Fraud And Security

Your funds are your funds, and your crypto is your crypto: CRYPTOZILLA maintains internal systems, like a bank or a broker. Our fully audited ledger identifies your account, your fiat and crypto holdings, and tracks your account activity in real time. There’s never a situation where customer funds could be confused with corporate assets.

We will never repurpose your funds: We do not lend or take any action with your assets, unless you specifically instruct us to. Many banks and financial institutions use customer funds for commercial purposes including lending and trading, meaning that they often hold only a fraction of their customer assets at any given time. CRYPTOZILLA always holds customer assets 1:1. This means that funds are available to our customers 24 hours a day, 7 days a week, 365 days of the year. The crypto space is a dynamic one, and we will always seek to use the best structures to ensure that our clients’ assets are managed in the safest way possible.

Phishing is any fake email, SMS message, or website that impersonates a real person or company in order to steal your personal information. They are designed to look and feel legitimate and can be difficult to spot. Remember, phishing attacks come in different shapes and sizes. They can be very sophisticated and difficult to spot at first. Emails, SMS messages, and automated voicemails are the most common channels used.

Keep your personal information private: Avoid sharing sensitive information, like usernames, passwords, and credit card numbers with people you don’t know.

Take your time: Be patient and extra vigilant when examining urgent requests from unknown or unsolicited senders.

URLs are your allies: Look at URLs and make sure there are no common typos in the web address. Attackers will often use domain names that are nearly identical to the one they are impersonating

Hover, don’t click: Avoid clicking links in emails before checking, especially if the email is unsolicited or is “urgent.” Hover over the link first and if the alt text doesn’t match the display text, don’t click on it. Look for bad grammar and misspellings. Misspelled words and bad grammar are signs that something is wrong. Be thorough and pay attention to these small, but important, details

Too good to be true: Any promise of extravagant rewards or monetary compensation should be treated with the utmost suspicion. Avoid clicking or downloading anything from messages that claim to offer you unrealistic rewards.

Security tip

Always use strong and unique passwords: A strong password is complex and unique. Avoid passwords that would be easy to guess and never reuse passwords across multiple accounts.

Protect your seed phrase: A seed phrase is a string of 12 to 24 words that is literally the key to a non-custodial crypto wallet. Anyone with access to your seed phrase has access to the crypto in that wallet. Be sure to protect your seed phrase.

Be mindful about what you make public: Avoid posting personal information online. The more information you put out there, the more data for an attacker to target you. Don’t make yourself an easier target

Lock your account if you think something is wrong

If you think your account has been compromised, you can lock it down and contact CRYPTOZILLA Support for assistance.

Don’t share your credentials with unknown parties: Remember, our support team will never ask for your password, 2FA codes, or for you to install any additional software.

Never grant remote access to your accounts: Avoid giving anyone access to your computer. If someone wants in, chances are they’re up to no good.

Write down your private keys and store them in a safe place. In order to best protect your assets, never give out your private keys.

Password security measures

The CRYPTOZILLA Security team takes numerous safety precautions to secure your account. This includes checking the dark web for signs that a third party may have compromised your CRYPTOZILLA account sign-in credentials. To ensure the safety of your account, CRYPTOZILLA will notify you to change your password if we find that your password may have been exposed through data breaches from other websites. This gives you the opportunity to change your password before your information can be used against you.

How did my password get exposed? While we can't always tell exactly how an attacker got your password, it's typically due to one of the following reasons:

  • Reusing the same password across multiple websites.
  • Entering your credentials into a phishing website.
  • Inadvertently installing keystroke-logging malware on your computer.

How do I secure my account? We strongly recommend that you immediately:

  • Run a malware scan on your computer using a reputable tool like Malwarebytes, which provides this service for free.
  • Change your CRYPTOZILLA password
  • Change your password on other websites, especially if you use the same password in multiple places. We also recommend using a trusted password manager like LastPass, 1Password, or Dashlane to easily generate and securely store unique passwords for all of your online accounts.
  • Use a strong 2-step verification method like a hardware security key or a Google Authenticator (TOTP). Go to your security settings to upgrade the 2-step method on your CRYPTOZILLA account.

How is my password protected on CRYPTOZILLA?

When you create a CRYPTOZILLA account, we use an algorithm called bcrypt to turn your plaintext password into a hash that’s unique to your account. This means that your password is stored as a random string of information which makes it hard to figure out. Therefore, no one including CRYPTOZILLA can decrypt your stored hash to figure out the underlying password. Instead, when you sign into your account, our system verifies it’s you by the stored hash that returns in our system.

What is a phone-based attack?

A phone-based attack (also known as SIM-swap or phone-port attack) is when an attacker has their target's phone number transferred to a mobile device under the attacker's control. Fraudsters do this through a variety of means, including identity theft and socially engineering mobile-carrier customer-support representatives. This type of attack is a threat to all accounts using SMS-based 2-step verification and any account that can be recovered using phone-based authentication.

Why did I receive an unexpected device confirmation email?

If you were not expecting to receive a device confirmation email, this means that someone was able to use your password and 2-step verification code to begin signing in to your CRYPTOZILLA account. Immediately perform the following steps to help ensure the security of your CRYPTOZILLA account. Change the password to both your CRYPTOZILLA account and your email account. You should use passwords that are entirely new, unique, complex, and unrelated to each other or other passwords you’ve previously used.

Beware of investment scams

Every significant rise in the price of Bitcoin (aka “bull run”) has introduced many new companies and investors to the space. This has also introduced numerous types of investment scams that prey on unsuspecting investors. These types of scams come in a variety of ways but here are some of the most typical scams: To report an investment scam, contact below: [email protected]

ICO (Initial Coin Offering)

Thousands of new blockchain-based companies enter the market each year with unique ideas and exciting projects. To raise money for their new company, they will often fundraise using an Initial Coin Offering (ICO). The company will accept Bitcoin or Ethererum as a deposit and in return, you’ll get their new crypto coin. Sometimes, these new companies have good intentions - other times, they are outright scams trying to steal your crypto. The best way to avoid these scams is to perform your own due diligence by researching the company. This involves reading the white paper, reviewing the team and key board members, and reading forums on what others are saying about the company. Putting the company name + “scam” into your preferred search engine will often immediately tell you if the company is legitimate or not. Before transferring your crypto, it’s vital to learn as much about the company as possible to avoid getting nothing in return.

Cloud Mining

Another way investors get involved in cryptocurrencies is through mining. Instead of setting up the miner yourself, certain companies can offer users “cloud mining contracts” to rent some server space to mine coins for a set rate. You send the company bitcoin and in return you get a portion of the profits of the miner over time with the goal of earning back more than you invested. Some cloud mining services make bold claims regarding their returns without being transparent about the true costs and diminishing returns. Some companies go as far as to guarantee returns. This is one of the most telltale signs that this is a scam. No company can guarantee a return when it comes to mining because of how complex and dynamic the mining business really is. Remember, if it sounds too good to be true then it most likely is.

Multi Level Marketing Companies

Often referred to as “MLM” or “Ponzi”, these are simple but alarmingly effective scams that lure people in with the promise of extraordinary profits. They operate by taking money from new investors to pay previous investors. These companies often promise you returns based on the number of people you invite to join. They rely on recruiting as many people as possible in order to sustain the business, often growing virally and rapidly. Eventually they collapse when the founders run off with the funds after they have exhausted their amount of new clients coming in.

How to Protect Yourself

Most of the time, you will find that there is little to no information available on the company outside of their own website. It’s also often difficult to find reviews online. You should pay attention to the company’s fine print and ensure that their claims are feasible and not too good to be true. Note: These are only a few of the most widely known investment scams found in the cryptocurrency industry. If you need to report an incident or you have fallen victim to this type of scam, reach out to our Live Chat support or submit a request at [email protected]. Additional resources for reporting and learning about fraud:

  • https://www.ssa.gov/scam/
  • https://www.aarp.org/money/scams-fraud/info-2020/cryptocurrency-investments.html
  • https://www.ftc.gov/imposter
  • https://ic3.gov/
  • https://www.consumer.ftc.gov/articles/what-know-about-cryptocurrency
  • https://www.fbi.gov/news/podcasts/inside-the-fbi-holiday-scams-120120
  • https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm
  • https://www.antifraudcentre-centreantifraude.ca/scams-fraudes/victim-victime-eng.htm
  • https://eba.europa.eu/contacts/complaints/frauds-and-scams
  • https://www.ebf.eu/ebf-media-centre/cyberscams/

How To Spot Cryptocurrency Scams

Cryptocurrency scams are easy to spot when you know what to look for. Legitimate cryptocurrencies have readily available disclosure, with detailed information about the blockchain and associated tokens

Read the White Paper

Cryptocurrencies go through a development process. Before this process, there is generally a document published, called a white paper, for the public to read. If it's a legitimate white paper, it clearly describes the protocols and blockchain, outlines the formulas, and explains how the entire network functions. Fake cryptocurrencies don't produce thoroughly written and researched white papers. The fakes are poorly written, with figures that don’t add up, and they don't explain how they envision the money raised being used. For comparison, read the white papers of well-known cryptocurrencies, such as Ethereum and Bitcoin.

Identify Team Members

White papers should always spotlight the members and developers behind the cryptocurrency. There are cases in which an open-source crypto project might not have named developers, which is typical for an open source. Still, you can view most coding, comments, and discussions on GitHub or GitLab. Some projects use forums and applications, like Discord, for discussion. If you can’t find any of these elements, and the white paper is rife with errors, then stand down, it's likely a scam.

Beware of ‘Free’ Items

Many cryptocurrency scams offer free coins or promise to “drop” coins into your wallet. Remind yourself that nothing is ever free, especially money and cryptocurrencies.

Scrutinize the Marketing

Owning cryptocurrencies is generally not a money-making endeavor. They are projects with a stated purpose and have coins or tokens designed to be used to promote the blockchain function. Valid crypto projects won’t be posting on social media or pumping themselves up as the next best crypto. Most valid cryptocurrency developers do not market the project's coin. Instead, they post documentation that outlines the cryptocurrency’s purpose. If it appears to lack a purpose, it's likely (but not always) a scam. It might be a cryptocurrency just to be a cryptocurrency, similar to Dogecoin, which has no official purpose.

You might see cryptocurrency updates about blockchain developments or new security measures taken, but you should be wary of updates like “millions raised” or communications that appear to be more about money than about advances in the technology behind the crypto.

Legitimate businesses exist that use blockchain technology to provide services. They might have tokens used within their blockchains to pay transaction fees, but the advertising and marketing should appear professional-looking. Scammers also spend on celebrity endorsements and appearances and have all the information readily available on their websites. Legitimate businesses won't ask everyone to buy their crypto; they will advertise their blockchain-based services.

How To Avoid Scams

There are several actions to take to steer clear of being scammed. If you notice any of the signs, don't click on the links, dial a phone number, contact them, or send them money. Also:

  • Ignore requests to give out your private cryptocurrency keys. Those keys control your crypto and wallet access, and no one needs them for a legitimate cryptocurrency transaction.
  • Shun enterprises that promise you’ll make lots of money.
  • Don't engage with investment managers who contact you and say they can grow your money quickly.
  • Be wary of "celebrities" contacting you. A real celebrity won't reach out to you about buying cryptocurrency.
  • Meet in person any romantic interests you connected with on an online dating website or app. Don't give them money.
  • Ignore text messages and emails from well-known or new companies, saying your account is frozen or that they are worried about it and can help you "unfreeze" it.
  • Contact a regulatory agency if you receive an email, text, or social media message claiming to be from a government, law enforcement agency, or utility company, stating that your accounts or assets are frozen. Don't answer the initial correspondence through their means of communication. Instead get details on how to connect from an agency's official website.
  • Ignore job listings for cash-to-crypto converter or crypto miner openings.
  • Scrutinize claims about explicit material a scammer may say they have about you that they threaten to post unless you send cryptocurrency. This is blackmail. Report it.
  • Don’t accept “free” money or crypto.

How To Report Scams

Several organizations can help you if you’re a victim of a cryptocurrency scam or suspect one. Use their online complaint forms to seek help:

  • FTC fraud report
  • Commodity Futures Trading Commission complaints and tips
  • Securities and Exchange Commission fraud reporting
  • FBI Internet Crime Complaint Center complaint

You also can directly contact the crypto exchange that you use. Find out if they offer fraud prevention or have other measures in place to protect your crypto assets and money.

What Are Common Cryptocurrency Scams?

They include so-called rug pulls, promises of romance, phishing, and investment schemes.

Can You Get Scammed If Someone Sends You Crypto?

Yes. Never accept transactions from any person or organization you're unfamiliar with. The only way someone can steal your crypto is if you give it to them in a scam that could include your giving them access to your private keys, or their hacking your digital wallet and stealing your keys.

How Do You Avoid Getting Scammed When Dealing With Crypto?

The best way is to stay up-to-date on scammers’ techniques and to remain alert. Know the signs of the scams, and secure your keys offline, outside your wallet, in cold storage. Also known as a cold wallet, this type of digital wallet is stored on a platform not connected to the internet, thereby protecting it from unauthorized access, cyber hacks, and other vulnerabilities that a system connected to the internet is susceptible to.