A fair few cryptocurrency scams have been doing the rounds across 2021. Most of them are similar if not identical to tactics used in previous years with an occasional twist. Here’s some of the most visible ones you should be steering clear of.
Recovery code theft
Many Bitcoin wallets make use of something called recovery codes. These are, as the name suggests, codes allowing you to regain access to wallets you’ve locked yourself out of. These are the last roll of the dice for anyone unable to view their funds, and not a situation people would wish to find themselves in. As a result, they’re a fantastic target for scammers wanting to do some wallet plundering.
One of the sneakiest ways to grab a code is to jump into customer support discussions on social media. Scammers set up fake customer support style accounts, then direct potential victims to phishing pages hosted elsewhere. If you lose a recovery code or its equivalent in this manner, it’s almost certainly gone for good. Always ensure the entity you’re talking to is:
- The official support channel and
- you haven’t inadvertently started talking to someone else entirely.
By doing this, your digital funds should be kept safe from this technique.
Fake Elon Musk cryptocurrency scams
Another social media shenanigan involving cryptocurrency? You bet. This tactic involves stealing verified Twitter accounts, making them resemble Elon Musk, and then spamming bogus Bitcoin offers in replies to viral tweets.
This has been happening for quite some time now, and refuses to go away. It’s not pocket change, either. The FTC estimates at least $2 million has been stolen from cryptocurrency investors. It’s not just happening on Twitter, either. Rogue SpaceX crypto scams were doing the rounds back in June of this year.
If in doubt, remember that Elon is not going to make you rich beyond your wildest dreams with Bitcoin.
Covert container mining
This one is a bit more technical than most, and relies on bad things happening behind the scenes. There’s no direct social engineering aspect, because that’d give the game away.
If you’re a developer working on a project, it’s common to make use of pre-made code libraries. There are all kinds of ways to give your project a leg up, but one of the most popular is Docker. Docker bundles up all the things your project needs (including operating systems, applications, and other people’s projects it depends upon) in a “container”, a self-contained, portable environment. Because why write code if somebody’s already written it for you?
Turns out this area of work wasn’t safe from crypto-antics either. Rogue mining images involved in cloud-based mining attacks were discovered sitting on Docker Hub. The images contained software people might want to include in their Docker project, along with a cryptominer that would churn away in the background, making cryptocoins for somebody else at your expense.
This is a tricky one to avoid, but you can make a start by checking out the list of image names which could indicate bad files ahoy here. 30 malicious images downloaded roughly 20 million times(!) equals an awful lot of potential mining activity taking place.
419 crypto scam
Advance fee fraud scams involve sending dubious chunks of cash to / from a victim’s bank account. The money vanishes without trace, and the victim becomes a money mule, and is left carrying the blame.
We recently saw a mail along these lines. Nothing new there. However, this one asks victims to install a wallet app and transfer funds.This is not something you want to be doing. The scammers wants people to get in touch on WhatsApp, where they may well ask for additional personal information. This could easily be used elsewhere in other scams.
There’s many more crypto-scams waiting in the wings, but these are the ones we tend to see the most of. Give yourself a head start and learn to spot the signs of attempted compromise out there in the wild. Your digital wallet will thank you for it.