Phishing Scam

A phishing scam is a type of cyber-attack where the scammer attempts to obtain sensitive information, such as login credentials and credit card details, by posing as a trustworthy entity. In the case of crypto phishing scams, the scammer creates a fake website or sends an email or text message to the victim, posing as a legitimate crypto organization or exchange. The victim is then tricked into providing their personal information, which the scammer can use to access their crypto wallets, steal their funds, and make unauthorized transactions on their behalf.

Website Phishing Scam

A website phishing scam is a specific type of phishing scam where the scammer creates a fake website that looks identical to a legitimate website for a crypto project, exchange, or organization. The fake website may have a URL or domain name that is very similar to the legitimate website, making it difficult for users to tell the difference. The scammer then tricks the user into providing their login information or other personal details, which they can use to access the user's crypto funds and make unauthorized transactions.

NFT/Token Airdrop Scam

An NFT/Token Airdrop Scam is a type of phishing scam that is specifically targeted at users of NFTs and cryptocurrencies. The scammer sends fake NFTs or tokens to a user's wallet and then sends a message to the user, claiming that they have won an airdrop or giveaway. The message includes a link to a phishing website, which looks like a legitimate crypto project or exchange. The victim is then tricked into entering their login information, which the scammer can use to access the victim's wallet and make unauthorized transactions.

Other Phishing scams

Email Phishing Scam:

An email phishing scam is a type of phishing scam where the scammer sends a fraudulent email to the victim, posing as a legitimate crypto project or exchange. The email usually contains a link to a fake website where the victim is asked to enter their login information or other personal details. The email may also contain a malicious attachment that, when opened, infects the victim's computer with malware. The goal of the scam is to trick the victim into providing their personal information, which the scammer can use to steal their crypto funds.

Phone Text Phishing Scam:

A phone text phishing scam is a type of phishing scam where the scammer sends a fraudulent text message to the victim, posing as a legitimate crypto project or exchange. The text usually contains a link to a fake website where the victim is asked to enter their login information or other personal details. The goal of the scam is to trick the victim into providing their personal information, which the scammer can use to steal their crypto funds.

Telegram Phishing Scam:

A Telegram phishing scam is a type of phishing scam where the scammer creates a fake Telegram account and poses as a legitimate crypto project or exchange. The scammer sends a message to the victim, usually containing a link to a fake website where the victim is asked to enter their login information or other personal details. The goal of the scam is to trick the victim into providing their personal information, which the scammer can use to steal their crypto funds.

Discord Phishing Scam:

A Discord phishing scam is a type of phishing scam where the scammer creates a fake Discord account and poses as a legitimate crypto project or exchange. The scammer sends a message to the victim, usually containing a link to a fake website where the victim is asked to enter their login information or other personal details. The goal of the scam is to trick the victim into providing their personal information, which the scammer can use to steal their crypto funds.

‍

Employment scams:

cams: Employment scams are fraudulent schemes that involve scammers impersonating legitimate recruiters, companies, or organizations with fake job offers. The goal is to lure job seekers into providing personal information and cryptocurrency, which the scammers can use for fraudulent purposes. These scams can take place online or through email, and the scammers may use social engineering techniques to build trust and create a sense of urgency.

Impersonation Scam

In an impersonation scam, the scammer pretends to be someone they are not, such as a celebrity or an established investor, or to be associated with an organization. The goal is to convince the victim to invest with them or donate money to them directly. These scams can be carried out via email, phone, or social media, and may involve fake websites or documents.

Donation Impersonation Scam:

A Donation Impersonation Scam is a type of impersonation scam where the scammer poses as a legitimate charity or non-profit organization and solicits donations in cryptocurrency. They may use fake websites or social media accounts to trick victims into sending funds to them directly, rather than to the real organization.

Romance Scam

In a romance scam, the scammer creates a fake identity and builds a relationship with the victim over time, often through dating websites or social media. They gain the victim’s trust and affection and then ask for money or cryptocurrency, claiming they need the funds for personal reasons such as medical bills or travel expenses. Once the victim has sent the funds, the scammer disappears.

Pig Butchering Scam

In a pig butchering scam, the scammer builds a relationship with the victim over time, often using social engineering techniques such as intimidation or persuasion. They may offer fake investment opportunities or claim to be working on a project that requires funding. The goal is to get the victim to invest or transfer funds, and once they have done so, the scammer disappears with the money.

Investment Scam

In a fake project scam, the scammer claims to be working on a legitimate project and solicits investments from victims. However, the project does not exist or is not viable, and once the scammer has collected enough funds, they disappear.

Fake Project Scam

In a fake project scam, the scammer claims to be working on a legitimate project and solicits investments from victims. However, the project does not exist or is not viable, and once the scammer has collected enough funds, they disappear.

Rug Pull Scam

In a rug pull scam, the scammer creates a legitimate-looking cryptocurrency project and accepts investments from victims. Once they have collected a significant amount of funds, they disappear by deleting their online presence or shutting down the project. This leaves investors with worthless tokens and no way to recover their investment.

Exit Scam

An exit scam is a fraudulent scheme where the operators of a project, typically a cryptocurrency exchange or investment platform, suddenly shut down their service and disappear with all the users' funds or assets. In an exit scam, the operators usually take advantage of the trust and reputation they have built with their users to lure them into investing large amounts of money.

Fake Returns Scam

A fake returns scam involves the scammer promising high returns to victims in exchange for their investment. The scammer may use tactics such as payout scams, Ponzi schemes, or pump and dump schemes to lure victims into investing. Once the scammer has collected enough funds, they disappear, leaving investors with nothing.

Tax/Fee Scam:

In a tax/fee scam, the scammer tells the victim that they need to pay fees or taxes to withdraw their funds. The scammer may ask for additional funds or personal information and then disappear once they have collected what they want.

Advance Fee Scam

In an advance fee scam, the scammer asks the victim to pay upfront for a good or service, such as a job opportunity or investment opportunity, and then disappears without delivering the promised item. The victim is left with nothing and has no way to recover their funds.

Reentrancy attacks

A vulnerability in smart contracts where a function makes an external call to another untrusted contract, which then makes a recursive call back to the original function in an attempt to drain funds.

Cross-function Race Conditions

A vulnerability in smart contracts where two or more Solidity functions are trying to access the same state variable for their individual computation before either has the chance to make the update.

DoS with revert (on bidding contracts)

A vulnerability in smart contracts where an attacker can win any auction by bidding using a smart contract which has a fallback function that reverts any payment. When the attacker tries to refund the old leader, it reverts if the refund fails, which means no other offer can be made.

Hiding Malicious Code with External Contract

A vulnerability in smart contracts where an external contract can be called that is not public, allowing malicious code to be hidden in files that cannot be seen.

Phishing with tx.origin

A vulnerability in smart contracts where tx.origin, a global variable in Solidity that returns the address of the account that sent the transaction, can be used for phishing attacks or ownership malicious swap.

Signature Replay

A vulnerability in smart contracts where the same signature can be used multiple times to execute a function, which can be harmful if the signer's intention was to approve a transaction once.

Front Running

A vulnerability in smart contracts where a hacker can read pending transactions from the memory pool and manipulate the market in the meantime.

Griefing

A vulnerability in smart contracts where an attacker can censor transactions, causing them to fail by sending them with a low amount of gas. It doesn't directly benefit the attacker, only causes grief for the victim.

Contract Self Destruct

A vulnerability in smart contracts where a malicious user could call selfdestruct on a poorly secured contract, thus sending all its ether somewhere else.

Forcibly Sending Ether to a Contract

A vulnerability in smart contracts where even if a contract is well protected, one could always send some ether using selfdestruct on another contract.

Hacks

A phishing scam is a type of cyber-attack where the scammer attempts to obtain sensitive information, such as login credentials and credit card details, by posing as a trustworthy entity. In the case of crypto phishing scams, the scammer creates a fake website or sends an email or text message to the victim, posing as a legitimate crypto organization or exchange. The victim is then tricked into providing their personal information, which the scammer can use to access their crypto wallets, steal their funds, and make unauthorized transactions on their behalf.

Protocol Hacks

These are vulnerabilities in the blockchain's code that can be exploited by hackers to steal or manipulate funds. For example, a hacker may find a vulnerability in the smart contract code of a decentralized application (DApp) and use it to steal funds from the DApp's users.

Exchange hacks

These are hacks that occur on cryptocurrency exchanges. Hackers can breach an exchange's security and steal funds from users' accounts. Some high-profile exchange hacks include the 2014 Mt. Gox hack, the 2016 Bitfinex hack, and the 2019 Binance hack.

Mining hacks

These are hacks that involve manipulating the blockchain's mining process to gain control over the network. For example, a miner may perform a 51% attack, in which they control more than half of the network's computing power, allowing them to manipulate the blockchain's transaction history.

Pump and dump schemes

These are schemes in which a group of investors artificially inflate the price of a cryptocurrency by spreading false information or rumors, then sell off their holdings once the price has risen. This can lead to losses for other investors who buy in at the artificially inflated price.