top of page
dinosaur

Crypto Scams

In order to protect users from scams, it is important to understand, name, and describe them.

A crypto scam is a malicious attempt to steal your crypto assets, made up of two distinct parts:
Untitled(1).png
Deceit

How a scammer tricks you 

How a scammer tricks you 

+

Bombcontents.png
Payload

What scammer does with your account

malware.png

Malware is software an attacker tricks you into running on your local machine, giving them full access to your computer. While not specific to crypto, malware attackers often target computers that store crypto keys. Once the malware is running locally, private keys are sent back to the attacker, creating significant and irrecoverable problems for the owner of the wallet.

Malware
imposter.png

Imposter dApp

Users accessing dApps via their web browser (such as Uniswap, OpenSea, etc) need to carefully check they are on a valid, secure, official web site. Often search engine ads or direct message will lead users to web sites that appear identical to an official dApp, with similar-looking URLs, they web sites are malicious and interactions with these sites can be devastating. 

Imposter dApp
broken.png

Broken Promise dApp

dApp which promises something to the user, but fails to deliver on that promise. These are often promoted in chat rooms, via direct message, or via fake "support". Examples include:

  • NFT Trading site that, when issued approval, takes your NFTs for free

  • High interest rates on deposits. Often, these will pay out rewards for some period of time before taking all your assets via approval.

  • Wallet Synchronization site, usually given by fake support staff, as a solution to any crypto problem you are having, usually stealing your private key/seed phrase. 

Broken Promise dApp
support.png

Fake Support

When anything goes wrong with a crypto account it can be tempting to ask for help in a public forum. Scammers are always lurking ready to "help", often asking for secret seed phrase or directing victim to a web site that asks for it.

Fake Support

Scam Payloads

- Scam Payloads -

Private Key Theft

When using a "software wallet" such as, any software running on your computer has access to your locally-stored private key. 

Hair Comb
Private Key Theft

Private Key Request

Whether it is a web-form, a user in a DM, or a "wallet sync" application, a user being asked for their private key will sometimes simply give it to the attacker willingly.

Plant in a Glass Bottle
Private Key Request

Token Transfer

A user willingly signing a token transfer that immediately transfers the asset into the scammer's wallet

Adorable Chick
Token Transfer

Token Approval

While transferring a token is an immediate benefit to the scammer, it might lead to a larger payday to "approve" a token for future transfer, waiting for the account to grow in value before taking everything. 

Garlic
Token Approval
bottom of page