We’ve all heard sensational reports of huge crypto heists, hacks, and confidence schemes. After countless stories of stolen millions and billions, many people might begin to assume that crypto scams reign supreme and lawlessness is the norm. 

While there are certainly plenty of scams in crypto, the reality is far different from what you might imagine. We’re here to set the record straight. 

Unlike scams, bigger hacks tend to target projects people invest in and platforms used to trade. These are typically out of an individual’s control. While hacks do happen, they’re far rarer than good old-fashioned scams – which individuals tend to be responsible for. 

1. Phishing Attacks

“Phishing” attacks are easily the most popular tactic employed by crypto scammers. These types of social engineering attacks are designed to fool you into giving up your personal info or engaging with malicious software.

Unsolicited DMs 

Of all the phishing scams, the “unsolicited DM” is the most common. In DeFi, most of the action is concentrated around new projects. These projects almost always communicate with their community and supporters directly, using popular messaging apps (like Telegram and Discord). 

Scammers leverage these platforms to send links to fake projects, ask for money, and attempt to manipulate/trick users into giving up their private information and wallet keys. 

Impersonators (Fake Customer Support)

Another tactic is impersonating team members from projects/services that people are either a part of or use. Scammers can pretend (very convincingly) to be a customer support representative from a crypto exchange, DeFi project, or wallet provider. They often reach out to users on messaging services, by email, and even on their phones if they gain access to that information. 

Malicious & Fake Websites

Due to the collaborative and open-source nature of crypto, it’s fairly easy to create near-identical copies of established DeFi services, right down to the smallest details (like the website layout and their social media accounts). 

To interact with DeFi services, you almost always need to connect your wallet. When you do that, you’re essentially exposing it to the outside world. If the website you’ve connected to turns out to be fake – or the project behind it has been hacked – you could lose your funds. 

Connecting your wallet to any website should only be done when you’re certain that the website is associated with a legitimate project, platform, protocol, etc.

Dust Attacks

This is a particularly annoying way to get scammed, especially because of how easy it is to avoid. 

Your wallet will occasionally receive tokens you didn’t purchase, sent by another address. These are called “dust.” The goal of the scammer is for you to sell them because they look like they could be worth something. They’re not. 

If you try to interact with them in any way, you’ll put your wallet (and funds) at risk. Just let them sit there and don’t touch them: Nothing bad can happen if you leave them alone.

2. Blackmail and Extortion

While these methods aren’t crypto scams per se, they may involve cryptocurrency. Thanks to the complete anonymity of some coins – and the general layer of privacy in crypto – it’s a preferred method of payment for many criminals.

Scammers may send you links to software that can be used to hack and compromise your device. They can lock up valuable information if you don’t have a backup, or they could steal it and demand that you pay them to regain access to your data.  

3. Investment Scams

Bold claims aren’t new in the tech industry. Where there’s innovation, there will always be someone selling snake oil to the less fortunate, unsuspecting, or greedy. 

Over the years, numerous claims of “zero risk” investments, “revolutionary” innovations, and “life-changing” opportunities have been made by companies that have gone bankrupt and/or stolen their investors' funds. One of the most well-known is the OneCoin Ponzi scheme during the ICO boom of 2017.

4. Honeypots & Rugpulls

The most common way people get scammed occurs when they purchase tokens of scam projects. When looking for investment opportunities in the DeFi space, you’ll come across hundreds of these projects. It’s just the nature of things: Setting up a smart contract, launching a token, and creating a pretty website are all very easy things to do. You can bet that scammers will be taking advantage! 

Almost anyone who’s ever invested in DeFi has been a victim of the following scams at one point or another:

What Are Honeypots?

Scam projects can code their smart contracts in such a way that you can buy their tokens (but can never sell them). 

What Are Rugpulls?

As an increasing number of investors buy a token, it grows in price, attracts even more investors, and builds up the project’s liquidity. Once the liquidity has grown sufficiently, it gets drained, leaving the holders with nothing.  

Like any new system or technology, there are bound to be people who will attempt to exploit it for personal gain. And with these new technologies, vulnerabilities and weak points tend to pop up (compared to tried-and-tested tech that’s already been patched). With so many “unknowns” remaining in the crypto space,  a lot of work needs to be done to make it more secure and user-friendly. 

Lack of Regulation

During the first decade of its existence, crypto was mostly unregulated at an international level. Governments and financial authorities simply didn’t have strict rules in place to handle its unique challenges. Today, many governments have begun adopting crypto laws that make trading and investing in the space more secure (though occasionally more difficult). 

This early lack of regulation meant that many dishonest crypto companies could make outlandish claims, attracting massive public interest and investment. Each time one of these companies would collapse, the conversation surrounding regulation would pop back into the mainstream and more progress would be made to prevent it from occurring again. 

Open-Source Tools 

Crypto and blockchain technology are all about iterating on other people’s work with open-source software. Anyone can copy and tinker with open-source code, and while there are immeasurable benefits to this approach, it can open a door for scammers to take advantage. It’s easy for a scam project to pop up, copy the code from another legitimate project, and – with a few minor adjustments – sell it as “the next big thing.”

The average investor might not know any better and fall for the hype, resulting in a loss when the project inevitably collapses. Additionally, some scammers outright copy other people’s work and pretend it’s the original. This increases the odds of collecting the information of those using the fake software and implementing a host of tactics designed to trick users out of their funds. 

Lack of Education and Information

Crypto is complicated, multifaceted, and presents new users with an abundance of choices regarding everything from how to store funds, what to invest in, and which communities to join. 

Crypto scammers take advantage of people who don’t understand how to protect themselves in this space, particularly when it comes to decentralized finance (DeFi). 

Greed

New crypto users often get involved because they’ve heard that it’s an easy way to get rich quickly. While crypto definitely offers plenty of exciting investment opportunities – and there have been numerous situations where investors have made millions in a very short period – investing in crypto isn’t easy. Picking out good projects and understanding the market takes time. 

You can generally store your cryptocurrency in two ways: with a custodial or a non-custodial crypto wallet. 

Custodial/Hosted Crypto Wallets

The most popular choice for secure cryptocurrency storage, custodial wallets are essentially the wallets offered by cryptocurrency exchanges. They’re called “custodial” because they are in the custody of the exchange: It’s the exchange’s responsibility to provide you access to your funds. 

Non-Custodial/Non-Hosted Crypto Wallets

In essence, every person should have full control over their funds without requiring any intermediary/third party to verify or approve any transaction.

Non-custodial wallets are entirely yours. You hold the keys to access them and are solely responsible for keeping those keys secure. Using them, you can access decentralized finance (DeFi) protocols and services as well as transact peer-to-peer (P2P) with other crypto owners in a decentralized, trustless way. 

Crypto and Web3 are all about independence. Though this comes with added responsibility, the following crypto advice will help you make safer choices:

1. Stay Anonymous

Unless it’s your goal to be some kind of public personality, strive to stay anonymous on the open web. Even then, you should have a public-facing profile and various personal ones. 

In addition to your identity, your finances are at stake. Therefore, anonymity is essential in crypto.

Use a Pseudonym When Communicating Online

Wherever possible, opt for a pseudonym and never disclose your true identity when you’re communicating in forums. This will make it much more difficult for any potential scammers to carry out social engineering attacks against you. 

Never Divulge How Much Crypto You Own

Disclosing any information regarding your holdings can paint a target on your back. Avoid bragging about how much crypto you own offline as well: This could make you a target for the “$5 wrench attack.” 

Never Connect Your Identity to Your Wallet Address

Don’t give people the ability to link you (as a person) to your wallet address. Everything on the blockchain is visible to everyone and it’s traceable back to the very first transaction. 

2. Be Skeptical

This is solid general life advice. Being skeptical doesn’t mean being pessimistic or negative about the projects and people you encounter in crypto. It just means that you need to be aware of the dangers, then respond to them accordingly. 

Question Everything 

Question everything that’s being offered to you and everything you’re considering investing or participating in. Remember: “If it sounds too good to be true, it probably is.”

Be Careful With Unsolicited Communication

If you get a DM from someone you don’t know, it’s best to ignore it. This is especially true if they’re offering something from the very start of the conversation. If you receive a DM from someone you do know (like a project team member), go into the public chat and verify it’s the same person. Generally speaking, you’ll rarely be contacted first by a project member.

Do Your Own Research (DYOR)

If you’re looking at a potential investment opportunity, dedicate time to do proper research. 

Ask other community members about the project. Check social media and look specifically at the project’s engagement: 

• What’s being commented on? 

• Do they look like actual people or bots? 

• On the project’s website, what’s the use case? 

• Is there a whitepaper? 

• What is the project’s roadmap? 

• Is everything well-written and concise? Does it make sense? 

• Who are the team members? 

Expect a full breakdown of how to DYOR in DeFi in the Academy, soon!

3. Disconnect, Lock, & Log Out

After you’ve finished using a wallet that’s connected to a website, always disconnect from the website (from within the wallet). If the website or project happens to be compromised, remaining connected exposes you to risks. Keeping a wallet unlocked on your device can also be risky if you happen to lose the device or it’s stolen. 

The same goes for centralized exchanges and other services: Always log out when you’re done using them. For any places where money is stored, keep them locked with a password and 2FA (two-factor authentication).

4. Never Share Your Seed Phrase 

This is the single most important piece of advice in this entire article: Never share your seed phrase with anyone, not even family or loved ones. 

Additionally, if you lose access to your wallet’s seed phrase, you won’t be able to access your funds from any other device (except the one you used to set up your wallet). If you lose that, you’ll lose access to your funds forever. Keeping secure copies of your seed phrase in different physical locations is essential. 

While insurance in crypto works much the same way as it does in traditional finance, there are a few key technological differences.  

Crypto Insurance in Centralized Finance (CeFi)

If you store your funds on a reputable centralized exchange (CEX), your funds are insured up to a certain amount against theft or loss (if the company is at fault). This covers hacks, human error, machine error, and everything in between. It doesn’t, however, include losses from trading, mismanagement of funds, or unauthorized access to your accounts due to mishandled personal information (e.g. your password).

Crypto Insurance in Decentralized Finance (DeFi)

Since you’re in complete control of your funds when working in DeFi (using non-custodial wallets), it’s your choice and responsibility to insure your crypto. There are no intermediaries or third parties in DeFi, so a different approach to insurance is needed. 

Decentralized insurance protocols offer all the benefits of anonymity and privacy. They’re easy to get started with and you don’t need to go through any prior authorization. They work in a similar way to traditional insurance (ie. by spreading risk across the entire community of participants) and differ in their use of automated risk assessment and claim settlement through the use of smart contracts. 

Two of the most established decentralized insurance protocols are Nexus Mutual and Solace. 

Sonar is dedicated to preventing crypto scams, developing ways to mitigate risks associated with trading and investing in this space, and cultivating a culture focused on high-quality blockchain education.

We’re a multi-faceted company that’s addressing the need for better security in the Web3 space by providing:

High-Quality Education

Having access to reliable information and understanding the functionality of technologies you’re working with are the best ways to keep crypto users safe from potential threats. By understanding the finer points of crypto, you’re far more likely to identify potential dangers and vulnerabilities. 

This is why Sonar is heavily invested in Academy (the application you’re currently reading this article on), as well as a number of other educational hubs and resources. This includes our Blockchain Education podcast, educational videos, and seminars. 

Automatic Threat Detection

If you have the right data, knowledge, and enough time on your hands, you can probably uncover some of the most well-hidden vulnerabilities. But why bother when we can automate all that for you?  

We’re developing tools that will take your crypto security to the next level. To avoid potential dangers, you’ll have automatic threat detection that uses smart contract analysis and AI-powered market sentiment analytics (among others). 

Better Analytics and Data

When it comes to deciding whether or not a project is worth your investment, your judgment is heavily reliant on the accuracy of the information you’re working with. But hard data isn’t always that “hard.” Many applications and tracking tools provide inaccurate info on even the most basic data points on elements (like market capitalization, holder count, and even asset price).

To provide you with the most accurate data possible, Sonar has developed its own proprietary data-gathering infrastructure that collects information straight from the blockchain (ie. no third-party APIs). 

When you couple this with innovative tools and a beautiful, user-centric design that makes understanding data easy, you’ve got something powerful on your hands. 

Customer Support & Dedicated Community

We’re proud to be one of the first projects in this space to establish customer support that guides people on their crypto journey – whenever, wherever.

Even better than that, our close-knit community of supporters is always there to provide assistance. 

After reading about the risk of scams in crypto, you might believe that it’s not for you. While certain risks exist, the opportunities vastly outweigh them with the right education!

Crypto has come a long way since the early days of Bitcoin – and it still has a long way to go before it’s as as safe, reliable, and trusted as traditional finance. But these technological developments have the potential to quickly and completely overhaul our digital lives, as well as the global financial system. 

Historically, when breakthrough innovations like this happen, the future often arrives sooner than we expect.  We’re here to make sure you stay on top of this wave, manage its risks, and take full advantage of its many opportunities.