Commentary by Leticia Martignon — a crypto learner
Several of the most notable NFT projects got their Discord communities hacked in June and many millions were lost to scam messages posting links to fake platforms draining the wallets of those that connected it. Many Twitter accounts get compromised, websites taken over, and fake social media accounts pop up everywhere to get you to click a link and steal your wallet funds. If you focus on that, Web3 looks like haunted house in Horrorville where Freddy Krüger just got his new place.
Why would anyone be insane enough to put their money into something where you have to copy paste every link — rather than clicking — after double-checking it comes from a valid source and actually, literally, read through the small font warning messages before transferring your funds?
The upside, you’ll say: The potential for big money. And, for some of us, the potential to contribute to a new way of using technology, our digital identity and personal ownership. I will not cover hacks and failures in this article. But we’ll dive into how crypto criminals make easy money with us. So, what’s with the scams and rug pulls?
Remember the mail order scams?
Wherever there is money to be made, scammers and thieves will be all over it. My grandpa lost thousands on a book subscription he couldn’t legally cancel, on contributions he made to a fund that didn’t exist. Love-seeking Facebook users get scammed out of their savings to pay for their new interest’s “plane ticket” to come meet them for the first time. Dotcom victims invested millions into thin air, Multi-level Marketing professionals have years of earnings evaporate and Terenos’ Silicon Valley investors, albeit sophisticated and around for decades, still wonder how they got scammed by a twenty-something college drop-out.
We all want the quick buck
Web3 has created millionaires in places where banks don’t open accounts for the majority of their co-citizens. It has seen wealth creation independent of social status, geographic location, age, education, network and political orientation — sometimes making millionaires within minutes. That’s why it’s hot, loud and fantabulous. And that’s one reason why early adopters are so vulnerable to attacks.
The money can be quick. Very quick. Multiplying your funds by 5, 10 or even 100 in a very short period isn’t unheard of. And the more you hear of other people making it big, the more you will feel the creeping urge to put your money down on this token, or mint that NFT collection — because, what if it’s the next Bored Ape Yacht Club? What if it’s the next Dogecoin? It itches in your fingers. You start salivating. Trust me, it’s powerful.
It’s called FOMO.
Fear Of Missing Out
Advertisers have used it since the dawn of time. “Last ten items!” Or “Last day!” Or “The ladies will finally love you.” Fear of missing out on an opportunity has always haunted us, and with big gains in play, the fear is stronger. That’s why crypto scams are so easy to pull off.
Most crypto launches, whether fungible or non-fungible tokens, are a quick affair. Sometimes you have minutes to get your hands on the item before the price skyrockets on the secondary market. Getting in early is where the big bucks are made. And under this kind of pressure is when your brain chemistry plays you for a fool. I once pressed the buy button in such a hurry I didn’t realise it was on the wrong token (and no one even scammed me into that one).
I’ve spoken to experienced NFT collectors that know ALL the scams out there. Almost all of them have still succumbed to the craze and clicked on a legit-looking link coming out of a fake account’s direct message or on a hacked account’s announcement or on a fake website — because it was timed so damn well.
Screaming bloody murder
While most scams in the non-crypto world remain relatively quiet (who’s gonna go around telling people they accepted to launder money from a criminal posting as a prince via email?), the Web3 community is very vocal. Every good project creates momentum by building a strong community. They speak every day, share, discuss, glorify and vilify together. The crowd effect is what makes crypto so powerful, but it goes into both directions.
Even stock market investors, who also get scammed ever so often, do not have that kind of outlet. They haven’t come together as a community. They don’t meet on Twitter to discuss the happenings live for hours. They are mostly isolated.
This is why scams in Web3 are instantly known. The news spread like wildfire, making it more difficult to scam a crypto community over a long period of time. And that’s one of the reasons why you will hear so much noise about crypto scams.
Weakness as a strength
The in-your-face way that the Web3 community deals with its failings is ultimately what will make it more resilient — and very quickly. While other industries and human endeavours sweep the dirt right under the floor, the crypto world pulls it under the spotlight. You can share, listen to and learn about scam news everywhere in crypto. Project community leaders will remind you about the potential risks all the time. And there are people dedicating their free time to educate about crypto without getting paid a dime. This level of self-awareness and personal accountability aren’t exactly the cornerstones of many industries.
The Linkin’ Part
All that said, let’s look at the different ways you can fall for a scam in crypto. I would divide them into two categories: The “Chronicle of a rug foretold” and the “Link Heist”. Both are best avoided by simply not putting your money in things you don’t know and understand, especially when there is time pressure.
The Chronicle will see a more complex manoeuvring on the part of the criminals, which is why we will cover it second. The Link Heist always comes in form of social engineering, meaning the criminals will use known entities, names, URLs to get you to open the door to your funds.
- Create social media accounts with ALMOST the same name as the project you are interested in
- Hack known accounts and post malicious links from them through direct messages or through announcements
- Hack websites and redirect to their malicious system when you connect your wallet
- Ask you to provide your private wallet key
- Ask you to accept a transaction with the excuse of sending you money with the intent to drain your wallet
- Create any combination of the above.
Almost always, the link scam is based on you not paying enough attention while making yourself completely vulnerable on a seemingly safe connection or action. It can be avoided by typing in URLs instead of clicking, by checking what system you’re connecting your wallet to and what type of transaction you agree to.
While these scammers are getting more and more sophisticated, you are still the weakest link (forgive the pun), and most Heists can be discovered with a bit more time spent double checking or by simply avoiding the most dangerous moments: peer-to-peer transactions, (free-)minting, launch and other time sensitive transactions.
The Chronicle of a rug foretold is more complicated to spot. It involves criminals spending a lot of resources to convince you that a particular project or product is legitimate by creating hype, a community, a roadmap, website, visuals and the tokens themselves.
These can be anonymous individuals (this was the case especially in the early days) but more and more often even teams that are doxxed (have revealed their identity) end up risking their personal reputation for huge returns. They will lure you in creating the perfect setup and sooner or later leave with the money you put in.
These more complex scams are often called rug pulls, because the founders created the project only to pull the financial rug from underneath it and run with the money. There are different types of rugs:
- the classical Rug Pull (the fastest of the three main types)
- the Slow Rug (which can last for several months before the founders make off with the money — often with the excuse that the project has failed, when it hasn’t)
- the Accidental Rug, which is essentially a synonym for mismanagement which leads to the project failing, but not necessarily in a premeditated way.
Well executed rug pulls are tough to call out even for experienced crypto enthusiasts. The crowd factor can lead to oversight of red flags because everyone is hyped. The layer of shininess will cover a lot of elements that are otherwise haphazardly thrown together. And the more you’ve invested (in time or in money), the harder it is to admit you need to sink the costs.
Here is where DYOR comes into play. You need to know the particular space a project is in, so that you can spot inconsistencies and half truths. You need to understand enough about Web3 to know when a promise is unrealistic or unsafe. But a lot of this knowledge is hard to come by. That’s why community-driven research such as the work delivered by Kryptview, where a lot of members pool their experience and knowledge to create evaluations, is of immense value.
The risks in Web3 are many. But so are the opportunities. Join us. Be safe.
Disclaimer: This is not financial advice, but the opinion of our commentator. Crypto is a risky and volatile asset. Kryptview cannot be held responsible for any investment decisions you make. Do your own research.