Many crypto enthusiasts believe that centralized exchanges (CEXs) offer a safer option for managing digital assets, yet history has shown that these platforms can be quite vulnerable to attacks.
Since CEXs centralize user asset storage, they become attractive targets for cybercriminals. Should an exchange’s security be lacking or breached, user assets could be stolen or lost.
Additionally, centralized exchanges carry the risk of fraud or mismanagement by their operators. With a single point of control, CEXs are more exposed to insider fraud or misconduct, potentially leading to lost funds or other negative impacts on users.
Over the past year, the collapse of prominent centralized cryptocurrency platforms like FTX and Celsius has prompted more users to take self-custody of their digital assets. Risky financial practices and alleged fraud at some platforms have diminished trust in CEXs as safe places to store cryptocurrency.
Self-custody involves holding and managing cryptocurrency independently rather than entrusting it to an exchange. This approach grants users more control over their assets and can potentially increase security. However, it also carries certain risks, especially in the realm of scams.
Types of Scams and How to Avoid Them
To help users understand potential risks in self-custody and provide tips for avoiding scams, Criptify.io consulted Alice Boucher of Chainabuse, a multichain community platform for reporting fraudulent crypto transactions.
One scam taking advantage of crypto users is called “pig butchering.”
“A pig butchering scam happens when a scammer maintains frequent contact, building a relationship with the victim to ‘fatten them up’ with affection, eventually convincing them to invest in fake projects,” Boucher explained, adding:
“The scammer’s goal is to extract as much money from the victim as possible, often using fake investment sites showing large, fabricated profits, coupled with intimidation tactics to encourage further investments.”
Social engineering leverages psychological manipulation to exploit human trust and curiosity, making it easier for scammers to deceive individuals.
Cybercriminals also target self-custody assets by taking over high-profile accounts. “Between May and August 2023, social media account takeovers across Twitter, Discord, and Telegram have caused chaos. Scammers have posted malicious NFT phishing links during these incidents, compromising high-profile social media accounts,” Boucher shared.
Once attackers gain control of these accounts, they typically send phishing messages or other malicious communications to a wide audience, attempting to deceive people into revealing private keys, login details, or other sensitive information.
Their ultimate goal is to access and steal the cryptocurrency held by the victim in self-custody.
Followers of these accounts may unknowingly click on malicious links that result in the transfer of tokens from their wallets. Often, these scams lead victims to invest on a trading platform, where they subsequently lose their deposits without recourse. Boucher added:
“The volume of scams, hacks, blackmail attempts, and other fraudulent activity has increased significantly in recent years. Most fake platforms exhibit common traits: They offer fraudulent returns, include referral incentives that mimic pyramid schemes, or impersonate legitimate trading platforms.”
Through phishing tactics, scammers may prompt users to sign smart contracts that drain their assets without consent. A smart contract is a self-executing code that outlines the terms of an agreement directly within its code.
Users can lose their tokens if the contract contains vulnerabilities or is intentionally designed to deceive. For example, if it enables the creator to take possession of tokens and sell them, users might unwittingly lose cryptocurrency by signing.
In most cases, users only realize their tokens are gone after the damage is done.
