WEEX Exchange Security Anti-Fraud Tutorial: How to Identify and Prevent Cryptocurrency
The 2024 Blockchain Security and Anti-Money Laundering Annual Report released by SlowMist shows that there were 410 security incidents in 2024, causing losses of US$2.013 billion, a year-on-year decrease of 19.02%. Among them:
. The DeFi sector was the hardest hit, with 339 security incidents, accounting for 82.68% of the total, causing losses of US$1.029 billion, a year-on-year increase of 33.12%;
. Contract vulnerabilities led to 99 security incidents, causing losses of $214 million;
. Rug Pull incidents: 58, losses: $106 million;
. Wallet phishing attacks cost $494 million, up 67% year-over-year.
Faced with the severe Web3 security situation, WEEX Exchange has not only done a good job in its own security protection and ensured the security of users' custodial assets, but also continued to publish a series of security and anti-fraud related themed articles, aiming to introduce users to the potential risks in the cryptocurrency world and explain the best practices for protecting asset security. This practice demonstrates WEEX Exchange's commitment to user security and its determination to protect the cryptocurrency community from fraud and scams. This article is an excerpt of the content of WEEX Exchange's security and anti-fraud related themed articles.
Beware of the "carpet pulling" scam by the project party
"Pull the rug out" comes from the English "pull the rug out". In the crypto world, "pull the rug out" refers to the development team suddenly withdrawing all liquidity support from its newly launched project, leaving unsuspecting investors with only some worthless new project tokens. "Pull the rug out" is most common in DeFi projects, and many investors (both new and old) have fallen victim to this scam.
A typical "carpet pull" scam starts with creating a new token and listing it on a decentralized exchange (DEX). This token will be paired with valuable assets (such as ETH or SOL) and put into a liquidity pool, sometimes with unrealistic promises of returns. The development team may also hire influential people to further hype the token. Once they have liquidity, they will sweep away all valuable assets (such as ETH) in a few seconds and then run away with the stolen money.
Other “rug pulls” can be performed after an Initial DEX Offering (IDO). For example, developers will sell all tokens at a high price at once, causing the token price to drop to zero in an instant. They may even leave a backdoor in the contract so that no one except a few people can sell the tokens, just like the infamous SQUID token scam you may have heard of.
According to SlowMist (2024 Blockchain Security and Anti-Money Laundering Annual Report), there were 58 "carpet pulling" scams in the crypto market in 2024, causing investors to lose $106 million.
How to identify the risk of "carpet pulling" fraud?
Key signs of a potential rug pull include:
. Little to no liquidity lock-in: lack of developer guarantees.
. Unusual social media hype: heavy promotion by uninformed or anonymous KOLs.
. Very low TVL: susceptible to price manipulation.
. Vague white paper: lacks technical details and substance.
. Prominent whales: A small number of addresses holding large amounts of tokens.
To avoid falling victim to such scams, WEEX recommends that users carefully research projects before investing, conduct due diligence on the development team if possible, and choose to trade on trusted centralized exchanges such as WEEX.
Beware of phishing scams
Have you ever clicked on a URL or wallet link that looked like one of your favorite cryptocurrency exchanges? Or downloaded a supposed update?
If so, you may have fallen into a phishing scam.
Phishing scams are fraudulent attempts by cybercriminals to obtain your sensitive data. These attackers pretend to be a trustworthy entity and send misleading emails, create fake websites, or even call or text messages, all in an effort to obtain your credentials or financial information.
These scams often contain links that take you to fraudulent websites that are designed to look almost identical to the legitimate websites. Once you enter your details, you are locked in. Some software may even prompt you to download file updates that can secretly embed malware onto your device.
Common types of phishing scams
Phishing scams are one of the main threats in the cryptocurrency world. WEEX Exchange’s guide to combating phishing scams outlines how these scams work and how to recognize them:
. Email spoofing: look-alike logos, urgent password reset requests, and fake promotions.
. Spear phishing: Usually uses the victim’s personal information (such as name, position, social media activity and other details) to customize the scam information and carry out "personalized" scams.
. Voice phishing: Fake calls from customer service.
. SMS phishing: Fraudulent text messages about airdrops or security breaches.
How to protect yourself from phishing scams?
WEEX has repeatedly reminded users: Remember the official website address of WEEX. If you encounter any unknown links, or TG accounts, WeChat accounts, QQ numbers, emails, etc. claiming to be customer service personnel, you can enter the WEEX official verification channel for verification, or enter the WEEX global community to find staff for confirmation.
Please download and install the WEEX App through the download channels provided by the WEEX official website, or search for "WEEX" in the App Store / Google Play official store to install it. Do not download or install any apps from unknown sources, or visit any links from unknown sources.
In addition, you can fill in the anti-phishing code in the WEEX account security settings interface. After that, all official emails you receive from WEEX will contain the code you set. If the code is not included, it may be a phishing scam email impersonating WEEX.
Other cryptocurrency scams
In addition, WEEX Exchange’s security and anti-fraud series of articles also introduces other common cryptocurrency scams such as hacker attacks, fake ICO/IEO, Ponzi schemes, and pump-and-dump scams.
Hacker attacks: Cryptocurrency exchanges and wallets are the main targets of hacker attacks. These cybercriminals will use various methods such as phishing and malware attacks to break through the defense and steal user funds. To prevent user accounts from being exposed to potential hacker attacks, WEEX recommends that users always use strong passwords and enable two-factor authentication (2FA).
Fake ICO/IEO scams: Initial coin offerings (ICOs) and initial exchange offerings (IEOs) are popular funding channels for emerging cryptocurrency startups, but not all such funding rounds are real. Many are orchestrated by scammers who build fake websites or set up social media profiles to promote fake ICOs, and unsuspecting investors will soon see their funds disappear without a trace after investing in these startups. To avoid falling for fake ICO/IEO scams, be sure to thoroughly research the project and its team before investing your money.
Pump and dump scams: Pump and dump scams usually involve a group of insiders planning to buy a certain low-priced token, which is usually newly launched and has a small market value. These insiders then use marketing tools such as social media to spread news about the token/project to hype it up in order to attract investors, encourage trading activities, and drive market demand, thereby driving up the price of the token. When the price of the token is high, these insiders quickly sell their tokens to make a profit and instantly smash the price of the coin to zero. At this point, most investors will be stuck with their tokens, and their tokens will become worthless.
Ponzi scheme: Fraud gangs often lure investors in with lucrative cryptocurrency investment returns. However, they will pay the funds invested by new investors to investors who joined earlier. In the end, this house of cards will collapse, leaving investors with nothing. If someone recommends you an investment project that sounds very profitable and tempting, please be vigilant and believe that there is no such thing as a free lunch. It is more of a trap.
How to choose a trustworthy trading platform?
Knowing so many scams in the cryptocurrency market, it is particularly important to choose a safe, reliable and trustworthy trading platform. Because if you fall into a scam project, you will lose a lot of money; if you fall into a black platform, you will lose all your money.
Cryptocurrency trading platforms are divided into centralized platforms (CEX) and decentralized platforms (DEX). DEX platforms have certain technical and professional knowledge thresholds for users, so DEX users generally have relatively rich security and anti-fraud experience. The following only discusses some key considerations when choosing a CEX trading platform:
1) Safety measures
Two-factor authentication (2FA): Make sure the exchange offers 2FA to increase account security.
Encryption and Cold Storage: Verify strong encryption and extensive use of cold storage to protect assets.
Risk control systems: Find ways to detect and mitigate suspicious activity in real time.
Proof of Reserves: Confirms that the exchange provides verifiable proof of reserves to ensure financial stability.
Protection Fund: The protection fund provides a safety net in the event of a security breach or system failure. WEEX Exchange has set up a 1,000 BTC investor protection fund since its inception to compensate for any user asset losses caused by reasons not attributable to the user. WEEX discloses the hot wallet address of the protection fund to all users, which can be checked and monitored at any time.
2) Record
Security incident history: Review the exchange's past security incidents and responses. WEEX exchange has never had any security incidents such as hacker attacks since its establishment.
Adapt and improve: As the exchange develops, it is crucial to continuously strengthen security measures. WEEX adopts AI + manual dual risk control security measures and continuously upgrades the security protection system, including cooperation with industry-leading security audit and security protection companies.
3) Customer Service
Formal exchanges have complete and efficient customer service systems that can respond to and solve user problems in a timely manner. Both the WEEX official website and App have 7*24 hours multilingual manual online customer service. In addition, users can also join the WEEX global community and contact staff for any questions.
4) User reviews and community trust
. Community Feedback: Read user reviews to learn about the exchange’s security and customer service experience.
. Participate in discussions: Active communication with the community builds trust and transparency.
. User education: Providing security best practices helps users protect their accounts.
By paying attention to these key initiatives, you can choose a cryptocurrency exchange that ensures the security and integrity of your investments.
Conclusion
In this crypto world full of opportunities and challenges, users' vigilance and self-protection awareness are crucial. By conducting in-depth research on projects, choosing trustworthy platforms, and being sensitive to security threats, we can effectively reduce the risk of becoming a victim of fraud. Let us work together to build a more secure and transparent Web3 ecosystem.
