10 ways you can be deceived when exchanging cryptocurrencies
When I started monitoring cryptocurrency exchanges on Bits.media, I started compiling a list of risks that I encountered and which users wrote to me about after the incidents. And so as not to disappear, I decided to arrange everything in a separate article. I supplemented it a little with points when working with p2p platforms, since there are also quite a few exchanges there now. The list goes from simple to complex, but do not underestimate the risks of even completely stupid methods of fraud, they come across people every day, and vigilant cryptans sometimes lose their vigilance. Also in the end I will give a few rules that will help reduce these risks.
1. Dots and commas
It works mainly with P2P exchanges. Also very often used with redeem exchange codes. You agreed on an exchange, and they promise to send you a payment at the beginning, and you later, that is, you have no risks. Agreed, for example, for a thousand nine, no matter what. A code for 1.009 falls into your account or comes to you, having a quick look, you send the transfer on your part, and then you are surprised to find that it is one whole and nine thousandths, not one thousand nine. Often they try this in systems where the digits in the display are separated by a dot or comma, and the user can confuse one with the other.
2. False exchangers
False exchangers are usually a few pages and a script that mimic the work of an exchanger. Users are lured by delicious courses, sometimes even the purchase price of a cryptocurrency is higher than the sale price. Some "exchangers" leave only the exchange of fiat money for cryptocurrency, because for attackers it is the safest way to get cryptocurrency. And users most often will not go to complain further than black lists of exchangers on forums. What most often does not play a role for an attacker, only a few "exchanges" discourage the idea, and then the change of name + domain and in a new circle. The rest of the vodka can not be changed.
Phishing is also widespread on existing exchangers, when domains similar to real exchangers are created, advertisements from search engines are given to them, links are sown in thematic groups in social networks, chat rooms, and forums. Of the most distinguished "exchangers" they try to squeeze to the maximum, communicate on behalf of technical support, promise to pay everything, talk about bank delays, false users appear who write that they were paid everything after the delay, you can safely change, etc. Threaten the owners of forums and monitoring for inclusion in the black lists. By the way, I have not met a single time before that the owners of large sites were led to this, but attempts are ongoing. They threaten mainly DDoS attacks, gulf of child pornography, complaints to organs, etc. Some offer bribes or merge competitors' false exchanges.
4. Address spoofing
Most often occurs during a p2p exchange on forums and social networks, where the credentials of the representative of the exchanger service are hacked, and false addresses are received for receiving cryptocurrency. Often access to the account is not taken away, the representative communicates as usual and does not immediately notice that the addresses are forged. They also come with contacts, for example, they replace a telegram contact, and when contacting they throw a client. Sometimes this can happen with exchangers, and VIP clients are offered VIP conditions only for you and only now, most importantly, send bitcoins here.
5. Gulf of dirty money
You can honestly change the cryptocurrency into rubles, but then you will have problems. Most often, this concerns the exchange for Qiwi, but also found in other electronic payments and payments on bank cards. Sometimes it’s completely impudent, when you request an exchange for 100,000 rubles, and you begin to pour a stream of 1,500 rubles, 750 rubles, 2,300 rubles, etc., that is, just a stream of payment for drug bookmarks is sent to you, until the desired amount is poured. Usually, after this, the account is blocked and then you wonder about what problems await you further.
6. Social engineering
Often concerns p2p exchanges. For example, knowing with whom you usually conduct exchanges, an account clone is started at the site, which is visually indistinguishable from your counterparty. The name can most often be made identical by replacing the characters, for example, the English “o” with the Russian “o”. The same avatar, profile data, etc. Then they knock on private messages and offer an exchange, then everything is clear.
Why does no one like to sell bitcoin for paypal? Because bitcoin will leave for sure, but a paypal that has arrived can be canceled by a chargeback. And most likely nothing will be canceled, since such an exchange is prohibited by paypal, and the stick takes the side of the false payer. In other payment systems, chargebacks can also be done, but usually much more complicated and with a less predictable result.
8. "Draining schemes"
“Stolen” enrichment schemes pop up, or someone shares out of kindness, it does not matter. The essence of the scheme is approximately the following: we earn on the exchange spread between exchangers. We go to the exchanger 1 and change your money there in any form to Qiwi. The exchanger is reliable, with a reputation, it has been working for many years, do not be afraid. In exchanger 2 we change Qiwi to bitcoins, this is a great reliable exchanger, here are the reviews, 100% everything will be fine. Now in exchanger 3 we change bitcoins to Qiwi, this is a large American wholesale exchanger, it buys at rates higher than ours, absolutely reliable, here are the reviews. As a result, you get a difference in Qiwi of 5-10% per lap and you can drive on further, increasing your earnings. Of course, exchanger 3 is fraudulent, and its task is to collect cryptocurrency from gullible young businessmen. The calculation is that by checking the reviews and the reputation of the first and second exchanger, on the third, attentiveness is already declining, because everything is so cool according to the instructions, and the thirst for a freebie disables critical thinking. It seems ridiculous, but really people come across, I have seen more than one review of those deceived by this scheme.
9. The man in the middle or the "triangle"
It works with exchangers and with P2P exchanges. The essence is this: a fraudster contacts both the exchanger and the victim. The victim is represented by the exchanger, the exchanger by the client. Both can provide any verification information, as they can request it from the second party. For example, the exchanger says that he wants to exchange rubles from Sberbank to bitcoins, and the client that he, as an exchanger, will exchange rubles for him with bitcoins. He asks the exchanger for details for replenishment, sends it to the victim. The victim can even make sure that these are the details of the exchanger, if they are officially posted, as some do with the P2P exchange. The victim makes the transfer and sends the fraudster a bitcoin address for replenishment. The fraudster gives the exchanger his own bitcoin address. The exchanger sends bitcoins to the fraudster, and then there are the debriefing between the exchanger and the victim, who threw whom.
10. Cheating with goods
A little complicated previous scheme. The victim may not even know what cryptocurrencies are and certainly not want to engage in their exchange. For example, a fraudster places a lot on Avito with the sale of something valuable for a very tasty price, but an advance payment is required (this may be clarified later) or has already been postponed for another buyer, but if you pay now, take it. The guarantee for the buyer is from the scan of documents (linden) to the chargeback from the bank and the criminal case, because the seller shines his card, where the payment will go. The price is tasty, there are many who want to, whoever pays first, will leave. The consent is given the card number from the exchanger, but to the exchanger it is stated that this is payment for the purchase of cryptocurrency, here is the address for replenishment. The result is as in the previous case.
What measures should be taken to minimize risks during the exchange?
- Attentiveness, adequacy, critical analysis. Is always.
- Divide large amounts into parts and exchange the next part after receiving the previous payment, then the probability of losing a large amount is sharply reduced.
- Create complex passwords unique to each site. If one is hacked, then its base is then passed through all other similar ones.
- Recheck the details at each stage. There is even malicious software that replaces bitcoin addresses in the clipboard. And sometimes users themselves get confused, send a BCH wallet instead of BTC.
- When working, check additional data. With a P2P exchange, this can be the user id on the forum, in the social network, messenger. Forum post counter. If the user had 1,500 messages, and now he writes to you, and he has 15, this should be suspicious. For sites, you can put some puzomerka in the browser. Say, if google.com usually displays a value of alexa 1, and here it gives out 6 million, then obviously you are not on the page you think. You can check the date of registration of a domain, etc.
- Google reviews about services and money changers on independent sites, such as exchangers monitoring ( for example ours ), and forums. It’s useless to watch reviews on the exchanger’s website itself; anything can be drawn there.
- When accepting payment, ask for a fresh (!) Photo of the card with which payment will be made or a photo of the goods. A better video is where the voice speaks out for whom it is being shot. This will not remove all the risks, but will weed out those who “work” at random.
- Any invoices, files with details, photos, etc. open in a separate virtual machine in which there is no access to anything of value.
- Do not make transactions at the request of third parties. Even if it’s mom’s brother’s best friend.
- Pay attention to the limits of the payment systems you work with.
- When sending cryptocurrencies, select a sufficient level of commission so that the payment does not hang for a long time. Many services in this case can change courses at a disadvantage for you.
- Contact the counterparty through several communication channels for confirmation, for example, via mail, instant messenger and personal messages of the site where the ad is placed. At least at the first contact.
If you still know the ways of fraud, or you have methods to counter it, write in the comments.
If this article helps at least one person not fall for the tricks of scammers, then I wrote it for good reason) You can save it as a favorite if you find it useful as a checklist. If more ways appear, I will add here.