Why is Bitcoin, or any cryptocurrency for that matter, so popular among scammers?
To understand why cryptocurrency is so popular amongst scammers, one first has to understand how blockchain, the technology that Bitcoin and other cryptocurrencies are built upon, works.
Blockchain is a method of information storage where a growing list of blocks, each containing pieces of encrypted information, are linked to each other.
You can technically store any type of information in a block, such as documents, transactions, your account balances, etc. The data stored on a block are resistant to change due to the distributed ledger system. In a distributed ledger system, all block transaction records are public, and anyone can access them for verification purpose.
Having a distributed ledger system also means that there is no centralized authority who holds all the records (and thus, have all the power). One cannot alter any particular record without a consensus of the majority.
That is the reason why wallet addresses cannot be deleted and transactions cannot be altered on the blockchain. It’s a trustless system, built on decentralized consensus.
However, since all transactions made on the blockchain are public so anyone can verify transactions, to combat this lack of anonymity, the identities of the transactors are anonymous.
So what do all these mean to you, a cryptocurrency holder?
First, it means that once a transaction is made, there is no way for it to be reversed.
On the blockchain, new records can be added, but existing records cannot be modified. Also, remember that there is no centralized authority to process such change. Think of it as cash; once you have given it out, unless the receiver willingly gives it back to you, the money is gone.
Second, it means that unless you have identifying information regarding the wallet owners where your coins are sent to, other than their wallet addresses, the receivers are essentially anonymous, and there is no way of finding out their real identities.
What other currencies can offer better protections for scammers and fraudsters than cryptocurrencies?
Don't get caught off-guard.
Subscribe to get crypto scam alerts.
How to protect yourself from cryptocurrency-related scams and thefts
There is no doubt that cryptocurrency is still very much in its infancy, and it is far from perfect.
The cryptocurrency grandfather, Bitcoin, was first released in 2009. The second most popular blockchain platform, Ethereum, was only released in 2015. That is incredibly young! Both projects, along with many other crypto projects, are still heavily under development.
Most blockchain projects are also open-sourced, which means anyone can see the source code, and thus, are free to exploit their vulnerabilities. Below are some examples of the biggest crypto hacks.
The takeaway from above hacks is that nothing is really 100% safe in the cryptocurrency world. Which leads to the number 1 principle of safe crypto investing: DO NOT invest money that you cannot afford to lose.
The blockchain technology is certainly not perfect, and you can lose your crypto assets through no fault of your own. However, with the sheer growing number of scam reports, there is no doubt that, in fact, YOU, rather than the underlying technology, are the weakest link in your funds' security chain.
So, what can you do to protect yourself from scammers? Below are Top 12 crypto security DOs and DON’Ts we recommend you to follow.
This one may seem obvious, but most people fall for crypto-related scams when they make hasty decisions. Remember to not trust easily, always take third-party claims with a grain of salt, and conduct your own research.
Some questions you should ask yourself when using crypto-related services:
Always ask questions, and do not blindly trust any single source. Consult multiple resources so you can make an informed decision. Visit our list of favorite crypto related resources.
Perform due diligence on sites you are unfamiliar with before performing any monetary transactions. If you are new to a website and are unsure of its legitimacy, we recommend you perform 3 checks below:
If you have cryptocurrency holdings valued at more than a thousand dollars, use a hardware wallet. So far, it is the safest way to store your tokens. Hardware wallets are tamper-proof, fire-proof and water-proof devices where you can store a copy of your private keys for various cryptocurrency wallets. It is what the industry considered as a “cold storage” option and your assets are stored offline.
If you decided to get a hardware wallet, purchase from the manufacturer directly if you can, and remember to set your own recovery phrase.
Do not just keep a copy of your keys on your computer. You will lose your wallet access in event of a hardware failure or theft.
If you do not have a hardware wallet (which you should if you hold any significant amount of tokens you do not wish to lose), write down your keys on a piece of paper and store another copy in a USB drive. Then store them in different secure locations, such as bank’s safety deposit box or your safe at home.
Don’t keep all of your eggs in one basket, so that in an event of fire or flood, all copies of your private keys won’t be destroyed in one place.
We hope this goes without saying: “password” and “123456” are NOT examples of good passwords.
If your web wallets and exchange accounts have easily guessable passwords, you will have no one else to blame but yourself if your accounts get hacked. Some of the most famous brute force password hacks are achieved by trying combinations of the most common (and worst) passwords.
If keeping track of a list of long, unique passwords are hard for you (we are only human after all), we recommend you to use a password manager. Some of the most popular password managers are:
2FA stands for two-factor authentication. You may have also heard of the term MFA (multi-factor authentication) which refers to multiple steps/methods of authentications.
Almost all exchanges and hot wallets who take security seriously should have support for 2FA/MFA. The additional authentication step requires you to enter a code from your authenticator app in conjunction with your login info.
Please, please set up 2FA wherever and whenever possible. It may seem like an annoying second-step when you are logging in to your accounts, but this annoying step can be your saving grace if your password has been unfortunately compromised.
Most phishing sites spread malicious links through channels such as emails or ads. Always visit your favorite cryptocurrency exchanges and web wallets through your bookmarked URLs, or manually type in the official URLs yourself.
If you do not remember anything else from this article, let this be your main takeaway: please DO NOT Google cryptocurrency related sites and click on the top ads results. The number of phishing sites that show up for crypto exchanges and wallets-related searches are simply atrocious.
If you haven’t yet, please install an ad blocker.
Avoid using public WiFi for crypto exchanges and web wallets logins. You never know who else have used/are using the same wifi network as you and what malicious intents they may have. If you must use a public wifi network, consider paying for a VPN service.
A website has a secure connection if it is indicated so by the browser URL as shown below (in chrome). Note the green lock and the green highlighted text “https://”. HTTPS stands for HTTP Secure.
When a website has a valid security certificate (SSL), it can be visited on a secure connection (over HTTPS). On an HTTPS site, your information, such as your password, is encrypted when communicating with the website.
If you are visiting a website that deals with login information or any level of monetary transactions, they NEED to be over a secure connection. Otherwise, your information is at risk of being hijacked by someone else.
If your browser bar shows only an “HTTP” connection with a grey question mark icon in front (in chrome), DO NOT enter any sensitive information.
You can also download a browser plugin such as HTTPS Everywhere that automatically request HTTPS version of a website if it's available.
One more word of caution. Just because a website uses HTTPS, it DOES NOT mean it is a trustworthy site or it is not a phishing site. It just means it has a valid security certificate. So please, always, always double check the website URL and conduct your own research.
The best way to fight against scammers and fraudsters is being diligent and always REPORT. We are establishing the First Responder Network, and your scam reports will help us and crypto companies track down scammers, warn other users, and take down the fraudulent sites.
Remember that scammers are scared of exposures and smart, educated users.
It is quite unfortunate how often people make this mistake. Please remember, if you send unsupported tokens to a wallet address, such as BTC tokens to an ETH address, your tokens are gone forever. You will NOT be able to get them back.
That is not a scam, it’s just how blockchain wallets operate.
Exchanges and wallet services will NEVER ask you for those types of information. If you are asked, that means they are trying to phish you for information to gain access to your funds.
If any support staff for the service you are using ever ask you for those type of information, stop the conversation immediately and report the said individual to the service through the site's official email address found on the official site URL.
If the project members seem to lack the credentials needed to complete the project they are proposing, or if they just seem to be fictitious figures altogether, don’t invest in their coins or ICOs.
If you want to dip your toes in ICO investing, there are plenty of resources to conduct your own research. There are many ICO-focused websites that feature information such as expert reviews that can help you to perform due diligence.
Do not download software from sources you do not trust. Especially don’t install or ever run any remote-access desktop on the computer where you store your private keys. That is just asking for trouble.
Have any top recommendations on what to do and what not to do to keep your cryptocurrency safe? Feel free to send us an email about it or let us know here!