Cryptocurrencies are based on a system of security that should make them more or less unhackable and unforgeable. It’s the unique strength of the blockchain technology, that each change has to be checked against the records of every part of the network; there’s no central clearing house or head office to hack, break into or trick.
Because authentication is distributed across the entire network more or less in real time, the only way to cheat the network itself – to spend Bitcoin or Ethereum that you don’t have – would be to have control over 51% of the network, and for a long enough time to generate and spend fake crypto-money.
But a chain is only as strong as its weakest link. As we’ve seen again and again, anything with a human user can be scammed. Bitcoin is no exception.
Recently, there have been reports that cryptocurrency exchanges have been subjected to attacks by hackers who redirect users to fake versions of legitimate cryptocurrency exchanges.
Cryptocurrency exchanges are sites where you can swap Bitcoin, Ethereum and other cryptocurrencies for other cryptos or for state-backed dollars, Euros, and so on.
In many cases they’re the only place you can turn cryptocurrencies into spendable money. (In this sense cryptocurrencies are victims of their own success; when a Bitcoin is worth $11,000, you have to make change somehow.)
Scammers got into the crypto market early, figuring out that while they couldn’t attack the blockchain directly, they could adapt traditional digital scams like fake alerts.
Fake alerts work by contacting you in the name of a business you have legitimate contact with – your ISP, your bank, your entertainment sites or, yes, your crypto exchange. The alert will contain a link to a site that looks like the real thing, but isn’t.
Follow that link, enter your details on the scammer’s site, and they take those login details over to the real site, log in as you, and clean you out.
Expect to start here:
First things first: legit businesses don’t contact you this way, never ask you for details through email or SMS, and put your security first. (They also know your name and spell it right, but don’t rely on that alone; some scammers are very professional.)
Rule number one: don’t click links. If you get an alert from your crypto exchange, navigate there separately in your browser and check it out.
If you do click links, how can you tell it’s the phony baloney?
Reddit user chrysotileman flagged this well-executed fake site:
But if you look carefully you can see the giveaways.
Look in the URL bar for the ‘https’ security protocol…
Yep. Not there. What else is missing?
There’s a big ‘not secure’ warning from Google in the omnibar, that’s something to not ignore.
But you can’t always rely on that either. This one’s got the green ‘https’ in the omnibar…
But it’s still a spoof site.
So what should you look out for?
Well, in this instance, the url is misspelled – there are small dots under the ‘n’s in ‘binance,’ making them different letters and thus a different domain from binance.com, the legit cryptocurrency exchange. (These dots belong to the same family of text marks as umlauts and the accents in Spanish.)
You don’t even have to click a link in an SMS or email to get caught out like this. There are companies using legitimate advertising services like Google Ads, Facebook Ads and ads on other social channels to direct traffic to scam sites.
So what can you do to avoid it?
First things first: want to visit a site? Type the url into the omnibar yourself. That will put paid to spoofers.
But if you want to stay off their lists and avoid getting scam emails and texts in the first place, consider tightening up your general online privacy.
Tracking cookies from above-board businesses follow you around the web, generating all kinds of data about what you look at, which websites you visit and more.
Mostly, they just use this info to target ads at you. (Which is annoying enough.) But they’re not always that hot at hanging onto their data; even giants get hacked, and they’re often not upfront about it.
Bottom line: your security, your problem. You can keep tracking cookies off your back several ways. One highly effective method is to get a good VPN and never go online without it.
Want to know which VPN suits your needs best?
Check out or VPN reviews page.