Wherever there’s money there’ll be a scammer trying to steal it and it’s no different in the cryptosphere.
What makes Bitcoin (BTC) and other cryptocurrencies especially appealing to scammers is their decentralised nature and lack of regulation.
There’s less of a trail to follow, no protections if you lose your crypto (such as the Financial Services Compensation Scheme in the UK) and often virtually nothing the authorities can do to help recover stolen coins.
Some of the most common Bitcoin scams are Ransomware, phishing, rug pulls, fake mobile apps, ICOs, fake celebrity endorsements and pyramid schemes and we’ll give you tips on how to avoid them.
Common scams involving Bitcoin and cryptocurrency
In a nutshell, if you get caught out by a scam there’s very little you can do to get your coins back which is why you need to be especially cautious when transacting with individuals and organisations.
Like anything else with value, you can get scammed with Bitcoin, so we’re going to cover a few of the more common ploys so you can avoid them and protect yourself.
We’ll also cover how to spot a Bitcoin scammer, what to do if you’re the victim of crypto scam and the crypto scam recovery services that are available to help.
This article will also help you decide if a cryptocurrency is legit or not. If you hear of any other scams that we haven’t covered, let us know.
This is probably one of the most high-profile forms of crypto scam in the world right now and has affected all walks of life, from individuals, multi-national organisations, health services and governments.
The way it works is that scammer gains administrator access to a computer system, often through social engineering, then locks the system down.
This renders vital data inaccessible unless the victim pays a ransom in cryptocurrency.
Huge amounts of Bitcoin and other cryptos have been paid to ransomware scammers and in some case the compromised systems haven’t been restored even after payment has been made.
How to avoid Bitcoin ransomware scams:
- Firstly, ensure you regularly backup all your important files and databases, preferably to a separate system or even an air gapped or offline storage solution.
- Never click on links in emails or on websites that may not be legitimate. The same goes for attachments, even if they appear to come from someone you know.
- Be wary of emails purporting to come from friends and associates asking you for personal information or login details.
- Keep your antivirus software up to date and perform regular scans to ensure your system hasn’t been infected with a virus, malware or trojan.
This type of scam is nearly as old as email itself so it was inevitable that it would be used by scammers to try to steal cryptocurrency.
Phishing involves unsolicited messages being sent to your email address purporting to be from a cryptocurrency exchange, a crypto wallet provider or other financial institution in the cryptosphere.
Statistically a certain number of these emails will arrive in the inboxes of people who have an account with the provider they’re claiming to be from.
If you click on a link contained in the message you’ll often be taken to a website that’s been designed to imitate the online presence of the legitimate provider.
Here, you’ll be asked to enter your login details but unbeknown to you, the scammer is stealing your information in an attempt to gain control of your crypto.
How to avoid crypto phishing scams:
- You should never click on links in emails, especially if the email is unexpected or contains information or claims that you’re suspicious of.
- Even if the email looks completely legitimate, always check the URL carefully to ensure it belongs to the actual organisation mentioned in the email.
- Most crypto accounts now feature 2FA which you should always activate as an added layer of protection. This means that even if the scammer gets your login details they won’t be able to steal your coins unless they’ve also gained access to your phone or email account.
3. Rug pulls
This is a relatively new kind of scam that mainly centres around decentralised finance (DeFi).
In short it involves developers stealing crypto after encouraging people to lock their coins in DeFi instruments such as smart contracts that promise astronomically high yields.
The developers include a back door in the code meaning they can gain access to and steal your funds.
How to avoid rug pull scams:
- Do not invest in anything you don’t understand, or in a crypto scheme that’s offering returns that seem too good to be true.
- Avoid projects where a single person holds the private keys, or where there is little information about a development team.
- With the staggering returns on offer, it’s easy to be tempted, but, as with any investment, it’s important not to let greed get the better of you.
4. Fake cryptocurrency exchanges and hacks
If you’re new to cryptocurrency and planning on buying your first coins you need to ensure you’re using a reputable exchange.
Fake exchanges are set up to dupe unwitting customers into buying crypto before their coins and financial information is stolen.
They have been known to run for quite some time before the developers vanish with client’s money.
There have also been several exchange hacks which have netted millions in crypto for the crooks.
Reputable exchanges now place large portions of client crypto in cold storage in offline vaults away from the hands of thieves.
2FA is now common practice with most reputable exchanges making it harder for scammers to hack your account.
How to avoid fake cryptocurrency exchanges and hacks:
- Do your research and stick with well-known exchanges to start with. You’ll find hundreds of reviews online which will help you establish if an exchange is legitimate or not.
- Even with genuine exchanges, consider how much of your crypto you want to keep in your account in the exchange is hacked.
- You may choose to use a hardware or paper wallet, such as Trezor, to store some of your coins offline.
- Remember, you don’t have control of your crypto keys if your coins are kept on an exchange.
5. Fake mobile apps
This is where scammers create a fake mobile app which is either designed to closely resemble a legitimate website, or offers a new crypto service, such as a wallet or exchange.
The app is then made available through the Apple App Store or Google Play where often thousands of people download it before it’s reported and removed.
Both Apple and Google are getting better at catching these apps early on, but they haven’t disappeared altogether.
How to avoid downloading fake mobile apps:
- If the app is purporting to be from a legitimate company, check any URLs to ensure they’re correct.
- Be wary of apps that have an extra word tagged onto their name which begins with a legitimate service title, such as ‘[legitimate exchange name] extra’ or similar.
- Also, check the app for spelling and grammar. Often the content on fake sites is poorly written.
Bitcoin blackmail has become increasingly common and comes in a variety of different forms.
Often the scammer will obtain sensitive information about the victim and threaten to send it to their friends and relatives or to their email or Facebook contacts list.
The scammer will demand payment in cryptocurrency, often in Bitcoin or Monero, to prevent them from distributing the material.
This sometimes includes stolen images from cloud storage platforms or hacked webcams, or details of sites you’ve visited.
In some instances, scammers have stolen innocent photographs from company pages or LinkedIn and photoshopped them onto a compromising photograph to create leverage.
Usually, if the victim agrees to pay, the scammer’s demands increase and they ask for further payments.
How to avoid being blackmailed for crypto:
- Change your passwords regularly and keep your antivirus software up to date.
- Consider whether you need to keep sensitive information or photographs of yourself in the cloud.
- Keep your webcam covered when not in use.
7. Initial Coin Offering (ICO) scams
Although not as common as they used to be due a global crackdown, ICO scams can still be found in some corners of the internet.
The scammers create a fake website purporting to represent an ICO then urge investors to part with their crypto to invest in the new coin, often with promises of huge profits.
In other instances, a fake website is set up to represent a genuine ICO with the sole purposes of fleecing individuals out of their crypto.
How to avoid ICO scams:
- Research any project you plan to invest in extremely carefully and always double check the URL of the website you’re using.
- Never invest in anything that doesn’t appear to have a proper use case.
- Check out various pages on the website, such as the developer team. It’ll often be obvious that the pictures have been stolen from elsewhere on the internet.
- Avoid any company that makes unrealistic claims about quick profits.
8. Pump and dumps & scam coins
Pump and dump scams often involve obscure altcoins being promoted through social media campaigns and shill posts to artificially increase – or pump – the price.
As people succumb to FOMO (Fear of Missing Out) and buy into the coin the developers dump their coins at a huge profit and the coin collapses leaving the latecomers holdings worthless coins.
Scam coins involve cryptos being created purely to hype and pump before the develop dumps their holding.
Virtually anyone with a bit of programming knowledge can launch a cryptocurrency these days, and many do.
They – and others – shill the coin until the price rises then sell all their coins leaving others to watch their investment drop to zero
How to avoid pump and dump scams and tell if a coin is legit or not:
- Never buy a crypto on hype alone.
- Check the coin, the website, the developer team, use case and the situation regarding the private keys.
- Unless you know exactly what you’re doing, stick to mainstream cryptos for your investments.
9. Wallet hacks
Online wallets have been targeted by hackers, along with databases belonging to companies in the wallet sector.
For example, Ledger, the company behind a popular hardware wallet solution, was hacked in 2020, with scammers stealing customer email addresses and other personal information.
How to avoid wallet hacks:
- Consider keeping the crypto you don’t need on a day-to-day basis in an offline solution.
- Always enable 2FA on any online crypto accounts you use.
10. Crypto mining scams
Bitcoin and crypto mining haven’t escaped the reach of thieves, with plenty of scams doing the rounds in this sector.
While there are several completely legitimate companies who operate mining centres and rent server space for a monthly fee, there are also many scammers and fake websites.
They’ll set up ‘cookie cutter’ website designed to appear like genuine mining firms, or sometimes a new one, which offers a tempting rate of return for a small investment.
However, if you part with your cash that’s the last you’ll see of it.
How to avoid crypto mining scams:
- Do your research on the company you’re interested in. Check out the website and the management team.
- Check grammar and spelling – this often a dead giveaway that a site is fake.
- Even if the company involved is legitimate, many sources suggest that the profits on offer will be less than if you just buy Bitcoin directly from an exchange.
11. Bitcoin multiplier sites
These sites are often promoted through social media or smaller, more obscure crypto-related websites.
The adverts direct people to a page which claims to be able to dramatically increase your crypto if you first send some coins to the Bitcoin address on the site.
Often the claimed profits are huge yet there is no obvious explanation as to how these are being generated.
If you send any funds, it’ll be the last you see of them and you certainly won’t receive anything in return.
How to avoid the Bitcoin multiplier scam:
- Never send coins to anyone claiming they can double your money or increase its value in a short space of time.
- Ask yourself this: If they had a secret way of making vast wealth why would they be sharing this information and going to the trouble of offering it for complete strangers?
12. Fake giveaways or celebrity endorsements
These scams come in several guises, but the two most prevalent are:
- A fake newspaper article promoted across social media claiming that a certain celebrity or well-known figure has invested and endorsed a certain crypto. If you click on the link you’ll be taken to a fake newspaper website where scammers will attempt to get your personal details, together with credit/debit card information, through various ruses.
- Fake giveaways usually involve scammers creating a social media account, often Twitter, designed to look as if it belongs to someone well-known in the cryptosphere. Fake giveaways will then be offered through messages from that account, claiming the person is giving the first ‘x’ number of respondents a certain amount of crypto. Again, it’s a scam designed to fleece you of your coins or personal information.
How to avoid the fake celebrity giveaway Bitcoin scam:
- Legitimate accounts of well-known people often carry special annotations to confirm they are who they say they are, such as the ‘blue tick’ or equivalent across platforms such as Instagram, Facebook and Twitter.
- Do your research on any offer and search for reviews from other people who may have used the service.
13. Pyramid crypto scams
This is effectively a Ponzi scheme whereby the earlier investors in a scheme are paid their returns with money from new investors.
Each new investor is encouraged to secure further investment from their friends and family in order to keep the money flowing and often earn commissions.
A high-profile example of this is OneCoin which has duped thousands of people around the globe into parting with millions of pounds.
You can find stories of several people in the UK who became caught up in the scheme and lost tens of thousands of pounds.
How to avoid Pyramid crypto scams:
- Do your research and establish what the cryptocurrency is and why you should invest.
- With so many new cryptos springing into existence each month, it’s often difficult to establish the use case for each of them so be wary.
- If someone is trying to ‘sell’ you a scheme without being able to explain what it’s offering, alarm bells should ring, and you should steer clear.
14. Clipboard hijacker
The clipboard hijacker, or copy and paste scam, is a less common method for scammers to steal your Bitcoin but has still caught many people out.
It involves the scammers placing a small piece of malware on your computer which will swap a Bitcoin address you copy for one controlled by the scammers.
When using crypto it’s common to copy and paste Bitcoin and cryptocurrency addresses because they’re extremely long and complex.
A friend might send you their Bitcoin address if you owe them money, or you may be moving coins to a different wallet and it’s quicker to copy the address than use a QR scanner.
How to avoid the clipboard hijack scam:
- Always double check the address you’ve pasted to ensure it hasn’t been swapped out for an unknown one.
- Keep your antivirus software up-to-date and never click on links in suspicious emails as they may trigger a malware download.
15. Money transfer scam
Like email phishing, this type of scam has been around in one form of another for many years and is probably one of the oldest e-scams out there.
It’s sometimes referred to as the Nigerian Prince scam as in the early days of email this was the most common form of the scam.
However, these days there are many variants of the same theme with different slants on the story.
Potential victims are either sent emails or receive phone calls from someone offering to give them a huge amount of Bitcoin or cryptocurrency if they agree to let them use their bank account to get funds out of their country.
Unsuspecting crypto users who agree will then be asked to pay a ‘handling fee’ to enable the transfer. In return, the victim is told they can keep a large percentage of the funds.
The promise of a huge bounty for what appears to be little effort and a small fee often pushes people into going along with the scammer.
Often, they are asked for further crypto to free up their first fee before the scammer vanishes into thin air.
How to avoid the money transfer scam:
- Use your common sense here and never give money to someone you don’t know who has contacted you out of the blue.
- Never pay an up-front fee to someone making an unrealistic promise.
How to stay safe in the cryptosphere
With all these scams the old adage applies – if it seems too good to be true, it usually is.
If someone is offering you incredible profits in a short space of time you need to walk away.
Always do your own, extensive research before parting with your cash. Search the company name followed by the word ‘scam’ and see what comes up.
Often, you’ll find reviews from dozens of people calling out the scammers which will prevent you from becoming the next victim.
Other points to consider are:
- Always use 2FA.
- Always double check URLs.
- Never click on links in emails that you’re not expecting.
- Even if you are expecting the email, hover over the link before clicking to check it leads to a genuine site.
- Double check any information that you cut and paste.
- Store some – or all – of your crypto offline.
- Never engage with anyone who ‘cold calls’ you asking for help transferring money.
- Never reveal your private crypto keys.
What can I do if I’m the victim of a cryptocurrency scam?
The virtually unregulated nature of the cryptosphere means there’s often very little you can do to recover your digital currency.
It’s important that you report the crime though and spread the word online (if you’re happy doing this) to prevent others falling victim to similar scams.
If you want to report a crypto scammer in the UK there are various organisations that can help, including:
- Action Fraud (routed to the National Fraud Intelligence Bureau).
- The National Cyber Security Centre.
- The Financial Conduct Authority.
- The Advertising Standards Authority.
Are there any crypto scam recovery services?
As previously said, the chances of getting your stolen Bitcoin back are remote, but there are several companies that work to help people recover scammed cryptocurrency.
A Google search will give you several suggestions of the best Bitcoin recovery specialists, but you’ll need to do your due diligence before selecting one.
They use a number of sophisticated forensic methods to trace Bitcoin movements to wallets belonging to scammers.
As Bitcoin transactions are not, in many cases, anonymous it’s sometimes possible to follow the crypto and recover it.
Whether you’ve been the victim of a hack, phishing, ransomware attack or fallen foul of a crypto investment scam, it’s worth having a conversation to see if there’s anything they can do.
If you lose your coins due to a legitimate exchange being hacked, they often have insurance which will cover some, or all, of your cryptoassets.
Adam is the founder of The Crypto Adviser which offers experts guides and reviews on all things related to Bitcoin and cryptocurrency.
Adam is Diploma for Financial Advisers (DipFA) Level 4 qualified, a Member of the London Institute of Banking and Finance (MLIBF), and has worked for many years as a journalist and PR consultant, having studied with the National Council for the Training of Journalists (NCTJ).