The Good Tech Companies - Top 5 Complex Crypto Scams to Watch Out for in 2024
Episode Date: September 23, 2024This story was originally published on HackerNoon at: https://hackernoon.com/top-5-complex-crypto-scams-to-watch-out-for-in-2024. From private seeds and romance platform...s to AI tools and QR codes, we need to be aware of new types of complex crypto scams to be able to avoid them. Check more stories related to web3 at: https://hackernoon.com/c/web3. You can also check exclusive content about #crypto-scams, #romance-scams, #deepfakes, #qr-codes, #honeypot-crypto-scam, #discord-scam, #obyte, #good-company, and more. This story was written by: @obyte. Learn more about this writer by checking @obyte's about page, and for more stories, please visit hackernoon.com. The more years we spend using crypto, the more cautious we become about potential frauds. From private seeds and romance platforms to AI tools and QR codes, we need to be aware of new types of complex crypto scams. Let’s check how they lure their unsuspecting victims.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
Top 5 Complex Crypto Scams to Watch Out For in 2024, by Obite
The more years we spend using crypto, the more cautious we become about potential frauds.
Now, classical. Stuff in this field includes fake trading websites and ICOs,
blackmail emails, Ponzi schemes, phishing, rug pulls, and soon. A lot of users
have learned to recognize malicious projects, and Scammershave noticed it. That's why they're
developing new creative and even more technical ways to steal our coins. From private seeds and
romance platforms to AI tools and QR codes, we need to beware of new types of complex crypto
scams to be able to avoid them. Let's check how they lure their unsuspecting victims.
Private seed honeypot. Having the private seed, private keys, or secret recovery phrase from a
crypto wallet, a string of 12 or more random words, ensures complete access and control to
all funds stored in that wallet. That's why the first thing you should learn in crypto is to
protect your private seed.
Considering this, now imagine that a stranger sends you a private message one day,
sharing their private seed with you, and asking for help to exchange their funds.
And they have handed you complete control over their funds, out of nowhere.
You can now open that wallet from your side, and make all the transactions you want to with the coins inside. Or almost all the coins inside.
Here's a thing. To make transactions, you need to pay transaction fees in the native coin of
that network. In this kind of fraud, you can find a lot of tokens in the wallet, but they're
internal tokens inside another network, which means you'll need to pay transaction fees in
another coin to move them out. So, for instance, they code B Ethereum-based tokens,
and you'll need to pay a fraction of Ether, ETH, to make a transaction with them. There's no ETH
in the wallet, though, and you'll need to deposit at least a bit if you want the rest of the funds.
However, after you send that ETH fraction, this one is transferred out of this wallet immediately.
It's so fast that you couldn't have done a thing to stop it because it was done by what S called a sweeper bot. This way, the scammer won't let anyone transfer the internal
tokens while effectively stealing the native coins sent to the wallet. It may not be that
much per victim, but it's there as a sort of passive income for the fraudsters. Avoid this
trap. Nobody is gonna send their private seed to a stranger willingly. Romance subscriptions. At this point, we all likely know and hate romance scams.
Someone messages you for months, pretends to be your friend or your date, and somehow ends up
asking for money. Well, it seems like romance scammers also have a way to make the process
quicker, but equally effective. There are dating platforms around asking for high subscription fees only to
access them. The clients are often from North America or Europe, looking for romantic partners
in Latin America and Asia. They can see a wide selection of profiles with photographs,
but they also need to pay even more to send the messages or receive more images.
Behind the screen, these profiles are all fake and handled by whole offices OF underpaid
and illegal workers, pretending to be the people in the photograph sand urging the clients to spend
as much money as possible on internal services, such as messaging. Even the people in the
photographs work for the malicious company, so they don't only sell their photos, but partake
in the fraud through video when they're asked to. Payment methods include several cryptocurrencies.
Multiple complaints underscore underscore and warnings underscore underscore have been made
against these sites. In addition, one of our team members personally communicated with one of those
workers behind the screen, who described and confirmed the fraud to us. It's a trap, don't
fall for it, discord account hijack. Discord could be a scam minefield even for
experienced users, and moderators and admins of crypto communities on this platform aren't immune.
The scam starts when someone approaches the admin, mod, either through a direct message or
in a public chat, offering opportunities to work as a freelance moderator or admin for crypto
projects. They claim to be part of an agency that provides temporary moderation support to new ventures. The approach is subtle and professional,
with the scammer communicating clearly and not appearing aggressive.
So far, this tactic has been seen in various languages like English, Italian, and German,
indicating a broader reach. Once the offer is accepted, the target is invited to join the
scammer's Discord server for more
information. Upon entering, they are asked to verify the erudentity, something very common
in larger communities. However, this verification is actually a trap that compromises the user's
account entirely. The fraudster then uses the hijacked account to spread crypto scams across
multiple servers. Worse yet, they pretend to be
the victim, interacting with users and recommending fraudulent projects, making it appear as though
these suggestions are genuine. This scam is particularly dangerous due to its convincing
and familiar approach until it's too late to stop. If a victim falls for this scam,
they should try to regain control of their account by resetting their Discord password
as quickly as possible. If the account recovery process fails, they need to contact Discord's
support team to report the hack and request assistance in securing the account. Additionally,
the victim should inform all relevant server admins whether moderators or members,
alerting them that their account was compromised. End deepfakes to invest.
A lot of people would invest in a
project if that project is endorsed by a celebrity. Or better yet, by an important political figure.
Right now, in our slightly creepy era, it's completely possible to steal a face online and
make it talk in your favor on video. It's called a deepfake and it's done with AI. See, for instance,
this video of the uk prime minister
kir starmer recommending a new crypto investment platform if that sounds weird it's because the
real starmer didn't do it only his face on a deepfake https colon slash slash www loom com share fa3acc3b2b2e48d396c903d131b29b5a
sit equals 7389e46d3726-41f6b61b956b636aad18 and embeddable equals true the mentioned crypto platform is of course a scam,
and the fraudsters made an investment of around $27,000 in meta ads, Facebook and Instagram,
to reach over 891,000 people, according to the research firm Fenimore Harper.
Indeed, these fake ads represent at least 43% of all meta ads about Starmer,
threatening to surpass the real ones.
Soon enough, a fake version of Prince William also joined to promote the malicious crypto
investment website. This is barely yet another incident, though. Elon Musk, Donald Trump,
Michael Saylor, and other well-known public figures have been impersonated this way to
attract potential investors to scammy crypto platforms. Luckily, some things can help
you to detect a deepfake. Key signs include unnatural facial movements, like inconsistent
blinking, awkward lip-syncing, or unusual skin texture that looks overly smooth or too perfect.
Lighting inconsistencies, especially around the face and body, may also be a clue, as well as
strange shadows or reflections that don't match the
surroundings. A QR to steal everything. One bad moment you could be scanning a seemingly innocent
QR code to make a small payment, and the next one you could discover that all the funds in your
wallet are gone. This is the type of crypto scam described by the analysis firm Bitrace recently.
It all starts when a scammer proposes an enticing peer-to-peer token
exchange, bypassing traditional exchanges. They lure in their target by offering better-than-market
rates and a small upfront payment in Tether, USDT. To further win trust, the scammer promises
long-term cooperation and additional fees in TRON, TRX. After this initial transaction,
the scammer asks the user to participate in a
small repayment test, which involves scanning a QR code to return the initial USDT.
However, this QR code redirects the user to a third-party website that tricks them into
confirming the transaction. The moment they hit confirm, their wallet's authorization to
spend everything is stolen, allowing the scammer to drain their funds. This scam has already affected at least 27 individuals,
with losses totaling around $120,000. The stolen funds were funneled through
various intermediary accounts before being laundered through a Cambodian crypto exchange.
In these circumstances, it's very unlikely for the victims to recover their money.
Protect your coins against scams. Review smart contract actions carefully.
Before interacting with any smart contract or making transactions,
take the time to read and understand its actions. This helps ensure that you're not
unknowingly giving permissions that could allow scammers to access or drain your wallet.
In Obite, smart contracts can be read by humans, from the same
wallet. N. N. Verify offers and projects carefully. Be skeptical of any unsolicited offers for work or
investments, especially if they promise better than market rates or guaranteed profits. It's
not recommended to answer private messages on any platform if you don't know who's on the other side.
N. Don't pay for romance. If you have
to pay for it, that's already a very bad sign. If you want to interact online with someone,
at least make sure you can see them, not only photos or messages. N. Use two-factor authentication,
2FA. Enable 2FA on all accounts, including crypto exchanges and communication platforms like Discord.
This adds an extra layer of security and can prevent unauthorized access.
In Obite wallets, you can do this by creating a multi-device account from the global settings
or enabling a spending password to authorize each transaction.
n.
Beware of what you're seeing.
** Always question endorsements from celebrities or political figures. Some quick research could save you a lot of money.
n. Avoid scanning random QR codes, only scan QR codes from trusted sources.
Scammers can use QR codes to redirect you to malicious websites that can compromise
not only your wallet but your entire device and data.
n. Finally, you can check our guides about how to recognize legitimate centralized
projects, like crypto, fiat exchanges, and trustable decentralized projects, like DEXs.
Featured Vector Image by Freepik.
Thank you for listening to this Hackernoon story, read by Artificial Intelligence.
Visit hackernoon.com to read, write, learn and publish.