arrow left facebook twitter linkedin medium menu play circle

Digital Fraud Wiki

Your source for the latest fraud intelligence, insights, research, and commentary.

Everything to Know About Fake Cryptocurrency Wallet Scams

What are fake crypto wallets?

A fake crypto wallet is a cryptocurrency wallet that is not intended to keep a user’s investments safe but instead gives fraudsters a secret backdoor to steal cryptocurrency directly.

To hold any kind of cryptocurrency, you need a virtual crypto wallet. These digital storage devices can be software programs, online apps/services, or physical devices. Wallets that remain constantly connected to the internet are called “hot wallets” and physical hardware wallets are called “cold wallets.”

Both hot and cold wallets can be faked, but the attack methods differ for each.

How do scammers create fake crypto wallets?

Scammers prefer hiding fake crypto wallets inside seemingly legitimate applications and crypto services. Then, they rely on classic fraud tactics to trick victims into using them.

In many cases, fraudsters develop malicious mobile apps that appear to be legitimate crypto wallets. These apps may seem to function similarly to real wallets, but in fact are designed to steal users’ private keys or login credentials. Scammers can also use fake wallet generator tools that create seemingly valid wallet addresses. These addresses are controlled by the scammers, and victims who use them unknowingly allow fraudsters to access any funds sent to those addresses.

To get users to download or use these fake wallets, fraudsters set up phishing websites to look like real crypto exchanges or wallet services. Once the victim is tricked into entering their credentials or private keys, scammers capture it and have access to the victims’ actual wallets.

They will often also distribute malware that targets cryptocurrency users. This malware can include keyloggers to record keystrokes and capture passwords or private keys, as well as clipboard hijackers which replace real wallet addresses copied by users with addresses controlled by the scammers.

As with every kind of fraud, social engineering techniques like impersonating customer support representatives or trusted figures within the cryptocurrency community, work well to trick users into providing their wallet information willingly.

How does a crypto wallet scam work?

Step 1: Scammers create a fake cryptocurrency wallet platform or app. This could be a website that mimics a legitimate wallet provider or a counterfeit mobile app available for download in app stores. Fake wallets might use similar domain names, logos, and user interfaces to real wallet providers to appear authentic.

Step 2: Scammers promote their fake wallet through social media, online forums, phishing emails, and paid ads. They often use enticing offers or outlandish promises, like offering free tokens or exclusive features, to attract users.

Step 3: Users lured into trying the fake wallet are directed to sign up or create an account on the fraudsters’ platform. This platform collects users’ personal information during the registration process, which can be used for further fraudulent activities.

Step 4: Once registered, users are encouraged to deposit their cryptocurrency funds into the fake wallet immediately. Scammers typically offer incentives or bonuses to entice users to deposit as large amounts as possible.

Step 5: After users deposit their funds into the fake wallet, scammers use their access to the private keys or account credentials to transfer funds to their own wallets, effectively stealing the cryptocurrency from the victims.

Step 6: After the scammers have stolen the funds they want or start attracting suspicion, they shut down the fake wallet platform and disappear altogether. Victims are often left with no way to trace the scammers or recover stolen funds.

How can you spot a fake crypto wallet?

Be careful and do thorough research any time you are choosing a wallet service. Know the common signs that reveal potential scams, including:

  • Ambiguity around the developer or company behind the wallet. Legitimate wallets are usually developed by well-known and reputable organizations with a history of providing secure cryptocurrency services. Look for reviews, ratings, and feedback from other users.
  • Long, deceptive, or unsecured URLs. Scammers often start their scheme through fake websites with URLs that closely resemble those of legitimate wallet providers. Make sure the URL you’re accessing the wallet from has SSL (https://). Copy and paste the url into a text document to reveal any hidden special characters and run the URL through Google’s free site checker to reveal malicious content.
  • Suspicious ratings and reviews on wallets in app stores. Legitimate wallet apps typically have a large number of downloads, positive ratings, and authentic user reviews. Be cautious of apps with few downloads, short/unhelpful positive reviews, or suspicious activity.
  • Wallet user interfaces and features appearing similar to legitimate ones with subtle differences or inconsistencies. Pay attention to the design, functionality, and usability of the wallet. Look for any red flags, such as unusual prompts or requests for sensitive information.
  • Lack of options to set up two-factor authentication (2FA), biometric authentication, and hardware wallet integration. Legitimate crypto wallets prioritize security, often implementing and encouraging use of these advanced security features.
  • Unsolicited messages, emails, or social media posts promoting a particular wallet. Avoid clicking on suspicious links or responding to unsolicited messages.
  • Wallets only available for download from third-party, unverifiable websites. Whenever possible, download wallets directly from official sources, such as the official website of the wallet provider or reputable app stores like Google Play Store or Apple App Store.

Can fake wallet scams work on NFTs?

Yes, fake wallet scams can work on NFTs (Non-Fungible Tokens) just like they can with other forms of cryptocurrency. NFTs themselves are not stored in wallets, but some NFT owners choose to store digital contracts and access keys for their NFTs in wallets, which makes them vulnerable to theft.

Ways to stay safe from fake crypto wallet scams

Research and verify your wallet provider

Before using a crypto wallet or downloading a wallet app, conduct thorough research on the developer or company behind it. Verify their reputation, check for reviews and ratings from other users, and ensure the wallet is widely recognized and recommended within the cryptocurrency community.

Use official sources of trusted wallets

Whenever possible, download crypto wallets directly from official sources, such as the official website of the wallet provider or reputable app stores like Google Play Store or Apple App Store. Avoid third-party websites or unofficial app stores, as they may host fake or malicious applications.

Check website URLs BEFORE you download anything

Verify the website URL carefully to ensure you’re visiting the legitimate website of the wallet provider. Watch out for misspellings, unusual characters, or domain names that differ from the official website. Look for secure connections (https://) to ensure your connection is encrypted and secure.

Review the wallet’s security features

Choose crypto wallets that prioritize security and offer robust security features, such as two-factor authentication (2FA), biometric authentication, hardware wallet integration, and multisignature support. These features can help protect your funds and personal information from unauthorized access.

Beware of phishing attempts

Be cautious of unsolicited messages, emails, or social media posts promoting crypto wallets or asking for your personal information. Scammers often use phishing tactics to trick users into providing sensitive information or downloading fake wallet apps. Avoid clicking on suspicious links or responding to unsolicited messages.

Enable 2FA

Whenever possible, enable two-factor authentication (2FA) on your crypto wallet accounts. 2FA adds an extra layer of security by requiring a secondary verification method, such as a code sent to your mobile device or generated by an authentication app, in addition to your password.

Keep software updated

Ensure your operating system, web browser, and security software are up to date with the latest security patches and updates. Regularly update your crypto wallet apps to patch any vulnerabilities and protect against potential exploits or malware infections.

Stay informed

Stay informed about common scam tactics and emerging threats in the cryptocurrency space. Educate yourself about the latest security best practices and be vigilant when interacting with crypto wallets or conducting transactions online.

Learn how DataVisor’s fraud and risk platform helps detect digital frauds and emerging scams like fake wallet frauds by booking a customized demo with our team.