Table of Contents
Web3 scams have made the blockchain landscape a war zone. On one side is the crypto community, armed with the desire to innovate and redefine the function of money and its technology. On the other side comes swindlers with zero remorse and the determination to gain fast money, hackers and malicious actors steal from unsuspecting investors. The consequence is billions have been lost.
The enigma of Web3 scams
It’s becoming a popular belief that web3 security will worsen before improving. And indeed, it’s evident from stats before 2022, which show an increasing pattern in web3 scams and security breaches. This security turmoil receded in 2023, with the first half reporting barely a third of the first half 2022.
Are things improving? No! Based on CertiK’s report, about 212 security breaches claimed over $313 million in Q2 2023. In early June, highly industrious scammers swindled over 5k Atomic wallet users stealing about $100 million.
When writing this report, a crisis hovers around Multichain which lost $126 million in another breach. The insecurity dilemma discourages the entry of potential investors to web3. This guide unmasks the main crypto scams and how to steer clear.
Phishing is among the most widespread web3 scams. In phishing, the attacker preys on humans’ curious nature. The swindlers send decorated messages with web links, fooling the victims into disclosing confidential data. The web links mimic websites of popular networks, with only minute alterations. Consequently, the attacker gains a gateway to bank account details and logins to crypto wallets.
While these web3 scammers mostly leverage emails, other platforms like Twitter inboxes, phone calls, and text messages are emerging as an avenue for phishing attacks.
How to escape phishing attacks
While prevention is better than cure, there is no concrete prevention to phishing. There is very little you can do to avoid the attacks— the attackers will send you messages on Twitter, email, or wherever. But you can escape the attacks. How?
- Don’t open suspicious emails and links — these links are the attacker’s backdoor to your network.
- Directly type any web links.
- Use anti-phishing email security systems.
- Avoid clicking on pop-ups.
- Use firewall protection— firewall blocks unverifiable outgoing requests.
- Don’t add credit card and wallet details on untrusted sites.
Blockchain’s rapid evolution brought a rise of DeFi, which is now a center for rug pulls. The ability for anyone to create unverified projects, albeit good, has led to billions in losses. It has become one of the most challenging web3 scams as it’s not always easy to spot rug pulls before they happen.
In rug pulls, developers desert a crypto project and steal everything from liquidity pools. What remains in token holders’ wallets are worthless tokens.
Note: The main offenders in rug pulls are project developers.
Builders leave code gaps during project development, creating backdoors to steal funds. Developers hype the project by promoting it via social media channels. multiple web3 scams have been found to be orchestrated this way through out time.
When launched, the project lures millions in investment. Developers then clean the liquidity pools. The Merlin DEX case followed a similar pattern. Soon after the token drew the required attention, the developers stole all the liquidity.
Crypto rug pulls. Source: Datawrapper
How to escape rug-pull attacks
Unlike phishing which lacks outright prevention, rug-pulls can be completely prevented and avoided. How?
- Avoid projects with nameless developers.
- Avoid projects with zero liquidity locked — Liquidity lockers were born out of necessity to increase confidence in DeFi. If a project has no liquidity locked, it’s not a good idea to invest.
- Vastly research on projects promising high yield or tokens with high pumps at launch.
- Avoid unaudited projects.
- Avoid projects restricting sales.
Pump and dump schemes
The most prevalent scheme in crypto and financial markets is pump and dump. Chainalysis reported earlier this year that 24% of tokens launched in 2022 had pump-and-dump traits. These schemes exploit investors’ fear of missing out on good opportunities.
The attacker fashions some fake ‘insider information.’ Once the news hits social networks, investors swiftly rush to buy the token, causing a price surge.
As tokens peak, the attacker ditches a large volume of their holding, gaining enormously. Consequently, the token dump, coupled with frustrations around the fake revelations, results in plummets.
MIMO price action. Source: Coingecko
Mimosa (MIMO), a crypto project born in March 2021, traded at $4. A few days after its birth, MIMO plunged to the sub-dollar price.
How to escape a Pump and Dump
Dodging pump and dump schemes is as easy as one-two-three. Here are a few things you must do;
- Don’t make investment decisions based on hype, DYOR. Promotional campaigns create a market craze, exaggerating the project’s potential. Evaluate the legitimacy of the news source.
- Analyze the markets before investing. Check the price demeanour, resistance, support, and other key points.
- Don’t invest in projects with high buy walls.
Business opportunity scams
Some web3 scams come in the form of mouth-watering business deals. These scammers prey on investors’ ignorance. They make a promise of high-yielding opportunities for some crypto investments. Have you seen an email asking you to invest in a ‘shit’ coin, promising 10x, 100x, or maybe 1000x gains? Well, that’s how business opportunity scams work.
How to escape business opportunity web3 scams
As pointed out, ignorant investors are the most likely victims of such scams. The aftermath of their reluctance to research is blind investments. Consequently, these investors are duped. The simplest elixir to avoiding business opportunity scams is research.
Can you escape web3 scams?
Yes! All crypto and web3 scams bear similarities, the fake promise of high returns. Any approaches promising extremely irrational returns are likely innovative tricks fashioned to scam investors. If the deal sounds too good, it probably is. Keeping off such messages or emails is the best way to avoid scams.