Welcome to your new column on the Journal du Coin. For once, we will set aside our natural optimism about the potential and the future of Bitcoin and the crypto industry at large, to shed harsh and uncompromising light on the sector’s less than rosy scenes. Indeed, this section will aim to expose, dissect, explain – and if possible prevent – the various scams, traps and other scams that tend to proliferate in the shadow of an industry in full adolescence, at the crossroads of new technologies and Finance 2.0. A mixture that probably makes up the worst cocktail there is for the novice investor or the enthusiastic, but a little naive, amateur: if drunkenness is guaranteed, the hangover will, indeed, sometimes be carbine!
Ready to explore the little museum of crypto horrors with us (and come out, hopefully, a little more seasoned)? We start today with a great classic: the fake airdrop scam.
Surviving the crypto winter in a nutshell:
>> Safety is the basis! To keep your cryptos close to you, trust Ledger (commercial link) <<
A Short Crypto Survival Handbook for the Savvy Investor
Crypto is such an exciting subject that it knows to be dangerous. If, well understood, Bitcoin will open doors for you leading to unsuspected potentialsit will also serve as an attractive pretext for scammers of all kinds to try to make you fall into a multitude of traps.
Let us understand, however, the intention of the author behind these few lines: in 2023, you MUST be interested in the subject of Bitcoin, in the same way as finance giants or some entire countries.
However, it would be naive to assert that the crypto sector does not represent a dangerous minefield for anyone who would engage in it without precaution with a step as voluntary as it is unprepared.
The purpose of this series of articles, the first opus of which you have given us the pleasure of reading, is therefore threefold:
- Expose concrete examples of traps, scams, dangers that everyone comes across on social networks, or in their discovery of the subject of crypto online;
- THE dissect in order to better understand the perverse cogs, the mechanisms and the levers that their authors will try to activate in you in order to bring you gently to the fateful click or the fatal action;
- Enlighten and arm you for the rest and you empower to enable you to develop basic computer hygiene and fundamental cybersecurity reflexes, while strengthening your critical thinking.
This note of intent being posed, we immediately approach our first criminal case in this case the fake airdrop scam.
The Blur and the money of the Blur
Unless you discover the crypto subject this morning, the news of the platform Blur will not have escaped you in recent months. This very direct competitor of the NFT marketplace OpenSeathis is, in fact, pointed out by a policy of marketing conquest particularly aggressivemarked in particular by the allocation of its house token, the… $BLUR (why complicate life?), intended for its users.
While it is customary in our industry to remember that “ magic money does not exist », It should be agreed, however, that certain token distribution operations (one of the other names for coins, or cryptocurrencies) have sometimes proved to be particularly lucrative. Thus, certain airdrop operations, or airdrophave sometimes reached a value of several tens of thousands of dollars (we think of the $APE of the Bored Apes, or the $ENS token ofEthereum Name Service).
Of course, whether it’s the BLUR token or other operations, each airdrop is always accompanied by specific conditions and constraints, mechanically limiting its benefits to certain “early adopters” or well-informed investors. Still: remains in the minds of the general public that massive and lucrative airdrops are “normal” in crypto. And, it is on this biased perception that the fake airdrop scams of which our victim of the day was the target are essentially based..
Fake airdrop scam: a drama in 3 acts
Let’s start by thanking the unfortunate Baxt38protagonist of this painful episode, who accepted that his misadventure serve as an illustration and a lesson for the benefit of the greatest number.
the bait
Baxt38 is a seasoned crypto enthusiast, he considers himself reasonably cautious, and he is accustomed to wallet manipulation and performing complex transactions on different networks.
However, a combination of bad luck and lack of vigilance will make him fall into a trap that will lead to the siphoning of his wallet.
It all starts with the appearance of a “sponsored tweet” on his Twitter feed.
There are “3 hours left to get an airdrop of $BLUR”.
This very simple sentence presses heavily on one of the most powerful levers there is: an opportunity arises, but beware: we must act quickly ! Whatever form or appearance this lever takes, the fund is always the same and aims to make you abandon your rationality, overshadowed by a sense of urgency. You have of course recognized it, it is the famous FOMO (the fear of missing a lucrative opportunity).
Baxt38 summarizes it well, after the fact:
“It was the time constraint that failed me. I interacted with the real Blur for the airdrop not long ago and then I follow the official account. So when this tweet appeared in my feed I didn’t pay attention to the fact that it was a sponsored post and therefore it wasn’t the Blur account I was following. With this sentence “you have 3 hours to recover your airdrop” I copied the direct link and here it is…”.
If the person concerned recognizes a lack of vigilancehe was also a victim of both circumstances (he follows the official account whose fake account is cloned), he has already interacted with the platform (he is therefore apparently on familiar ground), but also a lack of rigor when it comes to Twitter standards. Indeed, the platform of the whimsical Elon Musk does not seem particularly disturbed by the fact of being paid to pass sponsored tweets from obvious fake pages.
In short, the combination was formidable, and a click on the fake tweet’s link took him to an equally fake site.
The trap
Anyone dealing with the subject crypto scam (and scam mechanics in general) knows it: the most difficult thing is to encourage the future victim to take the first click.
All that remains is to accompany him gently in a channel of reinforcement while maintaining his suspension of disbelief intact. It is a technique that is commonly used in the film and entertainment industry and which refers to something deeply human: the tendency to daydream and let go.
A way to remember that no one is immune to the phenomenondespite the tenacious certainty that generally inhabits us that “it wouldn’t happen to me!”.
Anyway, once on the infected site, Baxt synchronized his wallet with the smart contract set up by the evildoers.
Except that, of course, the command did not allow to recover any airdrop. However, he instead opened up full and immediate access to all of the assets in his portfolio. At stake, the loss of 0.5 ETH and some precious NFTs.
At this stage, some would explain learnedly that it “would have sufficed” to detail the authorization message (the famous ” approvals “) when validating the transactions, only to find that there was an obvious problem in terms of the rights granted. If this is not formally false, however, we will insist again on the fact that all the details of this kind of scam are worked out in such a way as to “put to sleep” the vigilance of the future victim, with obvious effectiveness in view of the number of scams of this type.
>> Not your keys not your coins! Opt for a foolproof hardware wallet, choose Ledger (commercial link) <<
Post-mortem dissection: 1 minute verification to avoid 99% of scams
In the vast majority of cases, a few reflex checks and a handful of seconds are enough to identify the overwhelming majority of attempted scams. That’s the good news. It is also an opportunity to recall that your worst opponent in this matter… is you !
Indeed, it is you who will more or less confusedly agree to sacrifice some basic security operations for fear of “missing the opportunity of the year” or choose to leave aside your critical spirit, in favor of the feeling of greed that everyone carries within him in varying degrees. Finally, it is you who in the end will click on the fateful link (and this, several times) leading to the disappearance of your funds.
This is not to make you feel guilty, but simply to remember that the famous Socratic “know thyself” remains perfectly relevant, including in the field of crypto investment.
Having recalled this prerequisite, let’s now talk about the formal “red flags” of the original tweet:
- Twitter account names. Blur’s official account name is @Blur.io. In the screens a little higher, we see that it was roughly imitated by a lBIur.Lo with the (classic) use of the letters “i” “I” and “l”, very similar graphically in the Roman alphabet.
- On the bottom of the message : use of a random phrase with aggressive keywords such as “top”, “print millions”, “smartest pinball machines”… a very degen and “to the moonist”, not really fitting with Blur’s way of communicating (even if we will agree that on this particular subject, the border is sometimes blurred between a little greasy marketing and authentic manipulation).
- Scam site url : the official Blur website operates on the domain https://blur.foundation. The fake site uses again the same technique as the Twitter account by inverting the letters “i” and “l” (see screen).
Faced with a configuration of this type, the safety reflex is quite simple : open a new browser window and search for the official site (or, even better, go through a favorite pre-registered by you).
The same goes for social media accounts: if an offer seems suspicious to you, start by looking for the official account as a precaution. Even better (in case of hacking said account, as for The Sandbox recently for example), take 5 minutes to go around other accounts on the platform (Facebook, Medium, Tiktok, Instagram…). If you can’t find any trace of the seductive initial operation, there is probably a suspicious whale under gravel…
And for those who would like to go a step further, consider checking the URL of a suspicious site by going to the specialized site Scam Advisor.
The opportunity to see that the site on which you are promised rapid and unexpected wealth was created a few hours earlier.
We are already coming to the end of this first episode which, I hope, you will have enjoyed, despite a less than pleasing subject matter. The bad news is that you are regularly going to have to weave between traps in your crypto epic. The excellent news is that in our company, you will acquire all the skills required to become an outstanding pilot and that the time to practice is ideal, waiting for better days.
Disasters and hacks don’t just happen to others! It is better never to entrust the security of your cryptocurrencies to a third party. To sleep with peace of mind, equip yourself with a Ledger secure hardware wallet, there is something for all budgets. Your security is priceless (commercial link).