As the calendar turns to 2024, the crypto market faces increased threats from cybercriminals. Indeed, hackers have been employing more sophisticated methods to part investors from their cryptocurrencies. According to Chainalysis, illicit addresses received over $24 billion in 2023, a stark reminder of the persistent risk.
The proliferation of scams, ranging from ransomware and phishing emails to darknet marketplaces, underscores the critical need for vigilance among crypto enthusiasts. So, here are the top crypto scams to avoid in 2024.
Beware of Smishing Attacks
One insidious tactic gaining traction is “smishing.” This method involves sending fraudulent SMS messages pretending to be from reputable sources, such as cryptocurrency exchanges. Basically, the goal is to trick recipients into divulging sensitive information or clicking on malicious links.
The term “smishing” merges “SMS” and “phishing,” highlighting its nature as a phishing attack via text message. IBM describes smishing as a social engineering attack aimed at manipulating individuals into compromising their security.
To counteract this threat, users are advised to scrutinize the origin of text messages and avoid engaging with suspicious links.
How to Protect Against Smishing. Source: Wallarm
For smishing scams within the crypto market, a notable incident involved Binance, one of the largest cryptocurrency exchanges. The platform and its users have been targets of smishing attempts. Essentially, scammers send SMS messages impersonating Binance to phish for user credentials and other sensitive data.
In a specific case, Binance’s customers in Hong Kong lost nearly $500,000 due to these SMS scams. This incident highlighted the vulnerabilities associated with SMS communications and the sophisticated techniques scammers use, such as SMS spoofing, to make their messages appear legitimate.
The Rise of Romance Scams
Romance scams, or “pig-butchering,” have witnessed exponential growth, with losses amounting to billions of dollars. These scams exploit social media, dating apps, and other platforms to build trust with potential victims before eventually soliciting cryptocurrency under pretenses.
According to the Federal Trade Commission (FTC), romance scammers conned victims out of $139 million worth of cryptocurrency last year. These scammers often begin relationships through dating apps or social media, quickly profess love, and then steer the conversation towards lucrative crypto investments to defraud victims.
Read more: Crypto Social Media Scams: How to Stay Safe
The FTC warned against online love interests who request money or suggest crypto investments, signaling a potential scam.
“They make plans to visit but tell you they’re delayed by costly problems: a lost airline ticket or visa, a medical emergency, or a blocked account. They say if you could send them some money, they could still come see you. But the minute your online love interest asks for money, you know it’s a scam,” the FTC wrote.
Crypto Crimes by Category. Source: Chainalysis
The FBI has also reported a trend where romance scammers increasingly pressurize victims to invest in cryptocurrency, leading to substantial financial losses. In 2022, 19,050 victims reported losing $739 million to romance scams, with a significant portion of these scams involving fake crypto investments.
“Online dating is common today, but unfortunately scammers also thrive on those same sites. Whether you’re looking for love or a friendship online, be sure you first understand the risk of being exploited. Remember, a scammer will always eventually ask you for something, so set a boundary early on and never, ever send money to someone you’ve never met,” FBI Agent Sherri E. Onks said.
Fake QR Codes: A New Fraud
Fake QR codes, also known as “quishing,” have become a prevalent scam targeting individuals in various ways. This crypto scam involves the use of QR codes that, when scanned, redirect victims to fraudulent websites.
These sites may mimic legitimate payment platforms, tricking users into entering their personal and payment information, which scammers can exploit for fraudulent purchases or sell on the dark web.
YouTube channels have become the latest battleground for cryptocurrency scams. Indeed, attackers employ advanced deepfake technology to impersonate notable figures such as Elon Musk, Ripple’s CEO Brad Garlinghouse, and Michael J. Saylor of MicroStrategy. The scammers use deepfake videos to create an illusion of legitimacy, promising viewers massive returns on their crypto investments.
Despite efforts by cybersecurity companies to develop detection tools, these scams have proven difficult to eradicate. The technique involves the unauthorized use of live streams, QR codes, and malicious links to deceive viewers into sending cryptocurrency under the guise of doubling their investments, only to abscond with the funds.
YouTube’s massive user base, totaling 2.70 billion active accounts, presents an attractive target for these criminals. With millions of subscribers, some channels are manipulated to mimic reputable brands, with scammers netting over $600,000.
To safeguard against these scams, the FBI suggests treating QR codes with the same caution as suspicious emails. Always verify the source before scanning a QR code. Look for signs of tampering or alteration if the QR code is in a public place. Be wary of unsolicited QR codes sent via email, and avoid scanning them.
“Some scammers are physically pasting bogus codes over legitimate ones. If it looks as though a code has been tampered with, don’t use it. Same thing with legitimate ads you pick up or get in the mail. Finally, consider using antivirus software that offers QR readers with added security that can check the safety of a code before you open the link,” the FBI wrote.
By vigilance and practicing these precautionary measures, one can be protected from quishing scams.
The Menace of Fake Trading Bots
The rise of fake crypto trading bots has been a significant concern in the cryptocurrency industry. Indeed, various scams target investors hoping to benefit from automated trading systems. These scams often promise unrealistic returns, leveraging the allure of artificial intelligence (AI) to create a facade of legitimacy.
Moreover, they may use fake endorsements from celebrities to add credibility to their schemes. Investors are advised to be wary of platforms showcasing fabricated numbers, to verify company details, to assess the language quality on their websites, and to look for user complaints on consumer forums and sites like TrustPilot.
The US Commodity Futures Trading Commission (CFTC) has issued warnings about AI trading bots, emphasizing that they often promise huge crypto profits without any substantial basis. Therefore, investors are encouraged to research providers thoroughly and avoid putting their money into algorithms that make big yield claims without verifiable evidence.
“When it comes to AI, this advisory is telling investors, ‘Be wary of the hype.’ Unfortunately, AI has become another avenue for bad actors to defraud unsuspecting investors,” OCEO Director Melanie Devoe said.
The warning is part of a broader effort to educate investors about potential scams exploiting arbitrage algorithms or social media hype.
Discord Hacks Target Crypto
Discord is a popular communication platform within the crypto community. However, it has become a hunting ground for hackers. By compromising admin accounts, cybercriminals disseminate fake announcements and links, leading to potential financial losses for unsuspecting users.
These crypto scams have been particularly targeting non-fungible token (NFT) projects. Indeed, there has been an alarming increase in phishing attacks through Discord, with a reported loss of millions of dollars. These attacks have been sophisticated, utilizing social engineering techniques such as phishing and exploiting vulnerabilities in Discord bots like Mee6.
The attackers have focused on creating a sense of urgency around NFT minting events to deceive users into clicking malicious links.
One notable example of such an attack was on Yuga Labs’ Discord server in 2022, the creators behind the Bored Ape Yacht Club (BAYC) collection. The Social Manager’s verified Discord account was compromised, and the attackers used it to post promotional material that led to a phishing site, scamming users by asking them to send Ethereum (ETH) for a minting fee. This resulted in the theft of NFTs from the victims’ wallets.
To protect against such scams, individuals should be cautious of common attack vectors on platforms like Discord. Awareness of phishing attacks that use FOMO-inducing language is crucial to mitigate the risk of falling victim to these scams.
Read more: 15 Most Common Crypto Scams To Look Out For
As the community and law enforcement work to enhance security measures, users must safeguard their assets and personal information from these sophisticated cyber criminals.