Learn Cryptocurrency
1 Apr 2022

“Pranksters” in Crypto: No Laughing Matter

Ananda Banerjee

We are done here. This blog will be the last you hear from us at CoinSwitch.

Gotcha! It’s April Fool’s day!

Apologies if you were really alarmed, but we couldn’t help leaning into some cheekiness here today. Just some harmless fun.

But not every prank is as innocuous as this one. “Pranks” in the crypto realm can have catastrophic consequences, and more often than not, they compromise or endanger entire ecosystems as crypto assets worth millions are siphoned off. And the (not so) funny thing is that almost every attack, hack, or breach is different, which makes them that much harder to counter.

We extend our olive branch for today’s prank with this article. We hope you will accept the offer and join us as we learn how to spot 10 of the creepiest clowns of cryptoland and the steps that can help you stay safe.

Key Takeaways

  • Crypto “pranksters” are not funny at all. They adopt specific cyber hacking techniques to breach ecosystems, wallets, websites, and other resources.
  • Phishing attacks initiated by phishers are the most common crypto scams.
  • The Rug Puller is a nifty crypto scammer with eyes on investor funds.
  • Denial of Service attacks commonly target crypto exchanges.

Image(s) Credit: Vaishakh Kp

Crypto “Pranksters” at Large

There is no such thing as a harmless crypto prank. Not even the ones where they say, “Bitcoin is a Bubble.” But all pranks aren’t equal, and some are much worse than others. This article is all about those bigger “pranks”—scams or attacks that can actually cost you money.

The 10 cruel “pranksters” listed here have been stressing out unwitting blockchain participants and investors for quite some time now. (We made up most of the names here and sure hope you like them.)

The “Mal”evolent One

One with Malware

Identity: This kind of scammer uses an illegitimate software module to encrypt data in select blocks and files, and transaction details relevant to a specific group of users. In the crypto realm, malware attacks further transform into ransomware attacks, where the data is encrypted and pledged to be restored upon paying a specific sum or ransom.

Example: CryptoLocker—active between 2013 and 2014—was one of the most dreaded ransomware tools. It used to allow “Mal”evolent scammers to encrypt Windows systems, after which they would ask the victims for Bitcoin as ransom to decrypt the sabotaged data.

Tips to avoid them:

  • Avoid clicking on suspicious links, especially on the device you use for mining, staking, or DeFi activities.
  • Keep updating the mining software you use for specific crypto projects. (BTCMiner and MultiMiner are some of the more popular ones.)

The Phisher

one who phishes

Identity: Phishers are some of the most notorious scammers around. They lure individuals with make-believe social credibility—often by impersonating a trusted influencer or contact—only to hack into private transaction details. A phishing attack is also termed a standard “social engineering” hack as it mostly emerges from the blind faith people have as members of society.

Examples: The latest Ronin Network hack involving the Axie Infinity blockchain is one of the prime examples of a social engineering/phishing attack. The phisher hacked several private keys and staged fake transactions, filling up his/her wallet with most funds. Sky Mavis—the company behind Axie Infinity—has reported a breach value of almost $625 million.

Another example would be the time phishers set up fake profiles in the name of CoinSwitch CEO Ashish Singhal to lure unsuspecting individuals into different crypto scams. One such profile asking investors to invest using a sketchy platform even had his image.

Tips to avoid them:

  • Invest in a hardware/cold wallet.
  • Update online wallet passwords regularly.
  • Do not disclose personal details over social media, emails, and other platforms.

The CryptoJacker

one who is a crypto jacker

Identity: Do you have a powerful computer at your disposal? If yes, you should be wary of The CryptoJacker. Because here is a hacker who attacks and takes remote control of someone else’s computer to use it as a mining setup, and they are always looking for ones with more computational power.

The CryptoJacker breaks into the system by manipulating the user to click a sketchy link with a manipulative script—much like phishing. Once a Cryptojacker does this, your computer will start heating up or lagging a lot as most resources are being used in the background for mining.

Example: Panda Security, a cybersecurity company, reported global exposure of “WannaMine”—a malicious cryptoJacking script used to stealthily mine the crypto Monero.

Tips to avoid them:

  • Avoid clicking on unreliable links that promise mining perks and similar benefits.
  • Keep updating the spam detecting tools associated with your computer.
  • Install ad blockers, as most cryptojacking scripts seep in via advertisements.

The Denier

one who denies usage

Identity: A Denier initiates Denial-of-Service (DoS) attacks, sabotaging computing resources and handing back the reins after a payout. In some way or the other, a DoS attack mimics a malware threat, as you still need to click on something dubious to get attacked. In the context of blockchains, the Denier initiates a full-blown BDoS (Blockchain Denial of Service) attack.

A standalone DoS attack may target a specific computer or a group of devices to sabotage the ability to mine crypto and get rewards. However, large-scale Distributed DoS or DDoS attacks usually target crypto exchanges.

Examples: On 15 February 2021, a sizable BDoS attack knocked the Crypto exchange EXMO offline by targeting the exchange servers. While the recovery was quick, everything fell apart for close to 120 minutes. Similar attacks were initiated on OKEx and Bitfinex back in 2020.

Tips to avoid them:

  • Keep your eyes open for malicious traffic.
  • Be wary of website shutdowns and network slowdowns.
  • Always have an incident response plan handy in case your personal computer is attacked.

The Cracker

one who cracks passwords

Identity: A Cracker is simply a crafty individual who cracks passwords and is capable of exploiting online wallets. This kind of person might initiate a wide range of sub-attacks, including Brute Force attacks (trial-and-error password guessing), Keylogger attacks (pattern recognition), and more.

Example: Back in 2016, a group of crackers drained close to 884 wallets of almost $103,000, by cracking passwords in bulk. At that time, close to 1,800 bitcoins were stolen using a specific password cracking technique.

Tips to avoid them:

  • Stick to strong passwords.
  • Use trustworthy and robust wallets.

The Middleman

one who initiates man in the middle attacks

Identity: The Middleman hack usually begins by tracking or eavesdropping on a client-host conversation (for instance, an online chat with a customer care center). The information from the conversation is then misused by the hacker to impersonate the host.

The Middlemen eventually direct clients to their payment interfaces. In this way, they sabotage the main conversation and bring the host’s credibility into question, while unfairly taking away the client’s money.

Example: Back in February 2018, a MITM (Man-in-the-Middle) attack was initiated across the Ledger crypto wallet app, redirecting the user funds to the middleman’s wallet. The attacker created fake destination addresses and ensured that individuals deposited funds into mock-up accounts, instead of the actual ledger wallet.

Tips to avoid them:

  • Check the security safeguards relevant to the host website before proceeding with transactions.
  • Stay away from public internet hotspots while transacting crypto.

The Interpreter

One who interprets code

Identity: The Interpreter is a scammer who finds smart contract bugs and protocol vulnerabilities to con blockchain participants and steal funds from the ecosystem.

Example: The famous