The Top 10 Most Common Bitcoin Scams & Hacks

9 min readMay 23, 2021

How Scammers are Making Big Profits Looting Crypto Holders

Anyone who has stood in line at Western union can appreciate the objective of crypto currency — to send and receive payments free of centralized control.

However, the lack of protections inherent to decentralization have led to an unprecedented new era of big money scams. According to Wikipedia more than 980,000 Bitcoin have been stolen since 2018 and that doesn’t include altcoins.

If you find yourself the victim of crypto theft you’re unlikely to get justice. In fact, Coinbase alone has 14 million customers and less than 2000 employees. Many crypto holders have been waiting months just to get a human response.

At RemoteKeyloggers we have been researching and reverse engineering the most common methods used by crypto scammers in hopes of saving our readers the anguish of logging into an empty wallet. With no further ado, here are the top 10 crypto hacking scams and hacks.

1. Misspelled Domains and Cloned Crypto Wallets

Fake wallets are a popular method used to scam crypto holders out of their assets. The fake wallet posted below even appeared in Google’s Adwords making it the top result if you were searching for the Exodus wallet.

An imitation Exodus Wallet from a Misspelled Domain

Image Description: Crypto scammers are buying domain misspells and using Google Adwords to make the top search result. It’s very effective as a new $25.00 VCC (virtual credit card) will get you your first $100 in Adwords free. The whole scam including the $100.00 in free Google Ads can be done for less than $30.00 and a days work.

One of the better fake wallet websites we’ve seen. They’ve done a great job of matching the Exodus look and feel. Whoever built this could make a decent living just about anywhere with this level of quality.

2. Fake Support Channels on Reddit and Facebook

Most crypto service providers have their own subreddits and Fanpages. Unfortunately, many uninformed crypto holders consider these channels a legitimate means of communicating with official tech support.

A fake “Support” staff agent responds to a customer request

Image Description: An Exodus wallet user asks a tech support question and is immediately inboxed by a scammer using an official looking logo and user name.

The post below shows just how effective fake support can be. Sadly, there is no recourse for these victims except for a few scambaiters who have taken it upon themselves to hack these Bitcoin scammers and return their stolen crypto.

A victim of fake support chat takes a big loss.

Image Description: Another Bitcoin holder falls prey to crypto scammers. An everyday occurrence that you’ll find in every subreddit and Facebook group.

3. Keyloggers and Spy Apps on Shared Networks

Image Description: Shared computers with keyloggers at workplaces with independent contractors such as real estate agents and mortgage loan brokers.

There are some cases of crypto theft that we have been unable to solve or blame on poor internet hygiene. We attribute these losses to keyloggers and other spy applications, specifically remote installation keyloggers which don’t require physical access.

In our white hat penetration test of a local real estate branch we were able to aquire the passwords and logins of nearly every agent in the office, and we did it without ever visiting the office.

While we didn’t use these passwords to access personal email or social media accounts it’s safe to assume that some investors store their seed phrase in their email. A very risky practice in an environment where people share computers that they don’t own.

We were able to this by simply binding the keylogger to a PDF and titling it “Properties I’d like to see”. We know for a fact that the office that this file would have never passed Windows Defender without an human user providing an exclusion, yet in worked on 3 out of 10 real estate agents which resulted in access to the accounts of over 50 agents.

That’s the danger of a shared computer environment — nobody cares because it isn’t theirs.

4. Fake Testimonial Comment Chains

If you look at nearly any crypto related YouTube video you’ll find a string of comments like the ones illustrated below.

Fake testimonial comment chains are up-rated to “Top Comment”.

Image Description: A fake testimonial comment chain endorsing a crypto scammer. These are easy targets for scambaiters.

You’ll also find even more misleading comment threads such as this clever thread below.

Popular Crypto YouTuber MoonLambo is Spammed with Fake Responses.

Image Description: Crypto scammers are impersonating crypto YouTubers using their channel logo and name permutations. Notice the official channel name is “Moon Lambo” while the scammer channel name is “Moon. Lambo.”

5. Crypto Tech Support Scams

Most crypto service providers have their own subreddits. Unfortunately many uninformed crypto holders consider these channels a legitimate means of communicating with official tech support.

Image Description: An Exodus wallet user asks a tech support question and is immediately inboxed by a scammer using an official looking logo and user name.

6. The SIM Card Swap

The SIM card swap is the hijacking of a cell phone user’s SIM (Subscriber Identity Module) card. This method allows the scammer to control the owners 2FA (two factor authentication) and simultaneously blocks the real owner out.

It is done by reporting the phone as stolen and it works because cell phone carriers normally error on the side of caution as it bypasses the normal identity verification requirements.

The video below does a good job of summarizing the sim swap process as well as methods to protect yourself from it.

7. The iPhone Coinbase Method

Many of the victims of Bitcoin theft (that we’ve worked with) lost their crypto because they weren’t aware that the external Coinbase wallet stores the owners seed phrase to iCloud when using the iPhone.

Anyone with access to your iTunes account can access your iCloud the same way. If you’ve used iTunes at work a decent tech support person can probably capture your passwords right from the browser.

When I setup my first (and last) iPad I received the email below. The timing was perfect and it had me fooled into thinking I had paid for a service that I did not want.

A fairly good attempt at phishing our iCloud credentials.

Image Description: A high quality attempt to phish my iCloud credentials by compelling me to login and dispute a transaction. Notice the misspelled “Recicpt” is not an accident. It is done to disqualify more savvy recipients.

8. Pastebins and Document Drops

When you create a crypto wallet many hot wallet providers will send you a confirmation e-mail with your seed phrase.

Most people save it and that’s not a good idea if you’re using the same password on other accounts. Over 500 million Facebook user’s login credentials were leaked on the dark web just last month alone.

That’s more than the entire population of Canada, the UK, Australia and the USA combined.

Regardless of how you choose to store your crypto, you should consider scanning the dark web for data breaches related to your passwords using the FireFox Monitor or Google’s Password Checkup feature which will search for your stored passwords across the dark web.

Image Description: Millions of user logins are sold or dumped into pastebins or dark web market places.

9. Crypto Dusting Attacks

A dusting attack is a highly targeted method used by criminals as well as law enforcement in an attempt to identify who owns a particular wallet. For example, a dusting attack might be useful to law enforcement in identifying the owner of a wallet being used to accept payments for illicit merchandise on the dark web.

It is done by sending micro transactions (of as little as one Satoshi) to the target wallet as well as several other in order to determin a connection. It is then possible to compare their balances and determine ownership.

Crypto dusting to capture an owner’s identity.

Image Description: With each micro-deposit of a single Satoshi a crypto holders identity is slowly uncovered.

Ultimately. the goal is to follow the money until it can be traced to a KYC (Know Your Customer) point where it will be cashed out so that the individual can be identified.

Criminals are also known to use dusting attacks on whale wallets in an attempt to phish their seedphrase or even extort them. Dusting attacks are a lot of work, and unless you’re heavily involved in commerce on the dark web, or you carry big bags, it is unlikely to occur.

If you find your wallet has received a suspicious deposit, the best thing to do (according to experts) is nothing. It is also recommended that you create a new wallet for every transaction in order to prevent reoccuring patterns that can be recognized on the blockchain.

10. Wallet Misunderstanding and Mismangement

Image Description: A crypto holder’s portfolio is stolen. Possibly due to a misunderstanding of how hot wallets work.

A common complaint about hot wallets is that they don’t use Google Authenticator, two-factor authentication and in some cases not even a pin code.

These complaints are based on the mistaken belief that hot wallets actually store crypto. They do not. Hot wallets simply navigate to the area of the blockchain where the crypto is stored.

If you have your crypto stored in an Exodus wallet and you find your funds missing as the poster above did, you might think that someone had hacked your PC or cracked your code.

The truth is that if Exodus went out of business tomorrow and you could never login to your wallet again — nothing would change. You could access your crypto using your seedphrase from nearly any anonymous wallet. So extra layers of security on your computer have no effect on the blockchain where the crypto is actually stored.

Crypto Scams Are Evolving Quickly

Image Description: A crypto scammer hard at work.

Traditional tech support scam call centers and even romance scammers have been rushing to get their piece of this crypto goldrush. The turn around times are shorter and the profits larger.

Cryptographers are warning that we have about 8 years before quantum computers start regularly cracking Bitcoin wallets, smartphones and bank accounts.

That’s probably good news for Stefan Thomas who has over 7000 Bitcoin stored in a wallet that he can’t access because he can’t remember the password.

We were optimistic that Miami’s 2021 Bitcoin Conference would introduce new security solutions, but ended up with over 10,000 Bitcoin maxi trolls forming the largest crypto circle-jerk in history.

The only good news is that it was so poorly planned that even the $1K VIP ticket holders found themselves sitting on the floor.

The Safest Way to Store Your Crypto

Image Description: A backup Android phone with no SIM card is our preferred method for the cold storage of crypto.

For better or for worse, our solution to safely storing crypto is to simply buy a new unlocked Android phone. We don’t assign it a number or even a carrier. We use it as a universal wallet that can store every type of crypto as shown in this tutorial.

We keep it turned off with fingerprint ID and pincode enabled, and only connect to the internet when we want to transfer crypto to or from the wallet.

We don’t recommend trying this with iPhone even though iOS 15 promises to provide its own version of Google Authenticator because Apple still won’t let us hide applications or control iCloud.

Regardless of how you decide to protect your crypto, please spread the word on these scams. You would be surprised how many people have fallen for them and lost life changing wealth.

Originally published at https://remotekeyloggers.net on May 23, 2021.