Scams and Ponzi Schemes
"If you didn't expect to find snakes in the grass, then you shouldn't have left the parking lot."
Cryptocurrency markets are the wild, wild west of the financial world. The number of scams in the cryptoasset space is simply staggering. Face it, anywhere there's money, there are people trying to take your money. Thousands of criminals and dishonest people are using all sorts of different schemes to successfully steal funds from unsuspecting investors. Unfortunately, the low education level in the cryptoasset markets, combined with the ability to confuse people with fancy-sounding high-tech terminology, is a perfect breeding ground for fraud.
We'd like to start by saying that you should ONLY ever buy coins from legitimate cryptocurrency exchanges. Don't buy crypto from eBay, CraigsList, personal ads, social media promotions, or any other sort of facility that isn't a major cryptocurrency exchange. Even a lot of the smaller and mid-sized exchanges are highly risky, while a few others are outright frauds. Don't buy crypto from strangers at one-on-one meet-ups. Never click on an advertisement in search results that takes you to an exchange website. Always use a safe bookmark or type in the exchange URL directly, to make sure you're not on a cloned site designed for phishing. Markups and fees at cryptocurrency ATM's are ridiculously high. Many sites where you can buy cryptocurrencies "directly" are scams. There are many sites designed to look exactly like official sites for a cryptoasset, but which are run by scam artists waiting to take your money. Some ICO's, even if they happen to be legal in your jurisdiction, are big scams. Many cryptoassets marketed as "the next big cryptocurrency" are garbage projects.
Falling victim to a scam is different than getting hacked, although the end result can be the same. We'll use this page to give you some background about some of the scam projects that have fooled investors. Also, near the bottom of this page, we'll give you what is probably the most important part of this website: A list of generic scams to be aware of. If you read nothing else, at least skip through to that section and review it carefully. And by the way, never ever use a website to generate a seed or a private key
Trust Nothing Without Verification
A scam is a fraudulent act or activity, usually set up purposefully to take money away from an unsuspecting victim. A ponzi scheme is a fraudulent investment operation where the operator generates returns for older investors through revenue paid by new investors, rather than from legitimate business activities or profit from financial trading.
The first step to protecting yourself against fraud is to be aware that within the cryptoasset space, probably more so than in any other financial markets, there are a huge number of criminals and malicious actors who will try to separate you from your money. If you understand this, hopefully you'll be cautious with the investments that you make, and with the handling of your assets. The best approach for investing in crypto is "trust nothing without verification." A few hours of research can prevent the loss of hundreds or thousands of dollars of investments.
When it comes to scams relating to specific cryptoassets, some online communities have created their own sets of resources to help ensure that unsuspecting investors do not get scammed. In particular, some Reddit communities have pages that list all known and suspected scams. Here's an example for the Monero cryptocurrency:
https://www.reddit.com/r/Monero/wiki/avoid
Before investing in a particular cryptoasset, you should always try to find a similar page to that one, and learn everything possible about which resources to avoid. This precaution will help you avoid scam websites, non-validated wallets, and unsecure generation of seeds or private keys. Time spent on education and research is unquestionably worth every minute that you put into it. If you understand some historical scams and current attack vectors, you'll drastically reduce the chance that you'll become a victim.
Here are a Few Cryptoasset Projects that were Scams
Confido - Confido was an Ethereum-based token which raised about $375m USD, but then suddenly, announced that due to "legal problems" they were cancelling the project. All traces of their social media and web presence were erased, and the market cap of the coin collapsed. At the time of writing this, there have been no updates about the project. Links can be found here and here.
Monero Gold - This was a token based upon a common scheme of linking the name of a well-known and legitimate project to a "new fork" by adding a second name like, such as Cash, Gold, Diamond, Platinum, etc. A link can be found here.
REcoin - REcoin was a project which was allegedly going to invest in real estate deals. It was shut down by the United States SEC in 2017. Links can be found here and here.
OneCoin - This project was marketed as a bitcoin alternative, until it ran afoul of authorities who realized that it was not a legitimate project. Links can be found here and here.
BitConnect - BitConnect had all the characteristics of a classic Ponzi scheme. For instance, investors' funds were locked into the project for a period of time before the investment could be unwound. As many people predicted, this project crashed in early 2018. Links can be found here and here.
MyCoin - This was a cloud-mining contract site, rather than just a cryptocurrency. It shut down and took investors' funds. Links can be found here and here.
RedChain - This was one typical example of a large number of ICO scams (which is why they should be regulated). A link can be found here.
This is just a very short list, to emphasize that you can never be too safe. You need to do a TON of research before you invest in any project, and your best approach is to treat everything with a very critical eye (ie. guilty until proven innocent). There are hundreds of other examples of cryptoasset projects that turned out to be scams or ponzi schemes. Literally hundreds. Here's one good Reddit post to illustrate this point, followed by a link to the scam section of DeadCoins:
Reddit Partial List of Scams: https://www.reddit.com/r/CryptoCurrency/comments/7r6chx/here_is_a_list_of_crypto_ponzi_schemes_and_people
DeadCoin's Scam Section: http://deadcoins.com/categories/Scams
Some of the Top Scam Tricks to Avoid
Online Seed Generators: Many, many investors have fallen victim to this scam, for many different currencies. Make sure that you never generate a seed using an online seed generator. Many of these are fake pages set up by criminals. Even taking some of them offline doesn't give you a safe seed, because some of these scam sites simply "generate" a seed offline by picking a seed from a list of compromised seeds that a scammer has created. Only use seed generators that are offline AND that are specifically endorsed by the developers of the project. Incidentally, never trust links on Wikipedia pages either, as a number of scammers have added links to malicious seed generators on various Wikipedia pages.
Fake Websites: If you search for various websites that allow you to buy cryptocurrencies, chances are high that some of the top results will be fake or imitation sites which will take your funds, and you'll never see your money again. This is especially the case with imitation cryptocurrency exchange websites. For example, the major global trading exchange, Binance, only has one site at Binance.com, but if you do a google search, you may find six to eight "fake" Binance sites that have slight variations on the URL for the real website. Be on the lookout for character substitutions in the URL's for the sites, such as a capitalized "i" that replaces the lowercase letter "L", or non-Roman characters in the URL. The simplest way to avoid this scam is to do research to confirm the legitimate URL for the site that you're looking for, then to enter it in your browser as a "safe cryptocurrency bookmark" list. From that point on, ONLY visit the site by going through that bookmark. Of course, someone could create malware that looks for browser bookmarks to major exchanges and edits them, so always do a close visual check on the URL after you reach the site. This doesn't just apply to exchange websites. For example, mymonero.com is the legitimate website for monero wallets. The following are all fake sites: mymonero.co, mymonero.eu, my-monero.org, etc. And wait, did you believe us when we just said that mymonero.com is the legitimate website? If so, you should start reading this page again from the top. Don't trust us. Don't trust anyone. Do the necessary research to verify everything yourself, before assuming that it is safe. Read this post on Reddit to see how challenging this issue is.
Fake Google Ads: Related to the above point, you'll probably see fake advertising at the top of search results, which leads you to fake websites. The best option to avoid this is to install a script blocker or ad blocker extension to your browser, such as "ublock origin." A second safe practice is to ensure that you never click on any of these ads. It is very rare for a major reputable cryptoasset exchange to use advertising to attract customers.
Imitation Projects: A common scheme for scammers who have a background in coding, or who merely spend a few hundred dollars to hire a developer for a few hours, is to create a cryptocurrency of their own which links the name of a well-known and legitimate project to their scam crypto, by adding a second name such as Cash, Gold, Diamond, or Platinum. You'll hear of projects such as Neo Gold, Bitcoin Diamond, Bitcoin Silver, and others that are scams trying to capitalize upon the market recognition of the original projects. Stay away from all of these.
Third-Party Resellers of Wallets: If you're buying a hardware wallet such as a Ledger or Trezor, always buy it directly from the manufacturer (or directly from an authorized reseller who is promoted on the Ledger/Trezor websites). Even if there's an extensive wait time due to a back-log of orders, we recommend that you don't purchase from websites such as eBay or Amazon. While the actual devices are difficult to tamper with, and the safety factor should be high if you wipe the device upon receiving it then create your own seeds or private keys, there have been numerous cases of people losing all of their funds because they fell victim to the "pre-configured wallet" scam. If you're going to store hundreds or thousands of dollars on a device that you bought in the mail, there is no reason not to be patient and order directly from the manufacturer, to be safe.
Third-Party Software Wallets: Many people have created wallets that can store a single cryptoasset, or multiple cryptos. However, thousands of investors around the world have lost coins from some of these wallets. If you do google searches, you'll see many stories of heartache from users of wallets produced by Coinomi, Exodus, Jaxx, and others. If you're using a desktop or mobile wallet, the safest solution is always to go to the project's official web page, and use only the wallet(s) that the developers of the project recommend. If this is inconvenient because you need thirty different software wallets to hold thirty different coins, have patience with being inconvenienced. Security should always trump convenience.
Mobile Wallets on App Stores: Despite careful review of apps by Apple and Google, some malicious wallet apps occasionally manage to make it onto the app stores for short periods of time. If you're searching for a specific app, always make absolutely sure that you're downloading the legitimate app, and not a scam.
Websites Asking for Private Keys: Don't ever give up your private key. If you don't own your key, you don't own your crypto. Also, if you're using a blockchain explorer to check the status of funds in your wallet, make sure you always use the public address for the search string, not your private key!
Social Media "Good Samaritans": Many users of social media platforms such as Reddit will give advice to less experienced crypto investors, and usually with good intentions. However, an anonymous user will sometimes offer advice that looks legitimate, but that has a slight twist to it. For example, we've seen posts from throwaway accounts where a user offered advice to help someone deposit coins to the "user's wallet," but then provided the address of a different wallet in the post, hoping that an unsuspecting user would naively send money to the wrong wallet.
Social Media "Sob Stories": Many people like to talk about stories of heartache or bad luck on social media sites. Some of these stories are completely legitimate. However, some of the authors of these stories have "reluctantly" added donation addresses after pressure from sympathizers who want to help out. And unfortunately, some of these stories have later turned out to be completely false. If you want to give money to a stranger on the internet, because it makes you feel better about helping out someone who is down on their luck, we recommend instead that you donate crypto to a legitimate charity such as the Water Project, or to other organizations such as Wikipedia or the Electronic Frontier Foundation or The Internet Archive.
Social Media "Crowd Support": If you want to create a scam crypto project, a key step in the process of luring victims is to create a fake online support community. It isn't hard to create a number of fake social media accounts that can pop up to support or shill a project. It's also pretty easy to hire a bunch of real-world people to participate in a scam. Let's say that you're going to create a scam crypto and you've created a very detailed [private] road map which leads to your eventual exit scam. If your eventual payout is tens of millions of dollars, it's easy to spend ten or twenty thousand dollars to convince legitimate and unsuspecting social media account holders to make posts talking about how ground-breaking and revolutionary your project is. It's also easy to create a bunch of sleeper accounts on sites like Reddit (and even on sites such as Facebook that require more verification) and activate them to support your project. Someone with a trained eye can usually figure out with relative accuracy which accounts are legitimate and which are not, but fake social media accounts are sometimes getting much more difficult to spot. Unsuspecting victims are frequently tricked by this "grassroots support" and throw money at fake projects. Thousands of investors are tricked by crypto project exit scams every month. Never trust the advice of a stranger on the internet. Do your own research before putting a single dollar into a project. If it seems too good to be true, it probably is.
The FTX Exchange
It will be a few years before crypto investors are no longer sick of seeing the initials SBF - which stands for Sam Bankman-Fried (or 'Scam' Bankman-Fried, if you prefer). He and his merry gang of adderol-addicted financial simpletons caused a series of collapses in crypto markets in late 2022 that continued to reverberate into 2023. It will be some years before the dust settles, but it appears likely that they directly and indirectly caused the loss of approximately ten BILLION dollars in customers' assets. Our hope is that they all go to prison for a lifetime.
Final Thoughts
Again, if you're trying to use a website or a wallet associated with a crypto project, always make sure you're using the resources that are officially endorsed by the official development team of that project. Most cryptoasset subReddit pages have a sidebar that lists the resources that the developers of that project believe to be safe.