1. Home
  2. Bitcoin Scams

Bitcoin Scams

Revolut prevents $13.5M of ‘potential fraud transactions’ in crypto

Revolut has been under fire as fraud complaints piled up in 2024, but the company has insisted it saved hundreds of millions in “potential fraudulent transfers.”

Cryptocurrency-friendly neobank Revolut said it has prevented millions of dollars in potential customer losses from fraudulent crypto transfers over the past three months

Revolut said on Oct. 7 that it blocked up to $13.5 million worth of “potentially fraudulent crypto transfers” between June 1 and Sept. 1, 2024, according to an announcement sent to Cointelegraph.

“The company’s proactive approach has seen it significantly enhance its crypto-specific security measures recently, which has led to an increase in the amount of potential fraud it has prevented,” Revolut said.

Read more

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum

Bitcoin ATM Scams on the Rise: North Carolina AG Issues Warning and Tips to Stay Safe

Bitcoin ATM Scams on the Rise: North Carolina AG Issues Warning and Tips to Stay SafeNorth Carolina Attorney General Josh Stein has issued a warning about bitcoin ATM scams, following numerous complaints. The alert outlines tips to avoid such scams, emphasizing caution with unsolicited requests for cryptocurrency payments, online relationships turning financial, verifying investment advice, and avoiding get-rich-quick schemes. Victims are urged to report scams to local law enforcement and […]

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum

UK cryptocurrency scams jump 23%, young investors prime targets: Lloyds Bank

According to the bank, potential cryptocurrency investors usually make an average of three payments before recognizing they’ve fallen victim to a scam.

One of the Big Four banks in the United Kingdom, Lloyds Bank, has said that reports of cryptocurrency investment scams by victims have surged by 23% in the current year compared to the same period in 2022.

According to a press release published by Lloyds Bank, an increasing number of investors face the threat of falling victim to fraudulent schemes through a wave of fake advertisements posted on social media. Each victim of a cryptocurrency investment scam is losing an average of $13,115 (10,741 British pounds), an increase from $8,562 (7,010 pounds) the previous year. This surpasses losses from other consumer frauds, such as romance scams or purchase scams.

Screenshot of the report from Lloyds Bank. Source: Lloyds Bank

According to the report, individuals aged 25–34 constitute a quarter of all crypto scam victims, making it the most prevalent age group affected. The criminal organizations orchestrating these scams adapt their strategies to capitalize on emerging trends, deceiving more victims into relinquishing their money. Recently, their focus has expanded to include younger investors, enticed by the allure of quick riches through cryptocurrency trading.

Potential cryptocurrency investors usually make an average of three payments before recognizing they’ve fallen victim to a scam. It takes approximately 100 days from the initial transaction date before they report it to their bank. Unfortunately, the funds are usually irretrievable for the bank by this time.

Related: BNB Smart Chain scam losses dropped 75% in Q3: Report

This Lloyds Bank report corresponds with findings from a Coinbase report on the cryptocurrency landscape, indicating that younger Americans are more receptive to unconventional avenues for financial independence, including crypto, than older generations. This susceptibility makes them vulnerable to scams.

Younger generations actively explore new economic opportunities, laying the foundation for a modernized system and a revitalized version of the “American Dream.” As the report outlines, they see technologies like cryptocurrency as a tool to modernize the system.

Magazine: Eleanor Terrett on impersonators and a better crypto industry: Hall of Flame

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum

Crypto firm claiming $1.4B in trades on CMC flashes reportedly fake license data

A crypto exchange claiming $1.7 billion in daily trades and reporting $1.4 billion of daily trading volume on CoinMarketCap had reportedly displayed false license data until Estonian regulators checked it.

A number of cryptocurrency platforms reporting billions of dollars in daily trades on CoinMarketCap appear to have been misleading their customers about holding certain crypto licenses, an investigation by Cointelegraph has found.

Bitspay, a crypto exchange that reports a $1.4 billion daily trading volume on CoinMarketCap, claimed it held a license in Estonia, and is regulated under Estonian law. However, after Cointelegraph reached out with questions about this license, the company swiftly erased its reportedly fake license data.

At the time of writing, Bitspay is the fourth-largest crypto exchange by daily trading volume on CoinMarketCap, following platforms like Binance, BitForex and Topcredit International.

Top four crypto exchanges by daily trading volume. Source: CoinMarketCap

According to Bitspay’s page on CoinMarketCap, it is a centralized exchange (CEX) based in Estonia. The exchange was launched in 2020 and claims to be regulated under the Estonian “Anti Money Laundering Counter-Terrorism Financing Act 2019,” which appears to be referring to the country’s Money Laundering and Terrorist Financing Prevention Act.

Bitspay’s info on CoinMarketCap. Source: CoinMarketCap

Bitspay also claimed it was licensed and regulated by Estonia’s Financial Intelligence Unit (FIU). “Bitspay Limited registered with the registration number FVR000796, under the Laws of the Republic of Estonia,” the firm stated on one of its domains, Bitspay.io, until it erased the information immediately following Cointelegraph’s inquiries.

Bitspay claiming to have a license in Estonia on Bitspay.io. Source: Wayback Machine

Contacted by Cointelegraph, Estonia’s FIU reported that Bitspay didn’t hold any valid license in Estonia. “We took a look into it, and it seems that the license number which they have previously announced refers to an Estonian company, Globe Assets OÜ,” a spokesperson for the FIU said in a statement on Sept. 21. The license was also valid for less than a year, from March 2019 until January 2020, the representative noted.

The FIU didn’t respond to additional questions about Bitspay’s legal status in Estonia.

Bitspay was showing its website visitors information on the license mentioned above until at least Sept. 18, 2023. The firm subsequently rebranded its website from the briefly unavailable Bitspay.io to Bitspay.global on Sept. 21, removing all data about being registered or regulated in Estonia.

At the time of writing, Bitspay has not provided any information about its registration or license on its new website. The exchange also claims on its website that its daily trading volume amounts to 65,249 Bitcoin (BTC), or $1.7 billion. Despite reporting that much in trading, the exchange appears to have no more than around 400 subscribers on Twitter and some 16,000 members on its Telegram channel.

Kelly Nova, said to be the founder and CEO of Bitspay on its website, told Cointelegraph that the exchange is working on licenses in both Estonia and the United Kingdom. “We have some copyright issues and that’s why we closed the Bitspay.io domain,” he said. The exec didn’t respond to Cointelegraph’s request for further information about Bitspay founders or why the firm previously claimed to have a license in Estonia on its website.

Bitspay appears to be far from the only platform reporting massive trading volumes on CMC while little is known about its licenses, founders or background. Exchanges like Topcredit, which reports $1.8 billion in daily trades on CoinMarketCap, and Bika — reporting $1.2 billion — have been unwilling to talk to Cointelegraph about their background and founders as well.

“We have long been aware that self-reported data can be problematic but APIs are the only viable source for data collection,” a spokesperson for CoinMarketCap told Cointelegraph.

The representative also referred to the website’s scoring system, pointing out that platforms like Bitspay, Topcredit or Bika have a significantly lower score than major exchanges like Binance, which has owned CoinMarketCap since April 2020. “We always encourage our users to perform their own due diligence, especially with low scoring exchanges,” the spokesperson said, adding:

“We know our data isn't infallible. Our role is as an objective and comprehensive information aggregator, not a regulator. [...] In short, CMC numbers are as credible as they can be, using our industry leading experience, technology, verification methodology and feedback loops [...]”

The spokesperson cited the crypto adage “don't trust, verify” and said it embodies a foundational principle of cryptocurrencies and blockchain technology.

Related: Hong Kong to list ‘suspicious’ crypto platforms in wake of JPEX scandal

According to a public announcement, Bitspay was listed on CoinMarketCap in July 2023. CoinMarketCap’s major rival, CoinGecko, hasn’t listed this website, nor has it listed Topcredit or Bika. Despite this discrepancy, CoinGecko has significantly more spot exchanges than CoinMarketCap, does. At the time of writing, CoinGecko lists a total 784 exchanges, while CoinMarketCap lists only 225.

Websites like CoinMarketCap have frequently been criticized for providing inflated exchange trading volumes. In 2019, Bitwise Asset Management claimed that 95% of volumes on unregulated exchanges reported on CoinMarketCap were fake or non-economic wash trading in nature. Another investigation by the data analytics firm The Tie suggested in 2019 that more than 86% of reported crypto trading volume appeared suspicious.

Magazine: Big Questions: What’s with all the crypto deaths? 

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum

Breaking victim ‘trust’ in scammer is key to beat crypto scams, exchanges say

Responsibility for crypto scams does not only belong to the cryptocurrency industry, it also involves banks, telecoms and social media platforms, Australian exchanges say.

Cryptocurrency exchanges in Australia have been increasingly communicating with their users as part of preventative measures for scams. According to local crypto firms, such communication is the key to preventing scams as it is able to “break trust” between victims and scammers.

Executives at major Australian crypto firms like Cointree, CoinSpot and Swyftx on Aug. 31 met at a panel of the fintech conference Intersekt 2023 in Melbourne to discuss the issue of scams and fraud in crypto.

At the panel, the executives mentioned a variety of measures taken by the platforms in order to protect their users from fraud, including automated and manual Anti-Money Laundering (AML) checks, investigations, education and communication.

Cointree, CoinSpot, Swyftx and Chainalysis executives at Intersekt 2023. Source: Cointelegraph

According to CoinSpot AML officer Jedda Stocks-Ramsay, the firm has been particularly focused on “just talking” to its customers as it found it really effective.

“We find that we'll speak to our customers at least once over the course of their life or the course of their life on their account with us,” Stocks-Ramsay stated. He noted that talking about scams is the key factor because there's a social engineering aspect to that.

CoinSpot has been particularly focused on helping customers understand the issue of trust that scammers attempt to build with their victims, Stocks-Ramsay said. The exec stressed that scammers often spend hours on the phone with victims, and a simple email from the exchange could help users to avoid this altogether. He added:

“One really effective way we find of breaking that trust or at least planting the seed for the victim to question it is talking to them and giving them that human element because that's what the scam is doing.”

Alongside communication, education is another important component of protecting crypto users, Swyftx executive Jason Titman noted. He stressed that often, the reason individual consumers are susceptible to being tricked into disclosing their personal data and passwords to scammers is due to lack of education.

“It's always been important because, as this is a new asset class, we've been educating our customers, particularly something that's very relevant and important,” he noted.

The panel speakers also highlighted the importance of educating users beyond just the cryptocurrency industry.

Cryptocurrency is “just one industry within the scams ecosystem,” Stocks-Ramsay said, adding that many other industries are involved in crypto scams, including social media, banks, telecoms and others.

Related: Thailand threatens Facebook over crypto scams and other fraudulent ads

Cointree CEO Jess Renden agreed with the CoinSpot exec, stressing that cryptocurrency scams are “not crypto’s fault.” Crypto firms in Australia have been actively communicating with regulators and other businesses, be it telcos or social media platforms, she said, adding:

“Our industry is constantly sort of badgered saying that it's our fault and it's up to us. And I think all of you today have seen the measures we go through to try and protect customers.

The news comes a few months after Australia's major banks argued that 40% of scams involve cryptocurrency in order to defend the decisions of certain local banks that restricted some crypto transactions over scams in early June 2023.

According to data from the Australian Competition and Consumer Commission, local people lost roughly $150 million from investments where cryptocurrency was used as the payment method in 2022. The amount is up more than 160% from 2021.

Additional reporting by Cointelegraph author Tom Mitchelhill.

Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum

Crypto P2P scams in India show digital asset education is needed

Scammers have made it impossible for Indian crypto traders to conduct P2P trades owing to several police complaints and bank account freezes that follow.

Peer-to-peer (P2P) cryptocurrency trading has been a staple of the cryptocurrency community since the industry’s early days. 

P2P trading refers to the direct exchange of cryptocurrencies between two users without the involvement of intermediaries. P2P exchanges link buyers and sellers while also adding an extra degree of security through an escrow service. Some of the key advantages of P2P over centralized exchanges include global accessibility, a variety of payment alternatives and no transaction fees.

Furthermore, P2P marketplaces have become crucial for crypto traders and enthusiasts in jurisdictions where governments are hostile to formal cryptocurrency exchanges and service providers.

In India, they became a lifeline for many crypto traders when the country’s central bank issued a banking ban on cryptocurrency businesses in April 2018.

Although the banking ban was eventually lifted by the Supreme Court in March 2020, P2P platforms continue to play a crucial role as banks remain sceptical about offering services to crypto exchanges due to a lack of regulatory clarity.

During the bull market in 2021–2022, India saw a significant surge in crypto trading volumes and crypto platforms, prompting the government to take notice of the nascent ecosystem.

Recent: PayPal’s new PYUSD stablecoin faces legal headwinds and ‘less functionality’

While industry leaders demanded a comprehensive regulatory framework, which has been under development since 2019, the Indian finance minister announced a 30% tax on crypto profits in 2022.

The heavy tax, in addition to the continuing lack of regulatory clarity, has been the bane of the budding Indian crypto ecosystem, deterring Indian investors away from the market.

While mainstream crypto exchanges struggled, P2P platforms saw their volumes skyrocket. 

How P2P scams happen

This rise in P2P trading volume also led to significant uptick in P2P scams. These scams often use stolen banking data or lure customers with fake promises of high profits and then use their banking information to scam P2P users.

Earlier in July, two people were arrested in the Indian city of Ujjain in connection with a Binance P2P scandal. The police recovered several fake bank accounts, ATM cards and documents from the accused, who were allegedly buying fake IDs and personal data for 1,500 Indian rupees ($18) in order to scam users of Binance P2P.

One way P2P scammers steal user data is with the help of fake crypto-centered channels on Telegram that promise high profits or airdrops. Many gullible users looking to make a quick profit often join these channels and share their personal banking information. In many other cases, the scammer simply buys or steals the user’s personal information.

The stolen data is then used to create a P2P account on any popular P2P platform — Binance and WazriX are common in India.

The scammer then initiates a buy order on the P2P platform looking for unsuspecting sellers. Once they match with a seller, they send the money to the seller using the victim’s account. Thus, they complete the P2P transaction on the platfrom where the buyer receives the cryptocurrency and the seller receives the money in their bank account.

The buyer (scammer) then vanishes with the crypto and the victim whose bank account was used to send the money only realizes it after the money has been deducted from their bank account.

The victim then lodges a complaint with the police whose first step is to freeze all bank accounts that the victim has interacted with during the scam phase.

This action from the police triggers an extended account freeze for unsuspected sellers of the P2P platform who only realize they were involved in the scam after they get a call from the police or their bank informs them that their account has been frozen.

In one instance, a seller, who wished to remain anonymous, received a “bank account frozen” message while trying to pay for a taxi. After contacting the bank, the seller learned that the halt was requested by the police’s cyber division responsible for looking into online crimes.

When the seller then followed up on the complaint with the police and enquired about the freeze on the account, they were met with threats of legal consequences from the Enforcement Directorate, India’s economic intelligence agency, for a $40 P2P completed transaction on WazirX in October 2022.

The police complaint was filed by a woman who was scammed out of $30,000 between September 2022 and June 2023. The police started the investigation and froze every bank account that interacted with the plaintiff’s accounts during the mentioned time frame, including the sellers for the October transaction.

The seller tried to explain to the police officer that they had successfully completed the P2P transaction and thus have no role in the scam. Despite this, the police ignored their claims, erroneously claiming that crypto transactions are illegal and stating that they must pay the complainee $40 or face further legal action.

With no other options left, the victim eventually paid the $40 amount to the plaintiff’s account after which the police released an order to unfreeze the account.

The police did not respond to Cointelegraph’s request for comment.

The bank account restrictions limit unsuspected victim’s access to cash, and the complexities involved in getting the issue fixed are significant. The seller — who often is also unaware of the scam until the last moment — could be subject to a legal investigation or be required to provide evidence.

There have been several instances of such P2P scams over the past year where victims noted their fear of authorities, with police often threatening legal actions. The anonymous seller told Cointelegraph that their account was frozen with 50,000 rupees in it, adding that they are very afraid of how to approach authorities and whether they would face legal consequences.

Some advise against P2Ps

Due to a lack of clear guidelines around crypto-related crimes and a lack of understanding of the technology underpinning cryptocurrencies, police investigations often start with freezing the accounts of anyone involved in the situation.

Pushpendra Singh, a prominent crypto personality and educator in the Indian crypto ecosystem, told Cointelegraph that scammers take advantage of the police’s ignorance of how crypto works:

“What these scammers do is they often use platforms, such as international Binance platform, to evade investigation from the Indian authorities, as it becomes quite difficult for the authorities to demand documents from such international platforms. Scammers then take the stolen USDT to Trust Wallet or any other non-KYC’d platform to avoid being tracked. While scammers get away with the money, both buyer and seller in the transaction face financial and legal consequences.”

Singh said that Indian police need to be actively trained on how these scams work. He noted that the “lack of awareness around the nascent tech also leads to victim harassment where many victims are often told by the police that crypto transactions are illegal in India.”

P2P scams have become very common and concerning to the point where the majority of crypto experts in India have now asked traders to avoid P2P trading. Sumit Gupta, CEO of CoinDCX — a major crypto exchange in India — said crypto traders should avoid P2P transations.

Magazine: Should we ban ransomware payments? It’s an attractive but dangerous idea

He said that many people in India got a notice from various government authorities just because they unknowingly sent money from someone who wasn’t the right person to deal with.

Other crypto personalities have urged traders to be vigilant and make sure the P2P account one is interacting with has a good history.

What started out as a crypto revolution has turned into a weak spot for the Indian crypto ecosystem.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum

Crypto phishing scams: How users can stay protected

A look at the different techniques employed by crypto phishing scammers and how users can stay protected.

In the fast-paced and ever-evolving world of cryptocurrency, where digital assets are exchanged, and fortunes can be made, a lurking danger threatens the safety of both seasoned investors and newcomers alike: crypto phishing scams. 

These schemes are designed to exploit the trust and vulnerability of individuals, aiming to trick them into revealing their sensitive information or even parting with their hard-earned crypto holdings.

As the popularity of cryptocurrencies continues to rise, so does the sophistication of phishing techniques employed by cybercriminals. From impersonating legitimate exchanges and wallets to crafting compelling social engineering tactics, these scammers stop at nothing to gain unauthorized access to your digital assets.

Malicious actors use different methods of social engineering to target their victims. With social engineering tactics, scammers manipulate users’ emotions and create a sense of trust and urgency.

Eric Parker, CEO and co-founder of Giddy — a noncustodial wallet smart wallet — told Cointelegraph, “Did someone reach out to you without you asking? That’s one of the biggest rules of thumb you can use. Customer service rarely, if ever, proactively reaches out to you, so you should always be suspicious of messages saying you need to take action on your account.”

“Same idea with free money: If someone is messaging you because they want to give you free money, it’s likely, not real. Be wary of any message that feels too good to be true or gives you an immediate sense of urgency or fear to make you act quickly.”

Email and messaging scams

One common technique used in crypto phishing scams is impersonating trusted entities, such as cryptocurrency exchanges or wallet providers. The scammers send out emails or messages that appear to be from these legitimate organizations, using similar branding, logos and email addresses. They aim to deceive recipients into believing that the communication is from a trustworthy source.

Bitcoin Scams, Scams, Security, Cybersecurity, Biometric Security, Wallet, Bitcoin Wallet, Hardware Wallet, Mobile Wallet

To achieve this, the scammers may use techniques like email spoofing, where they forge the sender’s email address to make it appear as if it’s coming from a legitimate organization. They may also use social engineering tactics to personalize the messages and make them seem more authentic. By impersonating trusted entities, scammers exploit the trust and credibility associated with these organizations to trick users into taking actions that compromise their security.

Fake support requests

Crypto phishing scammers often pose as customer support representatives of legitimate cryptocurrency exchanges or wallet providers. They send emails or messages to unsuspecting users, claiming an issue with their account or a pending transaction that requires immediate attention.

The scammers provide a contact method or a link to a fake support website where users are prompted to enter their login credentials or other sensitive information.

Omri Lahav, CEO and co-founder of Blockfence — a crypto-security browser extension — told Cointelegraph, “It’s important to remember that if someone sends you a message or email unsolicited, they likely want something from you. These links and attachments can contain malware designed to steal your keys or gain access to your systems,” continuing:

“Furthermore, they can redirect you to phishing websites. Always verify the sender’s identity and the email’s legitimacy to ensure safety. Avoid clicking on links directly; copy and paste the URL into your browser, checking carefully for any spelling discrepancies in the domain name.”

By impersonating support personnel, scammers exploit users’ trust in legitimate customer support channels. In addition, they prey on the desire to resolve issues quickly, leading users to willingly disclose their private information, which scammers can use for malicious purposes later.

Fake websites and cloned platforms

Malicious actors can also build fake websites and platforms to lure in unsuspecting users.

Domain name spoofing is a technique where scammers register domain names that closely resemble the names of legitimate cryptocurrency exchanges or wallet providers. For example, they might register a domain like “exchnage.com” instead of “exchange.com” or “myethwallet” instead of “myetherwallet.” Unfortunately, these slight variations can be easily overlooked by unsuspecting users.

Lahav said that users should “verify whether the website in question is reputable and well-known.”

Recent: Bitcoin is on a collision course with ‘Net Zero’ promises

“Checking the correct spelling of the URL is also crucial, as malicious actors often create URLs that closely resemble those of legitimate sites. Users should also be cautious with websites they discover through Google ads, as they may not organically rank high in search results,” he said.

Scammers use these spoofed domain names to create websites that imitate legitimate platforms. They often send phishing emails or messages containing links to these fake websites, tricking users into believing they are accessing the genuine platform. Once users enter their login credentials or perform transactions on these websites, the scammers capture the sensitive information and exploit it for their gain.

Malicious software and mobile apps

Hackers can also resort to using malicious software to target users. Keyloggers and clipboard hijacking are techniques crypto phishing scammers use to steal sensitive information from users’ devices.

Keyloggers are malicious software programs that record every keystroke a user makes on their device. When users enter their login credentials or private keys, the keylogger captures this information and sends it back to the scammers. Clipboard hijacking involves intercepting the content copied to the device’s clipboard. 

Cryptocurrency transactions often involve copying and pasting wallet addresses or other sensitive information. Scammers use malicious software to monitor the clipboard and replace legitimate wallet addresses with their own. When users paste the information into the intended field, they unknowingly send their funds to the scammer’s wallet instead.

How users can stay protected against crypto phishing scams

There are steps that users can take to protect themselves while navigating the crypto space.

Enabling two-factor authentication (2FA) is one tool that can help secure crypto-related accounts from phishing scams.

2FA adds an extra layer of protection by requiring users to provide a second form of verification, typically a unique code generated on their mobile device, in addition to their password. This ensures that even if attackers obtain the user’s login credentials through phishing attempts, they still need the second factor (such as a time-based one-time password) to gain access.

Utilizing hardware or software-based authenticators

When setting up 2FA, users should consider using hardware or software-based authenticators rather than relying solely on SMS-based authentication. SMS-based 2FA can be vulnerable to SIM-swapping attacks, where attackers fraudulently take control of the user’s phone number.

Hardware authenticators, such as YubiKey or security keys, are physical devices that generate one-time passwords and provide an extra layer of security. Software-based authenticators, such as Google Authenticator or Authy, generate time-based codes on users’ smartphones. These methods are securer than SMS-based authentication because they are not susceptible to SIM-swapping attacks.

Verify website authenticity

To protect against phishing scams, users should avoid clicking on links provided in emails, messages or other unverified sources. Instead, they should manually enter the website URLs of their cryptocurrency exchanges, wallets or any other platforms they wish to access.

By manually entering the website URL, users ensure they access the legitimate website directly rather than being redirected to a fake or cloned website by clicking on a phishing link.

Be cautious with links and attachments

Before clicking on any links, users should hover their mouse cursor over them to view the destination URL in the browser’s status bar or tooltip. This allows users to verify the link’s actual destination and ensure that it matches the expected website.

Phishing scammers often disguise links by displaying a different URL text than the destination. By hovering over the link, users can detect inconsistencies and suspicious URLs that may indicate a phishing attempt.

Parker explained to Cointelegraph, “It’s very easy to fake the underlying link in an email. A scammer can show you one link in the email’s text but make the underlying hyperlink something else.”

“A favorite scam amongst crypto phishers is to copy a reputable website’s UI but place their malicious code for the login or Wallet Connect portion, which results in stolen passwords, or worse, stolen seed phrases. So, always double-check the website URL you’re logging into or connecting your crypto wallet with.”

Scanning attachments with antivirus software

Users should exercise caution when downloading and opening attachments, especially from untrusted or suspicious sources. Attachments can contain malware, including keyloggers or trojans, which can compromise the security of a user’s device and cryptocurrency accounts.

To mitigate this risk, users should scan all attachments with reputable antivirus software before opening them. This helps detect and remove any potential malware threats, reducing the chances of falling victim to a phishing attack.

Keep software and apps updated

Keeping operating systems, web browsers, devices and other software up to date is essential for maintaining the security of the user’s devices. Updates can include security patches that address known vulnerabilities and protect against emerging threats.

Utilizing reputable security software

To add an extra layer of protection against phishing scams and malware, users should consider installing reputable security software on their devices.

Antivirus, anti-malware and anti-phishing software can help detect and block malicious threats, including phishing emails, fake websites and malware-infected files.

By regularly updating and running security scans using reputable software, users can minimize the risk of falling victim to phishing scams and ensure the overall security of their devices and cryptocurrency-related activities.

Educate yourself and stay informed

Crypto phishing scams constantly evolve, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. In addition, stay informed by researching and reading about recent phishing incidents and security best practices.

Recent: What is fair use? US Supreme Court weighs in on AI’s copyright dilemma

To stay updated on security-related news and receive timely warnings about phishing scams, users should follow trusted sources in the cryptocurrency community. This can include official announcements and social media accounts of cryptocurrency exchanges, wallet providers and reputable cybersecurity organizations.

By following reliable sources, users can receive accurate information and alerts regarding emerging phishing scams, security vulnerabilities and best practices for protecting their crypto assets.

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum

To catch a scammer: Kraken builds fake crypto account to ‘bait’ fraudsters

A call-center scammer impersonating President Joe Biden attempted to steal what they thought was $450,000 worth of Bitcoin from a streamer — instead, chaos ensued.

United States crypto exchange Kraken has provided a novel method for flagging nefarious wallets — building a fake crypto account on the exchange to “scam bait” bad actors.

Tweeting on May 10, popular streamer Kitboga — whose content revolves around annoying scammers— revealed that Kraken had built him a “custom environment” which he used to frustrate a scammer impersonating President Joe Biden, who he previously had a run-in with around a year ago.

In the accompanying video clip, Kitboga can be seen with around $450,000 worth of Bitcoin (BTC) in his Kraken-built fake crypto account.

The scammer then sees the funds via video remote computer screen-sharing software that he supposedly duped Kitboga’s character into downloading, and gets very excited about a big potential payday.

However, the punchline comes when Kitboga, who is portraying an elderly woman in the video, incorrectly enters the scammer’s wallet address before sending over all of the funds. As a result, the scammer becomes highly infuriated and starts berating Kitboga with a slew of swear words.

Notably, the scammer appears to have supplied a Kraken-hosted BTC wallet address, which essentially enables the crypto exchange to identify them and flag their activity.

The idea behind this collaboration seems to have been made possible by Kraken's chief security officer Nick Percoco and Kitboga.

Kitboga has 1.2 million followers on Twitch and 3 million followers on YouTube. His content generally revolves around comedically wasting the time of call center scammers by playing a bunch of non-tech-savvy characters.

In some cases, he has also managed to get their dubious websites taken down by reporting the fraud to the hosting companies these websites are stored with.

“Everyday there are scammers taking advantage of people. I call them to waste their time, walk people through their ‘script’ and lies, report info when I can, and otherwise make light of a dark situation,” his YouTube profile reads.

Cointelegraph reached out to Kitboga for comment. 

In a video on May 1, Kitboga highlighted a new BTC-related “social security scam” that targets victims via email or text message claiming that strange purchases have been made with their bank accounts.

Related: April’s crypto scams, exploits and hacks lead to $103M lost — CertiK

However, when victims call the numbers provided, the scammers claim that their identities have been stolen and that they need to withdraw all their cash, buy BTC and send the funds to a “secure government wallet.”

Kitboga obviously had fun with these scammers by pretending to get their “grandson” to buy 10,000 BTC and send it to the wrong address.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum

Navigating the World of Crypto: Tips for Avoiding Scams

From "pig butchering" to phishing, there are myriad ways that scammers try to take advantage of crypto users.

Despite the belief of many crypto enthusiasts that centralized exchanges (CEXs) are safer, history has often shown them to be rather vulnerable to attacks.

Because these exchanges centralize the storage of users’ assets, they can be attractive targets for cybercriminals. If an exchange’s security measures are inadequate or successfully compromised, user assets may be stolen or lost.

Another risk of centralized exchanges is the potential for fraud or mismanagement by their operators. Since CEXs may have a single point of control, they may be more susceptible to insider fraud or other forms of misconduct — which can lead to the loss of funds or other negative consequences for users.

Over the last year, with the collapse of major centralized cryptocurrency platforms like FTX and Celsius, more and more users are choosing to take self-custody of their digital assets. The risky financial practices and alleged fraud committed at some of these platforms have caused many people to lose faith in them as safe places to store their cryptocurrency. 

Self-custody refers to holding and managing one’s own cryptocurrency instead of entrusting it to a third party, such as an exchange. This approach offers users greater control over their assets and can potentially provide higher levels of security. However, it also comes with its own risks, particularly in the form of scams.

Types of scams and how to avoid them

To better understand the potential dangers associated with self-custody and offer guidance on how to protect oneself from scams, Cointelegraph reached out to Alice Boucher of Chainabuse, a multichain community platform for reporting fraudulent crypto transactions.

One scam aiming to take advantage of crypto users is called “pig butchering.”

“A pig butchering scam occurs when the scammer stays in constant contact to build a relationship with the victim and ‘fatten them up’ with affection over time to have them invest in fake projects,” Boucher said, adding:

“The scammer tries to drain as much money out of the victim as possible, often using fake investment sites showing large fake profits and using social engineering tactics, such as intimidation, to extract more money from the victim.”

Social engineering uses psychological manipulation tactics to exploit the natural tendencies of human trust and curiosity.

Recent: Trust is key to crypto exchange sustainability — CoinDCX CEO

Cybercriminals in the cryptocurrency industry often aim to steal self-held assets by taking control of high-profile accounts. “Between May and August 2022, social media account takeovers — involving Twitter, Discord and Telegram — have wreaked havoc. Scammers post malicious NFT phishing links during those attacks, compromising high-profile social media accounts,” said Boucher

Once these attackers have gained access to a high-profile account, they typically use it to send out phishing messages or other types of malicious communications to a large number of people, attempting to trick them into giving up their private keys, login credentials or other sensitive information.

The end goal is to gain access to self-custodied assets and steal the cryptocurrency held by the individual.

Followers of these high-profile accounts may be tricked into clicking on malicious links that transfer all of the tokens out of their wallets. These scams may also be designed to have users invest on a trading platform and often result in victims losing their deposits with no way to recover them:

“The volume of scams, hacks, blackmails and other fraudulent activity has been growing exponentially over the last few years. Most fake platforms appear to be either Ponzi schemes or payout scams with the following characteristics: They advertise fake returns, have referral incentives that resemble pyramid schemes or impersonate existing legitimate trading platforms.”

Scammers utilizing these phishing tactics can encourage users to sign smart contracts that drain their assets without their consent. A smart contract is a self-executing contract with the terms of the agreement between buyer and seller directly written into the code.

If the contract contains errors or is designed to take advantage of people, users may end up losing their tokens. For example, if it allows its creator to take possession of tokens to sell them, users may lose cryptocurrency by signing it.

Most of the time, users don’t know they’ve lost their tokens until it is too late.

Recent: Congress may be ‘ungovernable,’ but US could see crypto legislation in 2023

Self-custody can be a great way to take control of one’s assets, but it’s crucial to understand the risks and to take steps to protect oneself from bad actors.

To protect oneself when using a self-custody wallet, it is important to follow the best practices, such as keeping software up to date and using unique passwords. It is also crucial to use hardware wallets such as a Ledger or Trezor to store your cryptocurrency. Hardware wallets are physical devices that store your private keys offline, meaning a hacker also needs physical access to engage in certain interactions with the blockchain, making them less susceptible to getting hacked.

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum

Happy Halloween: The five spookiest stories in crypto in 2022

This Halloween, we pay tribute to the crypto investors and businesses that fought through the various financial and technological nightmares that occurred in 2022.

After over 13 years of ups and downs, this year stands out for having the most turbulent bear market in the history of crypto. Owing to a mix of factors — that include regulatory clearances across the globe and improved credibility among projects that survived the bear market — the world of crypto marked numerous milestones this year. 

However, certain events in 2022 could raise goosebumps on the toughest diamond hands out there. Moreover, it was impressive to see crypto projects, in many cases helping each other, bounce back through an era of uncertainty.

Acknowledging the spookiest events this Halloween, we list the scariest events that shook the crypto ecosystem, leaving a significant impact on investors, businesses, entrepreneurs, miners and developers.

The key driver for the following list is widely attributed to the highly volatile time frame and geopolitical uncertainties, which saw the price fall across all sectors.

The extended crypto crash: Fear of the bears

The year 2022 inherited a turbulent crypto market, which started off slowly crashing in November 2021. As a result, immense fear and uncertainty gloomed across the crypto ecosystem right from the start of the year.

The bear market ate away more than $1 trillion from the crypto market — bringing down the overall market cap from over $2.5 trillion to under $1 trillion in a few months.

The 2022 crypto crash scared investors as it drained out profits from all sub-ecosystems, including Bitcoin (BTC), cryptocurrencies, nonfungible tokens (NFTs), and decentralized finance (DeFi), among others.

The loss was felt both ways. While the price depreciation translated to investors losing a part of their life savings, businesses were struggling to stay open amid massive sell-outs and a lack of investments.

The scary instability of algorithmic stablecoins

The Terra ecosystem collapse is widely considered to be the biggest financial catastrophe ever witnessed in crypto by a single entity, and rightfully so. The two in-house offerings from Terra Labs destabilized and almost instantaneously lost their market value. 

In the early days of the crash, Terra co-founder Do Kwon was found publicly discussing ways to help investors recoup losses. Binance CEO Changpeng Zhao suggested burning LUNC tokens to reduce the token’s total supply and improve its price performance.

Shortly after, as regulatory scrutiny started building up against Terra’s operations, Kwon decided to go incognito, with his exact whereabouts unknown.

Numerous entities — including disgruntled investors, South Korean authorities and a Singaporean lawsuit — are still in pursuit of Kwon, despite his comments to the contrary.

However, Kwon maintains that he’s not “on the run” and plans to come out with the truth in the near future. The whole incident highlighted the risks related to the peg mechanisms of algorithmic stablecoins. 

Similarly, stablecoin Acala USD (aUSD) lost its peg in August 2022 after a protocol exploit caused an erroneous minting of 3.022 billion aUSD. A subsequent decision to burn the tainted tokens was made in order to regain their dollar value. Given the numerous other examples of stablecoin crashes, draft legislation in the United States House of Representatives called to criminalize the creation or issuance of “endogenously collateralized stablecoins.”

Sweeping layoffs and job cuts 

The burden of losses was also shared by some crypto companies’ ex-employees. Prominent players including Robinhood, Bitpanda and OpenSea announced massive layoffs, owing to reasons that circle back to surviving the bear market.

On the other hand, crypto exchanges such as FTX and Binance showcased resilience to price volatility and continued their hiring spree to support the ongoing expansion drive.

Crypto organizations that chose to lay off employees did it to cut operational costs and wind down loss-making components.

More recently, it was found that over 700 tech startups have experienced layoffs this year, impacting at least 93,519 employees globally. However, the tech community — from both crypto and non-crypto sectors — has been found migrating into Web3.

Crypto hacks: Humans are the real monsters 

One of the more visible problems engulfing crypto such as hacks and scams just got bigger in 2022. Hackers drained out millions of dollars worth of crypto by exploiting vulnerabilities present in poorly vetted crypto projects.

A strategy that was widely opted by the hacked projects this year was to offer the hacker a pink slip for returning a part of the loot. In the case of Transit Swap, a decentralized exchange aggregator, the hacker agreed to return around 70% (roughly $16.2 million) of the stolen $23 million fund.

While some hackers chose to return a part of the funds in exchange for immunity against prosecution, other projects such as Kyber Network and Rari Fuze have not been successful in pursuing their respective hackers to return the stolen funds.

This year also was witness to a spike in the number of phishing attempts, where hackers managed to access social media accounts of prominent figures, such as the South Korean government’s YouTube channel, Indian Prime Minister Narendra Modi’s Twitter account, and PwC Venezuela’s Twitter account to shill fake giveaways to millions of followers.

Governments across the world consistently issued warnings against phishing attempts involving fraudulent apps and websites impersonating prominent crypto exchanges like Binance.

Resurrection overdue: NFTs, Web3 and the metaverse

Talks around nonfungible tokens (NFTs), Web3 and the metaverse took over the crypto ecosystem by storm, promising virtual use cases that extend into the real world. Celebrities, actors, musicians and artists catalyzed adoption by using the budding technologies as tools to reconnect with fans or simply inflate their own wealth.

The NFT hype was officially declared dead in July 2022 when daily sales recorded yearly lows as investors that recently suffered losses refrained from stepping on the seemingly sinking ship.

Despite the nosedive statistics, the NFT ecosystem saw support from some of the biggest celebrities, which include musicians Snoop Dogg and Eminem, tennis legend Maria Sharapova and professional fighters Connor McGregor and Floyd Mayweather.

The decreasing interest in NFTs translated into a lack of investments in newer projects building use cases around Web3 and the metaverse. Meta, arguably the biggest contender in the metaverse, has plans to pump $10 billion every year into its project. However, an unclear roadmap and uncertain revenue streams plague the ecosystem from attaining mainstream acceptance.

Setting aside the fear, the biggest lesson that the spookiest events in the crypto showcase is the need to do independent research before making any investments. Past mistakes — such as investing in an unvetted project, trusting unknown sources and sharing private information over the web — will come back to haunt you.

This Halloween, Cointelegraph wishes you pumpkin spice and everything nice. Visit Cointelegraph to stay up-to-date with the most important developments in crypto.

Crypto Trader Says One Top-50 Altcoin Could Go Up by Over 100%, Updates Outlook on Bitcoin and Ethereum