It’s an unfortunate reality that scams are widespread in the crypto space. It’s easy for somebody to set up a scam website, spin up a fake “Official Giveaway” social channel, or impersonate a trusted community member. It’s impossible to shut every one of these down. The good news is that it’s easy for you to avoid the most common scams. The primary tool you’ll need is a healthy sense of skepticism. The main steps you need to take are to slow down and ask questions. The number one thing you’ll need to remember is: if it sounds too good to be true, it is.
There is No Ctrl+Z.
It’s critical to be mindful of immutability – a core element of blockchain and smart contract technology – which means transactions are permanent and cannot be reversed. Once you send that token, it’s gone, so you better send it to the correct address. Every single time you sign a transaction, you should be aware that you could lose everything. Because, the truth is: if you do it incorrectly, you could lose everything.
The crypto space moves quickly, and it can often feel like you need to move even more quickly to keep up. When the stakes are high, making informed and measured decisions ensures that you don’t make mistakes you cannot undo. Therefore, even though it might seem counterintuitive, slow is fast. Before you confirm any transaction – whether you’re interacting with a DeFi platform for the first time or sending tokens between your own wallets – you should slow down and double-check everything. “Everything” means every element of the transaction, including approval amounts, sent amounts, addresses, gas costs, everything. Test everything. You are the last line of defense.
Keeping immutability in mind, it’s crucial that you jealously guard all information that allows you, and only you, to control your assets. Never, under any circumstances, should you share your passwords, seed words, private keys, or other personal information. No customer service agent, Telegram admin, project team member, or government official needs your information to do their job. But scammers do.
An Adversarial Mindset
Thankfully, dodging most scams in the crypto space is as easy as cultivating a basic sense of skepticism, which is a core component of what cybersecurity professionals call an adversarial mindset. Before I detail a few of the most popular scams, let’s begin to establish an adversarial mindset by exploring a widespread scam scenario: a fake Telegram admin reaches out to you via a direct message (DM).
Maybe it’s your first time asking a question in an official Telegram channel. Maybe you’re a regular contributor there. Either way, you’ve received a message from somebody who seems to be an admin in that channel, and they’re offering to help you.
They might use a name like “Official Customer Support,” “Official Admin,” or even appear to be a team member or admin that you recognize. They’re offering to help you set up your account, upgrade your contract, or receive a limited-time discount on tokens – and it sounds important.
Again, first remember to slow down, be skeptical, and ask questions. Who is this person? Can you verify their identity? Why are they reaching out to you directly? Can you verify what they’re saying somewhere else? Most importantly, how does this person benefit from you communicating with them and doing what they’re asking of you? What do you have that they want? What do you stand to lose?
Who is this person?
Check to see if you have any groups in common with this person on social apps. If an alleged official customer support person, channel admin, or team member isn’t in the same social channels as you, that’s a big red flag.
The person in question might have the same profile picture and username as an official admin you’ve spoken to before in the general chat. Double-check that it’s really the same person. Compare the questionable person’s @handle to the handle of the official admin. Open up a DM with the official admin by clicking on their name in the official chat. Chances are, it will be a new message thread. Ask the admin in the official channel if they just DM’d you. Chances are, they didn’t.
Why are they messaging you directly?
In almost all cases, communications coming from an official team member will be through a public-facing medium, e.g. Twitter, Medium, or their official blog. There simply aren’t enough hours in a day to communicate with each community member directly, so if somebody is DM’ing you a special offer, it’s almost certainly a scam.
Can you verify what they’re saying somewhere else?
Check the official website of the project this person claims to represent. Check their official Twitter. Is anybody else talking about this giveaway/airdrop/promotion? Ask about it in the official Telegram/Discord/WeChat (which you can navigate to from the official website).
How does this person benefit from you doing what they ask?
Most of these scam interactions will go back and forth while the impersonator tries to convince you they are who they say they are and that you need to do what they ask. They’ll try to pressure you to do whatever they ask immediately.
Ultimately, the scammer will either ask you to send them funds or request your private information, such as your passwords, seed words, or private keys, which would allow them to take your funds. Remember, blockchain transactions are irreversible, so once you’ve sent a scammer your funds, you cannot undo the transaction.
This list is far from exhaustive because it’s impossible to track every new scam. But here are a few of the most common and enduring ones.
Fake airdrops or giveaway announcements
These can be announcements from fake “Official” Twitter accounts, Telegram groups, YouTube channels that feature a short video, direct messages on messenger apps, etc. They typically ask you to send them some tokens and they promise to send you back twice as much. This scam goes back to RuneScape – don’t get got.
Scam emails, especially “Contract Upgrades”
Many communities were targeted with this most recent scam that promised a reduction in gas fees, among other things, and requested users to send their tokens to the contract.
Impersonators of team members/admins DM’ing you
Team members or admins of an official Telegram/Discord/etc. will almost never DM you first. The overwhelming majority of unprompted DMs are scams.
Scam smart contracts, fake dapps, imposter websites, etc.
Always double-check the URL of the dapp you’re using. Be certain you’re interacting with the genuine article.
Remember: the Chainlink Labs team will NEVER:
- Offer an airdrop or giveaway.
- Offer a special “sale” on LINK tokens.
- Directly contact you via email with an “urgent update” or “limited-time offer” or ask you for your passwords, seed words, private keys, or funds.
- Directly contact you to upgrade any contracts via email. Any changes or upgrades to tokens or contracts will be communicated via the Chainlink Developer Docs.
Wrapping It Up
You can protect yourself from most scams by maintaining a skeptical mindset. Anything worth doing in this space is worth taking the time to investigate and verify, because once you’ve done it, you can’t undo it. If you’re not sure about something, slow down, take a step back, be skeptical, and verify from official sources. You can always go to chain.link, scroll down to the footer, find an official social channel, and ask questions in the general chat.
My parting gift to you is The SIM Swapping Bible, a comprehensive article that will help you secure all your accounts and wallets. Read it and follow it. Don’t get got.
Other Great Resources:
Coindesk – How to Spot a Crypto Scam
MyCrypto – MyCrypto’s Security Guide For Dummies And Smart People Too
Gemini – Fake Cryptocurrency Exchanges
Coindesk – We Went Hunting for Crypto Scams in Google and Apple App Stores. Here’s What We Found
CipherTrace – What to Do When You Fall Victim to a Crypto Scam