What does finding a date, and having your livelihood snatched from you, share in common? (No, this isn't a lame marriage joke). The answer: they've never been easier to do, and they both involve Tinder.

Dating in 2019 is a cinch. Gone are the stomach-churning days where you needed to actually go up and talk to a random stranger to bag a date. Now, even the most isolated basement dweller can pick up a smartphone, download a dating app like Tinder, and get swiping. Which—thankfully for many interested in cryptocurrency—is a significant bonus.

 However, buyers beware: not everything is as it seems.

Experience Web 3.0.

Be the first to get Decrypt Members. A new type of account built on blockchain.

 Just as dating has become more accessible thanks to the internet, so have scams. These schemes are particularly evidenced within the cryptocurrency industry. According to a report by crypto-security firm Ciperhtrace, thieves, scammers, and fraudsters scarpered off with $1.2 billion in crypto in Q1 of 2019 alone.

 We all know the type, those rackets masquerading as crypto 'giveaways' on Twitter, usually touted by someone imitating Elon Musk. They're generally fairly easy to clock, the @username is typically misspelled, and you'll notice the account doesn't have more than seven followers. Of course, a major red flag presents itself in the fact that Elon Musk is giving away money for nothing...

 However, it would seem that these crypto miscreants have upped their game.

The Tinder trap

According to a recent Reddit 'PSA,' scammers now use Tinder to string lovelorn crypto aficionados along for an expensive ride.

 Playing the long game, the scammers use their wily charms to lull potential beaus into a false sense of security. Once well and truly sirened, the marks are presented with an insider tip on a new crypto exchange. Of course, this exchange is a proverbial jagged rock, scattered with the debris of other rekt'd victims.

The thread conveys that since September, $60,000 has been pilfered by the exchange. Clearly, critical thinking isn't working in avoidance of these scams, so what can be done?

 Speaking to Decrypt, Shashi Prakash CTO of RedMarlin, an AI-powered fraud protection firm, explained why these attacks have become so prevalent:

 "The rocketing valuation of cryptocurrencies combined with lax regulation and high complexity for newbies makes them an ideal target for scammers. Often times, we also see scammers getting very creative with new types of scams to target unsuspecting users."

On behalf of Decrypt, RedMarlin investigated the Tinder trap. "[We] observed several reports online where people complained of getting scammed by these scammers," explained Prakash, "Upon digging deeper, we found that all targeted users were sent to an exchange called add-ex.io to buy a token called PCT."

Having delved a little deeper, the firm conveyed several ways in which users could identify a potential scam.

  1. “No SSL on add-ex.io": Secure Sockets Layer or SSL is a cryptographic protocol used to secure internet communications such as logins and signups.  RedMarlin suggests steering clear of improperly secured websites, especially those without SSL certificates.
  2. "No contact address": In this particular instance, the exchange didn't provide a physical address or phone number, only an outlook email contact. While not immediately apparent to most, this is actually a huge red flag: "Before dealing with any exchange, determine the authenticity of the site by looking for their official physical address of the company and reading thorough reviews about it through search engines."
  3. "Token not listed on popular platforms": Another simple test is making sure the token being offered, is listed on other exchanges, as well as Coinmarketcap:  "CoinMarketCap’s service provides information about all digital currencies that are traded in at least one public exchange and have a non-zero trading volume. Not being listed on the site likely means the token is fraudulent."

SIM swapping and other fun scams

Nevertheless, phishing is just the tip of the scammy iceberg. While the typical Twitter giveaway scams are—for most—somewhat avoidable, there are other sophisticated methods of prying away your crypto. For Branson Bollinger, co-founder and managing director of Zenith Ventures, this was learned the hard way.

Experience Web 3.0.

Be the first to get Decrypt Members. A new type of account built on blockchain.

Speaking to Decrypt, Bollinger revealed that he was ironically introduced to the industry, thanks to a bitcoin blackmailer. The research conducted to pay the ransom resulted in a quasi silver-lining: Bollinger was exposed to cryptocurrencies for the first time. Still, the lessons he learned lingered. 

Now, Bollinger advocates the use of failsafe methods such as 2FA: “The vast majority of lost crypto is a result of not using Google Authenticator for Two Factor Authentication.  No one can stop the determined malicious intent of a bad actor, but what you can do is make sure that if you get SIM swapped, they aren't able to access your accounts by using your SMS that they now control."

Sim swapping involves fooling a victim's mobile network provider into activating a sim card onto another phone. Once this is done, SMS verifications are rendered utterly useless.

Indeed, sim swapping attacks are on the rise. A recent report from the Wall Street Journal told of one investor losing 1500 BTC ($13 million) after falling prey to a sim swap.

Attackers struck at the most opportune time, shortly after Bitcoin's all-time-high in December 2017. At the time of the hack, the stack of BTC was worth a gargantuan $24 million.

Jacking into the victim's phone, fraudsters managed to exploit Google's "forgot password" feature to access Gmail. From there, they gained valuable information pertaining to the victim's crypto wallets.

Bollinger also fell victim to a sim swap. However, luckily, he took the appropriate precautions, thwarting the sim swapper before any damage could be done: "In the hour that the hacker had control of my phone number, he tried resetting all my passwords for Gmail, Coinbase, and other exchanges. But because I had Google Authenticator set up, they weren't able to gain control of anything."

Essentially, it seems the key to safeguarding against crypto scammers is to make adequate provisions and apply critical thinking before undertaking transactions. Remember, it's dangerous out there, you never know who's lurking around the next URL, or dating profile.