May 23, 2022
Hello, hello! Today's a theme day: scams and thefts in crypto.
🧗♀️ Market shakiness is the order of the season. If you're in a crypto company and seeing signs of shakiness, email Crystal and Brady at [email protected].
This newsletter was edited by Pete Gannon and is 1,147 words, a 4.5-minute read.
👺 1 big thing: Scams to watch out for
Everyone in crypto is at risk of getting scammed by the many, many malicious actors preying on the space.
Why it matters: Scammers are some of the most innovative people out there, but they are not nice. They are constantly coming up with new hustles to trick people into giving up money for nothing, Brady writes.
- One of crypto's chief features is also what makes it dangerous. In crypto, possession is the whole of the law — and the law is code. If you lose some crypto, it's lost.
- Knowing this, scammers are constantly trying to trick people into giving their crypto away.
Some common crypto scams include:
- Twitter giveaways. They are all fake.
- Copycat websites. Scammers copy websites of buzzy things and try to trick over-eager investors into sending them money. Lots of this happened during the ICO boom and NFT craziness.
- Pump and dump. Influencers get lots of a token cheap. They then drive up interest in it and then sell it when it ticks up some. In crypto this works especially well because cheap can mean thousandths of a penny.
- Rug pull. Fake entrepreneurs find a large group of rubes and convince them they are building the new hotness and only the very early community will get the best deal. Thirsty buyers put in money and the fake entrepreneur walks away with it. (Sometimes they also pretend to be "hacked.")
One consistent danger sign: Projects led by people who don't use real names — no accountability.
Be smart: Any opportunity that sounds really, really good is very likely too good (see Culture Hash, below).
- But don't feel bad if you ever get fooled. Everyone who has been in blockchain a long time has fallen for something.
Our thought bubble: The word "scam" gets thrown around a lot in crypto but not really in an accurate way. Sometimes people call projects scams when what they really mean is "that's a bad idea, and it won't work."
👿 2. Charted: Speaking of hacks
Hacking robots-on-the-internet is very lucrative.
- Decentralized finance (DeFi) is making it easy for people to be their own bank, but every new autonomously running financial product is riskiest early on, Brady writes.
Be smart: Early movers only get the best returns if new projects have good security.
- Cyber criminals move in early on new DeFi projects, before their code is hardened.
- We always say "don't invest more than you can afford to lose," but that goes triple with new DeFi stuff.
One green flag to look for: Has a new project paid for a security audit from a reputable firm that posted its findings?
- Even if they have, that's no guarantee it doesn't have a vulnerability.
The bottom line: Scammers take advantage of the fact that people in crypto are looking for quick, oversized gains.
- For what it's worth: Dollar cost averaging into the blue-chip cryptos has been a solid, if very boring, strategy over the last several years (and even then, crypto investing is best as a small piece of a diversified portfolio).
🥊 3. Ways to protect yourself
Cyber-criminals especially like to rob people with crypto because it's so hard to get it back — and whether you hold crypto or not, these miscreants are coming after you. But you are not helpless.
Be smart: The average person thinks being conscientious about computer security is ridiculous until they get digitally robbed. Don't do that, Brady writes.
- Take it from me, who has been cyber-attacked, but defeated my attacker: Digital defenses can be a pain, but they are worth it.
The details: Here are some basic defenses to get started:
- Use a password manager. LastPass and 1Password are a couple widely used commercial options. KeePass is an open source option. Use one of these so you have a different password on every site. It takes a little getting used to, but once you do it's not bad.
- Use two-factor authentication everywhere. Yes, it is annoying, but then there's that one time you get attacked and you can be like: "Ha, ha, sucker. Not so fast!" (I have been there! And I was very glad I had two-factor authentication enabled). Most people use Google Authenticator. Advanced users get into Yubikeys.
- Keep your investing secret. If no one knows you have crypto, no one will know to try to steal it. If you decided to get deep enough to start joining Telegram or Discord groups, don't use your real name, and be careful not to expose your phone number. This will at least protect you from targeted attacks, though there are other kinds that are still risky.
- Protect your keys. If you use a software wallet or a hardware wallet to hold some or all of your cryptocurrency (and you should), keep multiple copies of your private keys on paper (usually it's a list of words) in two or three secure places (no sticky notes). Show them to no one.
- Don't click — like — ever. Links via email and links via text message are bad — very bad. Never click them. If you're really curious and it seems to be from a friend, call your friend before you click.
Each little step you take is a big step for your personal digital security.
If you only do one: Get started with two-factor authentication. Enable it on something that's not a big deal, like a Twitter account, and practice using it.
- Once you get the hang of it, use it on more important accounts.
- Most platforms have backup codes for two-factor authentication. Be sure to make copies of those. Ideally, print them out and put them somewhere safe (and label them).
The bottom line: In the movies, hackers seem like wizards. In reality, they lean on the fact that lots of people have exactly the same vulnerabilities.
- A little defense goes a long way.
🛸 4. Catch up quick: Great hacks edition
👨🎨 5. Culture hash: Mega NFT artist compromised
If you can't quite place the name "Beeple," he's the guy that sold a bunch of digital images for $69 million a year ago, Brady writes.
- Early yesterday, he found his Twitter account (which has 673,000 followers) had been hijacked so scammers could promote a malicious website.
How it worked: "The tweet shared a link to a dodgy website pretending to be a 'raffle' of Beeple’s Louis Vuitton collaboration (Beeple first collaborated with the fashion brand back in 2019). But when people clicked on the link, one Ethereum was automatically drained from their wallets," Decrypt reported.
- It looks like the criminals got about $70,000 in ether before getting shut down.
What they're saying: "Stay safe out there, anything too good to be true IS A F**KING SCAM," Beeple wrote in a follow-up tweet. True words.
Don't be scared; just be ready. — C & B