It has often been shown that centralized exchanges (CEXs) are rather vulnerable to attacks, despite the belief of many crypto enthusiasts.
Cybercriminals can target these exchanges because they centralize the storage of their users’ assets. It is possible for exchanges’ security measures to be inadequate or compromised, which could lead to the theft or loss of user assets.
Centralized exchanges (CEXs) carry the risk of fraud or mismanagement by their operators due to the single point of control. This can result in insider fraud or other forms of misconduct, leading to potential loss of funds or negative consequences for users.
Over the last year, with the collapse of major centralized cryptocurrency platforms like FTX and Celsius, more and more users are choosing to take self-custody of their digital assets. The risky financial practices and alleged fraud committed at some of these platforms have caused many people to lose faith in them as safe places to store their cryptocurrency.
Self-custody means that an individual holds and manages their own cryptocurrency instead of giving it to a third party, like an exchange. This gives users more control over their assets and potentially increased security. However, it also brings its own risks, mainly in the form of scams.
Pig Butchering & Phishing
To better understand the potential dangers associated with self-custody and offer guidance on how to protect oneself from scams, Cointelegraph reached out to Alice Boucher of Chainabuse, a multichain community platform for reporting fraudulent crypto transactions.
One scam aiming to take advantage of crypto users is called “pig butchering.”
“A pig butchering scam occurs when the scammer stays in constant contact to build a relationship with the victim and ‘fatten them up’ with affection over time to have them invest in fake projects,” Boucher said, adding:
“The scammer tries to drain as much money out of the victim as possible, often using fake investment sites showing large fake profits and using social engineering tactics, such as intimidation, to extract more money from the victim.”
Social engineering uses psychological manipulation tactics to exploit the natural tendencies of human trust and curiosity.
Cybercriminals in the cryptocurrency industry often aim to steal self-held assets by taking control of high-profile accounts. “Between May and August 2022, social media account takeovers — involving Twitter, Discord and Telegram — have wreaked havoc. Scammers post malicious NFT phishing links during those attacks, compromising high-profile social media accounts,” said Boucher
Once these attackers have gained access to a high-profile account, they typically use it to send out phishing messages or other types of malicious communications to a large number of people, attempting to trick them into giving up their private keys, login credentials or other sensitive information.
The end goal is to gain access to self-custodied assets and steal the cryptocurrency held by the individual.
Followers of these high-profile accounts may be tricked into clicking on malicious links that transfer all of the tokens out of their wallets. These scams may also be designed to have users invest on a trading platform and often result in victims losing their deposits with no way to recover them:
“The volume of scams, hacks, blackmails and other fraudulent activity has been growing exponentially over the last few years. Most fake platforms appear to be either Ponzi schemes or payout scams with the following characteristics: They advertise fake returns, have referral incentives that resemble pyramid schemes or impersonate existing legitimate trading platforms.”
Scammers utilizing these phishing tactics can encourage users to sign smart contracts that drain their assets without their consent. A smart contract is a self-executing contract with the terms of the agreement between buyer and seller directly written into the code.
If the contract contains errors or is designed to take advantage of people, users may end up losing their tokens. For example, if it allows its creator to take possession of tokens to sell them, users may lose cryptocurrency by signing it.
Most of the time, users don’t know they’ve lost their tokens until it is too late.
Self-Custody
Self-custody can be a great way to take control of one’s assets, but it’s crucial to understand the risks and to take steps to protect oneself from bad actors.
To protect oneself when using a self-custody wallet, it is important to follow the best practices, such as keeping software up to date and using unique passwords. It is also crucial to use hardware wallets such as a Ledger or Trezor to store your cryptocurrency. Hardware wallets are physical devices that store your private keys offline, meaning a hacker also needs physical access to engage in certain interactions with the blockchain, making them less susceptible to getting hacked.