Cointime

Cointime

Download App
iOS & Android

5 C.L.E.A.R Ways to AVOID Being Scammed BEFORE Investing Your Crypto Resources

Validated Project

The blockchain community is rife with potentially profitable projects and scary scams of equal measure. Users can find it hard to discern if a particular project or platform is legitimate and secure for investing. If you have found yourself unsure of a project’s security, remember these 5 best practices to help you decide if a project is in the C.L.E.A.R:

· C — Check Directly with Cybersecurity Companies or Audit Providers· L — Look for Red Flags in their Website or dApp· E — Exercise Due Diligence· A — Analyze the Audits· R — Recognize Scammer Behaviour

C — Check Directly with Cybersecurity Companies or Audit Providers

The best, sure-fire, and quickest way to find out if a project is secure or legitimate is to directly contact cybersecurity companies or audit providers.

Projects often generally claim to be audited by specific cybersecurity entities in their website:

Fig 1. Blockchain projects or dApps listing cybersecurity companies that have audited them are common. Scammers like using this feature to lie to users.

Never take their word for it — Always ensure these projects have been legitimately audited by the companies they have claimed to be audited. It is common for scammers to claim that their project is secure and properly audited by cybersecurity companies; company logos can easily be extracted from respective websites, anyone running a project can claim they are legitimate just to profit off users.

So, how do you contact these security companies? Through social media. Audit providers like Fairyproof usually have social media channels for direct chat like Telegram or Twitter for all kinds of inquiries. These companies have the proper tools and database to check if a project is secure and legitimate for users to interact with. They can advise if a project is a scam or may probably be a rug-pull. The best part: It will not take long for you to receive an answer — Anything from 5 to 10 minutes. Just make sure to add in the project’s website when you enquire on it.

Pro Tip: Do not just check with one cybersecurity company; check with all the companies the project has indicated their audits have been made. If all relevant audit providers have approved on the project in question, the project is secure and appropriate for interaction. Just know that although you will get an answer on whether a project is secure, you may not get an answer on whether a project can be profitable.

L — Look for Red Flags in their Website or dApp

Scam sites have specific indicators (Also known as “red flags”) that they are not secure and not legitimate projects for users to invest in:

L1. Look for Websites / dApps with Seemingly Arbitrary or Dubious URLs

Every website or online platform will possess a Uniform Resource Locator (URL). URLs are strings of text that appear on a browser’s address field (That search bar at the top of your browser screen), and usually ends with a “.com”, “.net”, or in the trend of some blockchain sites, “.xyz”. If you find yourself on a site with a URL that is arbitrary — one that does not make sense in any way — it is likely that the site you are interacting with is a scam.

Sites with seemingly irrelevant strings of numbers, text, or just plain generic crypto terminologies like “bit-coin99999”, “eth100000”, “defi-mining.bet”, “usdt-eth”, “app.finance” in their URLs are tell-tale signs that a particular project is a scam.

Proper legitimate projects are usually branded — They have special, unique, specific names for their platforms, thus, have unique URLs. Think “Coinbase” (coinbase.com), “Bored Ape Yacht Club” (boredapeyachtclub.com), “Runex” (runex.org), “Deskheads” (deskheads.xyz), or “Fairyproof” (fairyproof.com).

Sometimes, the sneakier scammers would use these unique URLs to mask their scam sites by adding elements that careless users may not be aware about. There was an instance where a scammer masqueraded the site for “deskheads.xyz” as “deskheadz.xyz”. With the change of a single letter, users who thought the latter site was the official site had their NFTs stolen. Be vigilant.

If you are unsure if a specific project is legitimate based on their URL, do a Google search. Copy the URL of the website you are in, paste it on the search bar of Google.com, and click “Google Search”. If the website you are looking for does not appear as the top few results (Top five entries) — or even worse, the results show that the website you are searching for have users sending alerts on that same dubious URL — the project is highly likely a scam.

L2. Look for Platforms that Promise Yields that Sound Too Enticing

Always remember: If a deal sounds too good to be true, it probably is too good to be true.

Many Centralized Cryptocurrency Exchanges (CEXs) or dApps allow you to stake your crypto assets for interests or other digital assets. These stakes usually promise returns in the form of a relatively reasonable Annual Percentage Yield (APY). Scam projects tend to indicate an APY that seem too good to be true.

Reasonable APYs usually range from 2% to 5%. It is rare for crypto assets to have an APY of anything above 10%. It is wise to exercise caution when a dApp, website, or any other online platform would promise high APYs. They also encourage users to pledge large amounts “for a higher income”.

Moreover, most crypto assets usually promise an annual return rate — This means that the percentage returns are based on what you have staked and accrued for the year. Some scam projects would promise yields in hours or days (Like “0.6% six-hour yield”, or “2% daily yield”, etc.).

Fig 2. A tell-tale sign that a project is a scam is when they advertise high yields for a short period of time when you invest.

Do not be easily swayed by yields that are too enticing — Promised returns after a very short period. Do a quick mental calculation: If theoretically staking 1000 ETHs and getting 2 ETHs in interest within the course of half a day sounds too sweet for a quick buck, it is.

L3. Look for Signs of Scammers Who Are Always Too Eager to Get You to Invest as Quickly as Possible

Legitimate crypto projects are more concerned with convincing you to believe in the vision of their project so that you can be an investor; Scammers are more concerned with getting you to “invest” as quickly as possible with the sole purpose of you “profiting”.

If you click on a link and you find yourself staring at a landing page that only prompts you to connect your hot wallet to the dApp or website before you can interact with the platform, you may be interacting with a scammer site.

Fig 3. Many scam sites never give you the option of visiting or browsing their website through a normal web browser. They always insist on needing you to visit their platform through a hot wallet’s browser.

The reason scammers prefer to have users connect their wallets to their platform first is so that users grant them easy access to their hot wallets. Scammers can be hackers too — And if you unknowingly grant access or validation to a scam website by signing in using your hot wallet, they can easily hack into your hot wallet and extract all your crypto resources.

Be very careful where you connect your hot wallet. If a project prompts you to connect your hot wallet first before doing anything else, it’s best to leave the website and avoid interacting with it.

Moreover, another sign of an always-too-eager scam plot is the absence of other pages. Legitimate projects will always have an “About Me / About Us”, “FAQ”, “Contact Us”, “Privacy Policy / Refund Policy”, and “Terms of Use” page. Make sure these pages exist. Click on these pages and see if they are properly populated with content: Content that are credible, readable, and sensible. Scammers tend to avoid taking the extra effort to create such pages — Their goal is to make money from you as quickly as possible. Also, if you do see these pages and you find yourself reading “Lorem Ipsum” in these pages (Usually starts with Latin: “Lorem ipsum dolor sit amet…” followed by a string of text that does not make sense as nobody reads Latin), it is a sign that you are on your way to interacting with a scam website.

L4. Look for Broken or Absent Social Media Links

A final common trait for scam sites is their lack of social media presence. Legitimate blockchain projects have social media accounts to keep users updated and create a community for users to further engage with each other. There is no reason for a scam site to create social media accounts.

Whenever you reach a dApp’s landing page, search for social media links. They are usually found at the top and/or bottom corners of a webpage. An absence of social media links may be an indication that a project is a scam.

Additionally, even if you do find a project with social media icons on their website, click on those icons. Make sure they work. If those icons do not lead you to their respective social media pages, the project that you are looking to invest may be a scam.

E — Exercise Due Diligence

It will benefit you a great deal if you take the time to do some research on the project you are looking to invest or interact with. Taking the time to know more about a project in-depth is called “exercising due diligence”. Here are several ways that you can do so:

E1. Check for the Platform’s Credibility on Social Media Communities

The creation of legitimate projects would mean the creation of official social media to talk about said projects. You can generally find sentiments about a project through mass social media forums like Twitter or Reddit. There, you might also find people talking about projects being potential scams or rug-pulls.

Have an arsenal of sites and accounts to look for alerts on potentially dubious projects. Find official pages of the projects you’re looking into on every social media platform. Then, follow cybersecurity companies on Twitter for scam alerts, frequent communities of people who have been scammed to understand the nature of scams and scammers, and look for chat groups where people inquire on the credibility of projects on a daily basis.

E2. Check on the Credibility of the Project or Platform via Blockchain Explorers or Cryptocurrency Aggregators

Legitimate project teams recognize that the moment they start a legitimate blockchain platform or project, they would need to get listed on a blockchain explorer or crypto aggregator to increase their credibility as soon as possible. Scammers would not bother making sure they are properly named, branded, and verified on CEXs like Crypto.com or explorers like Etherscan.io or Blockchain.com.

Take the time to look for a project’s address: copy the address and paste it on a blockchain explorer. Legitimate projects that have been honestly aggregated should look like this: Verified pages with proper links to social media accounts, websites, and datasets that show legitimate volumes of digital resources that have been transacted.

Fig 4. Be skeptical when a site natively shows you how frequent transactions take place on their platform. The transactions that take place natively on a project’s website should be reflected similarly with the transactions shown on a blockchain aggregator.

If you find that you are looking at an unverified, unnamed address on a blockchain aggregator with no other links to their website or social media account, and a dubious history on their transactions (Like receiving and sending suspiciously large amounts of crypto assets between unverified, unnamed addresses), you are looking at a scam project.

E3. Read the Project’s Whitepaper

Some legitimate blockchain projects produce their own whitepapers. Whitepapers are documents that detail the problems a project is looking to solve, its design philosophy, timeline, and complex technicalities of its solutions that it is attempting to solve said problem(s).

Understanding a project’s whitepaper would mean understanding the project itself, helping you decide if a project is worth investing.

A — Analyze the Audits

Projects and platforms that are audited help users understand the level of security a project can be invested in, and for project developers to be aware of its flaws.

When you see a dApp or online platform that have claimed to be audited by legitimate cybersecurity companies, the logos on the website should be linked to the respective audit documents. If you click / tap on the respective logos of the audit providers on the website and it does not direct you to the audit report, the website is very likely a scam site. Fairyproof is purposeful in prompting our audited clients to make sure that the audit reports are accessible through our logo on their homepages or landing pages.

Users should also possess some knowledge of reading and understanding audits. If an audit shows a project to contain multiple vulnerabilities, it also communicates the idea that users should exercise caution when interacting with a specific project or platform.

Fig 5. Look out for summary information like this whenever you read an audit. Audits publicly show information on vulnerabilities of different severities that can expose projects to different cyber-attacks. If these vulnerabilities are claimed to be unresolved, exercise caution in interacting with said project.

Multiple code vulnerabilities on a particular project mean more opportunities for hackers to attack said project and exploit crypto assets.

R — Recognize Scammer Behaviour

The good thing about scammers is that once you can recognize one, you can probably recognize them all. A scammer’s constant is that they always want to steal the most amount of money from you in the shortest amount of time by deceiving you. Here are some behaviours most of them share:

R1. They Approach You Out of Nowhere

No legitimate blockchain project would approach you through direct messaging to advertise investing on their platform. It is common policy for corporate and professional entities to not reveal they have your contact information, and even if they do, they have no obligation to approach you personally for different purposes (Unless they are announcing a complete shutdown of their project, if you have recently contacted their customer support for specific reasons, or if you have directly interacted with some of their marketing campaigns.).

If you are aware that you have not given your contact information like your phone number, email, or social media handles to a specific project, ask those who have approached you on where they have retrieved your contact information — If their answers do not make sense in the context of your Web3.0 interactions, do not interact with the websites they have sent you or interact with them any further. It is also likely that they would not reply to you — Scammers prefer easy targets that jump in to invest without question. If they do not reply to you, walk away from the offer. A little bit of patience can save your wallet.

It is always safe to be skeptical on the individual reaching out to you urging you to invest on a specific project or visit a particular website.

Most importantly: Never click on links sent to you by unknown numbers or social media accounts.

R2. They Immediately Transfer Your Deposits to An Unknown Address

Should you find yourself in a position where you have already made an initial deposit, check if the deposits are immediately transferred to an unknown address. Legitimate projects with investment features usually do not need to transfer your funds to a separate address for you to earn interest (Save for NFTs — When you stake an NFT, it gets transferred to a staking address with other users who have staked their NFTs too.).

The moment you find out that your funds have been transferred to an address you do not know, do not invest any further!

R3. They “Freeze” Your Current Deposits and Ask for More to “Unfreeze” Them

“Freezing” initial deposits is also a common modus operandi (MO) for scammers. Users who have been scammed would find that once they have deposited their investment, they will not be able to withdraw what they have invested. Some scammers would dub this amount to be “frozen”. Scammers would then insist for the user to “contribute” (Also known as “pay”) a separate amount to “unfreeze” this deposit.

Do not proceed with any subsequent payments.

Users who are unaware of this behaviour would be conned into constantly paying scammers in hopes of getting their money back.

Legitimate projects usually allow you to withdraw your deposits easily without any form of payment.

R4. They Ghost You After You’ve Placed Your Investment

When you have had enough and realized you are on the edge of never getting your money back, chances are you would attempt to argue your deposit back through harsh words. This is when you’ve sent clear indications to the scammer that he/she will not be able to steal any more money from you. They will start to ignore you. By this stage, your assets are considered permanently stolen and possibly irrecoverable.

Your next course of action would be to hire a private cryptohunter or approach a cybersecurity company with crypto-retrieval services (Which also requires a separate set of payments, and you may still expose yourself to self-proclaimed “cryptohunters” which can be scammers too.). You can also try approaching proper authorities like the police or Interpol — However, they may take some time to give you a solid solution in getting your funds back as scam cases are common occurrences around the world. The moment you have sunk your foot too deep in interacting with scammers, we would regret to inform you that the worst-case scenario is to treat your initial investment as a lost cause and treat the situation as a lesson to watch out for scammers in the future.

In Conclusion:-

Apply C.L.E.A.R in your decision-making process BEFORE investing in any project or on any platforms:

Check directly with Cybersecurity Companies or Audit Providers

Look Out for Red Flags in Their Website or dApp

Exercise Due Diligence

Analyze the Audits

Recognize Scammer Behaviour

If a specific project does not pass any of the above rubrics, it is safer to leave the project alone and find something else to invest your crypto resources in.

“An ounce of prevention is worth a pound of cure.”

- Benjamin FranklinFounding Father of the United States of America

Join our Telegram group to stay up-to-date on hacks and other security situations in the crypto space.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter.

Looking to strengthen the security of your project? Contact us at https://fairyproof.com/

Comments

All Comments

Recommended for you

  • Tevaera Closes $5 Million Funding Round to Create One-Stop Gaming Ecosystem Powered by zkSync's ZK Stack

    Tevaera, a gaming platform powered by zkSync's ZK Stack, has closed a $5 million funding round led by Laser Digital and Nomura Group. The funding will support Tevaera's mission to create a one-stop gaming ecosystem. The project has attracted prominent investors, including Hashkey Capital, Fenbushi Capital, and Crypto.com Capital. Tevaera has also launched a redesigned website and is preparing to introduce two new games and the first decentralized L3 gaming chain on zkSync.

  • The Hong Kong Securities Regulatory Commission’s official website has listed the Bitcoin and Ethereum spot ETFs and stock codes of China Asset Management, Bosera and Harvest.

    Hong Kong Securities and Futures Commission website has listed the Bitcoin and Ethereum spot ETFs of three fund companies, Huaxia, Boshi, and Jiashi, with approval dates all on April 23, 2024. The related funds are not derivative product funds, specifically including:1. Huaxia Bitcoin ETF (BUU163) with share codes of 03042, 09042, and 83042;2. Huaxia Ethereum ETF (BUU164) with share codes of 03046, 09046, and 83046;3. Boshi HashKey Bitcoin ETF (BUU104) with share codes of 03008 and 09008;4. Boshi HashKey Ethereum ETF (BUU105) with share codes of 03009 and 09009;5. Jiashi Bitcoin Spot ETF (BUT244) with share codes of 03439 and 09439;6. Jiashi Ethereum Spot ETF (BUU885) with share codes of 03179 and 09179.

  • Correction: Nigeria’s central bank says “freezing Bybit, KuCoin, OKX, Binance user accounts” is unofficial

    The official X account of the Central Bank of Nigeria (CBN) stated that the announcement "the Central Bank of Nigeria will freeze Bybit, KuCoin, OKX, and Binance user accounts" is not an official release. Previously, according to Cointelegraph, the Central Bank of Nigeria (CBN) issued an instruction requiring all banks and financial institutions to identify individuals or entities trading with cryptocurrency exchanges and ensure that such accounts receive no debit (PND) instructions within six months.

  • Alliance of 314: The X314 contract is suspected to have a hidden additional issuance switch, developers should pay attention to verification

    Alliance of 314 issued a statement claiming that the contract of a certain 314 project has not been open-sourced on the blockchain. As for whether other platforms have open-sourced their contracts, there is a misconception that open-sourcing on other platforms is self-submitted and does not necessarily mean that the contract is deployed on the chain, so there may be unknown hidden issuance. Additionally, the said 314 project announced that it will soon launch a trading platform, and the first requirement for logging into a centralized exchange is to open-source the contract. Open-sourcing is the first thing that any project should do to ensure investor confidence. Referring to the open-sourcing of the 0.1, 0.5, and 0.9 versions before, it can be concluded that there is hidden code in the X314 contract, and therefore it cannot be open-sourced out of fear. The biggest risk warning: after decompiling and querying ethervm, it is highly suspected that a certain 314 has a hidden issuance switch to increase mining pool output and arbitrage. The field is as follows: 0x40c10f19mint(address,uint256). The risk alert level for this switch is the highest level, and generally, ordinary developers do not set this switch.

  • Arthur Hayes ·

    Left Curve

    Some of you think you are masters of the universe right now because you bought Solana sub $10 and sold it at $200. Others did the smart thing and sold fiat for crypto during the 2021 to 2023 bear market but lightened up as prices surged in the first quarter of this year. If you sold shitcoins for Bitcoin, you get a pass. Bitcoin is the hardest money ever created. If you sold shitcoins for fiat that you don’t immediately need for living expenses, you are fucking up. Fiat will continue to be printed ad infinitum until the system resets.

    Left Curve

  • Binance Founder Faces Potential Three-Year Prison Sentence and $50 Million Fine for Money Laundering and Sanctions Violations

    Binance founder Changpeng Zhao has been recommended a three-year prison sentence by federal prosecutors for violating federal money laundering laws and sanctions. The Department of Justice argued that this sentence would hold him accountable for his intentional criminal conduct and send a message to the world. Zhao made a "business decision" to break the law to attract users, build his company, and line his pockets, according to prosecutors. Along with the prison sentence, DOJ lawyers also requested that Zhao pay the $50 million fine he agreed to as part of a plea deal. Zhao, who is a citizen of the UAE and Canada, has been released on a $175 million bond but must remain in the U.S. until his sentencing on April 30.

  • Market News: South Africa authorizes 75 companies as cryptocurrency service providers

    According to Jinshi news, South Africa has authorized 75 companies as cryptocurrency service providers.

  • Indonesian President: $8.6 billion laundered through cryptocurrency in 2021

    According to Golden Finance News, Indonesian President Joko Widodo stated that he has noticed signs of money laundering through cryptocurrency in 2021, amounting to $8.6 billion (IDR 139 trillion). In addition to cryptocurrencies and NFTs, the president emphasized the need to monitor other potential money laundering tools, including virtual assets, market activities, e-currencies, and AI-driven transactions. Mahendra Siregar, Chairman of the Financial Services Authority (OJK) Committee, responded to the President's directive, stating that when cryptocurrency regulation is transferred to the OJK next year, his agency will supervise these issues.

  • BTC breaks through $67,000

    Tthe market shows that BTC has broken through $67,000 and is now trading at $67,025.99, with a daily increase of 1.12%. The market is volatile, please be prepared for risk control.

  • Bitcoin spot ETF had a total net inflow of $31.6354 million yesterday, and the ETF net asset ratio reached 4.27%

    According to SoSoValue data, the total net inflow of Bitcoin spot ETF was $31.6354 million on April 23 (US Eastern Time).Grayscale ETF GBTC had a net outflow of $66.8838 million on April 23, and the historical net outflow of GBTC is $16.833 billion.The Bitcoin spot ETF with the highest net inflow on April 23 was BlackRock ETF IBIT, with a net inflow of $37.9233 million in a single day, and the historical total net inflow of IBIT has reached $15.479 billion.The second highest was the ARKB ETF from Ark Invest and 21Shares, with a net inflow of $33.282 million in a single day, and the historical total net inflow of ARKB has reached $2.267 billion.As of now, the total net asset value of Bitcoin spot ETF is $55.82 billion, and the ETF net asset ratio (the proportion of market value to the total market value of Bitcoin) is 4.27%, with a historical cumulative net inflow of $12.416 billion.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company