Avoid Crypto Scams – Not A “How-To”, But Friendly Advice

A coordinated attack against social media platform Twitter (around July 15-16, 2020) led to a hack that targeted popular accounts. These were not just any accounts, but influential public figures. Included in that list were former US president Barack Obama, Microsoft’s Bill Gates and founder of Tesla and SpaceX Elon Musk. What makes this all the more interesting is that hackers used these accounts to solicit cryptocurrency, specifically Bitcoin (BTC). In the scheme, the hackers used the account to mention some feel good words about giving back to the community during the Covid-19 crisis and then requested people to send them BTC with a message of doubling whatever is sent to a given BTC address in the tweet.

These are your typical scams which many in the cryptoverse probably caught. Unfortunately not everybody did. The hackers made off with at least 12 BTC worth $100K+ in the initial stages after the attack was discovered. This sort of attack appears to have affected Twitter’s internal system, since only admin accounts have privileges to modify user accounts. Speculation is that a phishing attack or directed social engineering technique was used to gain access to Twitter’s backend system. This is definitely a cause for concern to everyone who has an account on Twitter because a repeat of this attack could compromise them. Once the hackers gained access to the backend, they targeted the accounts and began tweeting.

People who are caught up in the hype of cryptocurrency like Bitcoin will easily fall prey to scams like this. Noobs (newbies) who recently got in may not have enough education … meaning they don’t know any better what not to do. If someone, anyone, asks you to give them Bitcoin in order to double your holdings don’t be too quick to trust them. It really doesn’t make sense if you think about. Supposed you give 100 BTC, are you really expecting to get 200 BTC? This is a naive gambling mentality that can affect anyone’s logic if they are not aware of these schemes. Never give other people Bitcoin expecting more in return.

It is not even like investing because the public figures account tweets to just give them BTC and you get more in return. The problem with that should be obvious to the common person, but why would other people go along with it? This is why social media has such tremendous power when it comes to influence. The few people who gave their BTC away probably understood what they were doing, which is scary. They did it because they are firm believers of that person. Whether it was through charisma or just blind following, people probably acted subconsciously and just obeyed the tweet like it was an order. Greed is perhaps another motivator since it psychologically makes a person think about how easy it would be to get more crypto. It makes me wonder if the hackers had been more nefarious with the tweet, just think of how many people they could have put in danger or in harm’s path. It was good that it did not end up that way.

Bitcoin addresses are pseudonymous and cannot be directly linked to a person’s identity. That is the blockchain by design, so there would be no way to verify the Bitcoin address really belongs to the public figure. That is probably the biggest reason why not to fall for these scams. We don’t have any way of knowing if the address legitimately belongs to President Obama or Elon Musk. A Bitcoin address is just a hexadecimal string but it doesn’t link to the actual person like the way you can look up a person’s identity by their driver’s license number or social security number. That should have been the red flag that prevents people from giving their BTC.

The Bitcoin address the scammers used which begins with “bc1qxyp….” (I do not reveal the full address here, just a snippet) can be tracked on a blockchain explorer. It doesn’t specifically say the name of the owner of that account. What you can see though are the transactions in the account history, and it indicates the 12 BTC collected.

Note: The full Bitcoin address of the scammer/hacker is not revealed here.

In crypto the only way to really trace the identity of the account holder is if they cash out using a digital exchange. Users who use digital exchanges to convert crypto to fiat, require a KYC documents in order to comply with financial regulations (e.g. AML, Anti-terrorist funding, etc.). This is not revealed to the public, but if there were an investigation the digital exchange can release the personal information if they were required. Accounts created on digital exchanges are also linked to bank accounts which can be traced to a person’s identity. On the blockchain, the real way to prove identity would be with a digital signature using the private key from the user’s digital wallet. This is one way a person who claims to own a Bitcoin address can prove they are the true owner.

The lesson here is that scams are everywhere in our society. It even affects crypto. In fact there have already been 2 popular scams uncovered in the past – Bitconnect and OneCoin. They have not proven any legitimacy and quickly collapsed with their leadership no where to be found. These cryptocurrency promised people ridiculous returns, but many got into it anyway with the help of social influencers. Some of these influencers were just too convincing that it leads to a bandwagon or network effect of more people putting money in a system that is like a house of wax built on top of the sun. By the time it collapsed (no more money to give people) it was too late for many and they lost the money they put into the coin, perhaps never to be recovered.

To avoid scams ask yourself if the message you are getting is too good to be true. If it is do more research to verify it. Don’t just give your BTC to anyone and expect more in return. Those things just don’t really happen in the real world. If it does, then there is probably something you have to give back in return but it may not always have a good ending. It is like the car dealer telling you to give them your old car and you get a new car back. You do get your new car but then you end up with a mountain of costs you had not been expecting. It is always the unexpected things beyond our control. This is true with crypto as well, so be very careful next time you hear or see someone say “Hey, give me some BTC today and I’ll double it up for a good cause!”.

Note: This is not financial advice. Please do your own research to verify information.

Lost Bitcoins Were Not Meant To Be Easily Recovered

There have been stories of people losing their digital asset, Bitcoin (BTC), for careless reasons. There is the story of a Welsh man who “accidentally” (we don’t know for sure) threw a hard drive away that contains approximately $80-$100M+ worth of BTC. The price actually will be worth plenty more or even less based on market value. The most common incident involves holders of BTC losing their private key to their digital wallet. Now think of it like losing your apartment key. It is different though because if you don’t have a duplicate you can always go to the apartment manager for a master key to open the door. In Bitcoin, unfortunately, there is no master key that unlocks all digital wallets. Other instances of unrecoverable BTC happens when the holder of a digital wallet dies and no one else has access to it. Unless there is a next of kin to claim the inheritance, it is as good as gone unless the private key can be provided to recover the coins.

You can still recover your BTC even if the private key is lost, provided you took the required measures. You must have the seed phrase generated during wallet creation. The problem is if you don’t have both then your BTC will not be recoverable based on the blockchain’s inherent design. That is because all private keys and wallets are unique, and since the blockchain is decentralized there is no master key or main administrator to support users. Incidents that involve hacking would not be considered lost BTC because the hackers will most likely send the stolen coins to another wallet and then try to lose anyone tracking the BTC by using various digital exchanges. In other words, that BTC would be considered stolen rather than lost, and it could end up back in circulation if it were sold to an exchange. This is why it is important to make backups of both the private key and seed phrase, but store it in a secure location and not just some random cloud drive. Consider using hardware wallets, removable hard drives, thumb drives and other storage devices that can be locked up in a vault (you get the idea).

Is it easy to lose your private key? The answer is yes, when considering the circumstances. If you store your private key on your local hard drive without a backup copy, if that hard drive should fail then it could mean game over. Your savior would be the seed phrase of the digital wallet or what is called the recovery phrase. This is provided to the user during the creation of the digital wallet, when the private key was generated. This contains 12 words in Bitcoin (also called the mnemonic) that must be provided when recovering the private key. Another way a user loses a private key is if it was stored online and never exported to an offline location. If the online service were to fail with no backup system, the private key will be gone as well.

Whatever the story is, lost BTC lead to less of the supply of the cryptocurrency. According to Chainalysis, an estimated $35,000,000,000 (price is volatile so this is not a fixed value) in Bitcoin (BTC) is likely to never be recovered. This was based on their report that 20% of Bitcoin’s total supply of 21M BTC has not moved for five years or longer. According to the report, that would be 3.72M BTC based on a market valuation of $9,408.60 (as of the market value when report was published). It is also assumed that 4M BTC in total, including the BTC in the report, may never ever be recovered unless there is protocol which will allow the lost coins to be released back into circulation. That is not likely unless the Bitcoin community in general come to a majority consensus. The Bitcoin blockchain does not support releasing lost BTC as of Bitcoin Core 0.20.0 (Released in 6/3/2020). When we deduct the 4M BTC, that means there will be only 17M BTC.

Holding a digital asset like BTC requires plenty of responsibility in return for financial independence. The question then is why would anyone even want to own Bitcoin if it cannot be easily recovered, has no customer support like a bank and no master key to unlock it if the private key is lost? That should make it all the more obvious why it is important to own Bitcoin. Only you can have control of your BTC. The government cannot freeze it and prevent you from storing value on the blockchain. You have freedom from bank policies which regulate finances (e.g. withdrawals, remittances, loans, etc.). The only thing a person must do to have this benefit is to secure their private key and seed phrase. Humans are not perfect and very prone to mistakes, so is it even possible to have a system like this?

We have to go back to the fundamentals of Bitcoin and why it was designed that way. Remember, its founder Satoshi Nakamoto developed a system of direct peer-to-peer payments without relying on a trusted third party. It is also decentralized so that it cannot be manipulated and controlled by a single entity. The way to do this is give full control of money to the users and establish a platform that is permissionless and trustless for exchanging value. The blockchain provides a cryptographically secure platform of trust among strangers who want to transact because it doesn’t require them to know each other or trust an arbiter to exchange value. Instead they use a private key to authorize transactions under their digital signature and verify that they are indeed the holder of the BTC. The reason lost BTC cannot be recovered is because it will require the unique private key that belongs to its owner. If that was lost, the BTC can still be recovered using the seed phrase. Until there is a chance at recovering BTC, users must be responsible for their digital assets. All it requires is keeping a digital wallet with a private key, in a safe and secure manner.

Keep Your Private Key To Yourself

Never ever, and that means EVER, reveal your private key to anyone. That means it is better you take it with you to the grave or lock it up with a will rather than entrust it with a third party or anyone you know. There are plenty of stories of how careless people can get with their private keys. This has led to unrecoverable funds, digital identity theft and hacked digital wallets. If you were to give your private key to someone and they lose it, your only chance of recovery would be the seed phrase generated during the key creation for your digital wallet. If you lost those seed phrases, good luck because chances are there is no other way to recover your private key.

Why is it so hard? This is probably the reason mainstream finance is turned off by cryptocurrency. Digital wallets are mostly not user friendly and there is no technical support to help users recover their funds or private keys. The apps provided for cryptocurrency are open source, and available to the public but there is no one supporting it directly. It is decentralized, so the best resources to contact are members of the community who are knowledgable about the subject. Unfortunately, not even the top tier engineers and developers of the cryptocurrency can help you recover or generate a new private key unless it is for a new digital wallet.

What many people don’t understand is that private keys were not meant to be recovered. Only one unique private key is created for a digital wallet, and that means there is no master key that can open a backdoor to help anyone recover their funds. That was by design due to the open source and decentralized nature of the blockchain. This sounds like a bank is still the best place to store your wealth because they provide full customer support. Now I am going to explain the difference between a bank and the blockchain, in the context of cryptocurrency and private keys.

Banks are highly centralized and they are pretty much in control of your wealth. No matter how much money you have deposited in a bank, policies still dictate how much you can withdraw, where you can send your money and what you can do with it. If a bank were to go bankrupt, your funds go along with it. Banks won’t voluntarily give you all their money if they are closing. You lose all your wealth in the worst case scenario. In times of financial crisis, banks can also stop withdrawals to prevent bank runs. You are mostly at the mercy of your bank when it comes to money, and they will gladly take what you deposit while giving you permission to withdraw your own money. It doesn’t really make sense, but that has been the mainstream banking system for decades now.

Compare that to cryptocurrency and the blockchain, you have financial independence. You control your own wealth through your private key, which is why it is so important not to lose it or let others access it. A private key is not even a tangible object, it is a digital code consisting of numbers that have been cryptographically generated and stored as a file. From your private key you get a public address which is created from your public key. The public key is derived from the private key to generate the public address. This is like your account number that is allowed to be exposed on the network. Funds deposited or withdrawn are recorded on the blockchain. The private key also authorizes you to send and receive funds using a digital signature. The digital wallet is basically where you store the private key. To keep the private key safe, store the file away from your computer or online drive. The best recommendation from experts is to use a hardware wallet, which is an offline device that secures private keys. That would prevent hackers from accessing it online since the only way to access it is from the device.

The lesson here is that if you want financial independence and control of your own wealth, it requires plenty of responsibility. That includes managing your private key by keeping it in a safe storage location like a hardware wallet. Make a backup, but store it wisely and not somewhere it can be accessed publicly (e.g. file sharing site). You can copy it to a thumb drive to be stored in a vault or a secure enclave in a smartphone if supported. There will be more robust solutions for key recovery systems for digital wallets, but until that time comes, users should always be alert regarding their private key. If anyone asks for your private key so they can send you funds, ignore that request. There is never any reason to reveal your private key to anyone. It is not like a driver’s license number or SS number which you do need to provide sometimes. A private key should only be known by its holder and never shared or revealed to anyone. You have the right to protect your privacy and it is secured through cryptography on a blockchain.