We believe we have a responsibility towards users, token holders and enthusiasts in helping them enter the cryptocurrency space safely, regardless of platform preference, background and their knowledge in the subject matter. In the unlikely scenario that you’ve been part of the ecosystem for a while but you’ve never encountered any scams, you might also find this guide interesting.
We’ve chosen to use the term “scam” in a broad sense since some scams operate purely to steal just your data and to sell it to the highest bidder. In these instances, it still counts as a scam - since they’ve taken something of value from you without your permission. The data you’re giving away even has value, both to you and monetary, and even if you think you don't produce a significant amount to be profitable, data is farmed and constitutes an industry on its own, one that you have not agreed on participating from. See our post on Data breaches: how they affect people and what can we do to fight them.
Commonly Targeted Platforms
Most scams have some degree of connection to Twitter. There are a few reasons for this although they go outside the scope of this guide so let’s get into what to look out for:
- Profile and project copycats that are aimed to appear like a specific real person/project, just the handle is not identical.
- Individuals commenting, in combination to the above, which claim to have been given “free tokens” or participated in an airdrop.
These scams will likely continue as long as the term “airdrop” is searched or people look for free tokens. The group of individuals creating these scams don’t need to target a specific project, they target as many as possible because it’s irrelevant to them which project their potential victims are searching for. Preferably the attackers would often be after their victims to either send an amount of cryptocurrency, they might trick you into believing they will return a much larger value worth of tokens. They can also be after the victim’s private key for complete control over that address.
Telegram is a platform that became widely popular in the crypto-space during 2017. As a communications platform, it comes with some great privacy features such as End-to-End encryption and self-destructing chats . It also has a thriving bot-creating community which utilize the API. The number of open-source tools available to scammers and the popularity of the platform make new-comers susceptible to the huge number of scams on the platform. Similar to Twitter scams, attackers don’t need to target a specific project, it’s a numbers game so they benefit the most by targeting as many as possible. Look out for:
- “Airdrop” and “free token” bots, these take little knowledge and effort by scammers to build and run.
- Groups attempting to appear as an official group, this is often coupled with faking team member accounts.
- Individuals who send direct messages in the hopes to prey on those who either are very inexperienced, desperate for money or sometimes just the lonely (aka the Romance Scam)
- Sometimes these accounts will sit watching official channels and direct message active members in attempt to fool you into believing they’re official team members
Scams on this platform are usually a bit more difficult to conduct due to the way Discord servers are found and joined, however that can still be conducted if you’re searching via other platforms, such as Twitter, and come across a fake link. Watch out for:
- Servers which aren’t linked by the official project website as their official chat.
- Unsolicited direct messages, especially those that ask for your Ethereum address.
Reddit as a platform and the system around how Reddit moderators works is often quite effective for avoiding scams (assuming the project is legitimate). The platforms allows moderators to add custom auto-moderating functions to their own subreddit to help themselves directly tackle spam. However this doesn’t avoid potential victims completely in coming in contact with:
- Fake posts on official project subreddits. Moderators are humans just like you, and sometimes they sleep. If there’s a particularly sneaky scam that gets through the auto-mod then it has to be manually removed and for this we (and project leaders) need our community’s help! Every report helps, remember that being part of the community also means you are part of the project.
- Fake subreddits, not to be confused with legitimate community run subreddit which there are many of. These fake subreddits will often be easy to spot by their low user counts and overall activity. They’re relatively uncommon.
Scams on the Facebook platform often operate very similarly to Twitter scams in the way that they will pose as the project in the comments of the real project’s post. Within the comment they’ll go on an unrelated topic to the actual post. Make sure it is:
- The actual post/comment is by the same project page you’re on.
- There’s no individuals commenting claiming to have received free tokens.
Contract level scams
It’s important to keep in mind that many scams are more elaborate than just asking you to send funds to an Ethereum (or Bitcoin) address the scammer controls. Often they’ll create a fake token with the same Symbol and Token Name. These can sometimes be quite easy to spot if you look in the comments on Etherscan, for example, this awesome community member  who discovered a fake GNT token contract. There are lots of ways for checking whether these are real or fake. But for newcomers, the easiest and safest way is to go to the official project website, join one of the community channels linked and ask someone who’s part of the team.
In this section we’ll go through the do and don'ts for trying to protect yourself:
- Research each project you’re interested in following and decide whether it’s a legitimate project to begin with. Is the project’s code open-source on GitHub? if so, check the activity:
- Issues and pull requests.
- The ‘Insights’ tab, for a selection of stats of the repository.
- Ensure the channel you’re getting information from is an official channel. Most projects have websites that link their official communications channels. For example:
- Is the Twitter handle or Facebook/Telegram/Discord group the same as the ones linked on the official website.
- Ensure the individual you’re talking to is actually part of the team if you’re speaking directly.
- Contribute to projects you like. We understand that someone being “in it for the technology” is a meme, but it’s also a great way to get involved (if there is no way for you to get involved, it could be a red flag). See Gitcoin  if you’re unsure where to start!
- Be mindful if something that appears to be the project in the comment section of an announcement brings up a topic completely unrelated to the announcement itself.
- Search for the keyword “airdrop” in the search bar. You will likely spend more time searching than what you will get in return (Gitcoin sometimes has projects offering small amounts of tokens for completing surveys).
- Blindly go looking for free tokens. Remember: There’s no such thing as free lunch.
- Take comments under a project’s Tweets and Facebook posts too seriously, often there will be comments from accounts made to look like the project that comments instantly about an airdrop or free tokens. Even if they get removed by the platform's spam system eventually it is not always instant.
- Trust accounts that enter your direct messages (on any platform) unexpectedly!
- Trust a smart contract solely because it has the same name. Any contract can be given any name. It’s only the contract address that can’t be faked.
- Give your information out to a bot (if you’re starting up a project, consider avoiding to use a telegram bot to collect information for you).
This guide doesn’t go into fake investment platforms/exchanges, phishing scams and romance scams since they’ve been covered recently by another project in the crypto-ecosystem .
It’s important to note that this guide could be significantly longer and give more in depth advice but we would like to keep it concise, targeted a more new-comer demographic and avoid giving information that would directly help scammers become better at attacking those we want to protect.
Be cautious of anyone offering something too good to be true. If you’re not sure then reach out on an official platform and get in touch with project and community leaders. If you spend time looking for work that people in the crypto community are after (e.g. check out Gitcoin ) it will be a more productive use of your time then scanning to see if there’s anything free. We don’t give out free tokens. If we decide to use tokens to incentivize our community in the future then it would be communicated in official channels, linked above.
In spirit of this post, here are our official channels, platforms and documentation:
Stay safe out there. As a reminder, we don’t give away tokens for free, and if we should use tokens to incentivize our community for particular actions, it would be communicated in the official channels above.
"End-to-End Encryption, Secret Chats", Core.telegram.org, 2020. [Online]. Available: https://core.telegram.org/api/end-to-end. [Accessed: 07- Apr- 2020]
"Token Overview - Comments", Etherscan.io, 2020. [Online]. Available: https://etherscan.io/token/0xa46aab5576392840058ab25b409703d33b6ed96e#comments. [Accessed: 07- Apr- 2020]
"Gitcoin", Gitcoin.co, 2020. [Online]. Available: https://gitcoin.co/. [Accessed: 07- Apr- 2020]
"Protect Yourself From These Common Crypto Scams - Bitbuy Resources", Bitbuy Resources, 2020. [Online]. Available: https://bitbuy.ca/resources/guide/protect-yourself-from-these-common-crypto-scams/. [Accessed: 07- Apr- 2020]