Buying crypto? Watch out for these 100 problems
By Brian Livingston
People in the tech industry tend to find cryptocurrency very attractive as a concept. After all, crypto coins are totally digital — there are no paper bills or metallic coins to handle — and you can transfer these “digicoins” to anyone in the world, instantly (in theory).
The reality is that digital money is prey to all kinds of hacks and cons. Many people have lost their life savings because they converted their hard currency into crypto and got hacked. Bad actors used one security flaw or another to transfer the victims’ funds to themselves.
Allow me to give you some guidance that can hopefully help you avoid scams while you hold crypto, if you have a specific reason to do so.
Blockchain is the new Pet Rock, Hula Hoop, and Beanie Baby
Talking about cryptocurrencies always gets around to the concept of a blockchain, so we might as well get clear on what that means. (See Figure 1.)
Figure 1. A public blockchain is an uneditable, digital record of every transaction (block of data) that has ever occurred. A private, redactable blockchain might have virtual “padlocks” to allow the removal of certain transactions. Source: Accenture
A public blockchain is an unchangeable, widely distributed digital ledger that preserves all transactions (blocks) in the order in which they occurred. Different blockchains have been set up for bitcoin, ether, dogecoin, and many other crypto coins.
A private blockchain might be limited to authorized users, such as the employees of a company or a nonprofit organization. Such a blockchain could be redactable, allowing authorized admins to correct errors or reverse transactions. A technique for editable ledgers with digital “padlocks” between data blocks has been proposed by consulting firm Accenture and Stevens Institute of Technology professor Giuseppe Ateniese in a PDF.
A blockchain being uneditable doesn’t mean it’s secure. For example, a Swiss-registered investment pool called The DAO (Decentralized Autonomous Organization) raised $160 million through ether in May 2016. On June 17 of that year, a hacker transferred $50 million to himself. To steal that much ether, he wrote code that avoided sending messages to the system about the number of tokens he was moving (see Phil Daian’s analysis of the code):
if (p.splitData.newDAO.createTokenProxy.value(fundsToBeMoved)(msg.sender) == false)
Because of The DAO’s 28-day waiting period, the theft could be mostly reversed, but only by a so-called hard fork: an entirely new blockchain that excluded the hacked transactions. Under The DAO’s “consensus” model, however, approximately 15% of the voting stakeholders refused to accept the fork. This created two separate blockchains, each with its own coins: the reborn Ethereum and Ethereum Classic, as explained by the Brave New Coin blog.
The split allowed the thief to keep a few million dollars’ worth of ether, at least temporarily. By the end of 2016, DAO tokens had been delisted by major crypto exchanges. The US Securities & Exchange Commission (SEC) ruled in July 2017 that DAO’s offering was an illegal, unregistered security. The effort folded soon thereafter, as described in a Medium article.
As far as corporate ledger chains go, “Private blockchains are completely uninteresting,” says Bruce Schneier, a noted cryptographer and a board member of the Electronic Frontier Foundation. “Consensus protocols have been studied in distributed systems for more than 60 years,” he adds. “The only reason to operate one is to ride on the blockchain hype.”
Most people will never set up a blockchain. But millions of people are using cash and credit cards to transfer their hard currencies, such as dollars and euros, into crypto coins. Do those digital currencies have problems? I’m glad you asked.
Crypto is just code, and code can be hacked
Cryptocurrencies do serve at least one legitimate need. Individuals sent $715 billion across international boundaries to relations in other countries in 2019, according to World Bank estimates. But the old-line service is dominated by Western Union, MoneyGram, and RIA. Remittances can take up to five business days, and the average transaction fee is 7.45%. The fee can be 15 points higher for remittances to some African countries, a 2018 EU report says.
Crypto remittance services can be faster and charge lower fees. Local offices routinely convert coins into the recipient’s local currency. But whether or not you make cross-border transfers, it’s important to know that holding crypto for long exposes you to certain risks.
Steve Wozniak (left), a co-founder of Apple — and a tech-savvy individual, by all accounts — recently had seven bitcoins stolen from him, at a time when his coin collection was worth approximately $70,000.
What super-sophisticated hack was capable of separating Wozniak from his valuable digital assets?
Nothing sophisticated at all. “Somebody bought them from me online through a credit card, and they cancelled the credit-card payment,” he said at the 2018 Global Business Summit in New Delhi, sponsored by The Economic Times of India.
“It was that easy! And it was from a stolen credit-card number, so you can never get it back,” he added. Just try telling a credit-card telephone rep that you sent virtual currency to someone, somewhere, and you want it returned.
(Department of Happy Endings: On December 4, 2020, Woz used the Singapore-based HBTC crypto exchange to sell his own token, WOZX. The offering raised $950 million in the first 13 minutes of trading, a huge increase from its $80 million starting valuation. To avoid SEC regulation, buyers couldn’t use US crypto exchanges, according to a Yahoo Finance story.)
You don’t have to be an Apple legend to get your crypto coins stolen, of course:
Apps transfer crypto to hackers. iPhone user Philippe Christodoulou downloaded from the Apple Store a “Trezor” app to manage his bitcoins on a special USB digital wallet he’d purchased from the Czech manufacturer Trezor. He blames Apple for distributing the fake app, which immediately stole $600,000 worth of his bitcoins. According to a Washington Post story, the app was downloaded from the Apple Store around 1,000 times between January 22 and February 3, 2021. Apple spokesperson Fred Sainz says, “Study after study has shown that the App Store is the most secure app marketplace in the world.” It isn’t just the Apple Store. Coinfirm, an anti-money-laundering service, told the Post that it knows of three Android users who’ve lost a total of $600,000 from phony “Trezor” apps, in addition to five iOS users who’ve lost $1.6 million. You can’t even trust crypto that’s given away for free. A common scheme involves crypto groups offering a few coins “for nothing.” These promotions are known as crypto airdrops. Beware! Promoters may ask you to enter your email address, a bank-account number, a password, or — worst of all — the private key to your crypto wallet, exposing you to a total loss. Twitter user Voland04 tracked or participated in hundreds of airdrops over a six-month period, reporting in 2019 that only a dozen or so paid the promised tokens and “only about 5 have real value.” Cryptocurrency scams have grown 1,000% in 12 months. The reported losses by Americans alone due to crypto crimes totaled more than $50 million in the first quarter of 2021. That’s 10 times more than the same period one year earlier, according to a Federal Trade Commission report.
“For every legitimate business online, there are probably five scammers out there trying to act like they are someone they are not,” says David Johnson, CEO of crypto startup Latium.
The magic beans you buy may mysteriously vanish in a rug pull
The most outrageous scams involve companies that set up a new blockchain, create a website to promote the related coin, hire social-media celebrities to flog it, collect millions of dollars of hard currency from excited buyers — and then disappear with the money.
Crypto bloggers call these vanishing acts rug pulls. That’s shorthand for “having the rug pulled out from under you.” But coin boosters avoid using a much simpler term: rip-offs.
Fairmoon, called a “fair community crypto” (symbol: FAIR), lost 96% of its value on May 18, 2021, when insiders vanished with millions of dollars’ worth of tokens. As I write this, FAIR is trading for only $0.0006 (six one-hundredths of a US cent), but there hasn’t been a single trade in days. The coin’s organizers had thoughtfully hired the head of a prominent anti–rug-pull movement as an auditor, but he was immediately accused by the promoters of pulling the heist himself, according to an Investor Place article. The developers of Compounder Finance (CP3R) disappeared with more than 10 million dollars’ worth of crypto on December 1, 2020. The CP3R token had hit a peak of $80.18 on November 24, three days after its launch. But the price was sucked down to $0.55 by December 3, a loss of 99%, says a CoinDesk story. In this case, an auditing team named Solidity Finance had tweeted on November 19 a link to a report mentioning that the CP3R code “doesn’t provide full protection.” The developers used that very opening. The tweet and the report have been deleted. Only a chat log PDF about the audit remains online. The CEO of Turkey’s largest crypto exchange flew to Albania with $108 million. Some 400,000 Turkish users had transferred their money to the Thodex exchange to escape the lira’s 16% annual inflation rate. After the April 23 theft, Turkish authorities detained 83 people connected with Thodex, including the CEO’s brother and sister, according to a News Binding article. At this writing, the CEO’s whereabouts are still unknown. More than 80% of “initial coin offerings” (ICOs) are outright scams. Just considering coins that had a market capitalization (total invested) of $50 million or more, 81% were complete frauds, according to a 2018 study by Satis Group. Another 11% of ICOs did exist but failed to ever get listed on any crypto exchange. The remaining 8% managed to get to the listing stage, but only 2% could be categorized as “successful.” The smaller a coin’s market cap, the worse its likelihood of success. Over 400,000 fraudulent crypto websites existed in 2020. After scanning 300 million sites, fraud-prevention firm Bolster determined that hundreds of thousands of them featured fake celebrity endorsements, “double your money” rebates, and other cons. A 75% increase to 700,000 such sites is expected this year. The phony pages include the likenesses of Tesla’s CEO Elon Musk, the Gemini Trust’s Winklevoss brothers, and other boldface names, according to a Business Wire press release. (See Figure 2.) No, celebs such as Musk don’t know which coins will go “to the moon.” American hip-hop star Soulja Boy accidentally revealed on May 26 that he would be paid $24,000 by a new crypto called SaferMars. The payoff would come if the coin raised $240,000 via the rapper’s tweeting favorably about it to his 5.2 million followers, the Coinfomania blog revealed. The money may not be worth it. The SEC has levied punitive fines of $150,000 to $600,000 on actor Steven Seagal, boxer Floyd Mayweather Jr., music producer Khaled Khaled, and others for promoting various digicoins without revealing their incentives.
Figure 2. This FAKE website, which is NOT authorized by the Gemini Trust or the Winklevoss brothers, looks real. But the site instructs you to send crypto coins to a hacker’s wallet, and the Gemini Trust will supposedly transmit DOUBLE that amount back to your account. Yeah, right. Source: Bolster
How to guarantee that a crypto investment won’t con you
I wish I could say there’s a foolproof method to ensure that a purchase of cryptocurrency is legitimate and safe. But I can’t. There are simply too many ways that promoters of a virtual currency can — to coin a phrase — pull the rug out from under you. If I told you, “XYZ is fine,” some scandal or rip-off would quickly make a liar out of me. Sorry.
We’re in the snake-oil, Wild West days of virtual currencies. In the late 1990s, companies could add “dot-com” to the end of their names, and their shares would immediately rise 100% on a stock exchange. Today, social-media celebrities just saying “our new coin is going to the moon” is enough to get starry-eyed true believers to pour their hard-earned hard currencies into the latest shiny bauble. (At least gold coins, which are also shiny, actually exist and will always retain some value.)
There are several legitimate crypto exchanges, of course. But if you find one that you feel sure of, please follow the same rule that you’d use with any other speculative investment: risk only a small amount of “play money” that you wouldn’t really mind losing.
|Do you know a secret that we all should know? Tell me about it! I’ll keep your identity totally confidential or give you credit as you prefer. Send your story via the Public Defender tips page. |
The PUBLIC DEFENDER column is Brian Livingston’s campaign to give you consumer protection from tech. If it’s irritating you, and it has an “on” switch, he’ll take the case! Brian is a successful dot-com entrepreneur, author or co-author of 11 Windows Secrets books, and author of the new book Muscular Portfolios. Get his free monthly newsletter.
| ||Join the conversation! Your questions, comments, and feedback about this topic are always welcome in the AskWoody Lounge! |