Discover more from Web3 Bits and Bytes
Understanding Web3 Scams ⚠️
Crypto and Blockchain Phishing scams to be aware of before you get excited about Web3. Let’s explore some of the top crypto and blockchain phishing scams that have surfaced recently.
Everyone is talking about Web3 even though not everyone really understands what it exactly is. With increased adoption of the Web3 ecosystem, the hype around the next evolution of the Internet is taking the world by storm.
For many, Web3 is a platform to make profits, especially with investments in cryptocurrency and the transparency that comes with it. In a nutshell, web3 is all about ownership and control over our own data, privacy, and finances online. With a new web evolution underway, how secure is Web3 actually?🤔
Where money is concerned, scams always follow. And the same is true with the crypto space. Web3 is exploding with economic activity and has the potential for incredible growth. While this attracts a lot of well-deserved attention, it also attracts scammers and thieves👀
Though the basis of Web3 is decentralization and transparency, it does not imply that it’s scam proof. Cryptocurrency scams are rising, and thieves are using new and old techniques to steal money. Some of the latest scams involve Rug pulls, Ponzi schemes and phishing.
The numbers in fact are staggering 🤯🤯
📌Losses from crypto-related crime rose 79% from 2020.
📌Cryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020.
📌Cryptocurrency theft increased 516% from 2020, to $3.2 billion worth of cryptocurrency. Of this total, 72% of stolen funds were taken from DeFi protocols.
Why are the numbers on the rise?
For scammers, unregulated technology provides an opportunity to deploy tactics that will unlawfully extract value from users. In blockchain, that value is often exploiting vulnerabilities in code (smart contracts) to rob people off their money stored in decentralized wallets. But that’s not where it ends.
As the technology evolves, the scammers evolve twice as fast.😬
This might sound funny but, blockchain-related scams from digital wallets are more common as compared to Web3 applications gaining traction.
These scams can be as simple as sending false transactions and creating phishing websites to something as planned as Pump and dump schemes. Time to dig a little deeper 🔎🔎
Let’s start with Rug Pull. It’s a term that has been popularized to describe the Web3 / DeFi equivalent of what we would call a Ponzi scheme [pumping and dumping] in traditional financial systems.
You’ve heard about ETH, BTC, MATIC - all are cryptocurrencies of their respective blockchains. But, there isn’t just one token or cryptocurrency per blockchain. Ethereum blockchain alone has an incredible number of cryptocurrencies, and creating a new one is fairly easy. Not only are they easy to create, but you can name them whatever you want, which makes identifying legitimate tokens particularly difficult.
Teddy DOGE, SnowDog, Luna Yield - sounds like some Anime character names? Well, they’re rug pulled projects😵
But what in the world is a rug pull actually?
Say you are standing on a rug, and it’s unexpectedly pulled out from under you. You would obviously fall on the floor and everything you are holding on to would spill. This is exactly what happens in the Crypto world with some people.
How does it work?
A token is created🪙
The creators of the token create hype, by injecting liquidity into their token, airdropping, spamming through social media channels and other schemes🤓
The price of the token is inflated, often in a coordinated manner between a number of parties📈
Investors dogpile in on the token and boost the price of the token with the perception that the value is skyrocketing and they want to get it when the token is still relatively cheap.💲💲🤑
Once the value of the token reaches the target that the creators were aiming for, the creators pull as much value out of their share of the tokens, leaving their investors with tokens worth close to nothing. It’s a DeFi exploit and seemingly common.😬😬
There are different types of rug pulls, some illegal and some unethical.
How do you know if your rug is being pulled?
When one gets stuck in a quicksand, it doesn’t take a genius to figure out that it is a quicksand, and they are doomed. Unfortunately, it’s not as easy to notice a rug pull when you are entangled in one. But there are few signs you can watch out for.
👉Using rug pull checkers, scanners, and trackers like Tokensniffer, BSChecker and Cryptach
👉It’s better to be safe than sorry, dodge being rug pulled by doing proper due diligence.
👉Never rush into a project just because it promises high returns or has risen sharply.
👉Dealing with pump and dumps - be extremely suspicious of any project whose price soars within just a few hours.
And most importantly - Don’t let FOMO get the better of you ⚠️
You learn by examples - time to look at Luna Yield rug pull - one of the biggest and most interesting rug pull where investors lost whopping $6.7 Million😲
Luna Yield was an ecological farming project operating on the Solana platform. The Solana (SOL) project had been growing steadily before Luna Yield vanished. Why?
Coz the project offered an APY(Annual percentage yield) of up to 400% on the SOL-USDC pair, which was enough to attract millions from DeFi investors. 😩😩The project’s creators suddenly deleted their website, Telegram, and Twitter accounts and withdrew millions of dollars.😶
Following the deletion of the social media accounts, the Luna Yield investors tried to withdraw their funds that weren’t staked, but unfortunately, they were unsuccessful.
They all were Rug pulled.😨
Bottom line is, money lost in Crypto rug pulls is practically never recovered, and in most of the cases, the scammers are able to vanish without a trace.
Does it imply that you should stay away from cryptocurrencies? Most definitely not! Would you stop dating because people cheated?😅
Hate the player, not the game😏😏
Moving on, let’s talk about social media and the bazillion spam messages we receive. Ever since I started interacting with web3 content and started talking more about web3 on Twitter and LinkedIn, my inbox has been filled with spam links asking to sign up for airdrops, swap USDT for them in exchange of money, participate in mining to get huge amounts of money, invites to Crypto events and much more!
Like Web2 attacks, hackers are counting on human error as a starting point for this type of attack. Phishing attacks are definitely on a rise in the web3 world.
Phishing can happen through malicious links sent through DM on Twitter, Discord, Instagram and LinkedIn or even emails. It's estimated that one of every 100 tweets is malicious & that fewer than half of Twitter accounts represent true users sending out tweets to followers. The rest of the accounts are inactive or set up just to automatically send out spam.
⚠️Again, do not ❌click on any such links ⚠️
According to a June 2022 report by the Federal Trade Commission, over $1 billion in cryptocurrency has been stolen since 2021. And the hackers' hunting grounds are where people gather online.
As per FTC, Nearly half the people who reported losing Crypto to a scam since 2021 said it started with an ad, post, or message on a social media platform.😲😲
Generally, scammers send malicious clone links (a near-perfect copy that looks legitimate) to divert victims to a site that drains their wallets of Crypto and NFTs.
A phishing scam may start with social engineering, telling the user about an early token launch or that they will 100x their money, a low API, or that their account has been breached and requires a password change. These messages usually come with a limited time to act, further driving a user's fear of missing out, FOMO.
These attacks can come in many forms:
📌Malware: any program or code harmful to systems. Malware can enter a system through phishing emails, texts, and messages.
📌Compromised Websites: Legitimate websites are hijacked by scammers and used to store malware that unsuspecting users download once they click on a link, image, or file.
📌URL Spoofing: Also known as URL Phishing, it’s all about creating spoofed websites that are clones of legitimate websites. These sites can harvest usernames, passwords, credit cards, cryptocurrency, and other personal information.
📌Fake Browser Extensions: As the name suggests, these exploits use fake browser extensions to dupe Crypto-users into entering their credentials or keys into an extension that gives the cyber-criminal access to the data.
Web3 can be anything you want it to be. There are multiple ways of being scammed but there are ways to safeguard yourself as well.🧐
What can you do to protect yourself?
Never ❌ reply to an email, SMS text, Telegram, Discord, or WhatsApp message from an unknown person, company, or account.
Do not enter your credentials or personal information when using public or shared WiFi or networks.
If you use a mobile, browser, or desktop wallet, also known as a hot wallet, download them from official platforms like the Google Play Store, Apple's App Store, or verified websites.
Be sure to keep your private keys, seed phrases, and passwords private. Never❌ share it for participating in investments and minting. Its a SCAM⚠️
Do your research before investing in a project. Don’t fall for high pressure tactics and deadlines. It’s just a way to invoke FOMO
Lastly, if it sounds too good to be true, it probably is a scam.
Until next time, stay aware, and stay vigilant!
And, remember, half-true compliments and feedbacks are always welcome at:
laisha.wadh [at] gmail [dot] com