IMPORTANT! There is nothing inherently dangerous about cryptocurrencies. In fact, they are inherently secure. This article is mainly about how to avoid scams and scammers. In fact, everything in this article is caused by people, not the technology itself.
I consider myself very fortunate to have never fallen for an outright scam since I’ve been in crypto. Avoiding scams is largely a matter of common sense and/or research.
I have invested in some tokens that tanked, but it’s never been drastic because I follow the first and most important rule of them all:
Don’t invest more than you can afford to lose
It might sound obvious, and it also falls into the category of general investment advice, but you’d be surprised how many people fail to keep their investments within a sensible limit.
Before you invest, imagine that you’re throwing an equivalent amount of cash into a bonfire. If you’d be able to live with that without too much anxiety, you’re probably ok. Investors that overstretch will be more likely to make bad decisions based on emotion rather than logic.
The rest of the list is purely security tips, but this first point is worth reiterating.
Store your seed phrases carefully
Assuming you are accessing your crypto assets via a DeFi wallet (non-custodial), you will have seed phrases. These are a series of random words, normally 12 or 24 words, that are the master keys that allow access to a wallet. Think of your seed phrase as the only key to the bank vault. Anyone that has these keys can get in and take whatever they want. If you lose the key, not even you will be able to get in.
So, it is of utmost importance that you keep your seed phrase safe.
- Write your seed phrase down in a non-digital form and keep it somewhere it won’t be lost or destroyed.
- When you write it down, include some sort of encryption. For example, you could change the order somehow or you could encode the letters as numbers using a key only you know.
- Make sure you tell your loved ones where your seed phrases are, how to decode them if needed and also how to use them.
- Keeping copies of your seed phrases in digital form means that you are vulnerable to them being discovered by hackers. For example, if you email them to yourself and someone guesses your email password, they will also be able to access your seed phrases.
- If you write down your seed phrases and take photos of them with your phone, and your phone is hacked, lost or stolen, it is possible that someone will recognise what they are and will be able to access your wallet.
Use multiple wallets
If you keep all of your crypto in one wallet and this wallet is compromised, you could lose your entire portfolio. It is much more sensible to distribute your portfolio across many wallets, thereby limiting the risk.
This is especially important when investing in new projects where the chances of malicious intent is much higher.
I am not going to discuss hardware wallets in this post as there will be a ost specifically about them in the near future.
Enable 2FA, 3FA, 4FA…
I recommend enabling biometric transaction confirmations on your mobile device and using as many 2-factor authentication options as possible.
In this way, you will be asked before any transactions are approved and this gives you a chance to review them.
Please note that this would not make any difference if someone gets your seed phrase.
The dangers of connecting your wallet
Connecting your wallet to a malicious website, app or dApp (decentralised application) is one of the most common ways that people get their wallets hacked.
Connecting your wallet essentially gives an application permission to carry out operations with your wallet. This is necessary for swaps, decentralised exchanges, staking contracts and similar applications. However, scammers can also create fake applications that allow the hacker to steal the entire contents of any wallet that approves the connection.
Before you connect your wallet to anything, you should check that it is 100% trustworthy. Personally, I don’t connect to anything that’s not in the dApp browser of my wallet app or that has been recommended by someone I trust completely.
Typical scams are:
- Fake wallet recovery / support
- Fake swaps or exchanges
- Fake airdrop registration
Stay away from airdrops
An airdrop is when you are sent free tokens. There are times that this can be legitimate, but my recommendation is to simply stay away from them. The last point above about fake wallet connections AND the following point about “dusting tokens” are both due to people falling for fake airdrops. I honestly don’t think it’s worth the risks.
When you have a DeFi (non-custodial) wallet, I guarantee that you will receive tokens from nowhere, often apparently worth a significant amount of money.
These are called dusting tokens and they are DANGEROUS! If you approve one in order to try and sell it, their maliciously created smart contracts can allow the scammers to empty your wallet.
The basic rule that I go by is:
If you didn’t buy it, don’t touch it!
One final point on this is that it is actually possible for scammers to create dusting tokens with the same name as real ones. To be 100% sure, it’s a good idea to bookmark your tokens or even check the smart contract address.
Social media / messenger app scams
A lot of the DeFi community is on Telegram, Discord and Twitter. Needless to say, the scammers are also there.
If you ever mention anything about having difficulties with your wallet, it is very common that you will get messages from scammers posing as support agents or similar. They will try to get you to give them your seed phrase, connect to a fake site or send them funds. Don’t!
Another common scam on social media is people pretending to be members of a project’s team. Always make absolutely sure that you are speaking to who you think you are, checking the username, asking in public to make sure it’s really who they claim to be and so on. Oh, and DON’T SEND THEM MONEY!
In the DeFi space, one of the most famous kinds of scam is the rugpull, or simply “rug”. It is called this because it’s like having a rug pulled out from under you.
This scam essentially consists of a token project’s owner(s) stealing the liquidity pool, which renders the tokens completely worthless.
You should check for evidence that the liquidity pool has been locked. It is commonly also considered safer when the dev team is “doxxed” (their identities are known).
Slow Rugs / Deliberately Abandoned Projects
As investors have become somewhat better informed, the type of rugpull that used to be relatively common has given way to what is known as a “slow rug”. Essentially, the scammers own a significant portion of the token supply and slowly sell it, while also encouraging people to continue investing.
They will then generally fall silent and never be heard from again.
Avoiding this kind of scam is somewhat difficult, although with experience certain warning signs stand out such as newly created Telegram users that are not in common groups on Telegram, for example. I would definitely refer you back to the first point of this post; do not invest more than you can afford to lose.
As I mentioned at the start of this post, crypto/blockchain is not inherently dangerous. As with many investments, the higher the risk, the higher the potential reward.
It is up to you to judge what your own risk appetite is, to invest sensibly with money that you don’t need to cover your basic needs and to DYOR (Do Your Own Research).
If you want to start slowly and with relative security, maybe centralised exchanges would be best for you. If you decide to start with a non-custodial/DeFi wallet, consider investing first in established projects before diving into the world of newly launched tokens.
If you have any questions or doubts, please feel free to post a comment below.