crypto red flag
In this article

Whenever cryptocurrency and NFTs make the mainstream headlines, it’s usually for one of two reasons: either someone made millions off of them, or lost millions because of them.

The crypto space has been likened to the wild west by many. It sits in a grey area where laws are still attempting to unravel. After all, there’s an incredible amount of volatility and a shocking lack of safety nets.

That being said, there are still precautions which investors can (and should) take when attempting to enter this space. The term ‘do your own research’ (DYOR) can often be spotted floating around in crypto communities. Here’s what that entails.

Being aware of common scams

New investors are often drawn to cryptocurrency by the promise of making quick money. They fail to research projects and seem to believe that every meme coin is destined for the moon.

This is far from the reality. A report by blockchain analytics firm Chainalysis revealed that US$14 billion worth of cryptocurrency was lost to scams in 2021 alone.

For all its potential, the crypto space is an ideal breeding ground for theft and fraud.

Many people are duped by the ever-increasing “pump and dump” scams seen in the release of new coins, as well as inflated NFT prices, whereby unaware victims are quick to invest on a ‘too-good-to-miss’ opportunity. Phishing also remains a big headache and will continue to target all users.

– Jake Moore, ESET Global Cybersecurity Advisor

Pump-and-dump schemes incentivise investors to buy into a cryptocurrency based on false promises. As the price goes up, the founders sell off their holdings and break contact, leaving investors with worthless tokens.

pump and dump crypto
An example of a pump-and-dump scheme in action / Image Credit: TradingView

In the NFT space, scammers can manufacture fake attention by purchasing NFTs from their own collection. Unwary investors might mistake these purchases for legitimate sales and buy into the ‘hype’. Eventually, the scammers ‘pull the rug’ and abandon ship.

Phishing often takes place through fake websites which are able to drain crypto wallets. These websites are made to look exactly like popular crypto exchanges and NFT marketplaces. They might even share a similar URL.

However, once a user connects their wallet, they’ll soon find that all of their funds have been siphoned out.

Storing crypto assets safely

Given the prevalence of phishing attacks, it’s not a wise idea to store all of your crypto assets in one wallet.

It is advised to spread digital funds across platforms and wallets if huge sums are at stake to mitigate the risk of potential illicit activity.

– Jake Moore, ESET Global Cybersecurity Advisor

He adds that it’s generally safer to store crypto on a decentralised wallet than on a crypto exchange.

When using a decentralised wallet like MetaMask, a user’s private key is only stored on their own browser. A hardware wallet goes a step further and keeps this data completely offline.

On the other hand, crypto exchanges store private keys on their respective servers.

crypto hardware wallet
A hardware wallet allows users to store their private keys offline / Image Credit: Yahoo Finance

Furthermore, since crypto exchanges often possess large sums of crypto at any given time, they make an enticing target for hackers.

That being said, storing crypto on a decentralised wallet makes it more difficult to trade as the assets need to be sent over to an exchange first.

“Moreover, being in charge of your own security comes with great risk, so education and awareness are vital. Human error can lead to disastrous consequences,” says Moore.

Looking for red flags

Over the years, we’ve been conditioned to skip through ‘Terms & Conditions’ documents. When it comes to traditional products and services, there’s a certain level of safety which is guaranteed by existing laws and regulations.

This isn’t a liberty afforded to those in the crypto space. The responsibility to research and judge the legitimacy of a crypto asset lies entirely on the investor.

From the very moment a user creates a crypto wallet, they need to be aware of what they’re getting into. Popular wallets such as MetaMask and Phantom come with a seed phrase — an assortment of 12 to 24 words — which serve as the password.

This phrase is the only way to access the wallet. There is no multi-factor authentication or wallet recovery customer support. If the phrase is shared with anyone else, they can instantly make use of the wallet’s contents. Furthermore, there’s usually no way to recover stolen funds.

Once cryptocurrencies are stolen, they are very rarely recovered by the authorities. This is because cryptocurrencies are not usually regulated in the first place. We have witnessed criminal hackers return huge amounts of digital funds, but these situations are extremely rare and funds are often thought of as gone-for-good once they’re stolen.

– Jake Moore, ESET Global Cybersecurity Advisor

When it comes to crypto and NFT projects, users must consider factors such as the whitepaper, the project’s website, its social media channels, and the background of the founders. These can help form a decision on whether a project is legitimate or not.

Red flags can often take the form of vague roadmaps or poorly written copy. Scammers might copy over buzzwords from other projects and promise trending utilities such as staking and play-to-earn games.

It’s important to ask questions in a project’s Discord group to find out information that isn’t available. For example, developing a game is a big undertaking. What sort of experience do the founders have in the field? Have they planned out a timeline for the launch?

A fake social media following is another easily spotted red flag. Community is the driving force of many crypto projects, and it’s important to gauge whether the supporters are actually real people. If a project’s Twitter account has thousands of followers but only gets a few likes per post, it’d be best to proceed with caution.

There are other factors too, which must be considered depending on one’s risk tolerance. For example, whether or not a project’s founders have revealed their identity.

A project with anonymous founders needn’t necessarily be a scam, given that anonymity is common in the crypto space. However, a project which has been audited or has known founders is more likely to be legitimate.

“Going in small will help build your confidence in a new digital asset world,” says Moore. “It comes down to education and carrying out the proper due diligence. Investors must make sure they protect themselves and be constantly aware of the scams used by fraudsters.”

Will the need for such due diligence ever go away?

For traditional consumers, the need for all this research can serve as a deterrent. This is where regulations come into play. As governments work to incorporate crypto into their legal frameworks, the environment is set to become safer and less inconvenient.

The Monetary Authority of Singapore (MAS) recently announced a framework for equitable sharing of losses arising from scams. This framework will divide responsibility between financial institutions and consumers.

In my opinion, the framework will be extended to any kind of financial loss (crypto or otherwise) arising due to cyber attacks.

Banks currently hold money for their end customers as custodians and we see the same with cryptocurrency service providers. Any provider that holds currency/valuables will be a target, and hence, should be governed by the same framework.”

– Ajay Biyani, Regional Vice President ASEAN, ForgeRock

In theory, such a framework would incentivise crypto exchanges to follow a stringent vetting process when listing crypto assets. If a crypto asset turns out to be a scam or a rug pull, the exchanges would be liable to some extent and investors might not face a complete loss.

Biyani believes that more safeguards will be put in place to protect crypto investors in the future.

“The core cybersecurity principles of Confidentiality, Integrity and Availability (CIA) will guide us on the safeguards required. Some key examples would be default multi-factor authentication for all users, Continuous Authorization Risk and Trust Assessment (CARTA), and device profiling.”

Shop and support the best homegrown brands on VP Label now:

Featured Image Credit: Zerocap.com

Subscribe to our newsletter

Stay updated with Vulcan Post weekly curated news and updates.


Vulcan Post aims to be the knowledge hub of Singapore and Malaysia.

© 2021 GRVTY Media Pte. Ltd.
(UEN 201431998C.)

Vulcan Post aims to be the knowledge hub of Singapore and Malaysia.

© 2021 GRVTY Media Pte. Ltd.
(UEN 201431998C.)