Common ways people get hacked or scammed in web3
The best cryptocurrency wallets do their best to protect your digital assets from falling into the wrong hands, but they can’t do it all. It’s also up to us as cryptocurrency traders and web3 enthusiasts to be vigilant and follow best practices to keep our wallets and our investments safe — particularly if you’ve put a lot of money into them.
So, what are those practices, and what kinds of hacks and scams should you be on the lookout for in the world of web3 as it stands today? In this guide, we’ll walk you through some of the most common attack methods currently being employed, and explain the steps you can take to ensure you don’t fall victim to them — including adopting the brilliant new AAG Wallet with outstanding security as standard.
Why are scammers targeting web3?
We don’t need to tell you that today’s digital assets can be worth a lot of money, and with web3 set to take off in a big way in the coming years, the value of today’s biggest and most popular cryptocurrencies and NFTs will surely keep rising in the years to come. That makes them an incredibly attractive target for hackers and scammers.
Those who has invested a lot of their hard-earned cash into digital assets are likely to be at a higher risk of hacks and scams — and a lot more attractive targets for attackers — since it is possible to enter cryptocurrency wallet addresses into websites like Blockchain.com to find out exactly what they’re holding. But don’t assume you’re safe just because your current stash may seem insignificant. Everyone’s a target, and attackers will take whatever they can get.
Furthermore, the current methods for handling seed phrases are insecure, making it more appealing and simple for hackers to target web3.
The most popular web3 hacks and scams today
So, what kind of hacks and scams should you be looking out for? There are a wide range of them out there in today’s web3 world, all which are designed to trick you into parting with your cryptocurrency tokens or digital wallet credentials in some way. Let’s look at one of the easiest ones to avoid first, followed by other popular scams.
Celebrity “giveaways”
In the past, a number of high-profile celebrities have seemingly offered up millions of dollars worth of cryptocurrency tokens — almost always Bitcoin — to their followers on social media. All you have to do to claim it is send some of your own Bitcoin to their address, and they’ll send back double. Give $1,000, get back $2,000.
In recent years, the likes of Elon Musk, Bill Gates, Jeff Bezos, and even Kanye West have seemingly run these “giveaways” on social media [1]. There’s just one problem. They’re all a scam. The messages are posted by hackers who gain access to a celebrity Twitter account, then use it to rob unsuspecting fans of their precious Bitcoin tokens.
Any Bitcoin sent to the addresses provided stays there and never comes back. Don’t fall for these tricks. Celebrities don’t just give away millions of dollars worth of cryptocurrency to random followers, no matter how wealthy they might be. If an offer sounds too good to be true, it almost always is.
Pump and dumps
One of the most common cryptocurrency scams is the “pump and dump.” This is when popular influencers (including token creators) with questionable morals buy into a cryptocurrency at a low price, then take advantage of their followers by promoting the token on social media, YouTube, and through other channels — usually with plenty of hyperbole.
They tend to claim that the token is on the verge of a major takeoff, and convince the public to follow their lead and invest into it. This causes the price of the token to rise or “pump” — sometimes significantly, depending on how big the influencer is — at which point, the influencer sells off or “dumps” their investment and takes a big profit.
The influencer’s sell off inevitably causes the price of the token to crash, so everyone else who invested is down. The reality is the token was never going “to the moon,” so only the influencer has benefited from this scheme.
One notable example of a pump and dump is the EthereumMax ($EMAX) token, which is unrelated to Ethereum. Launched in 2021, the coin was promoted by a number of eminent celebrities, including Kim Kardashian and Floyd Mayweather, who hyped the project on Twitter and other social media channels. It was even named the “exclusive cryptocurrency” of the Mayweather vs. Logan Paul pay-per-view fight. But after fans rushed to get in early and the value of EMAX tokens rockets 1,370%, the project’s creators took the cash and the coin crashed 98%. Karsashian, Mayweather, and others were sued for their part in the scam, though they likely had no idea it was a pump and dump scheme at the time.
Rug pulls
Rug pulls are somewhat similar to pump and dumps in that they are designed to convince unsuspecting cryptocurrency enthusiasts to invest their hard-earned cash into a token. But it is the token’s creators, rather than an influencer, that are behind the scam. They hype up their new cryptocurrency to attract as many supporters as possible, then once they’ve raised some cash, they disappear with it.
It’s more difficult to pull off rug pull scams these days now that seasoned cryptocurrency traders know what to look out for when vetting new projects. But that doesn’t stop them cropping up on a regular basis. The easiest way to avoid them is to research new cryptocurrency projects before you invest in them. If you cannot find details on the team behind the project, and a trusted audit, it’s best to avoid it.
Phishing
Yes, phishing — one of the oldest internet scams — is a problem for web3 as well. Phishing is when hackers steal sensitive data, such as cryptocurrency wallet seed phrases and login credentials, by pretending to be someone else. They will usually reach out to traders on social media, claiming to be support staff, token promoters, or just generous donors.
Phishers will sometimes tell you that they need you to verify personal details to keep your wallet secure, or they will offer to transfer large amounts of cryptocurrency into your account as part of some “promotion.” All you have to do is confirm your wallet’s seed phrase (the combination of words used to log into your wallet), or provide access to it. But, of course, you’re never going to get what is promised.
Instead, once the attacker has access to your account, they’ll transfer everything you own into their own, leaving you with nothing. Again, if a deal sounds suspicious or too good to be true, don’t get involved. And never connect your cryptocurrency wallet to an unknown service that you do not trust.
Spoofing
Much like phishing, spoofing is when an attacker sets up a fake social media account or website that’s designed to look genuine. They’ll use the name and photos of a high-profile and trusted individual, or create fake sites that look like the real deal. They then try to convince followers to invest in scam projects, or to connect their cryptocurrency wallets to services that will empty their accounts.
How you can be safe and protect your web3 assets
Despite the ongoing rise in web3 scams, and the wide variety of hacks that are employed today, protecting your digital assets doesn’t have to be difficult. The most common attacks can be avoided by using common sense and being sensible with your data. Research projects before you invest in them, avoid anything that seems too good to be true, and don’t connect your wallet to untrusted services.
If someone reaches out to you offering support or free cryptocurrency tokens, be suspicious. And most importantly, use a trusted cryptocurrency wallet, and never share your seed phrase with anyone. Or, use a cryptocurrency wallet that doesn’t require seed phrases at all, like the AAG Wallet.
Why you should use the AAG Wallet
The new AAG Wallet is designed from the ground up to minimize the risk of web3 scams. It eliminates the need for private keys, passphrases, and hardware that can easily fall into the wrong hands by using a multilayer security system that incorporates technology from CYBAVO, LoginID, and Lossless. It integrates with both centralized and decentralized exchanges and fiat gateways to enable a seamless experience.
Aimed predominantly at those new to cryptocurrencies, the AAG Wallet makes converting digital currencies to and from real cash quicker and easier than ever before. Unlike other wallets, it also lets you exchange a whole bunch of supported currencies — including the AAG token and game tokens like $SLP, $PYR, and $THG, and fiat currencies — with just one tap.
AAG is on a mission to eliminate the complexities that come with managing cryptocurrency, particularly for newcomers who may not be familiar with trading and converting tokens. And that starts with AAG Wallet, which will make play-and-earn, learn-and-earn, and the metaverse in general more accessible to the average user than it ever has been before.
Sign up to AAG Wallet waitlist to keep up to date and get early access!
Learn about Scams and Hacks in Web3 and earn $AAG
To incentivize our community to learn more about Scams and Hacks in Web3, we will award 10 $AAG tokens each to the first 100 people to correctly answer the questions about Scams and Hacks in Web3. The subsequent 900 people will then receive 5 $AAG tokens each.
Please click here to submit your answers.
