Bitcoin Scam Guide – Avoiding Theft and Fraud
By: Alexander Reed | Last updated: 1/5/24
There are numerous ways to lose your Bitcoin – scams, fraud, and theft are getting more and more common these days. This post will describe how to keep your Bitcoins safe, plus give you some practical tools to use.
Bitcoin Scam Guide Summary
There are numerous types of Bitcoin scams out there. Here’s how to avoid them:
- Never expose your private key/seed phrase.
- Use the Bitcoin Scam Test before using any unknown service.
- Make sure you’re not logging into a phishing site (explained below).
- Have strong, unique passwords to all related accounts.
- Enable 2FA on related accounts.
- Use a VPN or secure network to connect to your Bitcoin accounts.
That’s how to avoid scams in a nutshell. If you want a more detailed review about how to identify scams and avoid fraud or theft, keep on reading. Here’s what I’ll cover:
- The Bitcoin Scam Test
- Is Bitcoin Safe?
- What Should I Do if I Got Scammed?
- Bitcoin Scam Examples
- My Personal Scam Story
- Bitcoin Theft
- Additional Safety Tips
- Conclusion
- Appendix – Scam Test Tools
Don’t Like to Read? Watch Our Video Guide Instead
1. The Bitcoin Scam Test
Use this simple 12-question test to evaluate any unknown Bitcoin service or website. Some questions require specific tools that are located at the bottom of this page. If you don’t know the answer to a specific question, you can choose to skip it (however, the results will be less accurate).
2. Is Bitcoin Safe?
Bitcoin, the currency and the technology behind it has proven to withstand numerous attacks throughout the years. The weakest link in Bitcoin’s security (as is the case with most other technologies) is usually the people who handle it.
Whenever you hear that Bitcoins were stolen, it isn’t because there was a problem with Bitcoin’s technology but because whoever was holding those Bitcoins wasn’t careful enough.
Saying Bitcoin isn’t safe because you hear a lot about stolen Bitcoins is like saying the dollar isn’t safe because you hear that there are a lot of robberies going on.
With great power comes great responsibility, and as long as you follow the steps in this post, your Bitcoins will be safe and sound.
Before we get started, here is the most important rule you should remember:
You, and you alone, should know the private key to your Bitcoin wallet. The private key, or seed phrase, is like the combination to a safe. Whoever knows your wallet’s private key can take control of your Bitcoins.
No website or person should ever ask you for your private key – just as no one should ask you for the number combination of your safe. So keep that in mind as a red flag if you ever hear that request.
3. What Should I Do if I Got Scammed?
Here are some of the options at your disposal:
- Share your experience in the comments section of this post so others can learn from it.
- Report the website or service to the relevant authority.
- Report the website on review sites like TrustPilot, BitTrust, and BadBitcoin.
- Take legal action against the site or service – this might not be worth your time or money (depending on how much money was taken from you).
4. Bitcoin Scams and Fraud Examples
In Scams and frauds, attackers exploit the weakness of the human factor to put their hands on your Bitcoin. Usually, this is done by the fraudster claiming to be someone or something he’s not. Here are some common scams and fraud schemes:
Nigerian prince scams
Similar to emails that popped up when the Internet was just gaining mass adoption. The emails were sent by a person claiming to be a Nigerian prince who wants to share his wealth with you. This is a general term for all email scams where people ask you to send them Bitcoin.
The reason they ask for Bitcoin is because:
- Bitcoin is somewhat anonymous.
- Bitcoin transactions can’t be reversed.
How to avoid – Don’t ever send Bitcoins to someone you don’t know, and when you do send Bitcoins to someone you know, double-check that you’re actually speaking to who you think you’re speaking to.
Private Key Scams
This type of scam involves people accessing your wallet’s private key or seed phrase (i.e., the password to your funds). There are several ways this scam can take form:
- Persuading the user to send over his private key/seed
- Persuading the user to give remote access to his computer and getting the private key through that access (example). This is usually done by pretending to be someone respected in the community/someone who can help you with an issue.
- Sending you a private key to use in your own wallet and then stealing the funds from that wallet (example).
How to avoid – You should never share your private key or seed phrase with ANYONE, and you alone should be the one generating it.
Phishing Scams
These scams usually include sending a fake email to the user from a known service (e.g., Blockchain.com) telling him he needs to log into his account for some strange reason by clicking on an attached link.
When the user clicks the link in the email, he’s brought to a phishing site – an identical site to the original, but with a different URL. The sole purpose of this site is to log the user’s username and password. Once the user tries to log in, he basically transmits his sensitive info to the scammer.
How to avoid – Always be suspicious of emails asking you to log into a specific service. Double-check the “from” email address and the URL in the browser you’re taken to. Also, it’s best to always access sites directly from the browser and not from links.
Also, make sure the site uses an SSL connection – this means you should see a “lock” icon in the beginning of the address bar and that the URL immediately after begins with “https” and not “http”. Most phishing sites don’t have an SSL certificate, although there may be exceptions.
Finally, most services that you sign up with know your name and use it in their emails. So if you are addressed as “sir” or “dear customer,” see that as a warning.
Oh…and never open any email attachments from unknown senders.
Cloud Mining and Ponzi Scams
A Ponzi Scheme is a scam promising high rates of return with little risk. The Ponzi Scheme pays out the older investors by taking money from new investors. At some point, the Ponzi Scheme operator usually disappears with the investors’ money.
Most Bitcoin Ponzi Schemes today appear in the form of cloud mining sites or coin doublers. These are sites that will promise you high rates of return on your coins on a daily basis and will disappear with your money after a while.
How to avoid – Just use the Bitcoin Scam Test on this page before investing in anything.
5. My Personal Scam Story
A little over 2 weeks ago I received the following email:
At first glance, this seems to be a normal email blast sent out by Coindesk looking for advertisers. As you can see from the recipient line, it was sent to the admin address of 99Bitcoins ([email protected]).
The thing is, we don’t have an admin address; it was just captured in our inbox since all emails directed to 99bitcoins.com are captured.
Here’s what was suspicious about the email:
- The sender’s name – Shakil Khan. I knew who he was; he was the founder of Coindesk. Why would the founder of a huge publication be sending out cold marketing emails? Don’t they have at least a VP of marketing or someone else not so high up?
- The email was sent from [email protected] – I assume that Coindesk would be sending out emails from their own domain name and not using a general Gmail address.
However, the advertising spots available were actually pretty convincing. First, the email stated a specific daily impressions count.
Second, the date on which the banner will be available matched what was advertised at Coindesk. If you were to visit Coindesk at the time the email was sent you would see there was an ad there for Coinsummit that was set to expire on the 6th of July.
Finally, the Facebook URL was also pretty convincing – why would someone be starting a Facebook page that wasn’t their own? I mean, if this was a scam, this may lower their success rate.
After some back and forth with the (still unknown) scammer, I was convinced that this is a good deal and was about to send my Bitcoins until I got the final response:
The grammar mistakes finally aroused my suspicion and I decided to send an email to a verified contact I had in Coindesk. I got the following response:
It seems that this specific email isn’t the only way these scammers try to cheat people out of their money. Some emails even have an actual Coindesk domain “from” address but if you look at the “reply to” address you see it’s the same Gmail address.
The final thing I found out was that the Facebook page mentioned in the original email was not the actual Coindesk FB page. It was a fake page pointing to COLNDESK – but if you don’t write the letter “L” in caps, it looks like a capital “I”.
My alertness saved me from losing money in this case. But I think I’ve learned a much more valuable lesson – and that’s how easy it just became for scammers to take your money.
You see, until Bitcoin was introduced, scammers had to overcome complicated barriers when they wanted someone to send them money. They needed to persuade people to wire them the money or send a check.
This would require them to supply an address or a bank account, which could later easily lead to their capture. More than that, these actions required more effort and had a much lower success rate.
But with Bitcoin, cash just became digital, and scam success rates are rising because of it.
I think what I personally take from this story is to make sure I can positively verify the person that I’m sending money to before actually sending it.
Here’s another example that’s been circling around, this time from the alleged “BitcoinTalk” forum. As you can see below, the same techniques are used here – a Gmail address, stating exact banner sizes, etc.
6. Bitcoin Theft
Unlike fraudsters, thieves steal Bitcoin by circumventing security measures to gain access to their victims’ funds. Online wallets and exchanges are the weakest links in terms of Bitcoin theft. The easiest way to avoid theft from these sites is not to keep any Bitcoins on them.
However, sometimes it’s inevitable to keep funds in an exchange or an online wallet. For example, if you want to trade frequently or if you’re using a certain wallet for online games.
If that’s the case, it’s important to secure your online Bitcoin accounts with a strong enough password.
Generating strong passwords
Here are some general rules for creating a strong password:
- The more characters the password has the better. Aim for at least 8 characters.
- Try to create a mix of lower and upper case letters and non traditional characters like exclamation marks, hyphens and so on.
- Don’t reuse passwords from other accounts.
Of course, the best passwords are the ones that are just a random string of text, numbers, and symbols, but they are also extremely hard to remember. That’s why I strongly recommend you get some sort of password manager to help you generate and keep track of your passwords.
Another way of remembering strong passwords is using numbers instead of certain letters as shown here:
Th!5 i5 a 5tR0ng Pa5sw0rd
These rules should be exercised each time you open a Bitcoin-related account, choose a PIN code for your wallet, or choose a passphrase for encrypting a file.
For example, if possible, choose a PIN code for your mobile wallet with 8 digits instead of the standard 4.
2 Factor Authentication (2FA)
Another very useful security measure you should use whenever possible is to enable Two-factor authentication for your accounts.
Two-factor authentication, also known as 2FA, is a method of confirming a user’s identity through two separate components. In most cases, it would be something a user has and something a user knows.
A good example of 2FA from everyday life is withdrawing money from an atm; only the correct combination of a bank card (something you have) and a PIN (something you know) allows the transaction to be carried out.
In the case of online accounts, something you know will be the password to the site, and something you have will be a mobile phone that will receive a text message containing a PIN code when you try to log in.
This way, even if a hacker manages to uncover your password, he still can’t log in until he physically puts his hand on your mobile device.
However, if you use a normal text message, a hacker can still manage to intercept the message as it’s being sent to your phone. That’s why it’s important to use dedicated 2FA apps that are much more suited for this task. Some of the more popular 2FA apps today are Google Authenticator and Authy.
Using trusted Networks
One thing we tend to forget is what network we are using to access online Bitcoin services like exchanges and wallets. Make sure to access sensitive information only on trusted networks that are properly secured.
For example, use your password-protected home or mobile network only and never use a public Wi-Fi network to access a Bitcoin service. Of course, the password for your router should also follow the rules we just talked about. Public wi-fi networks are extremely vulnerable, and hackers can eavesdrop on your session.
If you have to use a public network, make sure to connect through a Virtual Private Network, also known as a VPN. VPNs are programs that hide your online footprint and encrypt your data, making life extremely hard for hackers.
Another very important security measure we already mentioned is to make sure the site you’re connecting to uses a secure SSL connection – this means you should see https:// and not http:// showing up in the address bar.
7. Additional Safety Tips
Whenever you’re sending money to an address, remember that Bitcoin transactions are irreversible. Once the money is sent, there’s no “insurance,” and you can’t get it back. For this reason, make sure always to double-check that the address you’re sending the money to is correct.
Never type the address in manually since Bitcoin addresses have a lot of characters and you may make a mistake. Either copy and paste the address or use the QR code of the address to scan it. If you send money to the wrong address, there’s no way to retrieve it.
Make sure you trust the person you’re sending money to. If you don’t trust them, you can always use a third-party escrow service that you both agree on. One very popular escrow service is Bitrated, where you can choose known figures from the Bitcoin community as arbitrators in case of a dispute.
Finally, if you’re conducting small amounts of transactions, one confirmation may be enough to send over the goods to a counterparty. But if you’re dealing with large amounts, wait for at least six confirmations in order to be sure that the transaction is irreversible.
8. Conclusion
As you can see there are numerous types of Bitcoin scams, and I’ve only covered the main ones. The important thing to remember is this: Bitcoin transactions are irreversible.
So check as much as you need to make sure you’re sending money to someone you trust. Once the money is sent, there’s not much you can do about it.
Have you used the Bitcoin Scam Test? Have you been scammed or fell victim to a fraud? Let me know in the comment section below.
9. Appendix – Scam Test Tools
Question #4 – Domain age checker
Questions #5 / #6 – DR and link checker
Before you place any investment with a broker, ensure that you do your proper research so you don’t end up sending scammers your hard-earned money. I suffered from this after I sent a scammer I perceived to be a legitimate broker, but it later turned out he was a scammer. But I am happy I got introduced to RecoveryHacker101, because indeed I wouldn’t have gotten my funds if not for their expert services in tracing stolen crypto funds. I eventually got my money back and, trust me, I am not investing anymore. I can remember the sudden pain I got after I realized the broker was a scammer. That’s why I have taken my time to post this comment here to anyone in need of a crypto recovery expert can simply reach them at (recoveryhacker101@gmailcom). I vouch for their services 100%.
Don’t be deceived by different testimonies online that is most likely wrong. I have made use of several recovery options that got me disappointed at the end of the day but I must confess that the tech genius I eventually found is the best out here. It’s better you devise your time to find the valid professional that can help you recover your stolen or lost crypto such as Bitcoins USDT rather than falling victim of other amateur hackers that cannot get the job done. ( ADAMWILSON ( . )TRADING @ CONSULTANT ( . ) COM / is the most reliable and authentic blockchain tech expert you can work with to recover what you lost to scammers. They helped me get back on my feet and I’m very grateful for that. Contact their email today to recover your lost coins ASAP…
Most recovery companies will take your money again. I personally think they are the same set of people that run all of them, seems like an unending cycle and it’s too sad. The most crazy thing about the whole internet thing is how you can clone a website to make it look like the real one, I discovered so many people fell into this kind of scams. The only recovery company I know that works is mailing; WALLET CONNECT @ USA. COM } I have been to their physical address to meet them before and the good thing about them is that they will let you know if they can handle your case or not. So they will not just take your money when they already know they wont help you out.
In an era dominated by technology, the internet has become an integral part of our daily lives. While it has opened up new avenues for communication, learning, and entertainment, it has also given rise to a darker side online scams. Older adults, in particular, are often targeted by those seeking to exploit their trust and lack of familiarity with the digital landscape. In fact, folks over the age of 60 lost an estimated $3.1 billion in 2023, I was a victim too but I was able to get help from my FBI friend who connected me with the help of mail! ( Reclaim Instant Crypto {ă} Gmail {ð} Com )!
In the ever-evolving world of cryptocurrency, investing can be a thrilling rollercoaster ride. But what happens when that ride takes an unexpected turn, leaving you in a state of panic as your hard-earned assets seem to vanish into thin air? Rest assured, there is hope for a brighter future. Introducing certified recovery experts expresshacker99@gmailcomwho are here to help you reclaim what’s rightfully yours. With their unparalleled knowledge and expertise, these professionals are at the forefront of the battle against crypto crises.
I invested online to a scam broker company which I got stuck having challenges of making withdrawal of my investment profit , i later got intouch with a cyber security agent called Gavin Ray I sent him all he needed to place a Recovery and I got a call by the bank confirming the payment in my account,quick satisfaction on every successful withdrawals with him, on gmail: gavinray78 AT gmail com