This document set is intended to be a compendium of types of scams that can be found in Ethereum and in the wider cryptocurrency ecosystem.
Why Is This Important?
Security is probably the most important challenge currently facing Ethereum and other blockchains. In 2017, hundreds of millions of dollars worth of ETH, BTC, and LTC was stolen or locked by hackers. This challenge faces every user, exchange, and organization operating in the blockchain ecosystem.
The most dedicated and creative way we have seen to date was the recent fake Ledger Nano S that a person bought off eBay: https://twitter.com/myetherwallet/status/949723478596321280.
We work with an expanded team to protect the ecosystem, namely with our EAL Chrome extension. This extension, https://github.com/409H/EtherAddressLookup/blob/master/blacklists/domains.json, serves a blacklist to prevent users from going to websites that are known to be malicious.
You can see the diversity of phishing sites, fake airdrop sites, fake ICO sites, exchange sites, etc. Entering secret information into these (such as private keys, passwords, usernames, etc) will result in that information being sent directly to the malicious party running the fake site.
Beyond that, we've also seen computers be compromised with malware, keyloggers, clipboard loggers, and more. Having remote access software (TeamViewer) or keeping keys on cloud storage can also be detrimental.
We hope that the Common Scams articles can help people that are new to information security avoid common scams that are prevalent in today's Ethereum ecosystem.
High-Level Tips for Security
- Do not give anyone your private key.
- Get a hardware wallet and only use it on trusted sites.
- If something seems too good to be true, then it probably is. No one is going to give you free money for no reason.
- Do not use public networks on your computer when interacting with private keys. Data sent over a public network can be read by others on the network.
- Do not store any amount of funds that you are unwilling to lose on an exchange. Examples: Mt. Gox, BitGrail.
Visit the Following Links to See Instances of Common Scams
- Phishing Overview - Scams / hacks relating to phishing
- Hardware Wallet Scams - Scams / hacks relating to hardware wallets
- Malicious Software - Scams / hacks relating to computing habits
- Privacy Concerns - Privacy concerns
Security and Cryptocurrency Terminology
Some terminology that is useful for security-related discussions and general cryptocurrency discussions can be found here: Ethereum Glossary.