To build a Bitcoin community for the 100%, we teach everyone how to stay protected when trading. As with any kind of investment, there may be people to try to take advantage of your enthusiasm and eventually gain access to your funds. To help you protect your money, we’ve put together a list of common tactics these malicious actors may use to illegally access your funds.
Through this, you’ll figure out how to protect your Bitcoin from these scams right from the start. The more you’re aware, the more you’ll be able to keep your money safe. Without further ado, here are some of the most common types of malpractices you might encounter:
Fraudsters will typically tell their victims that they’ll use the money invested to make a profit from buying and selling Bitcoin. Then, they’ll lure them in by promising too-good-to-be-true returns. In actuality, they’re using the money from new investors to pay off their old investors, giving off the illusion that the system works—making good on their promise.
Investors are misled into thinking they’re making money from the business they funded. However, in reality, no income has been made; money is just being moved around. As soon as investors decide to cash out, the whole scheme implodes—losing everyone’s funds in the process.
Prevention: You don’t need to hire anyone to invest in Bitcoin. You can buy it yourself on Paxful and earn by trading it on the marketplace or even just holding it. This way, it’s much safer since only you have access to your Bitcoin.
Cloud mining scams
When it was first introduced, Bitcoin mining was the only way to get your hands on it. The competition wasn’t as tough, which made mining extremely fruitful at the time. However, as Bitcoin continued to develop and gain popularity, new and bigger players entered the Bitcoin mining market with powerful equipment—making it harder for the average person to earn.
Cloud mining companies have offered a potential solution to this: in exchange for their computing power, all you need to do is give them a portion of your earnings—a win-win situation, right?
Unfortunately, that isn’t always the case. Usually, these mining contracts factor in the difficulty of mining—reducing your earnings as the level of difficulty increases. In most cases, people would be fine with it because they’d make money from selling their BTC at a higher price. However, the important thing to remember here is that Bitcoin’s price and mining difficulty are directly proportional (the higher the price, the more difficult it is to mine).
As a result, many people have begun to believe that cloud mining schemes are nothing but Ponzi schemes as well. Instead of hiring a remote server farm to do your mining, it’s more likely that it’s a group of people who use pyramid scheme tactics to pay out old subscribers from new subscribers’ earnings.
It’s worth noting that not all cloud mining companies are schemes. However, legitimate ones will probably set the mining difficulty and renting systems in a way that will maximize their own earnings—meaning that the house always wins.
Prevention: The simple way to avoid these schemes is to not invest in them at all. However, if you believe that it’s a must, make sure to read all of the documentation very carefully.
We’re at a point in the Internet’s age where many people are aware of malicious emails. These are emails that create fear, uncertainty, and doubt in people—whether it be an empty blackmail claim or a fake contest that you’ve won. To give you a better idea, here’s an example of one:
I know your password is: 32413241jobs
You got infected with my malware, RAT (Remote Administration Tool), while browsing the web where my iframe was placed, in the background you got redirected to my exploitpack, your browser wasn’t patched so you got infected!
My malware gave me full control over your computer and access to all your accounts (see password above)!
I COLLECTED ALL YOUR PRIVATE DATA!
YOU KNOW WHAT I MEAN – I KNOW ALL YOUR SECRETS – YOU KNOW THAT THIS ISN’T A JOKE!
After that I removed my malware, to not leave any traces.
If you don’t pay me exactly 1800$ in bitcoin (BTC), I will PUBLISH ALL YOUR DATA, send it to all your contacts, over email, post in on social network!
WE BOTH KNOW – this is a very good price – compared to LIVING HELL!
YOU GOT 2 DAYS TIME TO GET THE BITCOIN (BTC) AND PAY!
One exchanger is paxful.com (there are many ways to buy bitcoin), other is www.coinbase.com
You also can Google for other sites, “Where to buy bitcoin?”
My bitcoin wallet is: 1GmebPccNzPrkFiWknizbsCfzgXv27JGZP
Copy and paste my wallet, it’s (cAsE-sensetive)
After receiving the payment, I will delete all your data and you can life your live in peace like before.
If you get this email multiple times, it’s to make sure you read it.
You will make everything worse, if you show this email to anyone – this should stay our little secret!
Let’s break this down. There are a few things wrong with this email:
- Unfamiliar greeting – The sender goes straight into an unrealistic threat by saying “I know your password is 32413241jobs,” immediately putting you on edge. Intimidation is a popular tactic for phishing schemes.
- Grammar and spelling errors – It’s clear from the get-go that this email isn’t drafted by a professional—there are tons of typos as well as grammatical and spelling mistakes. This should be an immediate red flag for anyone who receives it.
- Threats – By saying “If you don’t pay me exactly 1800$ in bitcoin (BTC), I will PUBLISH ALL YOUR DATA, send it to all your contacts, over email, post in on social network,” the sender doubles down on the threats to get you to act irrationally. They also sprinkle in other threats like “compared to LIVING HELL” and “You will make everything worse, if you show this email to anyone.”
If you ever receive an email like this, block the sender, report the account, and do not pay them. These types of people play a numbers game and send this email to thousands of people, hoping that someone will take the bait. In fact, they often use a bot to automate the entire process.
Prevention: This type of email will pressure you to send money, so whatever you do, do not react. If you receive an email that displays any or all of the characteristics mentioned above, block the sender, and mark it as spam or delete the email immediately.
There are some people out there that set up fake exchanges to make people think that they’ve invested in Bitcoin. After they receive the payment, the buyer will never receive the Bitcoin and the people who set up the fake exchange can run away with the money. An example of this would be BitKRX. Exposed in 2017, the platform disguised itself as a subsidiary of the South Korean exchange KRX—the largest financial trading platform in the country.
Prevention: Before you put in any of your hard-earned money, make sure that the platform you’re trading on is a reputable and legitimate one. Check if they’re government-regulated and do research about people that have traded on the platform before.
Paxful is a government-regulated marketplace and has been a trusted place to trade Bitcoin since it was founded in 2015. We comply with all KYC/AML laws and standards, making Paxful one of the safest platforms in the cryptocurrency community.
Fake digital wallets
People that need to generate a QR code for their wallets sometimes fell prey to this tactic. People with malicious intent will use malware to generate a QR code for their wallets instead of yours—redirecting all the money into their pockets. Some even go as far as creating similar-looking wallet addresses to give victims a false sense of security.
In fact, a study done in 2019 showed that 4 out of 5 Google results for the phrase “Bitcoin QR generators” are stages for this type of scam.
Prevention: Instead of Googlinga QR code generator to get a Bitcoin wallet, sign up with Paxful and get your very own actual Bitcoin wallet that you can use to trade, manage, or send/receive Bitcoin.
Fake QR codes
Aside from fake digital wallets, there are other QR-code-related scams to be on the lookout for—both out in the real world and in the digital world.
Some of them will print QR codes on stickers and then paste them over genuine ones, leading payments to their wallets instead of where it’s meant to go. Others will attach them to phishing emails and fake websites to try and trick you to pay them.
Prevention: Before providing any information or payment, make sure to check the link that’s attached to the QR code and see if there are any errors on the URL. Think twice before scanning a QR code found on an email. If you’re making payments to a physical store, check to see if there’s a QR code that’s pasted on top of another one.
People with malicious intent have cloned popular exchanges and marketplaces in an attempt to fool their users and obtain their personal information. They might even send out emails with the link to these websites and disguise the email to look like it came from a reputable exchange or marketplace.
Prevention: Check the URL of the website you’re using and make sure that it’s identical to the official link. If it doesn’t add up, it’s probably a fake website. Another thing you can do is to enable 2-factor authentication (2FA) so that you get a notification on your phone if someone were to ever breach the security of your wallet.
A pump-and-dump scheme refers to manufacturing hype to generate false information about an upcoming cryptocurrency project. Without necessarily believing in the project, people with malicious intent will buy a large amount of a coin at a very low price and then hype up through social media and word of mouth.
Once the price reaches its highest, they’ll sell off all their assets—causing a massive dip as a result. This leaves investors holding onto a worthless coin and losing a ton of money in the process.
This type of scheme is very apparent in popular messaging applications like Tiktok, Youtube, Discord, Telegram, and Viber. They’ll tell you about a new project, convince you to buy early before the official release, and then take your money.
Prevention: Do your research to see what a pump-and-dump scheme looks like and don’t base your investment decisions on hype. Be sure to actually dig in and look at all the documentation involved—whitepaper, social media profiles of the developers, and data on the coin holders. If they seem too good to be true or there are suspicious inconsistencies, it’s likely that the project is a rug pull just waiting to happen.
Cryptojacking is a type of cyber attack that hijacks your computer’s resources to be used for a hacker’s mining operation. It could be malware attached to an email or download file. Once you click on a malicious link or download a suspicious file, your computer is infected. As a result, your device slows down and even overheats since the mining operation takes up significant computing power in the background without you knowing.
Prevention: Make sure that your devices are up-to-date with the latest patches and fixes. Also, make sure that you only download software from trusted sources.
SIM swapping refers to when a malicious actor gains access to your phone and locks you out in the hopes of getting into your important accounts—digital wallets, personal information, etc.
People with malicious intent will contact your mobile phone carrier and pretend to be you—saying that their phone was stolen or destroyed and that the phone number needs to be transferred to a new SIM they already have.
As soon as they convince the customer service representative that their claim is legitimate, your phone number is transferred to the new SIM. From there, they have the ability to bypass all the SMS-based 2FA on all your accounts. Since 2FA is used to regain passwords and recover accounts, they can basically take over any of the online accounts linked to your phone number. It’s a form of social engineering attack that has a massive increase in reported cases in recent years.
Prevention: Aside from protecting your physical SIM card and smartphone, make sure to never give out personal information to unsolicited calls, texts, and emails. Without that information, they won’t properly be able to pose as you and have your data transferred into their phone.
Fraud in peer-to-peer marketplaces
We do everything we can to protect all the honest users on Paxful. We have security systems in place as well as a 24/7 customer support team to help you with any problems you encounter. However, it might help you if you knew what type of schemes bad guys try to pull on Paxful—which can be sorted into the following categories:
Coin locking refers to a situation where a buyer is holding a seller’s Bitcoin in escrow without the intention of making a payment. By itself, it isn’t necessarily a scam but what is considered to be one is the extortion that can come after.
There are two types of coin locking: innocent and malicious. People who are new to the platform might open up a trade and forget to mark the trade as Paid. In this scenario, a moderator will intervene and look into the dispute—eventually releasing the Bitcoin back to the seller.
However, on the malicious side of things, there are people who will try to bait sellers into releasing the Bitcoin without making a payment by using psychological tactics such as pressuring the seller or convincing them that payment is on the way.
Prevention: If you’re an honest buyer on the platform, make sure to mark your trade as Paid as soon as you’ve sent the payment so that your trade partner can verify it and the trade can move along accordingly. If you’re a seller and encounter the malicious type of coin locker, don’t release the Bitcoin, report the user immediately, and then start a dispute.
Deliberate payment reversal (chargebacks)
Payment methods like PayPal, credit cards, debit cards, and some online wallets are reversible in nature. This means that the payment can be reversed if the corresponding platform finds the trade to be suspicious—which is open to interpretation and may vary depending on the platform.
On the other hand, Bitcoin transactions are irreversible in nature. If a buyer can convince a representative of the payment method that the transaction is suspicious, they can get both the BTC and their money back—leaving the seller empty-handed.
Prevention: Look for an honest trader by checking if they’re a trusted trader on Paxful and looking at their previous transactions. Another way to protect yourself from chargebacks is to immediately transfer your funds to a separate account after a transaction.
Used/fake gift card codes
Gift cards are one of the easiest, quickest, and most popular ways to buy Bitcoin on Paxful—people even start their own online businesses with gift card payment options. However, despite their ease of use and popularity, there are things you still need to be on the lookout for.
When starting a gift card trade, there are a few users that will prepare fake or already-redeemed gift card codes. In that case, the seller will then have traded their hard-earned Bitcoin for a gift card they can’t use.
Prevention: If you’re selling Bitcoin for gift cards on Paxful, make sure to check the balance of the gift card before releasing the BTC from escrow—it’ll ensure that you get the value of your money back before letting go of your hard-earned Bitcoin. Additionally, you can use the Gift Card Hub for easier and safer gift card transactions.
Most peer-to-peer Bitcoin marketplaces, including Paxful, make use of an escrow feature to safeguard funds until the terms of the transaction are met—making it an extremely secure feature that protects both buyers and sellers.
People have acknowledged that something as secure as escrow cannot be breached easily, so as a workaround, they try to manipulate users into trading off-escrow. As soon as a trade is taken off escrow, two scenarios can no longer be guaranteed: the buyer making the payment in the agreed payment method and the seller releasing the Bitcoin after receiving payment.
In most cases, they will try to move the conversation to another messaging platform and try to conduct the transaction there. This is a tell-tale sign that they’re trying to steal from you.
Prevention: Never trade off-escrow—it’s against Paxful’s Terms of Service and it will be impossible for our moderators to protect you. If you encounter someone that tries to continue the trade outside of escrow, report them immediately.
Watch: What is escrow?
Inducing panic for a quicker release
Similar to Bitcoin, Paxful’s transactions are also irreversible in nature. Once the Bitcoin is released from escrow, there’s no way to get it back unless your trade partner agrees to send it back.
Some will pretend to already have made a payment and will try to pressure into releasing the Bitcoin from escrow. They’ll do this by rushing you to complete the transaction or inducing panic to release the Bitcoin out of fear.
Prevention: Make sure that you confirm the buyer’s payment before releasing the Bitcoin from escrow. Don’t let their words rush you into releasing the Bitcoin early.
Fake proof of transaction
With all the software that has been developed, any photo or video can be manipulated. Bad actors make use of these programs and create false documents that look legitimate. These can be debunked easily by digging deeper and checking records, in which our experienced moderators are very proficient.
Prevention: One way for you to prevent this from happening to you is by looking for a trusted trader. Doing so will make it very unlikely that you find yourself in this situation. However, if it does happen, make sure to report the user and start a dispute so that our moderators can look into the matter.
Asking to send a different amount than what is listed in the offer terms
An extension of coin locking, some will ask for more money before they release the Bitcoin from escrow. They’ll try to pressure new users into sending more than they have to and rip you off on the trade.
Prevention: There are offer limits on Paxful for a reason. Never feel pressured to send more than what’s stated in the offer terms. If a seller ever asks you to do so, politely ask them to honor the original terms. If they decline, start a dispute so our moderators can investigate the issue.
Asking to use a different payment method than what is listed in the offer terms
Similar to the previous method, bad actors will randomly go into trade offers and pressure buyers into using a different payment method than what’s stated. This essentially violates the integrity of the offer.
Prevention: If a seller ever asks you to pay using a different method, cancel the trade and look for another offer. Canceling trades will have no effect on your feedback score, so don’t be afraid to do so if your seller is suddenly changing the terms of the trade.
Fake tech support
In this type of scheme, people with malicious intent will try to contact you and pretend to be affiliated with Paxful—usually as one of the moderators. Often, they’ll ask for your personal information like your password so that they can get access to your account and money.
Prevention: On Paxful, there are specific ways to contact support like PaxBot—your very own support chatbot on the platform. There are also official Paxful email addresses that you can trust and indicators that show you’re dealing with an official moderator.
We’ll also never ask for your financial details, 2FA code, or password. We’ll never ask you to click on a link to receive your funds or verify any information. If you do get an email asking for these details, report them to us right away.
It has nothing to do with Bitcoin
The truth is that these types of schemes have nothing to do with Bitcoin. When it comes to people with malicious intentions, all they’re doing is taking something as pure as Bitcoin and using it for their own personal gain.
At this point, there should be no doubt that Bitcoin is 100% legitimate. Time and time again, people have showcased the good that it can do for the world—using it for real-use cases like speedy remittances, efficient transactions, and as a viable store of value.
Additionally, Paxful implements many security measures to protect you on Paxful. Aside from features like 2FA, escrow, and a 24/7 customer support team, we also have a secure Bitcoin wallet to store your money and state-of-the-art blockchain analysis tools to keep any suspicious activity far away from your account. We do everything we can to ensure that you can buy Bitcoin instantly on the platform in a safe trading environment.