The EthBits team has always cared about the security of our users, and with that in mind, we decided to share with you the story of the recent Twitter scam in which we were targeted, and also talk about different kinds of scams that are currently occurring within the crypto ecosystem.
As many of you already know, the number of scams via Twitter and other social networks has been on the rise the last few months, and unfortunately we were victims of one of them recently. What happened to us? Well, a Twitter account was trying to impersonate us, and even though the name of our company was misspelled (little reminder: our official account is @EthBits), they deceived people when they started tweeting about an “ETH giveaway”, and posting a random Ethereum address with the goal of raising funds from inexperienced users.
First of all, we would like to apologize to those people that got scammed with those tweets, and would like to remind you to always double-check the usernames on every social network. What happened to us is just a little example of the scams that have been going on every day in the cryptocurrency world. Personally, since I’ve been involved with crypto for years, I’ve seen tons of scams, and that’s why I’d like to talk about some of the most common ones I have witnessed.
One of the most used methods is creating phishing websites. Scammers make it seem like you’re visiting a real website, which looks identical to the one you know, but it’s not, and when you login your data is sent directly to them, so you might lose your account or your funds. Just imagine logging in with your private key on a website that seems identical to EtherDelta, but it’s actually managed by scammers. It could end up in a complete disaster, and well, it actually did, because it happened, and a lot of funds were stolen. (You can read the whole story here: https://www.reddit.com/r/ethtrader/comments/7l5yi7/warning_etherdelta_dns_system_has_been/).
Fake e-mails. Most of the time, these sorts of e-mails are very easy to identify. You might get one that seems to be from a certain company, but when you check out the address, you might find spelling mistakes or realize it is an unofficial e-mail account, and they usually ask the victims to perform a task. Then, it might redirect you to a phishing website, and ask for your private keys or donations, in order to participate in “exclusive limited crowdsales”. Sometimes this particular type of scam can be too elaborated. For instance, during Experty’s crowdsale, the scammers managed to leak personal data from many investors and to send out a lot of fake e-mails. One of the investors called it: “the most professional scam e-mail I have seen so far.” (Check out the story here: https://medium.com/@experty_io/experty-official-security-announcement-db2bb1e66de7).
One of the favorite social networks for a lot of scammers is Telegram, as evidenced by the stories shared on different forums. In fact, I have been contacted myself by users impersonating group admins, and they usually ask for personal data, or send their own ETH addresses asking for funds. I have seen that a lot, especially during an ICO, and scammers end up receiving money from desperate users who try to participate, in spite of the risks. I actually remember reading one such case online where one user said: “I won’t forget that kid sending almost 30k$ to a scammer during the Envion crowdsale.”
Another particular scam that has been going on is the one involving an airdrop. It happens when users create tokens and airdrop a large percentage of them to people. Then, they try to catch other users’ attention by creating Bitcointalk announcements to increase the token’s price and place buy orders on a decentralized cryptocurrency exchange. People place their buy orders, because they like the project, or because they have been blinded by the possibility of a return on their investment. Then, when the orders start accumulating, the scammers clear them all up, dump their tokens, disappear, and voilà, the scam is done.
And finally, there is another kind of scam that, from what I have seen, has been the worst of all. It happened last summer during CoinDash’s ICO, when apparently a hacker swapped the crowdsale address with his own Ethereum address directly on their website. In my opinion, it was disgusting, and I consider it the worst kind of scam, because in most of the other cases we discussed, investors get scammed for not being cautious enough, and usually it’s their own fault for falling into those traps, but in this particular case, every security measure that was put in place was violated and resulted in an address scam, which was plain awful.
What about you? Have you ever been scammed or know someone who has? Then feel free to share your stories in the comments below. I hope you find this post useful for the future, and remember to be cautious online and protect what’s yours.