How to spot a crypto scam and protect yourself.

This is the first article in a series on how to use safe practices when handling crypto currency, making transactions, 2FA confirmations etc.

SIM CLONE-2FA ATTACK

2FA confirmations is a myth, there are several ways hackers can clone your sim card, or monitor your phone, in order to steal credentials. First there are telephone sniffers who are looking for messages sent to your phone. Next, hackers can very easily clone your sim. They can either do that physically or trick your telephone company to provide them with an extra sim card. Various stories flourished during summer 2018 when hackers went to different crypto conferences and spied on crypto whales in order to steal their credentials.

DNS ATTACK

There was a warning that showed to visitors saying that the TLS certificate used by the site was signed by an unknown authority. If you ignored the warning then you were among the 150.000USD lost in the hack. MyEtherWallet users who fell for this phishing scheme have no way of getting their funds back and could fall victim to possible subsequent scams.

Etherdelta.com , a DEX crypto exchange fell victim to the same type of attack. Hackers replaced the exchange’s website with a fake one designed to steal funds from users wallets. The daily turnover on the site was 11 mUSD but fell to 5mUSD after the attack.

CLIPPER ATTACK

PHISHING SITES

myetherwallet.com -> myethereumwallet.com (Fake site spotted in 2018)

myetherwallet.com -> myetherwallet.com.im (Fake site spotted in 2017)

And so it goes on, always triple check the online site you’ve entered is the correct one. Even special characters are used, like ṭ instead of t (notice the dot below the character) or ạ instead of a. This has happened on many occasions, so beware of clicking on advertised sites or fake email confirmations.

Another common phishing attempt is binạnce.com instead of binance.com.

LESSON LEARNED

When accessing public crypto sites, may it be Coinbase or Binance, make sure the SSL certificate is valid.

Always check for misspelled characters or strange code in site address. When sending coins, ALWAYS check the FULL address in the receiver tab, not just the last couple of characters.

And never click on in-mail links or advertised sites. Always make sure you are using the official site or app.

Robert Rhodin, CEO, KEYCHAINX LLC. February 15th 2019, https://KeychainX.io

Wallet Recovery Service https://keychainx.io