💙 Are you a DApp? We're helping DApps reach out to more users with our promotion service. Contact us now!
View all posts
2020-02-21

Beware: The EOS Scams

the-eos-scams-big

Apologies for the clickbait title, and now that you’re here it’s time to confess that in reality, of course we cannot profess to know whether in fact we are actually in the midst of a full on bull run despite the amazing state of the recent market. That said however, it is in our experience that the more hype around the crypto space, especially in a longstanding bullish posturing uptrend, it’s almost always accompanied by an uptick in leeches - and that dear friends is something that we want to bring to your attention.

In regards to the EOS space, a lot has been happening recently and there are quite a few scammers that have decided to come out to play. The biggest news of the last week of course is the launch of the Voice Beta social media platform. And true to form, where there is a launch there is someone there to take advantage of unsuspecting souls. We thought then outlining this and a few other scams so no matter who you are you can be aware, and hopefully keep yourselves and others safe with these and others that have recently been floating around in our midst.


The Voice Token Scam

The first thing that you need to understand is the essentials of the Voice Token and how it works. As the Voice network is in beta and available to those via invite only, it should be clear that anyone asking you to perform any action outside the platform itself is not a part of Voice. For those new to crypto especially, or even those that are just jumping on the Voice Beta hype, this might not be so clear. Let us not judge these folks for not understanding like some and work towards bringing about clarity to those that may not be all that acclimatized so that they do not fall prey to these bad actors.

How it works: This scam is actually quite ingenious in that it appears as a memo in the transaction records of your wallet on the block explorer. In the records what you will see is a transfer of Voice tokens with an attached message stating that if you would like to claim Voice to follow the link to a URL address and login with your private key.

Rami James of Scatter and recently Ultra.io, dropped a Medium post on this alerting users of the scam and also warning that for “older versions of Scatter which do not protect against updateauth transactions, they will try to swap your private keys for theirs and you will permanently lose access to your account.” (1)

These guys have gotten so devious in fact that they are actually starting to warn users of scams in order to send them to a new site to be scammed. Special thanks to Manu for bringing this latest one to our attention in our EOS Go Telegram group.

From here all bets are off as one thing about controlling your own money is the very true reality that once you lose control there really is no way for you to get it back.

As for these types of scams, as pointed out in the previous post ‘there really is no reason to be combing through all of the transactions in your history and trying to look for a cheap buck. Should a transaction appear in your wallet that needs you to sign into some other site with your keys its likely a scam.

Colin Talks Crypto went one step further in a recent video going on the record asking “all creators of blockchain explorers and wallet creators of EOS to implement a feature whereby if there is a URL present inside a memo to make very clear that it is a possible scam on that transaction, specifically with incoming token transfers.” (2)

In our opinion this would be great if this became a mainstay of the EOSIO ecosystem, but regardless of whether it comes to pass or not, just be aware that should you decide to go clicking away at random URL’s listed in your incoming transactions and follow instructions that seem so simple it’s unbelievable how much this space has advanced you do so at your own peril. It’s always best to check directly through the official site and official channels for anything you want to do regarding something new that has appeared in your wallet transaction history. In other words the best course of action is always to ask the official team stance and make sure you are not falling prey to your own better judgement perpetuated by these leeches.


EOS Authority Telegram Bot Scam

Another one coming direct from Rami safe info vault in the last couple of weeks,

Again, should be pretty common sense for anyone that has been in the EOSIO space for a while, but with lots of new faces popping into our sphere it’s good to keep an eye out and keep those that may be new as safe as we possibly can.


Telegram Impersonators

It wouldn’t be a proper day in crypto without some ‘admin’ in some channel trying to send a private message to some unsuspecting newcomer. From experience we can say that just about ever legit admin out there know better than to send private messages to new users offering kindness to solve some problem. Often times these people will use names so similar that it’s almost imperceivable to the eye using an ‘I’ instead of a ‘l’… ya thats right (i)Il(L), it’s a really simple thing to miss. Whether it be fake Marty from Wax this week or fake Dan the man in a month hitting you up for VC funding proposals please do take care out there.

Our advice: the majority of admins out there will actually ask you to dm them first in the public channel - kind of a safeguard against these sorts of things. If you do choose to engage with people in private messages that seem legit that send them to your first, always double check the messenger by clicking on the main group members list and selecting send message from there. This way you can easily verify that the person you are talking to is actually the owner or an admin, and secondly, verify that the message that came to you actually came from them. If you do come across a scammer do report them in the main chat to keep others safe - kind of our EOSIO ‘pay it forward’ good samaritan special deed if you will. Oh, and like Rami James says, DO NOT GIVE ANYONE YOUR PRIVATE KEYS. EVER. No matter what issue you are having no project in the space will be able to help you any better with access to your private keys than without - the translation for that being anyone asking for your private keys for any reason what-so-ever are only trying to help themselves.


Good Samaritan or Cold Calculated Scammer?

With lots of new people entering the EOSIO space and dropping into random telegram channels to say hello and ask how to get on their way to acquiring an EOS account, we have noticed an influx in ‘helpful’ members offering to send over EOS keys to EOS accounts as an easy way into the EOSIO space. Gone are the days where new users could get free EOS accounts with a referral code that were so prevalent back in the day, and until Voice comes out full scale and upholds their promise to award all users with a free EOS account the only real option is not really that easy for a first time user to understand.

Now it is true that many early users in the space do have a plethora of accounts that have since fallen into disuse, which we might have waning CPU issues back in the good old gambling days to thank, it also stands to reason that to trust someone giving you an EOS account might not be the best decision, especially when it is all done behind closed doors. We cannot stress enough that the more people that get scammed in the space the worse off we will all be in the long run, so even though this at present is not as prevalent a scam as the previously mentioned, we feel it really does deserve some merit on this list.

Our advice: If you happen to come across this in any telegram channel that you are involved in please to lend a helpful hand to the user considering this ‘free’ account option. First off, if they are determined that creating an account through all the means available is just too complicated, suggest that there are free accounts available from projects like Wombat (getwombat.io) that are super simple to sign up for and virtually free. Of course this comes with the cadaver that if you ever want to export your private key you need to pay, but in cases like this the majority are just looking for easy account creation or free account creation. If they will have none of it and just want someone to give them a free account it would be a good public service to make sure that they are very clear that they need to change their private keys ASAP after acquiring the account or they are not the only ones with control. Again, for many of us this seems absolutely crazy, but in the grand scheme of things bringing new users into the EOSIO fray and holding the crossing guard sign for them long enough for them to hop across the road is the least we can do.


Prospective Partners, Jobs, or Secret Info

We all get excited, and with the recent developments of all that is going on in the EOSIO space both on the main net and the various sister chains is there any wonder why? That said it is a stressful business in here sometimes, and sometimes even the best of us lose our heads. No matter how in tune you are or how long you have been here, even the best of us slip up sometimes. We won’t name names here but we have it on pretty good authority that some pretty key people in the EOSIO social space have had their accounts compromised in the last year, the most recent just last week. Having heard their stories we can sympathize and see in their composure having been humbled that there is nothing worse than a Trojan.

Spawned via a conversation involving Anders ' coachbjork' sw/eden (twitter @anyobservation - just gotta love the handle), as an alternative route to running multiple scans and viral checking documents that are sent to you, instead just ask them to use a software like Google Documents so you don't have to download and open the files directly on your device. That is not to say that links themselves cannot be malicious, but at least with links, usually some sort of action is required on the site you come to for your device to be compromised. In other words, the best way to protect yourself against trojans and other malware is to never open a document that is sent your way. Thinking outside the box when it comes to these sorts of things and taking appropriate precautions will help to prevent having your device compromised and better ensure your safety against unwanted attack.


‘It’s All Just Common Sense’

There are lots of people out there looking to make a quick buck and willing to buy into whatever they believe will do so for them with a frenzy of clicks. But even so, one great thing about the EOS space in general is that for the most part we have been better than that of other spaces. Lots of people across lots of different projects that are interconnected with their communities and very helpful when it comes to getting those new to their projects onboard and in the know. Of course with that friendliness comes the danger of predatory individuals looking to take advantage.

If that wasn’t enough, unfortunately a minority of users in the space have come to the notion that people scammed deserve to be because they are stupid or lack basic common sense. Seriously though, what is common sense by definition anyway? We live in a globalized age and what’s common in one place or one area of life may not be so in another. Just remember, everyone has to learn to crawl before they can even fathom the notion of walking.

Leaders of many projects, admins in many channels, and community members across the EOSIO space have been kind to each and every one of us in the past by doing their best to keep those that frequent a listen to their voice warnings on the minority in the space that are out to cause them harm. In that regard then, let us all just take a step back and lend them a hand in keeping this decentralized space we call home much more informed for both the EOS OG and newbie alike.


References:

  1. https://medium.com/@ramijames/never-visit-spam-sites-that-you-see-in-your-transaction-history-55dc3efa8713

  2. https://www.youtube.com/watch?v=0RPqOOfYIZI

  3. https://medium.com/@ramijames/eos-authority-bot-scam-alert-13f16cd1c842


EOS GO is funded by EOS ASIA and powered by YOU. Join the community and begin contributing to the movement by adding eos go to your name and joining the EOS GO telegram group.