They are platforms where users share their personal information and deposit cryptocurrencies in droves. This means catnip for hackers and scammers, so, stop a bit before you blindly trust that page you just found. It could be a fake cryptocurrency exchange trying to squeeze all your coins.
It may look like a friendly platform to exchange your cryptos, but all that glitters isn’t gold. It may even look like your old and reliable crypto exchange, and be barely a fake version, seeking your data and your money. The people behind these shenanigans are truly masters of disguise.
That doesn’t imply there are not some telltale signs, though. But first, let’s check some types of fake cryptocurrency exchanges.
The Evil Clones
We can find out there basically two types of malicious crypto exchanges. We can call them the evil clones and the evil children. The first ones are the masters of disguise since they are only skilled replicas of several legit crypto exchanges. At first sight, the user might not spot the difference on the webpage, app, or email: same graphics, same words, same sections, same functionalities.
However, something is always odd, like a “glitch” on the Matrix (on the copy). A missing section, a link that doesn’t work, a misspelled word(s), a kind of old order book. A suspicious insistence to share your credentials and/or private keys. And, above all, a weird, missing, or extra character on the URL.
For example, let’s say you’re looking for ‘https://www.alfa.cash/’. Instead, you could find (fake) things like ‘https://www.alfacashex.com/’, ‘https://www.alpha.cash/’, ‘https://www.alfa-cash.com/’ or the sly ‘https://www.alfā.cash’. Probably, the familiar green padlock is nowhere to be seen as well. All this is a synonym of an evil clone, and you should run right away.
The evil clones can be found anywhere, from links in social media and “security” emails to paid ads on the top of Google results and promising apps on Google Play. Once the users fall for the trick and deposit funds, the withdrawals become impossible. And they’re not alone.
The Evil Children
The evil children might not be copies, but the intention is the same (steal your cryptos). The attackers here don’t use disguises, but several sceneries. They buy domains and create new pages from scratch. As the cybersecurity firm Kaspersky Lab explains:
“The link opens a site that looks like a cryptocurrency exchange, with an adaptive layout, savvy design, and the exchange rate info, charts, order books, and trading history that cryptocurrency traders would expect to see on a trading platform. Visitors will also find technical support and several language options. Someone clearly went to a lot of trouble to make the site look legit.”
Then, they proceed to pass as new crypto exchanges, offering some kind of reward to their users through social media or chat apps (especially Discord). It could be airdrops, referral opportunities, loyalty programs, ad campaigns, contests, and whatever excuse the scammers have at hand.
If the potential user (victim) plays along, they can be guided to deposit cryptocurrencies into the platform, as a way to verify their account or something like it. Once the bitcoins (LTC, DOGE, XRP, XRM, etc.) are transferred, there’s no turning back. Clearly, there’s no “reward” either.
Sometimes, the admins of those evil children also create fake crypto news portals to promote their sketchy exchanges. After all, if the potential victim reads that “XYZ exchange” is safe and reliable on a site that doesn’t seem connected to it, they could fall faster into the trap.
How to Avoid Fake Crypto Exchanges
According to a report by several Chinese colleges, there were at least 1,500 scam domains (webpages) and 300 fake apps promising to exchange cryptocurrencies by 2020. In addition, the sample taken for the study includes thousands of victims.
“There are about 1,700 victims been deceived, with the amount scammed up to 520k dollars in our dataset. And although attackers’ groups can be identified, they used multiple fund transfer addresses and mixing services to hide their tracks. On the other side, attackers have the ability to bypass the security check of the app markets and distribute their fake apps to markets, which exposes a great threat to the community.”
Anyone, anywhere, could be a victim of this fraud. Although, there are some measures you can take to protect yourself.
- Before using any platform, do your homework and research it thoroughly. Never trust only in recommendations or only in one source. Check its social networks, its terms, and conditions, its order book, its functionalities. Beyond that, look for some different reviews, on different sites. If it’s non-custodial (you keep control of your funds), the better.
- It’s very unlikely that your account it’s gonna be closed out of a sudden, or there’s a “security problem” with it. If your exchange is asking you for your credentials and/or private keys (with any excuse), isn’t your exchange. No matter if the email seems legit.
- If you’re using Google or another browser to search for exchanges, pay attention if the result is, indeed, a normal result and not a paid ad. Never trust only in paid ads.
- Always check the score and the comments of every app you’re willing to download. If you can investigate the firm behind it and find external reviews, the better.
- The “gifts” can be “baits” easily. Don’t let them blind you with nice —and empty— promises. If you need to give money to receive money, then the thing it’s likely a scam
- Follow the official channels and social media of your exchanges. You never know when they will announce something very important, like a security breach or a phishing attack (the evil clones). And no, they won’t ask for your credentials.