A website called coinpayu.com is a scamming website that has been visted by at least 1.58 million Indians in the last year. Other such scamming websites include adbtc.top, hackertyper.net, dualmine.com, coingain.app and the hyperfund.com. These sites alone received 5 million visits from India last year.
Globally, crypto scams rose by 81 percent in 2021 from 2020 led by rug pulls, which took in more than $2.8 billion (around Rs. 21,333 crore) worth of cryptocurrency from victims.
Crypto scams include phishing websites designed to steal sensitive information from users, ponzi schemes, fake investment plans and rug pulls. The last one is extremely popular as scamsters launch a fake initial coin offering, similar to a market IPO to lure investors. “Rug pulls are most commonly seen in decentralised finance (DeFi). The developers eventually drain the funds from the liquidity pool, sending the token’s value to zero, and disappear,” said Chainalysis.
How does this work?
“A company will launch a new cryptocurrency coin or token, claiming it solves some critical unmet need in the market. They will pitch you on their product and ask you to buy into their coin as an investment that will pay off a hundredfold later on, then vanish. The best example here is the “Squid Game” based coin,” says Siddharth Jaiswal Founder and Chief Executive Officer (CEO), SportZchain. Investors claim the developers disappeared after the currency skyrocketed and cashed out with $3.3 million.
In January itself, 900 people were defrauded of over $161 million in Kerala owing to a rug pull scam. The victims were lured into investing in an “initial coin offering” issued by a Kerala man for a non-existent cryptocurrency called the Morris Coin.
So, how can you secure your accounts?
Cryptocurrencies are booming. But before you dive in, you should know how important safety and security are to the crypto-verse.
1. Use a a hardware wallet:
It is sometimes called “cold storage” and is widely accepted as the most secure method for storing cryptocurrency. Just the way we keep cash in a physical wallet, cryptocurrencies are also stored in a digital wallet. These are offline wallets and are not accessible via the Internet. They reside on independent storage solutions such as a pen drive, hard drive, or even a computer. It is backed by security experts and keeps your private keys offline –so your crypto is inaccessible to anyone but the holder of specific access codes. “Hardware wallets work by generating a set of private keys, which you ought to keep safely offline. The wallet itself is secured by a 4-to-8-digit PIN – and the device will erase after several failed access attempts, preventing physical theft,” says Shilpa Puri- Head, Crypto University, CryptoWire. However, if you lose the seed key and the drive, then you are unlikely to recover the password, which is why users generally prefer hot storage, which is a crypto wallet directly connected to the internet. It can be accessed via your browser, a mobile app and require minimal effort.
2: Two-factor authentication is a sure-shot way to secure your online wallets
Always use Multi-Factor Authentication. This adds an additional layer of security to crypto wallets. But for this it is better to use an authentication app like Google Authenticator or Duo Security instead of SMS-based 2FA if possible. If SMS-based 2FA is the only option available, then ensure that the one-time 2FA code is sent to your device every time you login — so someone can’t access your account if they have stolen your password.
“In order to store your cryptocurrency safely one should use two-factor authentication (2FA) on all accounts and not to rely solely on SMS verification as your phone number can be ported to another device. Storing sensitive information (such as your recovery phrase) in a secure offline location, like a safety deposit box is of utmost importance .Make sure your email accounts are secure – especially your linked “forgot-my-password” backup accounts,” says Puri.
3.Use a password manager
Your passwords should be at least 16 characters, extremely complex and unique for your accounts. “That’s hard to do by yourself, but password managers like 1Password or Dashlane can be used to create and remember your passwords,” says Matt Muller, Head of Security Operations, Coinbase. He adds that users can check to see if they are using a risky password by visiting haveibeenpwned.com/Passwords.
4. Spread your assets
If you have Rs 1 lakh to invest in mutual funds, you would ideally spread it across different funds rather than putting all your eggs in one basket. Similarly if you have Rs 1 lakh in crypto related assets then you would not want to keep it all in one wallet because if someone were able to hack or breach that one wallet, they would have access to everything. Hence it is always advisable to spread assets across multiple wallets to reduce the severity of that loss. This is akin to opening up multiple accounts at a bank and spreading out your assets. Think of the way you use your bank account while doing any transaction online. We follow certain steps so that our account details do not get compromised. We need to follow the same level of caution to prevent getting scammed while doing any cryptocurrency transaction,” says Edul Patel, CEO and Co-founder of Mudrex.
5. Control your wallet
Each wallet comes with your own private key (or password) which cannot be shared anywhere. “Keeping a physical copy of your secret key usually works best as keeping it online you may risk the chance of getting hacked,” says Varun Mayya, Founder and CEO, Scenes by Avalon.
6. Secure your personal device
Make sure all your personal devices are up to date with the latest virus definitions to defend against any vulnerabilities. Use a strong anti-virus and firewall to enhance security. The National Cybersecurity Alliance recommends an antispyware software to regularly check for malicious software. “Base all your cryptocurrency activities and operations on a single device.. Keep your work device as private as possible by using dedicated IPs and private servers that keep your location, name and activity anonymous,” it says.
Gaurav Dahake, CEO & Founder, Bitbns offers a 6-point checklist before investing in cryptos:
1 Never share login credentials with anyone
2 Never fall for a promise of big returns by anyone, including crypto exchanges
3 Always Secure Your Crypto Wallet by not sharing the private key or seed phrase with anyone. We always recommend storing the credentials information somewhere offline.
4 Always use Multi-Factor Authentication
5 Always do your own research before investing in any of the tokens. Do not take any information online at face value
6. Always check the security feature offered by the exchanges before choosing any platform for investment.
The red flags: Watch out for the common red flags that are similar to credit card frauds:
1.Typographical errors and misspellings in emails, or whatsapp/ Telegram messages
2. Promises to multiply your money
3. Fake influencers
4. Promises of free money
What steps can we take to ensure we don’t get scammed?
1. Refrain from taking any information at face value
Investigate the claims being made around any investment, especially if they seem too good to be true or promise overnight windfalls.
2. Double and triple-check the website URLs.
Scammers attempting a phishing scam will copy the URL of legitimate sites and swap letters and numbers. There are investment and business opportunity scams prevalent as well. Sometimes this scam takes the form of “investment managers” who offer to help grow your assets. They will set up in what they will claim as an investment account for your crypto, but you won’t be able to access your money unless you pay them a fee,” says Siddharth Jaiswal Founder and Chief Executive Officer (CEO), SportZchain.
3. Before investing, look for reviews
“Before one invests anything, they need to check the company’s website to find out how they protect their customers and look for reviews from other investors. You could just lose the security key, which is far more likely. Losing your security key is not the end of the world. Many services that support security keys require you to enroll multiple multi-factor authenticators, so you already have a secure backup in place. If that doesn’t help, find a device you are still logged into and unenroll the key, or add a new multi-factor authentication option. It is important to beware of Suspicious Initial Coin Offerings (ICOs),” says Puri.
4. Educate yourself:
Investors should do a comprehensive and detailed study of the cryptocurrency markets, analyze the performance of its different factors, consider the risk factors. “The risks of trading cryptocurrencies are related to its volatility. They are high-risk and speculative, and it is important that you understand the risks before you start trading. The unexpected changes in market sentiment can lead to sharp and sudden moves in price. It is not uncommon for the value of cryptocurrencies to quickly drop by hundreds, if not thousands of dollars,” says Puri.
5. Understand the risks carefully:
Cryptocurrencies are susceptible to error and hacking as there is no perfect way to prevent technical glitches, human error or hacking. “Cryptocurrency trading carries risks such as hard forks or discontinuation. You should familiarize yourself with these risks before trading these products. When a hard fork occurs, there may be substantial price volatility around the event, and we may see trading suspended throughout the exchanges if we do not have reliable prices from the underlying market. Cryptocurrency transactions cannot be reversed, after it is confirmed. The transactions accounts are not connected to real-world identities, everything is digitalized with access by means of the internet,” explains Puri.