See More

Fake Cryptocurrency Exchanges and How to Protect Yourself

4 mins
Updated by Shilpa Lama
Join our Trading Community on Telegram
Editorial Note: The following content does not reflect the views or opinions of BeInCrypto. It is provided for informational purposes only and should not be interpreted as financial advice. Please conduct your own research before making any investment decisions.

They are platforms where users share their personal information and deposit cryptocurrencies in droves. This means catnip for hackers and scammers, so, stop a bit before you blindly trust that page you just found. It could be a fake cryptocurrency exchange trying to squeeze all your coins.

It may look like a friendly platform to exchange your cryptos, but all that glitters isn’t gold. It may even look like your old and reliable crypto exchange, and be barely a fake version, seeking your data and your money. The people behind these shenanigans are truly masters of disguise.

That doesn’t imply there are not some telltale signs, though. But first, let’s check some types of fake cryptocurrency exchanges.

The Evil Clones

We can find out there basically two types of malicious crypto exchanges. We can call them the evil clones and the evil children. The first ones are the masters of disguise since they are only skilled replicas of several legit crypto exchanges. At first sight, the user might not spot the difference on the webpage, app, or email: same graphics, same words, same sections, same functionalities.

However, something is always odd, like a “glitch” on the Matrix (on the copy). A missing section, a link that doesn’t work, a misspelled word(s), a kind of old order book. A suspicious insistence to share your credentials and/or private keys. And, above all, a weird, missing, or extra character on the URL.

For example, let’s say you’re looking for ‘https://www.alfa.cash/’. Instead, you could find (fake) things like ‘https://www.alfacashex.com/’, ‘https://www.alpha.cash/’, ‘https://www.alfa-cash.com/’ or the sly ‘https://www.alfā.cash’. Probably, the familiar green padlock is nowhere to be seen as well. All this is a synonym of an evil clone, and you should run right away.

The evil clones can be found anywhere, from links in social media and “security” emails to paid ads on the top of Google results and promising apps on Google Play. Once the users fall for the trick and deposit funds, the withdrawals become impossible. And they’re not alone.

The Evil Children

The evil children might not be copies, but the intention is the same (steal your cryptos). The attackers here don’t use disguises, but several sceneries. They buy domains and create new pages from scratch. As the cybersecurity firm Kaspersky Lab explains:

“The link opens a site that looks like a cryptocurrency exchange, with an adaptive layout, savvy design, and the exchange rate info, charts, order books, and trading history that cryptocurrency traders would expect to see on a trading platform. Visitors will also find technical support and several language options. Someone clearly went to a lot of trouble to make the site look legit.”

Then, they proceed to pass as new crypto exchanges, offering some kind of reward to their users through social media or chat apps (especially Discord). It could be airdrops, referral opportunities, loyalty programs, ad campaigns, contests, and whatever excuse the scammers have at hand.

If the potential user (victim) plays along, they can be guided to deposit cryptocurrencies into the platform, as a way to verify their account or something like it. Once the bitcoins (LTC, DOGE, XRP, XRM, etc.) are transferred, there’s no turning back. Clearly, there’s no “reward” either.

Sometimes, the admins of those evil children also create fake crypto news portals to promote their sketchy exchanges. After all, if the potential victim reads that “XYZ exchange” is safe and reliable on a site that doesn’t seem connected to it, they could fall faster into the trap.

How to Avoid Fake Crypto Exchanges

According to a report by several Chinese colleges, there were at least 1,500 scam domains (webpages) and 300 fake apps promising to exchange cryptocurrencies by 2020. In addition, the sample taken for the study includes thousands of victims.

“There are about 1,700 victims been deceived, with the amount scammed up to 520k dollars in our dataset. And although attackers’ groups can be identified, they used multiple fund transfer addresses and mixing services to hide their tracks. On the other side, attackers have the ability to bypass the security check of the app markets and distribute their fake apps to markets, which exposes a great threat to the community.”

Anyone, anywhere, could be a victim of this fraud. Although, there are some measures you can take to protect yourself.

  • Before using any platform, do your homework and research it thoroughly. Never trust only in recommendations or only in one source. Check its social networks, its terms, and conditions, its order book, its functionalities. Beyond that, look for some different reviews, on different sites. If it’s non-custodial (you keep control of your funds), the better.
  • It’s very unlikely that your account it’s gonna be closed out of a sudden, or there’s a “security problem” with it. If your exchange is asking you for your credentials and/or private keys (with any excuse), isn’t your exchange. No matter if the email seems legit.
  • If you’re using Google or another browser to search for exchanges, pay attention if the result is, indeed, a normal result and not a paid ad. Never trust only in paid ads.
  • Always check the score and the comments of every app you’re willing to download. If you can investigate the firm behind it and find external reviews, the better.
  • The “gifts” can be “baits” easily. Don’t let them blind you with nice —and empty— promises. If you need to give money to receive money, then the thing it’s likely a scam
  • Follow the official channels and social media of your exchanges. You never know when they will announce something very important, like a security breach or a phishing attack (the evil clones). And no, they won’t ask for your credentials.
Top crypto platforms in the US | March 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Disclaimer

This article is sponsored content and does not represent the views or opinions of BeInCrypto. While we adhere to the Trust Project guidelines for unbiased and transparent reporting, this content is created by a third party and is intended for promotional purposes. Readers are advised to verify information independently and consult with a professional before making decisions based on this sponsored content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

images-e1706008039676.jpeg
Advertorial
Advertorial is the universal author name for all the sponsored content provided by BeInCrypto partners. Therefore, these articles, created by third parties for promotional purposes, may not align with BeInCrypto views or opinion. Although we make efforts to verify the credibility of featured projects, these pieces are intended for advertising and should not be regarded as financial advice. Readers are encouraged to conduct independent research (DYOR) and exercise caution. Decisions based on...
READ FULL BIO
Sponsored
Sponsored