The Good Tech Companies - Social Engineering in Crypto — or, You Can Be Your Worst Enemy

Starting point is 00:00:00 This audio is presented by Hacker Noon, where anyone can learn anything about any technology. Social engineering in crypto, or, you can be your worst enemy, by Obite. Do you know what engineering is? We can define it as the practical use of materials in science to create things or fix problems. Add, social, to it, and we have the people factor, but not in a good way for those people. Social engineering is a type of manipulation that tricks people into giving away sensitive information, like credentials, passwords, account access, or private keys. Scams, a more familiar concept, are a specific form of that manipulation,

Starting point is 00:00:37 usually involving deception for financial gain, including stealing crypto. Unlike technical hacks that exploit code, social engineering exploits human behavior. It relies on building trust, creating urgency, or taking advantage of confusion. In the world of crypto, that's a dangerous mix. Here, in most cases, users are their own banks. There are no hotlines to reverse transactions or block a suspicious charge. That autonomy is powerful, but it also puts you in the crosshairs of scammers who don't need to know how to code. They just need to get you to click, sign, or share.

Starting point is 00:01:12 In 2024, crypto users lost around $9 billion to crypto-related scams, according to chain aliasis. Nobody wants to be part of that statistic, so les walk through how social engineering works in crypto, what real cases look like, and how to protect yourself. How social engineering plays out in crypto. When you hear the word scam, you might picture a shady website or a suspicious email. It may be just that, too, but in crypto, social engineering often looks like other things, like help or investment, a friendly Discord admin offering support, a DM on telegram from someone claiming to fix a bug, a helpful stranger saying you've qualified for an airdrop,

Starting point is 00:01:53 an article on social media promoting a good investment platform. This is how it starts. Crypto tools are decentralized and fast moving. There are no official support teams built into every single wallet. No way to freeze a transaction IF something feels off. Scammers know this and they adapt. They hang out in the same space as users do, watching for someone who's confused or asking a question in public. Then they strike. They also study network activity in public chains like Bitcoin, Ethereum, or a byte. They can see if you've just made a big transaction, interacted with a new protocol, or received an unknown token.

Starting point is 00:02:30 From there, they target you directly. Maybe you get a fake warning pop-up saying your wallet is compromised. Or you receive a phishing link to claim your tokens. If they manage to identify you, they can even pretend to be your friend or romantic interest to ask for money later. The danger isn't just the tech. It's how it intersects with our habits, expectations, and trust. Real-world scams.

Starting point is 00:02:53 How people get tricked. Take the massive hack that hit the Axi Infinity platform in 2022. A developer, at the time working with the company of Axi Infinity, was offered another high paid job through LinkedIn. He downloaded a PDF with job details. What had didn't know was that it included spyware that gave hackers access to the validator nodes, and they went on to steal over $600 million. Or consider the case of a well-known crypto influencer who goes by NFT God. In early 2023, he tried to download OBS Studio, a legitimate video recording software. But he clicked on a sponsored ad in Google search that led him to a fake version. The malware

Starting point is 00:03:34 installed silently, accessed his seed phrase, and drained all his wallets. He lost not only NFTs and tokens, but also access to his Twitter, eggs, and substack accounts, too. That allowed the scammers to send malicious links to his subscribers and followers on his behalf. H-T-TPS colon slash slash X. Com, Alex Finnex, status, 1 quintillion 614 quadrillion 442 trillion 958 million 324,739. Embedible equals true fast forward to 2024, fake investment opportunities in pig butchering schemes, romance scams, led the way. High-yield investment scams, which promise big returns with little risk, still brought in

Starting point is 00:04:18 the most money. But it was pig butchering, where scammers build fake relationships to win trust before stealing funds that grew fastest, increasing nearly 40% from the year before, according to chain aliasis. These scams are getting harder to spot because cybercriminals now use AI and entire fraud, service platforms, like Hui-eown guaranteed to run professional, well-planned operations. Some even use crypto-ATMs to target vulnerable people, including the elderly. So, while some scam types may seem familiar, the way they're delivered is becoming much more sophisticated. None of these attacks broke crypto networks.

Starting point is 00:04:56 They broke people's attention, assumptions, and habits, why it works, the psychology behind it. People don't fall for scams because they're careless or dumb. They fall for tembikas they're human. Social engineering thrives on predictable emotions, trust, curiosity, fear, and excitement. In crypto, where everything is fast and air drops can be real, that emotional pressure gets turned up. Many scams use urgency. A pop-up says your wallet is at risk and asks you to act immediately. Others use authority. Someone pretending to be a support agent tells you exactly what to do, step by step. Some lean into flattery, you've been selected for a rare giveaway. All you have to do

Starting point is 00:05:36 is sign this transaction. Even security conscious users can fall for this. According to IBM, 85% of cybersecurity breaches across industries involve human error. The more complex the system, the more likely we are to zone out, misclick, or act fast under pressure. Add Defy dashboards, obscure gas fees, and endless browser tabs, and you have got a perfect setup for mistakes. It doesn't help that scams often look like real interactions. The logos are right, the usernames match, the messages sound helpful, what's dangerous is how normal it all feels until it's too late. Most common social engineering tricks in crypto. There are a few patterns that show up again and again in crypto social engineering attacks. One of the most common is fake tech support. Someone pretends

Starting point is 00:06:23 to be from Ledger, Metamask, Binance, Coinbase, or any other popular project. They offer to walk you through a fix. Then they ask for your seed phrase or send you to a fake interface. Besides, fishing websites are everywhere. They copy the look and feel of real apps like Uniswop or OpenC. they use typos in the domain name, which can help to identify deception. Commonly, they appear as Google ads, making you believe that they are first on the results list. If you don't check carefully, it's easy to get tricked into connecting your wallet. As we mentioned above, romance scams and fake investment platforms abound. They may even collaborate between them. A new romantic interest you met online could send you this, amazing, website to double your

Starting point is 00:07:08 investment. Giveaway scams still catch people. You'll see a fake e-law. Musk account post a double your crypto offer or a new project might say you won an irdrop. Clicking the link takes you to a site that drains your wallet the moment you approve anything. Another danger comes from fake tokens or NFTs. You might see a valuable looking item land in your wallet. Clicking to inspect or list it can connect you to Amalicious Dab. The moment you sign something, your assets can be gone. In every case, scammers simply reach out first how to protect yourself from social engineering it helps to think of crypto like wilderness survival you're in charge and that means being alert the number one rule is to

Starting point is 00:07:49 never share your seed phrase private keys no one legitimate will ever ask for it not ledger not meta mask not binance not anyone here we have more advice keeping most of your funds in cold wallets offline can be very useful it puts a physical layer between you and bad actors even if you you click a fishing link, most of your coins are elsewhere, and the damage is much less. In Obite, you can do this by creating a simple text coin and deleting it from history. Be careful with what you sign. Always check what permissions ADAP is asking for. Tools like Revoke. Cash can show you what's connected to your wallet, bookmark official sites, and never trust links from DMs. In Obite, it's easy and clear to check what every

Starting point is 00:08:33 smart contract and autonomous agent, ah, like a decks or bridge, will do before every transaction. double-check identities. If someone contacts you offering help or support, verify their identity and unique handles in a public channel. Scammers often copy usernames and profile pictures. If you're ever unsure, ask out loud where everyone can see. Never send money to strangers over the internet, no matter if they claim to be your friends or care about you.

Starting point is 00:08:59 If you don't know them personally, if you don't know where they live or work, don't do it. If they say they're a reliable company, research that company as much as possible. And most importantly, slow down. If a site, message, or alert makes you feel rushed, that's a signal. Scammers depend on speed. You should do the opposite. Crypto gives you freedom, but it also gives you responsibility. Keep your guard up, trust scarcely, and treat your wallet like a vault. One bad click can be all it takes. Featured Vector Image by PCH. Vector. FreePick Thank you for listening to this Hackernoon story, read by artificial intelligence.

Starting point is 00:09:36 Visit hackernoon.com to read, write, learn and publish.

The Good Tech Companies - Social Engineering in Crypto — or, You Can Be Your Worst Enemy

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.