IMPORTANT! There is nothing inherently dangerous about cryptocurrencies. In fact, they are inherently secure. This article is mainly about how to avoid scams and scammers. In fact, everything in this article is caused by people, not the technology itself.
I consider myself very fortunate to have never fallen for an outright scam since I’ve been in crypto. Avoiding scams is largely a matter of common sense and/or research.
I have invested in some tokens that tanked, but it’s never been drastic because I follow the first and most important rule of them all:
Don’t Invest More Than You Can Afford to Lose
It might sound obvious, and it also falls into the category of general investment advice, but you’d be surprised how many people fail to keep their investments within a sensible limit.
Before you invest, imagine that you’re throwing an equivalent amount of cash into a bonfire. If you’d be able to live with that without too much anxiety, you’re probably ok. Investors that overstretch will be more likely to make bad decisions based on emotion rather than logic.
The rest of the list is purely security tips, but this first point is worth reiterating.
Store Your Seed Phrases Carefully
Assuming you are accessing your crypto assets via a DeFi wallet (non-custodial), you will have seed phrases. These are a series of random words, normally 12 or 24 words, that are the master keys that allow access to a wallet. Think of your seed phrase as the only key to the bank vault. Anyone that has these keys can get in and do whatever they want. If you lose the key, not even you will be able to get in.
So, it is of utmost importance that you keep your seed phrase safe.
Good ideas
- Write your seed phrase down in a non-digital form and keep it somewhere it won’t be lost or destroyed.
- When you write it down, you could include some sort of encryption. For example, you could change the order somehow or you could encode the letters as numbers using a key only you know.
- Make sure you tell your loved ones where your seed phrases are, how to decode them if needed and also how to use them.
Bad ideas
- Keeping copies of your seed phrases in digital form means that you are vulnerable to them being discovered by hackers. For example, if you email them to yourself and someone guesses your email password, they will also be able to access your seed phrases.
- If you write down your seed phrases and take photos of them with your phone, and your phone is hacked, lost or stolen, it is possible that someone will recognise what they are and will be able to access your wallet.
Use Multiple Wallets
If you keep all of your crypto in one wallet and this wallet is compromised, you could lose your entire portfolio. It is much more sensible to distribute your portfolio across multiple wallets, thereby limiting the risk.
This is especially important when investing in very new projects where the chances of malicious intent is much higher.
I am not going to discuss hardware wallets in this post as there will be a post specifically about them in the near future.
Enable 2FA, 3FA, 4FA…
I recommend enabling biometric transaction confirmations on your mobile device and using as many multi-factor authentication options as possible.
In this way, you will be asked before any transactions are approved and this gives you a chance to review them.
Please note that this would not make any difference if someone gets your seed phrase.
The Dangers of Connecting Your Wallet
Connecting your wallet to a malicious website, app or dApp (decentralised application) is one of the most common ways that people get their wallets hacked.
Connecting your wallet essentially gives an application permission to carry out operations with your wallet. This is necessary for swaps, decentralised exchanges, staking contracts and similar applications. However, scammers can also create fake applications that allow the hacker to steal the entire contents of any wallet that approves the connection.
Before you connect your wallet to anything, you should check that it is 100% trustworthy. Personally, I don’t connect to anything that’s not in the dApp browser of my wallet app or that has been recommended by someone I trust completely.
Typical scams are
- Fake wallet recovery / support
- Fake swaps or exchanges
- Fake airdrop registration
Stay Away From Airdrops
An airdrop is when you are sent free tokens. There are times that this can be legitimate, but my recommendation is to simply stay away from them. The last point above about fake wallet connections AND the following point about “dusting tokens” are both often due to people falling for fake airdrops. I honestly don’t think it’s worth the risks.
Dusting Tokens
When you have a DeFi (non-custodial) wallet, I guarantee that you will receive tokens from nowhere, often apparently worth a significant amount of money.
These are called dusting tokens and they are VERY DANGEROUS! If you approve one in order to try and sell it, their maliciously created smart contracts can allow the scammers to empty your wallet.
The basic rule that I go by is:
If you didn’t buy it, don’t touch it!
One final point on this is that it is actually possible for scammers to create dusting tokens with the same name as real ones. To be 100% sure, it’s a good idea to bookmark your tokens or even check the smart contract address.
Social Media / Messenger App Scams
A lot of the DeFi community is on Telegram, Discord and Twitter. Needless to say, the scammers are also there.
If you ever mention anything about having difficulties with your wallet, it is very common that you will get messages from scammers posing as support agents or similar. They will try to get you to give them your seed phrase, connect to a fake site or send them funds. Don’t!
Another common scam on social media is people pretending to be members of a project’s team. Always make absolutely sure that you are speaking to who you think you are, checking the username, asking in public to make sure it’s really who they claim to be and so on. Oh, and DON’T SEND THEM MONEY!
Rugpulls
In the DeFi space, one of the most famous kinds of scam is the rugpull, or simply “rug”. It is called this because it’s like having a rug pulled out from under you.
This scam essentially consists of a token project’s owner(s) stealing the liquidity pool, which renders the tokens completely worthless.
You should check for evidence that the liquidity pool has been locked. It is commonly also considered safer when the dev team is “doxxed” (their identities are known), although it’s also quite common for people to create false identities.
Slow Rugs / Deliberately Abandoned Projects
As investors have become somewhat better informed, the type of rugpull that used to be relatively common has given way to what is known as a “slow rug”. Essentially, the scammers own a significant portion of the token supply and slowly sell it (or sometimes it can happen quickly), while also encouraging people to continue investing.
They will then generally fall silent and never be heard from again.
Avoiding this kind of scam is somewhat difficult, although with experience certain warning signs stand out such as newly created Telegram users that are not in common groups on Telegram, for example. I would definitely refer you back to the first point of this post; do not invest more than you can afford to lose.
Token Maturity – Risk vs. Reward
People that invest in crypto dream of astronomical returns. It is well-known that the earlier you are in a project, the more likely it is that this will happen, but this also means you’re exposing yourself to greater risks.
More established projects can still give very satisfactory results, but there is a much lower risk of a complete crash.
Final Word
As I mentioned at the start of this post, crypto/blockchain is not inherently dangerous. As with many investments, the higher the risk, the higher the potential reward.
It is up to you to judge what your own risk appetite is, to invest sensibly with money that you don’t need to cover your basic needs and to DYOR (Do Your Own Research).
If you want to start slowly and with relative security, maybe centralised exchanges would be best for you. If you decide to start with a non-custodial/DeFi wallet, consider investing first in established projects before diving into the world of newly launched tokens.
If you have any questions or doubts, please feel free to post a comment below.
Stay safe!
The article does an excellent job highlighting the importance of vigilance when dealing with crypto.
A useful addition might be a discussion on diversification strategies to manage investment risks while still allowing for potential high returns in the crypto space. Or it could be an entire article as well, but of course with NFA !
Overall, this article serves as a great primer on common scams in the DeFi space and offers sound advice for both new and experienced investors.
Perhaps a future update could include more specific examples of red flags to look out for.
Good points on protecting yourself and assets.
I especially like the tips on keeping your seed phrase offline and even doing your own encryption by mixing up the words for even more protection.
Good read for newbies in crypto and a good refresh for veterans.
Good read
An absolutely invaluable article with information I’ve not seen before put together in such an informative, clear and humorous way. I’ve sent it to friends who are just getting started with cryptocurrency, and feel a relief to have been able to help educate and keep them safer from the negative parts of the cryptosphere.
Education is key to helping with these issues, and Joe Parkin and Zypto are certainly leading the way by publishing the crypto education articles now found on the Zypto.com Blog. Great work Joe!
tldr;
Cryptocurrencies are inherently secure, but scams often arise from human actions. Here are essential tips to protect yourself:
Don’t Invest More Than You Can Afford to Lose:
Only invest amounts you can bear to lose without major anxiety.
Overextending can lead to emotional, irrational decisions.
Store Your Seed Phrases Carefully:
Write them down non-digitally and store them securely.
Avoid digital storage to prevent hacking risks.
Inform trusted loved ones about their location and usage.
Use Multiple Wallets:
Distribute your crypto across several wallets to minimize risk.
Especially important for new, potentially risky projects.
Enable Multi-Factor Authentication (2FA, 3FA, 4FA):
Use biometric confirmations and multiple authentication layers.
This adds security but doesn’t protect against compromised seed phrases.
Beware of Connecting Your Wallet:
Only connect to trusted applications to avoid malicious activities.
Scams include fake wallet recovery, fake swaps, and fake airdrop registrations.
Avoid Airdrops:
Many airdrops are scams; it’s safer to ignore them.
“Dusting tokens” can be dangerous; don’t interact with unsolicited tokens.
Stay Vigilant on Social Media:
Scammers often pose as support agents or project team members.
Verify identities and never share your seed phrase or send funds to strangers.
Watch Out for Rugpulls and Slow Rugs:
Rugpulls involve project owners stealing liquidity pools, making tokens worthless.
Slow rugs happen when scammers slowly sell off their token supply.
Ensure liquidity pools are locked and research the project’s team.
Balance Token Maturity and Risk:
Early investments can offer high returns but come with higher risks.
Established projects are safer but may yield lower returns.
By following these tips and using common sense, you can significantly reduce the risk of falling victim to crypto scams.