10 ways how you can cheat when exchanging cryptocurrency

During the work on launching the monitoring of cryptocurrency exchangers at Bits.media, I started compiling a list of the risks I encountered and which users wrote to me after the incidents. And so as not to disappear to the good, I decided to arrange everything in a separate article. I added it a bit with points when working with p2p platforms, since there are also quite a few exchanges there now. The list goes from simple to complex, but do not underestimate the risks of even completely stupid methods of fraud, people come across them every day, and vigilance is sometimes lost in quite inveterate cryptans. Also at the end I will give a few rules that will help reduce these risks.

1. Dots and commas

Works mainly with p2p exchanges. Also very often used with redeem codes of exchanges. You agreed on the exchange, and they promise to send you a payment at the beginning, and then you, that is, you have no risks. We agreed, for example, for one thousand nine it doesn’t matter what. The code falls to your account or comes in at 1,009, after a quick glance, you send a transfer from your side, and then you are surprised to find that it is one whole and nine thousandths, and not nineteen. Often try this on systems where discharges in the display are separated by a comma or comma, and the user can confuse one with another.
')
2. False exchangers

False exchangers are often a few pages and a script that mimic the work of the exchanger. Users are lured by very tasty rates, sometimes even the cryptocurrency purchase price is higher than the selling price. Some “exchangers” leave only the exchange of fiat money for cryptocurrency, because for attackers, it is the safest way to get cryptocurrency. And users most often will not complain further than the blacklists of exchangers on the forums. What most often does not matter for an attacker, just a few “exchanges” beat back the idea, and then the change of the name + domain in a new circle. The rest of the vnutryanka can not be changed.

3. Phishing

Phishing is also common for existing exchangers, when domains similar to real exchangers are created, advertisements from search engines are given to them, links are sown in thematic groups in social networks, chat rooms, and forums. From the most distinguished "exchangers" they try to squeeze to the maximum, communicate on behalf of technical support, promise to pay everything, tell about bank delays, false users appear who write that they have been paid everything after the delay, you can safely change, etc. They threaten the owners of forums and monitoring for inclusion in blacklists. By the way, I have not yet met one single time for the owners of large sites to do this, but attempts are constantly being made. DDoS is mainly threatened by attacks, child pornography, complaints to the authorities, etc. Some offer bribes or merge the list of false exchangers of competitors.

4. Substitution of addresses

Most often occurs when p2p exchange on forums and in social networks, where the credentials of the representative of the service of the exchanger are cracked, and false addresses for receiving cryptocurrency are placed. Often, access to accounting is not taken away, the representative communicates as usual and does not immediately notice that the addresses are forged. They also come with contacts, for example, they replace the contact of the telegram, and when they call, they throw a client. Sometimes it can happen with exchangers, and VIP customers are offered conditions just for you and only now, the main thing is that bitcoins are being sent here.

5. Bay of dirty money

You can honestly change the cryptocurrency to rubles, but then you have problems. Most often it concerns the exchange for Qiwi, but it was also found in other electronic payments and payments on bank cards. Sometimes completely impudent, when you request an exchange for 100,000 rubles, and you begin to receive a stream of 1,500 rubles, 750 rubles, 2,300 rubles, and so on, that is, you simply send the payment for drug bookmarks to your address, until the required amount is poured. Usually, after such an account is blocked, and then you wonder what problems await you further.

6. Social engineering

More often concerns p2p exchanges. For example, knowing with whom you usually conduct exchanges, a clone of accounting is installed on the site, visually indistinguishable from your counterparty. The name can often be made identical by replacing the characters, for example, the English “o” with the Russian “o”. The same avatar, profile data, etc. Then they knock on private messages and offer an exchange, then everything is clear.

7. Chardbeck

Why no one likes to sell bitcoin for paypal? Because Bitcoin will go away for sure, but the paypal that came in may be canceled by chargeback. And, most likely, there will be nothing canceled, since such an exchange is prohibited by paypal, and the stick takes the side of the false payer. In other payment systems, chargebacks can also be done, but usually much more complicated and with a less predictable result.

8. "Drain schemes"

“Stolen” enrichment schemes come up, or someone is divided by the kindness of his soul, it doesn't matter. The essence of the scheme is approximately the following: we earn exchange rate spreads between exchangers. Go to the exchanger 1 and change your money there in any form to Qiwi. The exchanger is reliable, with a reputation, works for many years, do not be afraid. In the exchanger 2, we change Qiwi for bitcoins, it is a large reliable exchanger, cat reviews, 100% everything will be fine. Now, in exchanger 3, we change Bitcoins to Qiwi, this is a large American wholesale exchanger, it buys higher rates, we have it, absolutely reliable, here are the reviews. As a result, you get a difference in Qiwi of 5-10% per lap and you can drive it further, increasing your earnings. Of course, the exchanger 3 is fraudulent here, and its task is to collect cryptocurrency from gullible young businessmen. Relying on the fact that checking the reviews and the reputation of the first and second exchanger, on the third attentiveness already subsides, because everything is so cool according to the instructions, and the thirst for freebies turns off critical thinking. It seems ridiculous, but really people come across, I have seen more than one review deceived by this scheme.

9. Man in the middle or "triangle"

Works with both exchangers and p2p exchanges. The bottom line is this: the fraudster contacts both the exchanger and the victim. The victim seems to be the exchanger, the exchanger - the client. Both can provide any verification information, as it can request it from the second party. For example, the exchanger says that he wants to exchange rubles from Sberbank for Bitcoins, and the client that he, as an exchanger, will exchange rubles for Bitcoins for him. Requests from the exchanger details for replenishment, sends them to the victim. The victim may even be convinced that these are the details of the exchanger, if they are officially posted, as some do during the p2p exchange. The victim makes a transfer and sends the bitcoin address to the scammer for replenishment. The swindler exchanger already gives his Bitcoin address. The exchanger sends the bitcoins to the fraudster, and then goes the debriefing between the exchanger and the victim, who threw whom. Now most of the exchangers know about such schemes, but they are still trying to use this method.

10. Cheating with goods

A bit complicated previous scheme. The victim may not even know what cryptocurrencies are and certainly do not want to engage in their exchange. For example, a scammer places a lot on Avito selling something valuable for a very tasty price, but prepayment is obligatory (this may turn out later) or has already put it off for another buyer, but if you pay now, take it. Warranty for the buyer - from the scan of documents (linden) to chargeback from the bank and the criminal case, because the seller shines his card, where the payment will go. The price is delicious, there are a lot of those who want, who will pay the first, will leave. The agreed card number is given from the exchanger, but the exchanger states that it is the payment for the purchase of cryptocurrency, here is the address for replenishment. result as in the previous case.

What measures should be taken to minimize the risks of exchange?

1. Attentiveness, adequacy, critical analysis. Is always.
2. Divide large sums into parts and exchange the next part after receiving the previous payment, then the probability of losing a large amount is sharply reduced.
3. Get complex passwords that are unique to each site. If they break into one, then through its base they go through all the other similar ones.
4. Recheck your details at each stage. There is even malicious software that replaces bitcoin addresses in the clipboard. And sometimes users themselves get confused, send a BCH wallet instead of BTC.
5. When working check additional data. With p2p exchange, it can be the user id on the forum, in the social network, messenger. Counter posts on the forum. If the user had 1500 messages, and now he is writing to you, and he has 15, this should be suspicious. For sites you can put some puzomerku in the browser. For example, if google.com gives the value for alexa 1 usually, and here it gives out 6 million, then you are clearly not on that page, as you think. You can check the date of registration of the domain, etc.
6. Google reviews on services and money changers at independent sites. It is useless to look at the reviews on the exchanger site itself, anything can be drawn there.
7. When accepting payment, ask for a fresh (!) Photo of the card from which there will be a payment or a photo of the goods. And the best video where the voice speaks out for whom it is removed. It will not remove all the risks, but it will eliminate those who are completely “working” at random.
8. Any invoices, files with details, photos, etc. open in a separate virtual machine, in which there is no access to anything valuable.
9. Do not make transactions at the request of third parties. Even if this is my mom's friend's best friend.
10. Pay attention to the limits of payment systems you work with.
11. When sending cryptocurrency, select a sufficient level of commission so that the payment does not hang for a long time. Many services in this case can change the courses at a disadvantage for you.
12. Contact the counterparty via several communication channels to confirm, for example, via mail, instant messenger and personal messages of the site where the advertisement is placed. At least at the first contact.

If you know more methods of fraud, or you have methods to counter it - write in the comments.

If this article helps at least one person not to fall for the tricks of a scam, then I wrote it for a reason) You can save to favorites if you consider it useful as a checklist. If there are more ways to appear, I will add here.