshot of email received by Ledger wallet users after database leak in 2020. The email prompts users to “install an updated version of the software” – go to a phishing site to download malware. When you receive a suspicious email that asks you to disclose confidential information, send a payment, or follow links, it's important to remember three basic rules: Always check the sender's email address. Never click on links in an email from an unknown sender. Never share your personal information, passwords, or seed phrase with anyone. Top tip: if you have any doubts about the email you received, go to the official website of the company and contact support. In addition, follow the news of the cryptocurrency firms you use.. If a company has reported a personal data breach, be prepared for the fact that scammers may launch a phishing attack. 2. Don't Store Cryptocurrency Access Data Digitally One of the biggest mistakes both novice and experienced crypto users make is storing wallet passwords, seed phrases, or backup codes on a digital device connected to the internet.. This could be a screenshot of data stored on a laptop, a photograph containing sensitive information on a smartphone, storing passwords in an email sent to oneself, a note with a seed phrase on a phone, and so on. If an attacker gains access to the device, he can use sensitive data to steal cryptocurrencies. The best way to securely store information related to cryptocurrencies is to write it down on paper away from people and cameras, and if you want to immortalize it, engrave it on a metal plate. There are various services that provide a solution for the secure storage of confidential information: Cryptotag – allows you to engrave a password / seed phrase on a plate that is placed in a metal box. Worldwide shipping, you can pay in BTC. Coldbit – a metal plate for self-engraving the seed phrase to the wallet. At the request of the client, the company deletes personal data from the system after sending the order. Shipping FedEx, you can pay in BTC. Cryptosteel and Simbit – devices for offline storage of seed phrases, passwords and other confidential information. The kit comes with engraved letters, from which the user types the desired password or code and inserts it into the device. Delivery worldwide. 3. Activate two-factor authentication When creating a new account on a cryptocurrency platform, it is important to enable two-factor authentication (2FA) if this option is available. 2FA means that in order to access your account, you need to confirm the login from two different devices. Two-factor authentication may include receiving an SMS or email code. However, the vast majority of cryptocurrency platforms ask the user to download a mobile application that is cryptographically linked to an account on the platform and generates a random six-digit password that changes every 30-40 seconds.. The main two-factor authentication applications that are widely compatible with cryptocurrency platforms are: Google Authenticator Authy To activate 2FA through the application, you need to download it, and then go to the account settings on the cryptocurrency platform. Usually 2FA activation is on the Privacy tab or similar. Turn on two-factor authentication, find the QR code setup option, and select it. Then go to the 2FA mobile app, find the “+” icon and the “Scan QR code” button. Clicking on it will open the camera of the smartphone. Hover it over the QR code on your computer screen and the account will be automatically added to your 2FA app, after which a login password will be generated. Screenshot of the Google Authenticator mobile app. When setting up 2FA for the first time, you must enter the password in your account, which is displayed in the mobile application. After that, the activation of two-factor authentication will be completed. Each time you sign in to your account, you will need to enter your login password and two-factor authentication password. 4. Use different passwords for each platform Leakage of personal data of clients of cryptocurrency platforms is a fairly common situation. Many users use the same email address and password for all of their accounts, even those that don't have two-factor authentication enabled.. In this case, if the user's personal data is stolen from at least one platform, attackers can gain access to all of his accounts at once. Using different passwords for accounts on cryptocurrency platforms is important to reduce the damage from possible data leakage. If the user has many accounts, you can use free extensions and applications to manage passwords. On such services, you can store and create secure passwords for a large number of platforms – just come up with and remember one password to access the application. Most password managers automatically populate any pre-saved login details when you log into the platform and offer to add any new vault login details when you create them. The biggest password management services: Lastpass 1Password Dashlane Always remember that there are a lot of scammers and cybercriminals in the cryptocurrency industry who seek to take possession of other people's crypto assets. Be careful, follow simple rules, and remember to do your due diligence before investing your money in a little-known project, even if it seems very promising.