5 common DeFi scams and how to protect your crypto
By Heidi Unrau | Published on 24 May 2023
What do you get when you combine explosive growth, easy money and a market that’s entirely unregulated? A crypto-criminal feeding ground. It’s the wild west in the world of decentralized finance(DeFi) and DeFi scams are everywhere. So if you’re thinking you might like to do a little prospecting, make sure you understand the risks before you start panning for digital gold. As a cryptocurrency enthusiast, these are the 5 most common DeFi scams I see on a daily basis; and a few easy ways to protect your bacon.
Why do scammers love decentralized finance (DeFi)?
DeFi is a digital financial ecosystem that allows for many different kinds of financial maneuvers to take place on a public blockchain, thus eliminating the need for a middleman like a traditional bank. Anything you can do in the legacy banking system, like lending, borrowing, trading, saving, investing, etc. can be done in the DeFi space without the need for intermediaries.
That kind of open access allows for a variety of financial activities to take place directly, peer-to-peer. Because there is no central financial institution, there isn’t the need for traditional Know Your Customers (KYC) verification requirements like photo ID, address verification, banking information, or social insurance numbers. Scammers love the DeFi space for three simple reasons:
1. It’s decentralized
If you are scammed out of your crypto there is no central authority that can reverse the transaction, investigate or report to a governing agency. You have no institutional or legal recourse. Zero.
2. It’s anonymous
There is no way to identify who stole your crypto stash. You might be able to trace transactions on the blockchain back to the offending wallet. But good luck figuring out who owns it.
3. Permanent and irreversible transactions
There is no mechanism to reverse or cancel a transaction. If someone gets your crypto info, you cannot change the key phrase like you can with a PIN number or online banking password. Nor can you close your wallet, like you can with a bank account. Once your coins have been withdrawn, they are gone forever.
Why do crypto scammers love decentralized exchanges?
You may have heard of major crypto exchange platforms like Gemini or Bitbuy. Those are centralized exchanges (CEX) and operate within some legal and regulatory framework, albeit loose framework. Decentralized exchange (DEX) platforms like Uniswap and PancakeSwap, for example, operate in much the same manner but with a few key differences.
On a DEX platform, you do not need to provide any personal information or create an account in order to trade digital assets. You just connect a digital wallet, like MetaMask for example, to the platform. Then you can buy or sell coins directly from there.
DEX platforms operate outside the purview of legal and financial regulators, so anyone can use a DEX platform anytime with complete anonymity. They offer direct, peer-to-peer trading without collecting any data about any of the users. And as always, transactions are final and irreversible.
Anyone can create a coin and list it on a DEX platform. There are no audits or systems in place to vet developers or the legitimacy of a project. This makes DEX platforms an important tool for scammers to create elegant cons. Sure, they offer access to new or obscure coins not yet listed on the CEX platforms, giving you the chance to get in early before a coin gains momentum. But DEX platforms are also a breeding ground for scam coins designed for a singular purpose; to empty your wallet.
If you’re curious about the altcoin market, or you’ve heard about the next hot coin that’s “ about to moon,” below are some of the most common scams happening in DeFi right now, particularly on DEX platforms:
DeFi scam #1: the rug pull or pump-and-dump
The decentralized (DeFi) altcoin crypto market is ripe with this popular scam. One or a few investors or developers hold the majority supply of a given coin. Then they get to work promoting that coin and generating hype. They leverage social media platforms such as Facebook, Instagram, Twitter, YouTube, Telegram, and Reddit to create demand and drive sales.
They make false statements and promises about a coin’s revolutionary use case, wild popularity and even celebrity endorsements to push sales to a fever pitch. As new investors take the bait and buy into the buzz, the price of the coin skyrockets; the pump.
When that happens, the scammers sell all of their coin holdings. The sell-off causes the price to plummet, sometimes within minutes; the dump. The rest of the investors are left holding a bag of worthless coins, often with no liquidity left to cash out their holdings. One minute your $100 investment is worth $1,500 and before you know it, it’s worth $2.00. You just got rug-pulled.
DeFi scam #2: the honeypot
As with most altcoin scams, the honeypot scam lures investors in with incredible hype, big-budget marketing and lofty price projections. As the money flows in and the price climbs, people start trying to take profit. And that’s when you get hit with a dose of reality.
You watch in amazement as the value of your altcoins rocket out of earth’s atmosphere, headed directly for the moon. When you decide you are sufficiently rich from this obscure coin “mooning,” you go to cash out your profits. But you get hit with an error message like “the transaction cannot succeed due to error: undefined. This is probably an issue with one of the tokens you are swapping.”
Uh oh, Winnie the Pooh! You stuck your head in the pot of honey and now you can’t get it out. That’s what happens when you try to get rich quickly. This type of debauchery is brought to you by the magic of coding. This crafty scam artist inserted a line of code into the coin contract that allows only their own wallet to sell. Your money is stuck in the honeypot while the scammer who created the coin can sell his holdings at any time.
DeFi scam #3: wallet dusting
Commonly referred to as just “dusting,” this type of scam is particularly insidious and sophisticated. If you’re into trading altcoins, you probably have a couple of digital wallets like MetaMask or Trust Wallet. These are known as “hot” wallets because they are cloud-based and connect directly to exchange platforms. But wallets on CEX platforms are vulnerable too.
In a dusting scam, fraudsters will deposit a minuscule amount of an obscure coin into your hot wallet. But you’re not the only one. Dusting attacks typically involve tens of thousands of anonymous wallets. Scammers use dusting attacks to identify individuals with large cryptocurrency holdings.
But since each coin has its own unique wallet address, they need to analyze transactions between multiple wallets to trace them back to a single holder. Think of your hot wallet as the actual wallet in your pocket right now. Every coin in your digital wallet has its own unique address, just like each debit or credit card in your real wallet has its own pocket.
As soon as you trade or sell those dust coins, the scammers start tracing the transactions on the blockchain back to your main wallet where you hold all your other coins. If they successfully identify your wallet, they can launch targeted phishing attacks to hack their way in and clean you out.
Defi scam #4: phishing
Phishing is a type of clever social engineering attack that tries to trick you into giving over sensitive information like usernames, passwords, credit card numbers, and even social insurance numbers. They’re after any information that helps them impersonate you, or gain access to your crypto accounts.
The most popular kind of phishing scam uses convincing emails that redirect you to fake sites or ask you to follow a malicious link to verify your account, for example. They want your private login information. The crypto-sphere is full of phishing scams because they are easy to employ and highly effective.
A particularly popular phishing scam in the crypto world involves trying to steal Bitcoin and other valuable coins directly from you. Often, unsuspecting coin holders will be directed to spoof sites pretending to be a bonafide company selling a legitimate good or service. Sometimes, you’ll be directed to a fake website that is an exact replica of an actual business you may have transacted with in the past. Just when you think you’ve paid for something from a site you trust, you are actually sending your cryptocurrency directly into a scammer’s personal digital wallet.
Other phishing scams include fraudsters figuring out which exchanges you frequent. Then they’ll send what looks like a legitimate email from the exchange asking you to verify your account. They’ll include a button or link within the email itself. If you follow the link and enter your credentials, BOOM! Now they have all your login information. They simply sign in and transfer your coins out. Kiss your crypto goodbye.
DeFi scam #5: social media accounts
There wouldn’t be a burgeoning cryptocurrency market without a strong community behind it. Cryptocurrency communities are aplenty on social media platforms like Facebook, Reddit, Telegram, and Twitter, to name a few. And they’re growing fast.
They offer incredible resources and learning opportunities for new crypto converts. But they are also a fertile hunting ground for scammers. Luckily, they’re pretty easy to spot if you know what to look for. Are you ready? Here it is. Basically, anyone who comments, messages or DM’s you babbling on about how so-and-so grew their crypto portfolio by (insert ridiculous multiple here) is 100% trying to scam you.
They might posture themselves as a savvy investor or professional crypto advisor and offer to help you to maximize your gains, if you send them a small investment of course. Or they may write a testimonial and tag someone else’s name, claiming this person turned their small investment of $500 worth of Bitcoin into $5000. If you click on the tagged name of this supposed Bitcoin mastermind, you’ll find an impressive and legitimate-looking social media profile.
Do not fall for it! You are smarter than that. If it seems too good to be true, it is. If a stranger asks you to send them Bitcoin or whatever crypto you have, on the promise they’ll generate crazy gains, run! If anyone asks for money, crypto, wallet addresses or private keys they are trying to steal from you, full stop.
Crypto scams: 10 ways to protect yourself
Scams are prevalent even in traditional finance, under the watchful eye of federal and legal regulators alike. But in the DeFi space this is especially true. People are literally throwing money into any new coin project they can find. Without a sheriff in town, bad actors lurk around every corner to cash in on your fear of missing out. If you are brand new to the world of altcoins, here are a few ways to protect your bacon:
Only invest what you are willing to lose
The altcoin space is even more volatile and speculative than mainstream cryptocurrencies. Thousands of scam coins are minted daily. Altcoins are not an investment, it is gambling. Do not bet more money than you can afford to lose.
Do not follow links inside emails
Use your browser to visit the site the email claims to be from. Double-check the URL. Ask yourself if this email makes sense. Did you actually try to sign into one of your crypto accounts and lock yourself out? Or did this email come out of nowhere, asking you to reset your password?
Enable extra security measures
If your wallet or exchange platform allows for additional security features, opt-in. You can enable 2-step verifications that can email or text codes to your inbox or phone when you try to log in. If you trade on your phone through apps, enable biometrics that use your fingerprint to open the app. And my favorite; add a custom anti-phishing code to your crypto accounts if available. You’ll know emails from those accounts or platforms are legitimate because they’ll display the code you created right in the email.
Always be suspicious
Just assume everyone on social media is trying to trick you. Be critical when engaging in DM’s, comment sections or discussion forums. Never give your cash, coins, or crypto credentials to anyone. Create separate emails and strong passwords for all your crypto accounts. Never use your daily personal email for crypto business.
Double check the URL
If you buy goods or services online with crypto, double-check the web address to make sure you are patronizing a legitimate business, and not a dummy page designed to steal your information. Make sure the company name is spelled correctly. Scammers like to swap out letters with numbers that resemble letters like “1” in place of an “l.” Confirm the web address is not missing the “s” or a forward slash in “https://”
Get a cold wallet
If you are not actively trading, keep your crypto stored in a “cold” wallet; a physical device like a USB that stores your coins offline. Reputable brands include Trezor and Ledger. Visits their sites directly to purchase a cold wallet. Never buy from third-party retailers like eBay or Amazon, for example.
Know when to quit
Altcoins are like gambling. If you are consistently losing money, or falling victim to scams, walk away. This space just isn’t for everyone and that’s ok. Don’t lose your life savings chasing gains and false promises.
Stick to reputable exchange platforms
If you want to buy an altcoin that’s not available on the CEX platforms, stick to the well-known DEX platforms like SushiSwap, PancakeSwap, Uniswap or 1 Inch exchange. While these are DEX platforms, they are established trading platforms and are generally regarded as trustworthy within the crypto community. You might still fall victim to a scam coin, but the exchange itself is more secure and commonly used among altcoin traders.
Learn to read charts
Before you buy, learn how to read real-time altcoin charts. Bogged Finance can help you look for red flags such as: no sell orders, no red candles, only one or a few wallets holding the majority supply of coins. Other red flags to look out for include: unknown developers, vague or unclear whitepaper, over-the-top marketing, celebrity endorsements, and unrealistic price projections.
Do your own research
Always do your research and practice thorough due diligence. Before putting money into any coin make sure you know who the developers are, who is funding the project and that the use case makes sense. But also understand the risks involved. You could still lose it all even though you vetted the project. Are you prepared to lose money on this coin even though it looks legitimate? If not, walk away.