Dear readers,

This newsletter is written with help from Laisha Wadhwa, the author of the Web3 Bits and Bytes newsletter. Today’s letter contains insights, memes and a lot of knowledge that only a GenZ writer can incorporate into a single article. Hope you learn about Web3 scams and stay safe with your investments.

Everyone seems to be talking about Web3 even though not everyone understands what it exactly is. With increased adoption of the Web3 ecosystem, the hype around the next evolution of the Internet is taking the world by storm.

For many, Web3 is a platform to make profits, especially with early investments in cryptocurrency and the transparency that comes with it. In a nutshell, web3 is all about ownership and control over our own data, privacy, and finances online. With a new web evolution underway, how secure is Web3 actually?

Where money is to be made, scams are inevitable. The same holds true for the crypto space. Web3 is exploding with economic activity and has the potential for incredible growth. While this attracts a lot of well-deserved attention, it also attracts scammers and thieves.

While the basis of Web3 is decentralization and transparency, it still does not imply that it’s scam-proof. Cryptocurrency scams are rising, and thieves are using new and old techniques to steal money. Some of the latest scams involve rug pulls, Ponzi schemes and phishing.

The numbers in fact are staggering :

• Losses from crypto-related crime rose 79% from 2020.

• Cryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, up from $7.8 billion in 2020.

• Cryptocurrency theft increased 516% from 2020 to $3.2 billion worth of cryptocurrency. Of this total, 72% of stolen funds were taken from DeFi protocols.

Why are the numbers on the rise?

For scammers, unregulated technology provides an opportunity to deploy tactics that will unlawfully extract value from users. In a blockchain, that value is often exploiting vulnerabilities in code to rob people of their money stored in decentralized wallets. But that’s not where it ends.

As technology evolves, scammers evolve twice as fast.

This might sound funny but, blockchain-related scams from digital wallets are more common as Web3 applications gain traction.

These scams can be as simple as sending false transactions and creating phishing websites to something as planned as Pump and dump schemes. Time to dig a little deeper.

Rugpull

Let’s start with RugPull. It’s a term that has been popularized to describe the Web3 / DeFi equivalent of what we would call a Ponzi scheme [pumping and dumping] in traditional financial systems.

You’ve heard about ETH, BTC, and MATIC - all are cryptocurrencies of their respective blockchains. But, there isn’t just one token per blockchain. Ethereum blockchain alone supports a number of tokens, and creating a new one is fairly easy. Not only are they easy to create, but you can name them whatever you want, which can make identifying legitimate tokens particularly difficult.

Teddy DOGE, SnowDog, Luna Yield - sounds like some Anime character names? Well, they’re rug-pulled projects,

But what in the world is a rug pull actually?

Say you are standing on a rug, and it’s unexpectedly pulled out from under you. You would obviously fall on the floor and everything you are holding on to would spill. This is exactly what happens in the crypto world with some people.

How does it work?

1. A token is created.

2. The creators of the token create hype, by injecting liquidity into their token, airdropping, and spamming through social media channels and other schemes.

3. The price of the token is inflated, often in a coordinated manner between a number of parties.

4. Investors dogpile in on the token and boost the price of the token with the perception that the value is skyrocketing and they want to get it when the token is still relatively cheap.

5. Once the value of the token reaches the target that the creators were aiming for, the creators pull as much value out of their share of the tokens, leaving their investors with tokens worth close to nothing. It’s a DeFi exploit and seemingly common.😬😬

There are different types of rug pulls, some illegal and some unethical. 

How do you know if your rug is being pulled?

It’s not as easy to notice a rug pull when you are entangled in one. But there are a few signs you can watch out for.

• Using rug pull checkers, scanners, and trackers like Tokensniffer, BSChecker and Cryptach.

• It’s better to be safe than sorry, dodging being rug pulled by doing proper due diligence.

• Never rush into a project just because it promises high returns or has risen sharply or your uncle told you to buy.

• Dealing with pumps and dumps - be extremely suspicious of any project whose price soars within just a few hours.

And most importantly - Don’t let FOMO get the better of you.

You learn by examples -  time to look at Luna Yield rug pull - one of the biggest and most interesting rug pulls where investors lost a whopping $6.7 Million

Luna Yield was an ecological farming project operating on the Solana platform. The Solana (SOL) project had been growing steadily before Luna Yield vanished. Why?

Coz the project offered an APY(Annual percentage yield) of up to 400% on the SOL-USDC pair, which was enough to attract millions from DeFi investors. The project’s creators suddenly deleted their website, Telegram, and Twitter accounts and withdrew millions of dollars.

Following the deletion of the social media accounts, the Luna Yield investors tried to withdraw their funds that weren’t staked, but unfortunately, they were unsuccessful. 

Bottom line is, money lost in crypto rug pulls is practically never recovered, and in most cases, the scammers are able to vanish without a trace. 

Does it imply that you should stay away from cryptocurrencies? Most definitely not! Would you stop dating because people cheated?

Hate the player, not the game

Moving on. Let’s talk about social media and the bazillion spam messages we receive. Ever since I started interacting with web3 content and started talking more about web3 on Twitter and LinkedIn, my inbox has been filled with spam links asking me to sign up for airdrops, swap crypto for them in exchange for money, participate in mining to get huge amounts of money, invites to crypto events and much more!

Like Web2 attacks, hackers are counting on human error as a starting point for this type of attack. Phishing attacks are definitely on a rise in the web3 world. 

Phishing can happen through spurious links sent through DM on Twitter, discord, Instagram and LinkedIn or even emails. It's estimated that one of every 100 tweets is malicious & that fewer than half of Twitter accounts represent true users sending out tweets to followers. The rest of the accounts are inactive or set up just to automatically send out spam.

⚠️Again, do not click on any such links ⚠️

According to a June 2022 report by the Federal Trade Commission, over $1 billion in cryptocurrency has been stolen since 2021. And the hackers' hunting grounds are where people gather online.

As per FTC, Nearly half the people who reported losing crypto to a scam since 2021 said it started with an ad, post, or message on a social media platform.

Generally, scammers send malicious clone links [a near-perfect copy that looks legitimate] to divert victims to a site that drains their wallets of crypto and NFTs.

A phishing scam may start with social engineering, telling the user about an early token launch or that they will 100x their money, a low API, or that their account has been breached and requires a password change. These messages usually come with a limited time to act, further driving a user's fear of missing out, also known as FOMO.

These attacks can come in many forms - 

1. Malware: any program or code harmful to systems. Malware can enter a system through phishing emails, texts, and messages.

2. Compromised Websites: Legitimate websites are hijacked by scammers and used to store malware that unsuspecting users download once they click on a link, image, or file.

3. URL Spoofing: Also known as URL Phishing, it’s all about creating spoofed websites that are clones of legitimate websites. These sites can harvest usernames, passwords, credit cards, cryptocurrency, and other personal information.

4. Fake Browser Extensions: As the name suggests, these exploits use fake browser extensions to dupe crypto-users into entering their credentials or keys into an extension that gives the cybercriminal access to the data.

Web3 can be anything you want it to be. There are multiple ways of being scammed but there are ways to safeguard yourself as well.

What can you do to protect yourself?

• Never reply to an email, SMS text, Telegram, Discord, or WhatsApp message from an unknown person, company, or account

• Do not enter your credentials or personal information when using public or shared WiFi or networks.

• If you use a mobile, browser, or desktop wallet, also known as a hot wallet, download them from official platforms like the Google Play Store, Apple's App Store, or verified websites.

• Be sure to keep your private keys, seed phrases, and passwords private. Never share it for participating in investments and minting. Its a SCAM

• Do your research before investing in a project. Don’t fall for high-pressure tactics and deadlines. It’s just a way to invoke FOMO.

•  Lastly, If it sounds too good to be true, it probably is a scam.

Until next time, stay aware, and stay vigilant!

If you enjoyed the post and learnt about scams in Web3, do share this with your friends.

Share

I plan to bring many such newsletters to educate our community of crypto founders and investors. Make sure you do not miss these. Subscribe to receive these letters directly in your inbox.