Overview of Common Scams
This document set is intended to be a compendium of types of scams that can be found in Ethereum and in the wider cryptocurrency ecosystem.
Why is this important?
Security is probably the most important challenge currently facing Ethereum and other blockchains. In 2017, hundreds of millions of dollars worth of ETH, BTC, and LTC was stolen or locked by hackers. This challenge faces every user, exchange, and organization operating in the blockchain ecosystem.
The most dedicated and creative way we have seen to date was the recent fake Ledger Nano S that a person bought off eBay: https://twitter.com/myetherwallet/status/949723478596321280
We work with an expanded team to protect the ecosystem, namely with our EAL Chrome Extension. This chrome extension serves a blacklist: https://github.com/409H/EtherAddressLookup/blob/master/blacklists/domains.json that will prevent users from going to websites on this list.
You can see the diversity of phishing sites, fake airdrop sites, fake ICO sites, exchange sites, etc. Entering secret information into these (such as private keys, passwords, usernames, etc) will result in that information being sent directly to the malicious party running the fake site.
Beyond that we've also seen computers be compromised with malware, keyloggers, clipboard loggers, and more. Having remote access software (TeamViewer) or keeping keys on cloud storage can also be detrimental.
We hope that the Common Scams articles can help people that are new to information security to avoid common scams that are relevant in todays Ethereum ecosystem.
High Level Tips for Security:
Do not give anyone your private key.
Get a hardware wallet and only use it on trusted sites.
If something seems too good to be true, then it probably is. No one is going to give you free money for no reason.
Do not use public networks on your computer when interacting with private keys. Data sent over a public network can be read by others on the network.
Visit the following links to see instances of common Scams:
Phishing Overview - Scams/hacks relating to Phishing
Hardware Wallet Scams - Scams/hacks relating to Hardware Wallets
Malicious Software - Scams/hacks relating to Computing Habits
Privacy Concerns - Privacy Concerns
Security and Cryptocurrency Terminology:
Some terminology that is useful for security-related discussions and general cryptocurrency discussions can be found here: https://support.mycrypto.com/getting-started/ethereum-glossary.html