Guide to Safe Investing in Cryptocurrency and NFTs
With the ever-growing popularity of cryptocurrencies and NFTs, there has been an increase in scams targeting unsuspecting consumers. Even “crypto winter” hasn’t slowed down grifters looking to make big bucks by ripping off crypto and non-fungible token enthusiasts. In an August report, blockchain analytics firm Elliptic noted that investors had lost $100 million to NFT scams between July 2021 and July 2022. That was pocket change compared to cryptocurrency thefts—also in August, blockchain analytics firm Chainalysis reported $1.6 billion in total crypto losses from hackers who attack services designed to help investors transfer digital assets from one network to another.
Money earning potential in cryptocurrencies and NFTs is the talk of the web, but the potential for digital highway robbery is just as great. Therefore, it is a good idea to arm yourself with information on how to avoid the many dangerous dark alleys that exist along the blockchain’s supposed paths to wealth.
Scams can take many forms, from fake investment opportunities to phishing attacks. For example, “Web 3 Is Going Just Great” reports that in May 2022, a crypto project was launched titled “Day of Defeat.” The project’s developers called it a “radical social experiment token” that promised, “to give holders 10,000,000X PRICE INCREASE.” This meant that anyone who bought $1 of the token would receive massive rewards.
By the time the price of the token dropped by 96%, investors had bought $1.35 million worth of coins. Unfortunately, the fraudsters took all liquid assets with them. It was a classic “carpet cover”. It’s an apt term to describe what happens when investors are lured into a new crypto investment opportunity only to have the developer pull out and usually disappear – websites and social media accounts deleted or locked. Rug pulls are not that new, but crypto’s widespread use has given many opportunities for those sufficiently motivated to create new ones.
In June 2022, actor Seth Green fell victim to a classic phishing scam focusing on his Bored Ape Yacht Club (BAYC) NFT. After Green bought legit Bored Apes, someone sent him a phishing email disguised as an alert about sketchy activity on his OpenSea account, where his monkeys were stored. He followed a link from the message to a website that looked enough like OpenSea to trick the Robot Chicken co-creator into entering his login credentials. But as is usually the case with a phishing scam, Green’s information was sent to a command and control server where it was available to whoever built the fake login page.
In no time, hackers had seized some of Green’s most valuable NFTs and sold them to another account. As a result, the actor had to pay at least $260,000 to get Bored Apes back.
As Seth Green chimed in on the latter — as Hollywood creators like to do — you can take steps to reduce your risk of falling into the trap that caught him.
Here are six to start with:
Do your research
person using MacBook proPhoto by Austin Distel on Unsplash
Before spending a penny, research the account offering NFT or tokens. Does the marketplace offer verification? Opensea, for example, verifies accounts with a blue tick. It requires specific benchmarks for verification, stating that an account that owns “pools with at least 75 ETH sold volume” can qualify if they also “meet other criteria such as minimum activity levels and social presence.” Make sure you buy from a seller with a tick mark.
Use recognized platforms
Bitcoin wallet in 3D. Feel free to contact me by e-mail [email protected]. Check out my previous collections “Top Cryptocurrencies” and “Elon Musk” . Photo by Mariia Shalabaieva on Unsplash
Crypto and NFT purchases usually require setting up a digital wallet. To that end, there are many websites that offer crypto wallet features. Still, only those that have been around for a few years (Coinbase, for example, launched in 2012) and have real name recognition can guarantee that they at least take security very seriously. Well-known and generally trusted sites that offer wallets include Coinbase, Trezor, Metamask, Public.com, and Ledger. Of course, they are not the only ones; they are a good place to start.
Use your wallet’s security settings with care
two pink padlocks on a pink surfacePhoto by FLY:D on Unsplash
Good wallets have the kind of security protocols we would expect from our banks or email accounts. For example, using two-factor authentication is a must, especially if you don’t want to end up paying through the nose for monkeys you’ve already bought, like Seth Green.
Look for carpet pulling red flags
woman sitting on bed with MacBook on lapPhoto by Victoria Heath on Unsplash
These include mysterious, anonymous developers. If you research projects on Twitter, for example, there are frequent mentions of “doxxed” developers. In this context, doxxed simply means that the developers are telling potential investors who they are, probably with an open, transparent and consistent web presence that goes back further than just a few months. Be careful with new social accounts and research websites and white papers that describe the project and its purpose. If they are vague or the sites appear to be merged (multiple pages with no content or TBA), be very careful.
Be suspicious of “pie in the sky” promises of profit
10 and 20 US dollar billsPhoto by Alexander Schimmeck on Unsplash
If you refer back to “Day of Defeat”, the project that raised $1.35 million worth of investors, one of the easiest methods to detect a possible scam is right there – the promise that those who bought tokens would see a 10,000,000X increase in price. CoinTelegraph puts it succinctly in its recommendations on beware of crypto and NFTs: “If the returns for a new coin seem suspiciously high, but it turns out not to be a blanket move, it’s probably a Ponzi scheme.”
Look for skewed numbers
turned on the monitoring screenPhoto by Stephen Dawson on Unsplash
According to Matthew Callahan—founder and CEO of Delphi, a Web3 consulting firm—other red flags include watching out for projects where the number of “Twitter and Discord follower numbers seem disproportionate to their engagement.” That is, a small number of users in contrast to active, vocal engagement can suggest sock puppetry at work. Callahan also suggests that “advertising the project on Twitter/Instagram” could be a red flag. Why? A paid ad campaign may indicate an attempt to hide a lack of organic engagement. The account doesn’t rely on word of mouth as much as paid impressions, which artificially raises its profile, and hides the fact that there is “no real community engagement on social platforms.”
Honestly, there’s still no surefire way to avoid everyone online fraud. The key is to be a little paranoid, ultimately. Keep the digital head on a swivel, check all corners, and don’t go too big at the start. Extra vigilance will improve your chances of not being scammed into oblivion.
From the site’s articles
Related articles around the web
