Cryptocurrency: Scams and How to Avoid Them

Posted on by Moskowitz LLP & Amelia Hans Posted in Cryptocurrency Tax Assistance

Crypto Security

One of the most common misconceptions about Bitcoin is that people say it isn’t backed by anything, so there’s nothing that gives it any real value. Some might say the same about the U.S. Dollar, which since 1971 has had no intrinsic value as it is no longer tied to the gold standard – as fiat money, its value is solely backed by the faith and trust people have in the government that issues it.

Bitcoin and cryptocurrencies are backed by something else, and that something is “math.” Cryptocurrencies are a trustless system of money controlled by no one. That system is maintained by a set of irrefutable mathematical rules implemented on an un-hackable network of distributed public ledgers – a blockchain.

Private and public keys

A blockchain is a network that runs on the internet. Cryptocurrencies run on blockchains. To log into a blockchain a person needs two types of keys:

  1. A Public Key: A public key is a cryptographic key that is used to encrypt data, but is used in a similar way that your bank account number is used to represent the contents of your account. If you want people to deposit money into your account, you give them the necessary information without permitting them access to your funds. If you want someone to send you crypto, you provide them with this key — it can be a long series of numbers or a QR code.
  2. A Private Key: Every public key has a corresponding private key. This private key usually comes in the form of a 24-word passphrase, though it could also be a QR code or a long series of numbers and letters. In the world of traditional banking, a private key is the equivalent of the login information to your account, your social security number, your home address, the key to your house, your medical records, and…you get it. You don’t want to share this code with ANYBODY. Anyone who has access to your private key has complete and utter control over your cryptocurrency, and there’s nothing you can do about it. For this reason, you should never save your private key on your computer or on any other digital device that can be hacked. Wise investors store their crypto on cold crypto wallets, write their private keys on pieces of paper, and/or lock them in safes. Some even take additional measures such as permanently embedding their private keys on titanium or stainless steel plates that are nearly impossible to damage. You must be careful when you are 100% responsible for your own money.

Can someone hack your private key?

Mathematically, it is possible to hack your private key. According to Brye Paul and Aaron Malone’s book Crypto Revolution, this is what it would take:

“A hacker would need access to one computer with the power of THREE GOOGLES put together. Then the hacker would need to create FOUR BILLION more of these computers…He then would need to populate four billion planets each with four billion of his super-computers…then he would need to visit another four billion galaxies and in each of these galaxies give four billion planets four billion super-computers. Now he has a one in a four billion chance of guessing a single private key in the entire lifespan of the discovered universe.”

To summarize, the only way someone can gain direct access to your cryptocurrency is if you’ve stored your private key on a hackable device.

How is people’s cryptocurrency stolen from them by hackers?

The nature of blockchains prevents anyone from hacking into them as the transactions recorded are validated 24/7 by millions of computers across the network. However, to buy cryptocurrency and enter the blockchain space, a crucial step is required: use of a crypto exchange platform. These platforms enable investors to purchase thousands of cryptocurrencies via bank transfer and credit/debit card.

Cryptocurrency exchanges are centralized and operate on a single, internal database that is hackable. When you purchase cryptocurrency from a platform and leave that cryptocurrency in your hot wallet (your crypto exchange account), someone can hack into it. By trusting the exchange to keep your funds safe, you are relying on their security systems to keep hackers out. If and when those systems fail – your cryptocurrency can be stolen. This happened to investors with Mt. Gox (2011), Cryptopia (2019), Binance (2019), KuCoin (2020), Liquid (2021), and Crypto.com (2022).

Cold Wallets

Due to the increase of hackers infiltrating crypto exchange platforms, the demand for cold crypto wallets (hardware wallets) such as Trezor and Ledger has risen substantially. These hardware wallets store your crypto on an external, offline device, giving you 100% control over your cryptocurrency and making it impossible for any hacker to steal your digital funds. The only way for a hacker to steal what you’ve stored on a cold crypto wallet is if they gain access to your cold wallet private key, that very important 24-word key passphrase mentioned above.

Cryptocurrency Scams

In Part I, we got a basic understanding of how crypto technology operates and how we can use that knowledge to ensure the safety of our private key.

That said, even with a safe private key, other actions may put your cryptocurrency at risk. Here are eight ways someone might be trying to separate you from your digital investments:

The Crypto Investment Manager

The most important rule in crypto is never to give someone else your digital money to manage for you. As an outspoken crypto investor, I am messaged daily by a variety of scammers on Instagram and other social media platforms promising me wonderful, too-good-to-be-true rewards if I invest through them. There is nothing that legally binds these scammers to return your money to you and there is no way to recover your cryptocurrency if you’ve fallen for their tricks. Just remember that people who understand and support cryptocurrency for its remarkable innovation will NEVER ask you to send them crypto.

The Digital Messenger

Beware of messages from cryptocurrency exchange platforms. It’s difficult (but not impossible) for hackers to directly steal cryptocurrency from an exchange, so to make things easier many hackers resort to other tactics such as sending SMS messages, account notifications, or phishing emails to lure you into their scam. By pretending to be the cryptocurrency exchange, they trick some people into giving them their passwords, using those passwords to log into their accounts and easily take what isn’t theirs.

The Fake Crypto Miner

The difference between a single person mining for gold versus a group of people mining that same gold is significant – the odds of the group discovering gold are much larger, and they get to split the gold more frequently according to the amount of work they each put in. The same is the case with mining and staking, processes that generate new digital coins or obtain rewards by approving and verifying transactions on the blockchain.

Mining and Staking are highly competitive crypto reward systems, and to increase the odds of “winning,” many people join their computer processing power or pool small amounts of cryptocurrency together. There are a few legitimate mining/staking pools out there, but the number of scammers reaching out to people to join their “pool” is very large and this leads many investors to lose a LOT of money. Remember, when you transfer cryptocurrency to a wallet that isn’t yours – you have lost control over that cryptocurrency. In the case of mining/staking pools, you’re trusting the people behind the project to facilitate the process responsibly.

The Pump & Dumper

The “pump and dump” (P&D) scheme is one of the best reasons why it is so important to take your time and do proper research before investing in a new coin. Similar to the security investment fraud scheme in which the price of stock is artificially inflated through misleading positive statements, a P&D in crypto involves artificially inflating the price of an existing coin to make it look like many people think it’s valuable. Scammers purchase huge amounts of a certain cryptocurrency and hype the project up on social media, leading more people to buy into it because they think it will make them rich. When the coin gains enough value, the scammers sell all their shares, causing the value of the cryptocurrency to plummet.

The Rug Puller

The rug pull is a term used by the crypto community to describe exit scams. A developer creates a cryptocurrency token to sell to investors in exchange for Bitcoin, Ether, or USDT under the false pretense that they are collecting funds to build their own blockchain for that token (and make it an official cryptocurrency). The appeal of these Initial Coin Offerings is that investors buy at a low price believing that the project will take off and result in huge returns – like those fortunate souls who bought into Ethereum when it was in its ICO stage and worth less than five cents! In the case of rug pulls, the scammers utilize a pump and dump scheme to collect large amounts of money and then disappear with it, leaving investors with meaningless tokens that will never be worth anything, and no way to get their real crypto back–this is the “rug being pulled.” In some cases, the tokens are coded by the developers with malicious backdoors that only permit the developer to sell them (“limited sell orders”).

The Ransomware Attacker

Crypto ransomware attacks usually begin with phishing emails or fraudulent websites from an unknown source. When you click on a link or download a file, software is installed on your computer that compromises your system. The hackers behind the ransomware then demand a certain amount of cryptocurrency in exchange for giving up control over your computer. Sometimes hackers only threaten a ransomware attack if you don’t pay them X amount of Bitcoin by date Y. The number of ransomware attackers seeking crypto has seen a sharp increase in the last few years because cryptocurrencies are hard to trace, and can be transferred easily between wallets without third party involvement.

The Fake Exchange Developer

There are many legitimate and trustworthy crypto exchanges out there, but you should thoroughly research an exchange platform before using it. In the early days of cryptocurrency, one of the leading reasons for people losing their investment was because the developers of an exchange would steal the money instead of converting it into cryptocurrency. For example, in 2018 the founder and CEO of a Canadian crypto exchange “Quadriga” stole $250 million from users and vanished (Netflix produced a documentary about this story entitled “Trust No One: The Hunt for the Crypto King”).

The Ponzi Trader

A crypto Ponzi scheme is a more extreme version of a rug pull, where a company sells a fake cryptocurrency for years and then runs away with the profits. The most notable crypto Ponzi scheme is OneCoin, a company that from 2014-2017 promoted itself as a cryptocurrency, but was actually a multi-level marketing Ponzi scheme which reportedly generated a jaw-dropping $4 billion (though according to the BBC podcast detailing the investigation, the amount of money stolen was probably closer to $15 billion). This story is fascinating, so we’ve covered it in all its exciting depth in our Cryptocurrency: The Bitcoin Killer blog post.

How to Avoid Cryptocurrency Scams

In Part II, I described some cryptocurrency schemes to help new investors know what to watch out for. Below are some tips for crypto investors on how to avoid losing your money in this relatively new investment arena.

The Crypto Investment Manager

  • Don’t send them crypto or money, no matter what they promise you. People who enter the crypto space for the sole purpose of getting rich quick will find themselves losing much more than they hoped to gain.
  • Take the time to acquaint yourself with the technology behind crypto.

The Digital Messenger

  • Avoid clicking on any links that redirect you out of the exchange website (and make sure that you don’t type your password onto a different site).
  • Ask the opinion of someone who has experience in the crypto world.
  • Research the crypto exchange you plan to use and read their support guides that detail how they will contact you, and all the different scams you could be exposed to.

The Fake Crypto Miner

  • Research the mining or staking pool you are interested in joining. Take your time and be 100% sure it’s legitimate before getting involved.
  • If you’re new to cryptocurrency, avoid these. It just complicates an already risky investment.
  • If someone pressures you into joining one – it’s a scam.

The Pump & Dumper

  • Don’t let the fear of missing out be the only reason you invest in a specific coin.
  • Check through crypto forums or Reddit and Facebook to see what people have to say about sharp spikes in prices.
  • If you know and trust a successful crypto trader, ask them what they think. They make and lose money according to predicting the short-/long-term prices of crypto coins.
  • Be patient and observe. It’s better to be safe than sorry, especially in such an unpredictable market.

The Ransomware Attacker

  • Avoid downloading files from unknown email addresses.
  • Make sure to invest in a high-quality anti-virus software, web application firewalls, and malware scanners.
  • Back up all your important data on the cloud and on external hard drives so that in the event you do fall victim to a ransomware attack, the scammer has only gained access to your data, not rendered it inaccessible to you.

The Rug Puller

  • Carefully consider whether you want to invest in a project at its ICO stage. It’s very difficult to determine whether a token is legitimate or will succeed when a blockchain still has not been developed to maintain it.

The Fake Exchange Developer

  • Thoroughly research the crypto exchange that has sparked your interest.
  • Use established and regulated crypto exchanges that have been around for years (Binance, Kraken, Coinbase, Crypto.com, etc.)

The Ponzi Trader

  • Be wary of crypto projects that have a “notable” figure or influencer promoting them and promising huge returns.
  • If someone is very enthusiastic about a new coin that’s not in its ICO stage, confirm that they have successfully withdrawn their cryptocurrency into cash before considering this investment.
  • Read articles about the coin from publicly funded organizations, where the company or person looking to pull people into their Ponzi scheme is less likely to advertise and be spoken about positively.

It’s no secret that investing in cryptocurrencies is a risk. Cryptocurrency is a new and quickly rising industry with incredible promise, making it a hotspot for all kinds of scams, as well as bashing and skepticism from regulators, governments, and powerful third-party entities. That doesn’t mean that it’s not a potentially quite profitable decision to investigate it.

Take your time and do your research, and make sure to research the pros and cons so that you get both sides of the story. We provide you with a great example of what that kind of research looks like in our Cryptocurrency: The Power of Perspective blog post. So take precautions before entering the crypto space!

Tax attorneys for cryptocurrency investors

One great precaution that’ll let you invest in cryptocurrency carefully, safely, and with knowledgeable experts on hand to field your questions, is working with an attorney from Moskowitz LLP.

Moskowitz LLP has the tax expertise to offer what standard crypto gurus don’t: practical solutions and strategies for crypto beginners that are also configured to minimize your tax liability on crypto gains.

Let’s work something out that fits your portfolio and investment goals here.