New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Episode 20 – In the head of a scammer

Jul 28, 2021 | Updated Jul 7, 2022
Watch 13 min
Beginner

“If only it were that easy to tell a scam from a legit project. Hopefully it’s easier now that we’ve covered some of the biggest, most brutal scams in crypto history and given you some tips for sussing out the projects that have a brighter future than BitConnect.

But to really understand a scammer, we have to be a scammer.

So stick around as we get into the head – which is actually just my head – of those sneaky scammers to understand what makes them tick. Which will give us a better idea of what to watch out for so we can make good crypto investments and end up with the financial freedom the ecosystem is all about.

This is School of Block.

Hi valued customer – This is an automated message to inform you that your 24-word recovery phrase has been initiated. Please note that it can take up to 24 hours to deliver all the funds to your new wallet. If this wasn’t you, report your recovery phrase immediately so our team can freeze the process in time. Otherwise just ignore this email.

To this day, many people do not ignore this email, but instead send their crypto account recovery phrase to the scammer.

As we’ve mentioned before, and will continue to mention, until you can say it in your sleep and backwards, never give out your private key or your recovery phrase! No crypto company – and especially not Ledger, and trust us we know, they’re the sponsors of this series – will ever ask you to share that information.

To some of you watching, this might seem like an obvious HELL NO, but one of the ways scammers and hackers work is by taking advantage of the most … well how do I put this nicely … the least savvy. These scammers know it’s not going to work everytime, but your little old grandma, running out of her pension money? Well she might just take the bait.

As a scammer, I’m looking for a scam that’s not a huge amount of work for me but can also easily be pushed to a wide audience. And then I hope and pray that a few people fall for it.

But for those of us that are internet native and a little more tech savvy, check out how easily I might be able to scam you too.

Scammers aren’t able to compromise our devices, most of the time, without us making some kind of mistake. Everyone makes mistakes. And that’s fine when we’re talking about accidentally breaking a coffee cup, but to make a mistake in crypto can have dire consequences.

So what do scammers do to make us make a mistake?

They play to our emotions. They design traps that make our hearts race, make us think that we need to act right now before everything is lost (like you saw above). So the first thing to remember here is that it’s all about controlling your emotions. And a healthy dose of skepticism never hurts.

Once you know how to detect these red flags, they actually become quite evident. So let’s begin introducing you to the main traps and how to avoid them.

Everyone loves a charismatic leader. Especially one that’s telling them they’re going to be filthy stinking rich. That’s what OneCoin had in its CryptoQueen Ruja Ignatova as we talked more about in Episode 17. And even blockchains that aren’t scams have their cult of personalities – think the pseudonymous Satoshi Nakamoto for Bitcoin or Vitalik Buterin for Ethereum.

And if I just tweak one letter in Vitalik’s Twitter handle – @VitalikButerin – let’s turn the second “i” into a 1, copy the rest of his profile and then tweet out that I’m working on a new project and you can sign up to be in the beta testers or download the whitepaper, how many people all gushing over that skinny genius do you think will click the link?

As we highlighted in the intro, phishing scams – especially ones asking for your recovery phrase – are one of the most prevalent in crypto. These scams play on people’s emotions, especially those negative emotions that scream, “ACT NOW, HURRY!!!!” But remember, your 24-word seed phrase should only be typed in your hardware wallet and never shared with anyone else, not even your dog.

Anyone asking for your recovery phrase is a CRIMINAL!

Another scam that’s been making the rounds lately is the pre-seeded device scam. This is especially relevant for hardware wallet users. The scammers actually make a bigger investment in this one – what they do is purchase a hardware wallet, seed it and then repackage the device. Once repackaged, they send it to someone with a letter saying, “Since you’re such a loyal customer, we decided to give you another device for free.”

Remember skepticism. It should be really triggered here!

The letter also gives the “lucky” recipient a recovery phrase to use… So the person enters that phrase – which is actually the recovery phrase of the scammer’s account – and then adds some crypto. And the next time they check the hardware wallet, that crypto is looooooong gooooone.

So the advice here is to never use a hardware wallet that you didn’t order, and the 24-word recovery phrase should always be generated by the device.

That link – Well it could take you to a site where you input some personal information to sign up for the beta test. And as we BEAT INTO YOUR BRAIN in Episode 19, none of us would ever type in our private key there, the hackers could get enough information from us, that they could carry out other types of attacks. More on that later.

That link might also contain a download for the whitepaper for the new project. But along with a shoddily written manifesto with some very wrong math, you download with it, some malware, which then slithers around in your computer looking for information to steal, like cryptocurrency exchange passwords.

SIM SWAPS

There’s another hack that’s prevalent in the crypto space that takes a special kind of scammer – the SIM SWAP.

Remember when you put in your personal information to sign up for Vital1k’s fake beta test? Sure, it wasn’t your private key, but maybe it was your name, email, telephone, home address, maybe they even asked you to answer a standard security question like what was the name of your first pet…

SIM swappers typically end up using a method called SOCIAL ENGINEERING to trick mobile carrier customer service reps into swapping your account over to the hackers. They call in and now armed with a good amount of your personal information – plus cue crying baby recording in the background – act flustered and in a hurry and extremely apologetic about not remembering their, your/ 6-digital passcode – and what’s the poor customer service rep supposed to do?

We’re all humans, we want to help people.

And so instead of demanding the passcode – it’s easy enough to forget with a fake baby crying in your arms – the customer service rep says how about you just answer one of your security questions: What was your first pet’s name?

BINGO!

Both the dog’s name and my excitement at having screwed up your day, week, year, maybe even life.

SIM swaps are a personal hell. If you’ve got your crypto wallets backed up with two factor authentication or even your biggest bags sitting cooly in cold storage on hardware wallets, like we discussed in Episode 19, you’re pretty safe from losing your crypto even if a hacker does end up SIM swapping you.

But it is hard for me to properly articulate what a pain in the arse it is to restore your account after you’ve been SIM swapped. You’ll certainly have to go into the mobile carrier’s store. And go ahead and take a full day off work or anything else you had planned as you figure out ways back into your accounts and reset all those passwords.

So, I guess, the moral of the story is, be paranoid, very, very paranoid.

Not really. You don’t need to go all tin-foil hat and boarded up windows here, it’s just worth being extremely mindful about the crypto projects and people you interact with and vigilant and holistic in your research and due diligence.

Don’t make rushed decisions. Just stop and think, maybe take some deep, slow breaths, really get zen before you make a decision about your crypto. Definitely don’t do it whilst boozing with your college mates.

And again, one more time: NEVER give away your recovery phrase, NEVER share your recovery phrase and NEVER communicate your recovery phrase.

Take a rewatch of Episode 19 even, where we discuss what to look for in good crypto projects, like whitepapers without blatant misspellings and strong and active Github repositories.

Education is key to success in the crypto space! Sure, it’s fast and ever-changing and fascinating, but you have to have a level head at all times.  As we’ve said before, with great freedom comes great responsibility. The future is in our hands.

You’ve been watching School of Block, presented by Ledger and the Defiant. Our mission is to keep providing you with the necessary knowledge to navigate the crypto space like a boss. So go ahead and subscribe, drop us a like if that’s what you’re into, and as always – here’s to your financial freedom.”


Related Resources

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.