Main topics of the post:
Everything in the cryptocurrency world moves fast, including scammers who never stop developing new schemes and tactics to exploit blockchain users.
Criminals’ devious tactics range from phishing and malware to social engineering and technical exploitation, with multiple types of scams in each category.
By remaining cautious and being aware of these tactics, you can protect your funds from falling into the hands of scammers.
The long-term crypto game isn’t just about holding on — it’s about actively protecting what’s yours. With crypto summer in full swing, there’s been an influx of new users and a surge in on-chain activity. While the excitement is evident, it also creates favorable conditions for scammers looking to take advantage of those new to the space.
Whether you’re sending your first transaction or exploring decentralized applications, it’s essential to be aware of common scams that can catch you off guard. In this guide, we’ll build on our previous discussion on the importance of awareness and long-term security practices, explaining the most common cryptocurrency scams and how to recognize and avoid them, helping you protect your funds and navigate the digital asset space with confidence.
Phishing attacks
Phishing scams exploit trust by often impersonating legitimate platforms or entities. Scammers use underhanded tactics to trick users into sharing sensitive information or giving them unauthorized access to their accounts. These scams can take many forms, but the goal is always the same: steal your money or personal details. Here are some common examples to watch out for.
QR code scams
You’re asked to scan a QR code as part of a peer-to-peer (P2P) cryptocurrency transaction – sounds harmless, right? Unfortunately, scammers have been known to present Binance login QR codes as P2P order codes. When the victim scans the code and authorizes the login, they give the scammers full access to their accounts, which they’re ready to drain.
Impersonation in messaging apps
Scammers may pose as Binance representatives on messaging apps such as WhatsApp or Telegram. They may use fake profiles, create a sense of urgency, and request sensitive information such as your login credentials or two-factor authentication codes. All communication with the user occurs strictly on our platform and does not occur through direct contact on third-party apps.
Exploring Message Signing on the Blockchain
Some phishing scams happen on fake platforms and apps that look like the real thing. These sites may ask you to sign a blockchain message, which may seem innocent. However, signing it could give scammers access to your Web3 wallet or authorize transactions without your knowledge.
Malware and technical exploitation scams
Some scams go beyond personal manipulation, relying on malicious software or technical vulnerabilities to target unsuspecting users. Scammers can then manipulate your devices or steal your funds without your knowledge.
Malware clipper
The clipper malware is designed to intercept clipboard data, such as cryptocurrency wallet addresses, that you copy and paste. When you copy a wallet address to send funds, the malware replaces it with the hacker’s wallet address. If you unknowingly paste this manipulated address and complete the transaction, your funds will be sent directly to the scammer.
While it initially operated primarily through fake brokerage apps, it has evolved. Scammers can distribute fake Telegram and WhatsApp apps through unofficial channels to carry out these attacks. These apps mimic legitimate ones to operate in the background, detecting messages to wallet addresses and replacing them with the hacker's address.
Additionally, some PC versions of these applications come bundled with Remote Access Trojans (RATs), which can steal wallet credentials, monitor activities, and redirect funds without your knowledge.
Exploring the approval of smart contracts
When using Web3 platforms, approving smart contracts is a common step for interacting with decentralized applications (DApps). For example, you might approve a contract to trade tokens on a decentralized exchange or interact with an NFT marketplace. These approvals grant the smart contract permission to access your wallet and perform specific actions. While convenient, they can open the door to significant risks if not managed carefully.
The problem arises with unlimited approvals, where users grant a smart contract unrestricted access to specific tokens in their wallet. This means the contract can interact with your tokens as often as it wants, without requiring additional approval for each transaction. Scammers exploit this unrestricted access by creating fake contracts designed to drain your funds.
Peer-to-peer hits
Peer-to-peer (P2P) trading allows individuals to trade directly without going through a broker’s order book. While this can be flexible and convenient, especially in regions without easy access to fiat currency conversion channels, scammers can exploit the lack of built-in protections to trick unsuspecting users.
P2P transactions outside the brokerage
When P2P trades take place outside of regulated platforms, they have no escrow or user verification services. This makes it easier for scammers to deceive their counterparties. For example, a scammer may not transfer the agreed funds or provide forged payment receipts, leaving the other party with no recourse.
"Paid but cancelled" scams
In this deceptive scheme, scammers pose as sellers and convince buyers to cancel their orders after payment, claiming that there was an error in the transaction. Once the order is canceled, they disappear with the payment, leaving the buyer empty-handed.
How to avoid becoming a victim
While the world of blockchain and digital assets offers incredible opportunities, it’s important to approach it with a healthy dose of caution and a security-first mindset. Here are some tips and behaviors you should incorporate into your crypto practices to minimize the chances of getting scammed.
1. Use trusted platforms: As a general rule, you’re safer on well-known and trusted exchanges and marketplaces. Since you’re reading this on the Binance blog, it looks like you’re doing well!
2. Enable two-factor authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA authentication.
3. Check the URL: Always check website URLs to ensure you are on a legitimate site, especially before entering sensitive information.
4. Learn to identify phishing attempts: avoid clicking on links or downloading attachments from unsolicited emails or messages.
5. Never share private keys: Keep your private keys, seed phrases and passwords confidential and never share them with anyone.
6. Do your research thoroughly: Investigate projects, offers, and sellers before making any transaction. Look for reviews and feedback from the community.
7. Be wary of unrealistic offers: If an offer seems too good to be true, it’s probably a scam. Be wary of promises of high returns.
8. Educate yourself: Stay informed about common scams and new fraud tactics by following reputable sources and communities in the cryptocurrency space.
Take your time and don't rush to complete a transaction, especially if you're unfamiliar with the process. Protect your personal information, verify the sources of messages and apps, and be alert to unexpected requests for wallet credentials.
Final considerations
While the Web3 space has its fair share of risks, staying vigilant and aware of potential threats can significantly reduce your chances of falling victim to a scam. To gain a better understanding of these threats, explore our blog series Know the Scams. Stay informed and up-to-date on the latest threats with Binance Academy, which provides in-depth information on these scams and resources to help you spot them. Choose reputable platforms like Binance with built-in security features such as P2P escrow services to ensure secure transactions and AI-based tools to detect suspicious activity. Stay informed, exercise caution, and navigate the blockchain world with confidence.