As long as money has existed people have been trying to extort it from others through the means of deception, violence and theft. While bitcoins are diffcult to steal if basic security procedures are being followed, and we are relatively safe from violence through the natural distance of the online world, scams are following Bitcoin users around wherever they venture, and hardly leave any forum, chat group or conference untouched. Bitcoin’s biggest strength, being incredibly easy and cheap to transfer anywhere around the world, makes it also so attractive to those making a living off extorting you from the comfort and safety of their homes. It comes without consumer protection built in, and all transfers are immediate and irreversible. Escrow services exist and are highly recommended when exchanging goods and services with people who you don’t know or cannot verify. We present the most common scams in the cryptocurrency world, because knowing how to spot them is the strongest, and often sadly the only protection against them.
While not technically a scam, cryptolockers are the most common form of threat linked to Bitcoin. That is not because Bitcoin users are more likely to fall victim to them, but rather that it was infeasable to extort users before cryptocurrencies became popular. Cryptolockers are software deployed by bots which automatically scan the internet for any kind of devices like network storage, routers, servers or databases. But they can also come in the form of app, downloads or torrents. In rare cases they are also deployed by disgruntled contractors or employees. Cryptolockers will encrypt your data with a key, and only give you back access to this data after a payment in bitcoin has been made to the attacker. Once attacked, there is little you can do, although a bit of research about the type of malware is usually worth it, as many are as poorly programmed as the systems they infect.
- To protect yourself from cryptolockers, make sure that your systems are up to date, have proper passwords (use a password manager!) and beware of all software you are running on them. Computers with the latest operating system behind a regular firewall (eg your router) pretty much never get infected.
To the traditional investor Bitcoin looks pretty boring. It doesn’t pay dividends, yields no interest and is usually not loaned out. So what if there were a product that…. No, forget it. Such products exist, and they are scams. The interest is paid out using the incoming funds of new investments, and while the early investors (eg, the scammers) rejoice and post publicly about the high returns they are seeing, the system soon collapses, leaving late investors empty handed and feeling pretty stupid.
- As a rule of thumb, a service that promises you a return on your bitcoins is a scam. Of course there might be legitimate services that are able to pay dividends in bitcoin, so even if you have the risk appetite you should still verify all the claims the service makes, as well as checking on the presented owners, managers and premises.
The Pump and Dump
Bitcoin might disappear, but cryptocurrencies are here to stay? While this sounds true to the point of a truism, the chances of somebody having solved the inherent problems in Bitcoin, like scalability, efficiency and power consumption, are pretty thin. Yet many ‘altcoins’ claim they are far more potent than the Bitcoin blockchain, and appeal to your desire to ‘get in early’, ironically by asking for a payment in Bitcoin.
- Very few altcoins are really innovative, and while nothing speaks against diversifying your portfolio, you should be very cautious of everything that is pre-mined, crowdfunded or heavily marketed.
The Double Switch
Users of fiat currencies have been targeted by the bank switch scam for decades, but with Bitcoin it gets to a whole new level. In the regular bank switch scam the victim would be informed by their business partners or suppliers that ‘the bank account has changed’. This message indeed comes from a fraudster and impersonator, and by the time the real business partner complains about the missing payment, the scammer is long gone with the money. This leaves a trail of documents however, and requires a large pool of compromised bank accounts around the globe to successfully pull off.
In the double switch, the scammer will use the anticipated payment to buy Bitcoins, for example through localbitcoins.com or other forums. This means there are two potential victims involved who are unclear about who they are interacting with. Victim A for example might be making a payment for a computer or flight, sending money via bank wire or paypal to victim B. Victim B is told by the scammer in advance about this payment, which they believe to be a payment for Bitcoin. Victim B then sends the Bitcoin to the scammer, who is the clear beneficiary of this trade.
Whether victim A or B end up losing out is difficult to foresee. It mostly depends on whether A can successfully charge back the money paid for the unrendered service or product. In Hong Kong, bank wires are generally irreversible, but when made within a bank it is up to the bank’s discretion what to do. But even if the payment is irreversible, victim B might still find themselves in the focus of a money laundering investigation.
- Always verify identities when trading Bitcoin online, and make sure these identities match up with bank accounts and other documents. Only trade with systems that enable escrow, and look out for positive reviews.
Do You Know Who I Am?
If you have posted an offer somewhere, for freelance work for example, or material goods, you might quickly find your inbox clustered with responses. Some of those will seem professional and link to pages filled with references, reviews and trade history. The scammer will usually ask for a small down payment to begin work or mail you the goods, but they never arrive.
- Always verify if the person you are talking to is representative of the online identity that you are presented with. Ideally you have the possiblity to use escrow and internal messaging systems on the platforms you are using, or are being reached out to through email addresses listed on the public profiles that these emails refer to.