Despite the belief by many cryptocurrency enthusiasts that centralized exchanges (CEXs) are more secure, history has often shown that they are quite vulnerable to attack.
Because these exchanges centralize the storage of user assets, they can be attractive targets for cybercriminals. If an exchange’s security measures are inadequate or successfully compromised, user assets can be stolen or lost.
Another risk of centralized exchanges is the potential for fraud or mismanagement by their operators. Because CEXs may have a single point of control, they may be more susceptible to internal fraud or other forms of misconduct, which can lead to loss of funds or other negative consequences for users.
Over the past year, with the collapse of major centralized cryptocurrency platforms like FTX and Celsius, more and more users are choosing to take custody of their digital assets. Risky financial practices and suspected fraud on some of these platforms have caused many people to lose faith in them as safe places to store their cryptocurrency.
Self-custody refers to holding and managing one’s own cryptocurrency rather than entrusting it to a third party, such as an exchange. This approach gives users more control over their assets and can potentially provide higher levels of security. However, it also carries its own risks, particularly in the form of scams.
Types of scams and how to avoid them
To better understand the potential dangers associated with self-custody and offer guidance on how to protect yourself from scams, Cointelegraph contacted Alice Boucher of Chainabuse, a multi-chain community platform for reporting fraudulent crypto transactions.
A scam that aims to take advantage of cryptocurrency users is called a “pig slaughter.”
“A pig slaughter scam occurs when the scammer stays in constant contact to build a relationship with the victim and ‘fatten’ them with affection over time into investing in bogus projects,” Boucher said, adding:
“The scammer tries to get as much money out of the victim as possible, often using fake investment sites that display fake large profits and using social engineering tactics, such as intimidation, to extract more money from the victim.”
Social engineering uses psychological manipulation tactics to exploit the natural tendencies of human trust and curiosity.
Recent: Trust is key to cryptocurrency exchange sustainability — CEO of CoinDCX
Cybercriminals in the cryptocurrency industry often seek to steal their own assets by taking control of high-profile accounts. “Between May and August 2022, social media account takeovers, involving Twitter, Discord and Telegram, wreaked havoc. Fraudsters post malicious NFT phishing links during those attacks, compromising high-profile social media accounts,” Boucher said.
Once these attackers gain access to a high-profile account, they typically use it to send phishing messages or other types of malicious communications to large numbers of people, attempting to trick them into handing over their private keys, login credentials, or others. sensitive information.
The ultimate goal is to gain access to the assets in custody and steal the cryptocurrency held by the individual.
Followers of these high-profile accounts can be tricked into clicking malicious links that transfer all the tokens from their wallets. These scams can also be designed to get users to invest in a trading platform and often cause victims to lose their deposits with no way to get them back:
“The volume of scams, hacks, blackmail and other fraudulent activities has grown exponentially in recent years. Most of the fake platforms appear to be Ponzi schemes or payment scams by: advertising fake refunds, having referral incentives that resemble pyramid schemes, or posing as legitimate existing trading platforms.”
Scammers using these phishing tactics can encourage users to sign smart contracts that deplete their assets without their consent. A smart contract is a self-executing contract with the terms of the agreement between the buyer and the seller written directly into the code.
If the contract contains bugs or is designed to take advantage of people, users may end up losing their tokens. For example, if you allow your creator to take possession of tokens in order to sell them, users may lose cryptocurrency by signing it.
Most of the time, users do not know that they have lost their tokens until it is too late.
Recent: Congress may be ‘ungovernable’, but the US could see crypto legislation in 2023
Self-custody can be a great way to take control of your own assets, but it’s crucial to understand the risks and take steps to protect yourself from bad actors.
To protect yourself when using a self-custodial wallet, it’s important to follow best practices, such as keeping software up to date and using unique passwords. It is also crucial to use hardware wallets like Ledger or Trezor to store your cryptocurrency. Hardware wallets are physical devices that store your private keys offline, which means that a hacker also needs physical access to engage in certain interactions with the blockchain, making them less susceptible to hacking.
