Learn
Crypto Resources Zone 1 Risk & Security Zone 2 Fraud & Scams Zone 3 Tax & Tracking Zone 4 Crypto, NFTs & Metaverse Zone 5 Strategy, Investing & Returns
Ask
Coaching Consulting
Connect
About Crypto Bullseye About Kirk David Phillips, CPA, CMA, CFE, CBP Press & Media Inquiries
Shop
Crypto Course Store Crypto Memberships The Crypto Tax Blueprint Book Crypto Tax Software Store Crypto Hardware Wallet Showroom Professional Resources
Blog
warning sign exclamation mark

CRYPTO INTELLIGENCE SYSTEMTM

Zone 2
Fraud & Scams

Zone 1 Risk & Security Zone 2 Fraud & Scams Zone 3 Tax & Tracking Zone 4 Crypto, NFTs & Metaverse Zone 5 Strategy, Investing & Returns

Top Crypto Fraud Risks and
How to Avoid Them

Risk factors involved in cryptocurrency

Always remember, cryptocurrency risk first and foremost includes the three enemies of crypto:

  1. You: You are your own worst enemy
  2. The enemy within: A trusted team member who violates your trust
  3. External hackers: The obvious enemy most people think about

The good news is you are the number one risk factor involved in cryptocurrency.

How is that good news? The answer is simple because you have control of your fate and you should be responsible for the quality of your own security. Most people think cryptocurrency fraud risk is 100% external somewhere, as in some other party who’s trying to attack you. It’s true fraudsters are constantly on the attack, but let’s quantify the three enemies and assign the following risk (total risk is 100%).*

  1. You: 80% risk
  2. The enemy within: 10% risk
  3. External hackers: 10% risk

* This is more for illustrative purposes rather than having a scientific basis. 

As you can see the total external risk in this example is 20% not the perceived 100%. This is an extreme paradigm shift because 80% of crypto fraud risk comes from you because you are your own worst enemy. The riskiest risk is the kind you don’t have control over, but since you have control over 80% of YOU it’s actually good news. If all the risk were external, it would be bad news because you don’t control it.

So, what does being your own worst enemy mean?

Why you're your own biggest crypto fraud risk

There are a number of factors making you your own worst enemy. 

The primary ones are:

  • Carelessness
  • Failing to educate with cryptocurrency crash courses
  • Skipping steps
  • Greed
  • Not following a process
  • Trusting the wrong person
  • Rushing (not taking your time)
  • Failing to THINK

You probably recognize many of these as self-sabotaging factors in every day life. The best part about crypto is you get to turn these around and step up your game.

Key Takeaway

You are your own worst enemy, but the good news is you are mostly in control so crypto fraud risk is far less than most people think. Increase your fraud and scam intelligence and your risk goes down. 

Start Investing in Crypto in 59 Minutes or Less

for individuals and businesses

FREE Jump Start Course

Preventing crypto fraud

As a Certified Fraud Examiner, I can tell you prevention is the MOST effective and LEAST expensive way to combat fraud. Crypto fraud risk management includes three elements: prevention, detection and investigation, and each of these gets exponentially more expensive in the cycle of fraud.

Most fraud victims will never get their assets back and most perpetrators don’t get what they deserve even when they get convicted, in my opinion. This is how I sum it up after having studied hundreds of fraud cases. You’ll go through the emotional ringer for years with the hopes of getting back assets only to be let down in the long run.

Key Takeaway

If you get hacked and lose assets, you’re f*****. That’s it, forget about it. The fraudster wins and you lose. That’s basically how it shakes out in the long run. This is so painful the only way to avoid it is to focus on PREVENTION. This applies to all fraud inside and outside of crypto.

Can cryptocurrency be hacked?

 

Yes, your crypto can be hacked. Crypto is technological money and security has been pushed to the end user rather then a centralized honey pot. The good news is: You are you own worst enemy, but you are far more in control of your own destiny than not. You’re not a hopeless victim who’s next in line waiting to be hacked; that is, if you educate yourself and understand the risk factors involved in cryptocurrency. 

What are the types of crypto fraud?

The two biggest crypto frauds are crypto phishing and rug pulls. Get a handle on these and you’ll more easily understand other types of fraud and scams. The more you understand fraud the more confidence you’ll have in navigating crypto.

Crypto phishing

Crypto phishing is a type of crypto fraud where scam artists send out malicious links to an email list. Spear phishing is a targeted attack on one or a few people. Pig butchering is a nasty variation of spear phishing. Spear phishing is a customized approach attacking founders and whales who are likely to have large honeypots. Coinbase users, for example, may get an urgent email to click a link and “upgrade” or risk losing assets. This is classic messaging.

How did the scammer know you’re a Coinbase customer and how did they get your email?

Both are great questions. First of all the fraudster doesn’t need to know you’re a Coinbase customer or the customer of another platform. They know a lot of people use Coinbase so the phishing scheme will reach a lot of potential victims. A trusted employee could steal an email list and use it for their own scheme or sell it to a hacker. There are lots of ways bad actors get email lists.

Always assume your email will get scraped, stolen, misused and end up on the receiving end of a phishing attack. It may sound counterintuitive, but it’s a better approach than hoping your email escapes phishing.

Key Takeaway

If you assume the worst, you’ll be more prepared and more confident. Use a stealth email created for the sole purpose of crypto account credentials (email as a username). Most people recycle the same email and increase their crypto phishing risk to the maximum.

Crypto phishing scammers do this:

  1. Design an urgent message (email or text)
  2. Create a malicious link to steal funds
  3. Obtain an email list of potential victims
  4. Send out the phishing attack
  5. Wait for victims to click links and steal funds


Related: Deepfake Scams in Crypto: What you Need to Know

Crypto phishing analysis

If you get an urgent email asking you to take action, then slow down and review it carefully. If you’re not a customer of the “platform,” you’ll probably ignore the email. Review the sender’s email address which is the first tell-tale sign of a crypto phishing scam. Instead of [email protected] it may be [email protected] (a real example) .You wonder how the scammer could be so dumb, but it’s really the potential victims who are too dumb to simply look at the email. The other warning signs are bad grammar and a message that doesn’t make sense. Crypto education helps you get savvy so you can easily recognize a nonsensical urgent message.

Example attack message

“For security reasons the ability to buy or sell digital currency at your Coinbase (the word account is missing) has been restricted, until we can further verify your account”

This was combined with a fake withdrawal message which triggers the thought, “I didn’t make a withdrawal for that amount. Maybe I should investigate.”

The urgency is the fake account restriction and the requested action is to click a button and verify. This message is more clever because accounts may get restricted but it probably wouldn't be for “security” reasons. The user would most likely have been making lots of buys, sells and withdrawals, triggering an issue with an internal compliance or risk management team.

What should you do?

Forward the email to the “real” platform that was phished. The real Coinbase, for example, can warn their customers of the phishing scams. In addition, it may help them investigate and research whether a rogue employee (the enemy within) stole emails. Do your part and make others aware. Screenshot the email and use it for your own reference as a phishing example.

Related: How to Help My Friend Who's in a Crypto Scam

Crypto rug pulls

Rug pulls are classic crypto frauds that look and feel like real projects but the promoter’s main intention is to steal your funds and disappear. Crypto is full of new projects emerging everyday. New technology breeds more and more innovation and crypto’s open source modular nature provides the recipe for a new project to build on top of another and so on.

Rug pull scammers do this:

  1. Set up a project and website offering juicy incentives
  2. People throw crypto at the project
  3. The smart contract fills up with millions in crypto
  4. Withdraw the funds and “cash out”
  5. Shut down websites and social media then disappear

Crypto rug pull analysis

Decentralized finance (DeFi) creates a frictionless way to swap crypto assets, lend, borrow, yield and more. The degens chase yield by deploying crypto assets to get incentivized rewards. The chasing is the greed and the greed blinds degens from taking a step back to do fraud due diligence. Rug pulls glean juicy enough rewards so degens justify the risk and “ape in” with their crypto. Ape in means jump in head first without question when you see great rewards.

Key Takeaway

The challenge with rug pulls is they can be hard to spot even for experienced DeFi power users. The founders of some legitimate projects chose to be anonymous for various reasons so anonymity can’t be used for outright cryptocurrency fraud detection. Anonymity doesn’t always equal fraud.

The Squid Game rug pull ruse

The Squid Game (SQUID) token is a great example of a clever rug pull ruse that capitalized on the Netfix series, Squid Game. The SQUID token rose over 80,000% in just a few days thus creating a FOMO (fear of missing out) frenzy. The scammers highjacked an existing brand to create legitimacy, collected $3.3MM then disappeared. Witness the Squid exit cash out captured in this colorful livestream.

Liquid error: Nil location provided. Can't build URI.

What should you do?

The old saying goes, if it sounds too good it probably is. Legitimate outsized returns do exist in crypto, but multi-10,000% returns in a couple days is a major red flag. When crypto pumps super fast it’s high risk. By the time you hear about the head-spinning returns, you’ve already missed the opportunity so there’s no need to ape in. Most rug pulls happen in a short time span so be patient and watch it go to zero from the sidelines. The challenge is resisting FOMO (fear of missing out), but you’ve got to practice using logic over emotion in the investing game.
 

Key Takeaway

If you get rugged then contact authorities and file a police report. Your communication could prevent others from getting rugged. In addition, a police report may provide the basis for deducting an asset theft. Like I said before, if you get hacked and lose assets you’re f*****. It’s that simple.

How to avoid crypto fraud

If you focus on security, education and staying up to date with news, then you’ll automatically get better at avoiding crypto fraud. The good news is you focus on one thing and get the benefit of two. People who rush into crypto and skip steps often get rekt (lose assets) somewhere along the way.

Understanding how to avoid crypto fraud is a byproduct of crypto education. In addition, studying the anatomy of fraud schemes is how to easily identify fake cryptocurrency. The more you learn, use and repeat, the more skilled you become at navigating crypto fraud. Scams and hacks may scare some people away, but it’s better to face fraud head on until you have a natural defense and don’t think about it anymore.

How to secure your crypto wallet

Securing crypto and managing wallets are several courses unto themselves. The three most important keys to security are: 

  1. Create and use stealth emails
  2. Deploy hardware wallets
  3. Use password managers

There is NO single magic wand when it comes to security. The magic comes from using a combination of security techniques. 

Crypto education is your secret weapon

The importance of education in crypto can be summed up in one phrase:

“Information about crypto is more important than crypto itself.”
Kirk Phillips, CPA, CMA, CFE, CBP, founder of Crypto Bullseye Zone

The marrow of crypto is taking responsibility for your own assets which requires being responsible for your own education. You can’t outsource this responsibility to anyone, including a financial advisor. We’ve gotten so used to and reliant on the third-party financial institution model it’s stripped away the practice of responsibility and caused some “laziness.” Nonetheless, you have a spectrum of choice in crypto. You can choose to control all your assets or leave them with third parties. No matter what you choose, there is always risk and you must understand how to manage that risk.

As always your goal is to get a Crypto Bullseye™.

Crypto coaching and memberships

1:1 crypto coaching with a crypto OG and all-inclusive memberships

Explore Coaching
Browse Memberships

Why Crypto Bullseye?

While most crypto education focuses on what to do, Crypto Bullseye includes what not to do so you can avoid expensive crypto mistakes.

checkmark icon

Triple the Trust

Insight from a Certified Public Accountant, Certified Fraud Examiner, Certified Bitcoin Professional

education icon

20,000+ Hours

Crypto intel from an OG power user, DeFi degen, tax and accounting authority, and two-time author

bullseye icon

Mistake-Free CryptoTM

A crypto GPS that gives you every step in the right order for the highest returns in this new asset class

Related Content

How to Avoid Capital Gains Tax on Cryptocurrency

Benjamin Graham Strikes Again

💎 Queen of Diamond Hands 💎 Unique Structures Design Contest

Get the latest crypto intel.

Weekly blog from crypto OG TheBitcoinCPA