Within the cryptocurrency training articles that we have been writing, we have taught you about different very useful topics. Among them topics such as what are stablecoins, Fan Tokens, the Proof of Reserves and interesting cryptocurrency protocols like Monero (XMR). During the following articles for your training in cryptocurrencies we are going to focus on a very important topic within the cryptocurrency ecosystem; safety. In today's cryptocurrency training we are going to teach you what the most common scams are and how we can protect ourselves from possible attacks.
1. Fraudulent airdrops.
Let's see what the first most common scam is that we will show you in this cryptocurrency training. A airdrop is a distribution of a cryptocurrency token, usually for free, to numerous wallet addresses. Airdrops are often associated with the launch of a new token or DeFi protocol, primarily as a way to gain attention and new followers, resulting in a larger user base and greater capital outlay. But not all tokens that reach our wallets are trustworthy.
Recent DeFi scams are especially common on the Binance Smart Chain (BSC) blockchain. They often trick people into believing that they have suddenly received tokens worth thousands of dollars. But they are not tradable on exchanges because they do not have liquidity.
2. Phishing attacks.
Let's see what is the second most common scam that we will show you in this cryptocurrency training. Phishing attacks are scammers who pose as an official company to trick victims into revealing sensitive information. These types of scams are especially common in the cryptocurrency field. Google has algorithms in which certain keywords on social networks, such as "MetaMask" on Twitter, cause a wave of scam bots to send us messages so that we respond back. Often, these bots will redirect us to a Google form, asking for our wallet seed phrase or other sensitive personal information, something we should never share with anyone.
3. Honeypots.
Yes, honey is a delicious food, but take note that in your training in cryptocurrencies it will save you from many headaches. Cryptocurrencies are volatile, meaning that prices can fluctuate massively over a given period of time. But, if a new token just goes up and no one seems to be selling it, it may be a sign that something known as a honeypot scam is occurring.
This is where investors are attracted by the ever-increasing price of a token, but the only wallet the smart contract allows to sell is controlled by the scammers. The Squid Game token is a clear example of a honeypot. The DeFi project attracted media attention due to its alleged association with the popular television show. It rapidly rose in value shortly after launch, but the media quickly realized that investors were unable to sell any of its tokens. Eventually, the founders sold their tokens and fled with millions of dollars in Binance Coin (BNB).
4. Protocol exploits and vulnerabilities.
Let's review the fourth most common scam that you should take into account in your cryptocurrency training. Decentralized finance (DeFi) runs on code visible to everyone, meaning that more technically savvy people can take advantage of the code vulnerabilities and steal huge sums of money. In fact, the amount of funds lost in DeFi project exploitations amounts to $5,93 billion in 2022, according to blockchain security company CertiK. The most common attacks within these vulnerabilities can range from flash loan attacks, hacks on Discord servers, or fraudulent NFT mints.
5. Rug Pulls.
“Rug pulls” are so common in DeFi that “playing hard to get” has become a common phrase in cryptocurrency parlance. A rug pull is a type of exit scam in which the perpetrators create a new token, launch a liquidity pool for it, and pair it with a base token such as ether (Ethereum's native token) or a stablecoin like the dai (DAI).
Once the amount of liquidity in the pool reaches a certain point, creators dump all of their tokens into the pool and withdraw all ether, dai, or any base tokens that have been used from the pool. This causes the price of the newly created token to approach zero, leaving investors with worthless coins, while blanket-pullers walk away with a tidy profit. It is one of the scams that we must take into account most in our training in cryptocurrencies.
6. Fake Google Ads.
We are going to tell a truth like a temple explaining this scam; Google is very opportunistic. He has tried to harm the cryptocurrency ecosystem multiple times through censorship of ads and other actions. Of course, when he can take advantage he has been the first to move forward. The last scam that we will discuss in this cryptocurrency training indirectly involves the Google search engine. The first Google result for a DeFi project might not point you in the right direction – in fact, it could point you towards a scam.
Unfortunately, Google does not check websites for authenticity before selling an ad, so a Google ad should never be interpreted as a sign of legitimacy. If you are not sure which is the correct website, you can consult reliable sources, such as the official Twitter page of the project or Coinmarketcap, to find the real website.
How can we protect our funds from these types of attacks?️
In this cryptocurrency training, we are going to review some of the best security tips to protect ourselves from these potential scams in order to keep our cryptocurrency funds safe:
Use two-factor authentication on our accounts.
Basically, two-factor authentication is a second layer of security when logging in. It usually involves receiving a text message with a special code every time you log into your account. Two-factor authentication substantially reduces the likelihood of your inbox being hacked. Let's see how to configure Google two-factor authentication, one of the most popular:
1. We open our Google account associated with the Exchange and go to the “Security” panel.
In this panel we see the “two-step verification” section. In my case we see how I already have it configured, but we can follow the explanation anyway.
2. Start setup.⚙️
Next, click on the authenticator configuration and start the configuration by scanning the QR code that will appear at the beginning.
3. We start the application configuration by following the steps on the screen.
When we have finished the configuration steps, we now have access to the main screen.
4. Link Google Authenticator account to the exchange.
Once we have configured our Google Authenticator account, we will proceed to link our Exchange account that we use with the application. We go to the “Settings > Security > Google Authenticator” tab and access the app settings. In our case we will do the example from the Exchange Bitget.
5. Scan QR Google Authenticator. 盧
Next, from the Google Authenticator application, we scan the QR code that appears in our Exchange to link the two accounts.
QR code to link Google Authenticator with the exchange. Source: Bitget.
We enter the code.✍️
To finish the configuration, we enter the code that we will receive in our email account associated with the Exchange and below the 6-digit password that we just configured previously. Hurry, if the time passes you will have to enter a new password! 2022/12/image-7.pngFinal configuration when linking Google Authenticator with the exchange. Source: Google Authenticator.— We remember that for each account that we have associated with an Exchange we must follow the same steps to be able to configure the application configuration keys to ensure two-step verification.
Activate password protection on our phone.
Fingerprint identification is the best option, but it is often not enough. For example, a court can force us to unlock our phone with our fingerprint if it is necessary in a trial. Also, we can't exactly change our fingerprint after an attacker gets hold of it. An attacker will usually have 10 attempts before our phone is completely locked. So, if your 4-digit password is one of these common ones, it would be time to change it so as not to expose your account to greater dangers...
Use different passwords for each Exchange.
Passwords are inherently insecure. Mark Zuckerberg used the password “given” on his LinkedIn account. Earlier this year, when hackers released 117 million email and password combinations, yours was among them. Hackers were then able to use his email and password to gain access to his Twitter and Pinterest accounts.
So don't use the same password on more than one site. This way, if access to one of your accounts is ever compromised, you will not have your capital so exposed.
Check the signed permissions in our wallets.
This is one of the mistakes we can unconsciously make when using decentralized protocols through our cryptocurrency wallets. Whenever we interact with a protocol for the first time, we must sign a permission to be able to interact with the protocol's Smart Contracts.
This is where we must be careful, since by default we will allow the protocol to perform the actions we sign in said message, which can potentially expose our funds. To protect our funds, it is recommended that when interacting with the protocols with this signature, we modify the permissions that we grant to the protocol and that we remove the permissions once we have finished interacting with the protocol in the “connected sites” tab.
Establishing trusted addresses (White List).✅
As an additional security measure, we can establish trusted addresses that are usually grouped within a list (Whitelist). This may seem like a somewhat cumbersome method and at first it may seem inefficient (it takes 24 hours to allow shipments to a new address), but the truth is that as an additional layer of security to protect our assets it is a great option.
Let's imagine that someone has managed to penetrate several layers of security in our account and is faced with the possibility of sending our funds to an address that he/she decides. With this method, we had previously detected a security flaw in our account, but we still have time to block the possible theft of our funds. Think about it, it's better to take a little longer, but preserve what is ours...
Conclusions from this cryptocurrency training on scams in the cryptocurrency ecosystem.
Now that we have finished this cryptocurrency training on the most common scams and how to protect ourselves from them, let's review the most important points. We have learned about the different most common scams that we can usually encounter. Although we also have to keep in mind that, just as the technology surrounding cryptocurrencies advances, possible scams also follow the same pace.
So new methods may emerge to try to steal our funds. That is why we must always be cautious when trusting our data and be very distrustful when granting permissions to cryptocurrency protocols. We have also listed some of the best actions we can take to increase the security in our accounts in order to protect ourselves from these scams and prevent our precious funds from being stolen.