Note: This article assumes you have a current understanding of cryptocurrencies. The following is not financial advice, you are responsible for your own profits and losses. I do own at least one of the coins listed.
As long as there has been commerce, there have been scams. Confidence tricks, or scams, have long been the tool of unscrupulous individuals whose primary focus is to separate you from your money.
Historically these schemes have varied from the simplicity of offering counterfeit goods for a discount, to multi-billion dollar companies like Theranos, which took millions of dollars in investors money with the promise of revolutionary blood tests that would change medicine as we know it: http://money.cnn.com/2018/03/14/technology/theranos-fraud-scandal/index.html.
Recently, the Crypto Street Podcast @CryptoStreetPod remarked that the scammers in crypto are the most sophisticated in the world.
The purpose of this article is to educate you and make sure you are not the target of a crypto scam of any kind, like I was.
1. Hard Wallets
First and foremost, do not keep your coins on an exchange. Central exchanges (Coinbase, Binance, Bittrex, HitBTC, etc.) keep all of their crypto funds stored on wallets on a central server. This means that all of their money is stored in one place at all times. This creates a massive honey pot, that by design, attracts the interest of hackers and ne'er do wells. Think of it like a bank; the vault holds all the funds that a the local bank has access to. If a robber has access to the vault, he can remove all the money and no one will know until the bank opens the next day. Central exchanges work the same way, but without the FDIC insurance that will reimburse you for lost funds. Mt. Gox, BitFenix, and the DAO are all examples of exchanges that have been hacked in recent years. The point is that if your central exchange is hacked your money is gone.
The solution is to hold your private crypto keys on a hardware wallet such as a Trezor or Ledger. These devices have dedicated security chips that are designed to keep your keys private.
Hardware wallets only connect to the internet when you are sending a transaction and require you to physically use the device to do so. They also require a PIN code to use, which means that even if someone were to steal it your funds would still be safe. These wallets can also be backed up for redundancy.
If you have less that $100 of cryptos a phone or PC wallet may work just fine for you. If you plan on hodling a large amount of cryptos now or in the future, spend $75 and buy a hardware wallet. Remember with cryptos we are acting as our own soverign bank, and should take similar steps to secure our funds that banks do.
2. Phishing E-mails
Phishing emails are a more recent addition to a scammers arsenal. A bad actor will somehow gain access to your email address that you use for a central exchange. Clicking a link in that email will send you to a site that resembles the real site, but is actually a fake site designed to steal your username and password. The most recent attempt was made on Binance using a level of sophistication I have not seen before.
The site looked exactly the same, at first glance even the URL address was identical with one exception: two small dots under 2 of the letters.
The best way to secure yourself against these kinds of attacks is to bookmark your exchanges address in your browser. If you are unsure of any suspicious emails, use the bookmarked address.
3. Twitter
The most recent barrage of scams have been distributed through Twitter's social media site. These scammers are smart, and methodical. Their game is to create a Twitter account identical to that of a crypto figure-head and announce they are "Giving away free Ethereum!" to anyone who makes a small donation to a Eth address.
When I first came across these I laughed to myself, thinking that they would go away and be shut down immediately by Twitter. I was wrong. It took Twitter WEEKS to begin to crack down on them, many of which are still active.
Let's examine one which is impersonating Charlie Lee, who goes by @SatoshiLite
As you can see the impersonator's account looks identical except for an additional "a". Other personalities who have been impersonated are John McAfee, Elong Musk, and Vitalki Buterin. Often these scammers will post immediately after a crypto celebrity posts something, making it look like the celebrity simply posted twice. As a bonus, random Twitter accounts will then post saying that they received their free money and remark at how fast and easy it was.
4. ICO's
Research your ICO's or you may end up like the people who invested in Prodeum: https://www.wired.com/story/cryptocurrency-scams-ico-trolling/
They will take your money, vanish from the face of the earth, and leave "Penis" on their home page. I go in depth as to how to evaluate an ICO (or any New Coin) in my previous article.
5. Social Engineering
Social Engineering is a catch-all phrase which engulfs all topics relating to the extraction of personal information. These scammers may purchase email lists online, lurk in chat rooms, or go to meetups in order to build a relationship with you in order to gain access to your precious coins.
Recently someone tried to reach out to me through Discord to offer a deal that seemed to good too be true. This individual said they worked with several high-net worth individuals who were looking to sell their coins at a steep discount in order to claim tax losses.
He knew the people I had chatted with, had staked out the room for weeks, and was aware that tax season is currently in full swing. Initially I was interested (as anyone would be to get such a discount) but needed to involve a third party.
I contacted a friend who has acted as a third party in the past, holding funds in escrow until a deal is complete. He agreed to act as a trusted party. When I offered this solution to my would-be scammer, he gave a pathetic excuse that the transaction needed to be "off chain" in order to be valid. Needless to say, I ended our conversation and he was banned from the room.
If you have interest in protecting yourselves I have included a list of other well know scams and cons: https://en.wikipedia.org/wiki/List_of_confidence_tricks
I offer these examples not to scare people away from crypto, but to give them some insight into how to best protect themselves from thieves. We are in a brave new world, where we need to secure our crypto-assets in ways that are similar to the most secure institutions in the world. While it is not for the faint of heart, in time we will all be rewarded.
Stay safe, my friends.