The reason why $850 will have been lost to cryptocurrency scams by the time you read this headline

Paul Walsh
3 min readMar 15, 2018

According to a recent article on Bitcoin.com “In the time it takes you to read this sentence, $850 will have been lost to cryptocurrency scams. In the time it takes to complete this article, that figure will have risen to $17,000. Phishing; fraud; theft; hacking; it’s all rife. In the first two months of 2018, there were 22 separate scams involving thefts of $400,000 or more. Put it all together and that equates to an average of $9.1 million a day.”

I had a conversation today with the Community Manager of a Crypto telegram group with more than 26k members. This is a community that is currently under attack from phishing criminals — so you’d think the team would quickly learn as much as it can to arm their community with safety tips.

I’m keeping the person’s name and their company name out of this as I don’t believe in naming and shaming. We all need to learn — none of us are perfect. But they need to hurry the fuck up and learning some basics before more of their community members lose their crypto assets. They should teach their community some basic fundamentals — like, “don’t rely on the green padlock — it doesn’t prove that it’s our website.”

I took time out of my day to join their telegram group, so I could reach out to an admin in person and in private. My conversation with the community manager went like this:

Me:

[website address]← — Phishing domain or not?

Community Manager:

(He didn’t say “hi, how are you?” or “Yes that’s our domain, let me explain how you can find out for yourself”. He just sent me the screen shot below.)

Me:

What’s the point of that screen shot?

Community Manager

It’s not a phishing site. It’s the official site and I checked the certificate of the link just to show you.

I could have said Yes and left it at that

The rest of the conversation involved me pointing him to more information so he can learn more. I didn’t point him to our company website or try to sell any services — that wasn’t my goal. My goal was to find out if this domain was a phishing scam or not.

This lack of basic knowledge is one of the reasons why so many people are being scammed today

It’s ok that everyday crypto enthusiasts don’t know the difference between a basic SSL cert and an EV cert. And browser vendors do nothing to help educate people either. Shameful.

It’s not ok for the Community Manager of over 26k people who are currently under attack from phishing scams, to be void of any basic knowledge when it comes to verifying if a domain name is really owned by their company or not.

As a reminder, an SSL cert encrypts the transmission of data between a website and the browser so third-parties can’t steal information while it’s in transit. They are free and issued automatically. There is zero validation in regards to company identify. Most phishing sites today have an SSL cert

It’s about time for well funded Crypto companies to spend as much time and attention to security and protecting their community, as they do sales and marketing.

Communities should demand crypto teams to educate themselves in basic security so they can pass on their knowledge to individuals — so Jonathan doesn’t lose his entire life’s savings in a phishing scam as a direct result of the Token owner telling him to check for a meaningless green padlock.

Want to stay safe?

Install Cryptonite.

If you don’t see a green shield when visiting a crypto site, please assume it’s not safe until you can prove otherwise.

Please stay safe out there 🙏

--

--

Paul Walsh

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.