Learn Cryptocurrency
1 Apr 2022

“Pranksters” in Crypto: No Laughing Matter

Ananda Banerjee

We are done here. This blog will be the last you hear from us at CoinSwitch.

Gotcha! It’s April Fool’s day!

Apologies if you were really alarmed, but we couldn’t help leaning into some cheekiness here today. Just some harmless fun.

But not every prank is as innocuous as this one. “Pranks” in the crypto realm can have catastrophic consequences, and more often than not, they compromise or endanger entire ecosystems as crypto assets worth millions are siphoned off. And the (not so) funny thing is that almost every attack, hack, or breach is different, which makes them that much harder to counter.

We extend our olive branch for today’s prank with this article. We hope you will accept the offer and join us as we learn how to spot 10 of the creepiest clowns of cryptoland and the steps that can help you stay safe.

Key Takeaways

  • Crypto “pranksters” are not funny at all. They adopt specific cyber hacking techniques to breach ecosystems, wallets, websites, and other resources.
  • Phishing attacks initiated by phishers are the most common crypto scams.
  • The Rug Puller is a nifty crypto scammer with eyes on investor funds.
  • Denial of Service attacks commonly target crypto exchanges.

Image(s) Credit: Vaishakh Kp

Crypto “Pranksters” at Large

There is no such thing as a harmless crypto prank. Not even the ones where they say, “Bitcoin is a Bubble.” But all pranks aren’t equal, and some are much worse than others. This article is all about those bigger “pranks”—scams or attacks that can actually cost you money.

The 10 cruel “pranksters” listed here have been stressing out unwitting blockchain participants and investors for quite some time now. (We made up most of the names here and sure hope you like them.)

The “Mal”evolent One

One with Malware

Identity: This kind of scammer uses an illegitimate software module to encrypt data in select blocks and files, and transaction details relevant to a specific group of users. In the crypto realm, malware attacks further transform into ransomware attacks, where the data is encrypted and pledged to be restored upon paying a specific sum or ransom.

Example: CryptoLocker—active between 2013 and 2014—was one of the most dreaded ransomware tools. It used to allow “Mal”evolent scammers to encrypt Windows systems, after which they would ask the victims for Bitcoin as ransom to decrypt the sabotaged data.

Tips to avoid them:

  • Avoid clicking on suspicious links, especially on the device you use for mining, staking, or DeFi activities.
  • Keep updating the mining software you use for specific crypto projects. (BTCMiner and MultiMiner are some of the more popular ones.)

The Phisher

one who phishes

Identity: Phishers are some of the most notorious scammers around. They lure individuals with make-believe social credibility—often by impersonating a trusted influencer or contact—only to hack into private transaction details. A phishing attack is also termed a standard “social engineering” hack as it mostly emerges from the blind faith people have as members of society.

Examples: The latest Ronin Network hack involving the Axie Infinity blockchain is one of the prime examples of a social engineering/phishing attack. The phisher hacked several private keys and staged fake transactions, filling up his/her wallet with most funds. Sky Mavis—the company behind Axie Infinity—has reported a breach value of almost $625 million.

Another example would be the time phishers set up fake profiles in the name of CoinSwitch CEO Ashish Singhal to lure unsuspecting individuals into different crypto scams. One such profile asking investors to invest using a sketchy platform even had his image.

Tips to avoid them:

  • Invest in a hardware/cold wallet.
  • Update online wallet passwords regularly.
  • Do not disclose personal details over social media, emails, and other platforms.

The CryptoJacker

one who is a crypto jacker

Identity: Do you have a powerful computer at your disposal? If yes, you should be wary of The CryptoJacker. Because here is a hacker who attacks and takes remote control of someone else’s computer to use it as a mining setup, and they are always looking for ones with more computational power.

The CryptoJacker breaks into the system by manipulating the user to click a sketchy link with a manipulative script—much like phishing. Once a Cryptojacker does this, your computer will start heating up or lagging a lot as most resources are being used in the background for mining.

Example: Panda Security, a cybersecurity company, reported global exposure of “WannaMine”—a malicious cryptoJacking script used to stealthily mine the crypto Monero.

Tips to avoid them:

  • Avoid clicking on unreliable links that promise mining perks and similar benefits.
  • Keep updating the spam detecting tools associated with your computer.
  • Install ad blockers, as most cryptojacking scripts seep in via advertisements.

The Denier

one who denies usage

Identity: A Denier initiates Denial-of-Service (DoS) attacks, sabotaging computing resources and handing back the reins after a payout. In some way or the other, a DoS attack mimics a malware threat, as you still need to click on something dubious to get attacked. In the context of blockchains, the Denier initiates a full-blown BDoS (Blockchain Denial of Service) attack.

A standalone DoS attack may target a specific computer or a group of devices to sabotage the ability to mine crypto and get rewards. However, large-scale Distributed DoS or DDoS attacks usually target crypto exchanges.

Examples: On 15 February 2021, a sizable BDoS attack knocked the Crypto exchange EXMO offline by targeting the exchange servers. While the recovery was quick, everything fell apart for close to 120 minutes. Similar attacks were initiated on OKEx and Bitfinex back in 2020.

Tips to avoid them:

  • Keep your eyes open for malicious traffic.
  • Be wary of website shutdowns and network slowdowns.
  • Always have an incident response plan handy in case your personal computer is attacked.

The Cracker

one who cracks passwords

Identity: A Cracker is simply a crafty individual who cracks passwords and is capable of exploiting online wallets. This kind of person might initiate a wide range of sub-attacks, including Brute Force attacks (trial-and-error password guessing), Keylogger attacks (pattern recognition), and more.

Example: Back in 2016, a group of crackers drained close to 884 wallets of almost $103,000, by cracking passwords in bulk. At that time, close to 1,800 bitcoins were stolen using a specific password cracking technique.

Tips to avoid them:

  • Stick to strong passwords.
  • Use trustworthy and robust wallets.

The Middleman

one who initiates man in the middle attacks

Identity: The Middleman hack usually begins by tracking or eavesdropping on a client-host conversation (for instance, an online chat with a customer care center). The information from the conversation is then misused by the hacker to impersonate the host.

The Middlemen eventually direct clients to their payment interfaces. In this way, they sabotage the main conversation and bring the host’s credibility into question, while unfairly taking away the client’s money.

Example: Back in February 2018, a MITM (Man-in-the-Middle) attack was initiated across the Ledger crypto wallet app, redirecting the user funds to the middleman’s wallet. The attacker created fake destination addresses and ensured that individuals deposited funds into mock-up accounts, instead of the actual ledger wallet.

Tips to avoid them:

  • Check the security safeguards relevant to the host website before proceeding with transactions.
  • Stay away from public internet hotspots while transacting crypto.

The Interpreter

One who interprets code

Identity: The Interpreter is a scammer who finds smart contract bugs and protocol vulnerabilities to con blockchain participants and steal funds from the ecosystem.

Example: The famous “DAO” attack on the Ethereum blockchain in 2016 was the work of an Interpreter. The fraudster exploited a recursive (self-initiating) smart contract, to deposit a small amount and withdraw a lot more, thus filling his/her own pockets. As a result, close to 3.6 million ETH were stolen, valued at $60 million.

Tips to avoid them:

  • Double-check the smart contract code as it is immutable (meaning unalterable).
  • Explore blockchains that are more inclined towards security and decentralization, over scalability.

The Major

one who conducts a 51% attack

Identity: The Major is the spearhead of what is known as a Majority or 51% attack. In this kind of attack, over 50% of the network sways in a  particular direction, allowing the hacker to gain control of the entire blockchain.

For details regarding a 51% attack, check out this detailed post.

Example: In May 2018, Bitcoin Gold was attacked by a group of perpetrators. The 51% attack allowed the hackers to keep double-spending for many days at once, siphoning close to $18 million in assets.

Tips to avoid them:

  • Ecosystems must shift to Proof-of-Stake (PoS) consensus, as it is more immune to a majority hack.
  • Investors must only consider exploring large crypto ecosystems as they are harder to breach.

The Exploiter

one who exploits vulnerabilities

Identity: This “prankster” proactively looks for ecosystem areas to exploit and launches full-fledged attacks before any bugs are identified or fixed by the blockchain developers.

Example: In 2021, the Poly Network was hacked, and it lost close to $610 million. The prankster (in the true sense of the term) wanted to expose a system vulnerability that he had identified, so he siphoned the funds only to return most of them later. In this rare case, the hacker was even rewarded with a job by the Poly network.

Tips to avoid them:

  • Crypto project heads watching this space should be proactive with the vulnerability assessment.
  • There should be an incident response plan to help manage the network participants if such a prank is experienced.

The Rug Puller

one who pulls the rug

Identity: Rug Pulls involve project developers running away with investor funds, mostly by drawing the curtain on a project prematurely. Rug pullers are thus more scammers than hackers.

Example: The popularity of Squid Game, a Netflix original show, paved the way for the Squid Game (SQUID) crypto project. The token surged by almost 24,000%, with the unwitting investors riding the hype and investing as if there was no tomorrow. But in November 2021, the token cracked as the developers liquidated their share of holdings, and the prices were reduced to almost zero—scamming investors of around $3.4 million.

For additional details on Rug Pulls, check out this detailed post. 

Tips to avoid them:

  • Do not ride the hype.
  • Check the project fundamentals before proceeding with investments.

Should You Be Worried?

Don’t be. We know that being fooled is only fun on this one day of the year, and even then, not when it comes to crypto. While most projects in the space are inherently secure, it’s never a bad idea to do everything you can to protect yourself.

To steer clear of these notorious “pranks”, Doing Your Own Research is the best way forward. In the end, minimizing your chances of getting conned is all about knowing the projects, wallets, websites, and other elements of your crypto existence in and out.

Liked this piece? Read more fun stuff like this at CoinSwitch.

Disclaimer : Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. The information provided in this post is not to be considered as investment/financial advice from CoinSwitch. Any action taken upon the information shall be at user's own risk.

writer

Ananda Banerjee

Content Writer

Table of content