Follow us on Spotify, Apple Podcasts, or on your favourite Podcast Platform to get notified for new episode releases
June 13, 2022

#009: Crypto Scams Exposed ft. Chris


Today's episode is all about safeguarding ourselves against Crypto and NFT scams.

Cryptocurrencies are a hot topic in the virtual space, especially in online trading, and it is true that smart investors are making profits through their knowledge and research. 

But it is also true that sometimes, the prospect of getting rich quickly can make people blind to the risks and get lured by crooks into scams.

Knowing and understanding these scams makes it significantly easier to identify them, and avoid falling victim to them.

In this episode, our guest Chris helps us understand crypto scams in detail and how to defend our hard earned digital assets against bad actors. Chris is a crypto safety advocate and fraud investigator who investigates and exposes crypto and NFT scams. He is building an educational blog, “Know Your Crook” to educate people on protecting themselves against crypto fraud and scams.

Resources:
Chris's Blog: https://mirror.xyz/knowyourcrook.eth
Chris on Twitter: @KYC_Alliance
Transcript and Chapter Markers: https://www.buzzsprout.com/1968123/10773949

The MetaRoy Podcast is now featured as a Top 20 Web 3.0 Podcast by FeedSpot!

For more Web 3.0 content, subscribe to The MetaRoy Podcast on Apple Podcasts, Spotify or on your favorite podcast app.

Join The Discussion on the MetaRoyVerse Community:
Telegram: https://t.me/metaroyverse
Discord: https://discord.com/invite/aTMD29QYaT

Follow us on Social Media to get notified when new episodes are released:
Twitter: https://twitter.com/TheMetaRoy
Instagram: https://www.instagram.com/TheMetaRoy
Telegram: https://t.me/TheMetaRoyPodcast
LinkedIn: https://www.linkedin.com/company/TheM...
YouTube: https://www.youtube.com/channel/UCcTgICVk8IvK0D5JEO-1YCA
Facebook: https://facebook.com/TheMetaRoy

Products:
1. Get a Ledger Hardware Wallet from Ledger's Official Website: https://shop.ledger.com?r=e8e8c9fddde6
2. Manage your crypto taxes with CoinLedger (Use Code: CRYPTOTAX10 to get 10% off): http://coinledger.io?fpr=themetaroy
3. Start your Podcast Journey with Buzzsprout (Get a $20 Amazon Gift Card upon signing up with this link): https://www.buzzsprout.com/?referrer_id=1950635

DISCLAIMER:
1. The information contained herein is for informational and entertainment purposes only. Nothing herein shall be construed to be financial, legal or tax advice. Trading cryptocurrencies poses a considerable risk of loss and the audience is advised to do their own research before making any decisions.

2. I only recommend products I would use myself and all opinions expressed here are our own. This post may contain affiliate links which I may earn a small commission from, at no additional cost to you.

Support the show

Cheers,

Roy

Transcript

Episode 9: Getting Ahead of Crypto Scams ft. Chris


You're listening to The MetaRoy Podcast and welcome to a brand new episode. This is your host, Roy. And every week on this show, we learn about one aspect of the crypto world.

Now, cryptocurrencies are a hot topic in the virtual space, especially in online trading. And it is true that smart investors are making profits through their knowledge and research. 

But it is also true that sometimes the prospect of getting rich quickly can make people blind to the risks associated with crypto and get lured by crooks into scams. 

Chris' Introduction

In this episode, we are going to be talking about how we can protect ourselves from these cryptocurrency scams. And to tell you all about it, we have Chris with us today. Chris is a crypto safety advocate, fraud investigator, and a self proclaimed data nerd. 

Roy: Chris, thank you so much for joining us, and I really appreciate you taking the time out for speaking to us on this interview. 

Chris: Yeah, it's absolutely my pleasure. 

Roy: And if you're new to this show, do subscribe and follow me on Apple Podcasts Spotify pretty much every platform that you get your dose of podcasts on. 

Before we start, though, just a quick disclaimer. The following content is informational only, and none of it should be interpreted as financial advice, so please do your own due diligence before making any moves in the crypto space. 

With that out of the way, let's get started. 

Chris' Background in Fraud Investigation

Roy: Chris, can you start with your story? Can you tell us about your background and how you came to be in the crypto space? 

Chris: Yeah, absolutely. So currently, I'm an analyst and project manager for a global safety and security team. We operate in about 41 different countries, so I have a very broad remit that part of that is doing internal investigations. 

Prior to this, I was at a research Institute, primarily studying violent extremist groups and transnational criminal organizations for local and federal law enforcement. Everything that we did there, it was open source. It was looking at publicly available information, aggregating it, structuring it, and providing our analysis on how these groups were operating, where they were operating, and everything along those lines. 

The easiest way I can put it is I'm basically just a data nerd that happens to have a passion for financial crimes and money laundering and things like that, which being a data nerd, it fits very well in that realm. 

Chris' Thoughts on The Terra Luna Attack

Roy: Chris, have you actually been able to analyze the Terra Luna problem that happened, the attack that happened on Terra Luna, and whether did you gain any insights on how this attack panned out? 

Chris: So I haven't dug into it terribly deeply. I know there are others online that have. It seems like there were two things to this. There is somewhat of a question on whether or not this was actually a targeted attack or it was simply a flaw in the entire ecosystem and a flaw in the tokenomics that just happens to be triggered. 

So I generally go on the thought that you should never attribute to malice what can be explained by stupidity. And I kind of applied that to here and moved on. The other part of it, though, and what would actually make that possible is the fact that UST was not a backed stablecoin. It's not a stable coin that was backed one to one with Fiat. It was what they call an algorithmic stable coin. 

So basically it relied on Arbitrage to keep the peg. If it ever dropped below peg, then it could be traded for another asset, Luna at a fixed rate. And they hoped this would keep everything in line. And for the most part, it did right up until it didn't. 

So I think that if there's going to be any kind of takeaways, if you see any kind of stablecoin, understand what kind of stable coin it is and what's backing it. If it's backed by an algorithm in Arbitrage, or if it's backed by Fiat, if it's backed by a wealth of crypto assets, because all of them have their strengths and weaknesses, they all have their pros and their vulnerabilities. Even something like USDC, it's fully backed one for one by Fiat. It's actually been recognized by the state of New York, but it's centralized. 

And I know a lot of people in crypto, if you say something is centralized, it's like sunlight to a vampire. It's just like aaaah! Get it away. Everything has its pros and cons with UST. I think what ultimately happened was it was an algorithmic stable coin and something basically threw it off of the algorithm can no longer keep up. Whether that was coincidence or a targeted malicious attack, I don't know. And I don't know if many people outside of the good Mr. Do Kwon do.

The Anatomy of a Crypto Scam

Roy: Absolutely. Let's get into it right away. What are the typical scams that you have seen in crypto space? 

Chris: So it's kind of funny. A lot of the scans that I see in the crypto space mirror what you see outside of crypto as well. So all of the email based scams or text based scams that we've seen before have been replicated in crypto, just kind of has their approaches turned around a little bit. 

I find it really helpful to before going into the specifics of any given scam, think about what it is the people launching them are going after. And from what I can tell, there's only ever three things that a scammer will ever want to get from a person. They want the person to send them money. They want the person to send them enough information so that they can take the money themselves. 

So in crypto, this would be something like your seed phrase, or they want you to send them information that they can log into an email or social media account so that they can use it to send out the scam. And when they use your account, they're borrowing your credibility. If you get a DM from a completely random person, you're probably just going to ignore it. If you get a DM from a close friend of yours, you're not going to think twice about clicking a link on there such really what they all boil down to is send me money. Send me information so I can take your money or send me your socials and emails. When you have that in mind, almost any scam that you look at, any phishing email that comes in, anyone that slides into your DMs, anyone that says, hey, you won a contest that you had never entered, just go to our exchange and enter the promo code. All of these things, when you view it through that lens, start to become really obvious that they're trying to lease you in one way or another. 

From there, then you start to look at the approach that they take. And that's what I start to find is really the interesting part is how they actually approach somebody and how they actually try to talk you into clicking a link or going to a site or sending information or sending money. It's how they kind of dress it up and polish it. That starts to get really creative. And that's the fun part of studying a lot of this. 

The Most Creative Scam that Chris has ever seen

Roy: What's the most creative scam that you have seen? 

Chris: I had one guy, so I'll say I leave all my DMs open on all socials specifically so people will come in. And when scammers do reach out, I kind of play dumb and I play along just to see how everything goes. I had one guy that said he wanted to help me out. He for whatever reason, thought I was down on my luck and could use money and he wanted to help pay off a credit card bill that he thought I had.

So he said he was going to send me $5,000 and he wanted me to pay off my credit card bill, which I said was around $3,000. And then he said he wanted me to take the extra $2000 along to a couple of charities that he runs. And he just said, I asked why not send the money himself? He said, Well, I'm sending you the money anyway. Just do me a favor, right? 

The really interesting part of this one though was that he sent me bank account information. I mean, bank account routing, number, username and password, everything I would need to log into a bank account and transfer the money myself, right? He wasn't asking me to send him money. He wasn't asking me to do anything like that. He gave me all of the information to take the money myself. 

So I looked up the bank account that he gave me all this information for and it was a small construction company out in California. So I reached out to the construction company. I said, hey, I have someone here that's pretending to be the owner of your company saying that he's going to do X, Y and Z and he gave me this information. This probably isn't legit, is it? No, that's absolutely not. I don't know what happened. What have you. 

Of course it's not. So in thinking about it, this guy got the credentials to the bank account, remember? That's the second thing I said. Scammers will look for give me enough information that I can take the money myself. Right. Instead of them going into the bank account and taking the money themselves, they tried to get me to do it. They wanted me to take money, use some of it myself, and send the rest of them, their fake charities they had set up. If I had done that, there would be an investigation. Law enforcement would get involved and they would go right to me because I would have been the one that logged in, took the money, used some of it myself, and then sent it off. And it wouldn't matter where I sent it off to. That guy's logged on, I would have been on the hook for it and they still would not pay. 

So I thought that was a really clever way. They compromised someone's bank account and they wanted a pass. They wanted a fall guy to go in and pull everything out and just send some along to them. So that was a fun one. I liked that one. I mean, the guy is absolute dumb, but points for creativity. 

Which cohort gets targeted first?

Roy: Wow. Yeah. I think definitely we should award some points to him. But I have seen this pattern that more people on the elderly side of things who are not so tech savvy, they are being targeted more. Have you noticed this pattern in your research as well, or is it throughout the board? 

Chris: Yes. A lot of the approaches really rely on people being kind of ignorant of the crypto space and ignorant of how things work. So sometimes the approaches, they'll say that they have this. Actually, I had one just the other day that they said that they were making money mining a series with NFT, which if you know absolutely nothing about the crypto world and all that, there's a lot of buzzwords in there, like NFTs, Mining, Ethereum. There's enough buzzwords in there where it sounds like it's legitimate and maybe I just don't know enough about it. 

But you and I, or anyone that's in the space and it's been in the space for a while knows that it's absolutely. It's just a word salad. It means nothing. They had actually said that you purchase an NFT with Ethereum, you somehow stake the NFT to earn more Ethereum and they're earning, they said, thousands of dollars a week, something like that. Which of course makes absolutely no sense whatsoever. 

But like you said, if you're not tech savvy, if you're kind of ignorant to how this entire world works, that might actually make sense. Like, oh, wow, where can I buy these magical mining NFTs. And of course on that one he just wanted me to send him money so he could send me the NFT in return. So he got kind of lazy at the end of that one. But yes, you are absolutely correct. A lot of it really preys on ignorance of how this base works and how crypto works.

Roy: Exactly. And sometimes even at our age, it's very convincing enough. Even for people like me who has been used to this space, it is sometimes difficult to actually gauge whether it is like a scam or it is actually like a legitimate thing. 

Chris: Right. 

Roy: This is the most common thing that I have seen. People going on YouTube live and asking you to send them some Ethereum and they're giving you double of what they are sending you.

Chris: Right. 

Roy: And there's usually like somebody from MicroStrategy or some big shot in the crypto space talking about it and you feel like it's like him telling you that they are using a video of somebody else, but it's like they're telling you that send me some money and I'll give you a double of it back. So that's the most common one that I have seen. I almost fell for it myself, to be honest.

Chris: Yeah. They do some really clever editing of a video, taking soundbites out of context and linking everything together. So it sounds like exactly that. It sounds like, yeah, send it in, I'll send you back. And I've seen like I said on YouTube live, you'll have one or two people that are pretending to do it and they'll be in chat like, oh my God, I just got five Ethereum sent back to me. What have you. 

But it comes down to again, you think of those three things that a scammer wants. That first one, send me money. If anything starts off with send me money, those warning bells should be going off in your head, especially if it's send money to receive money. Never send money to receive money in any way, shape or form. 

Other Attack Vectors to Safeguard Against

Roy: So what are the other attack vectors that we should be careful about other than the obvious send me money and stuff, what are the other type of things we should protect ourselves from? 

Chris: Sure. So your seed phrase should never be given out or entered into any site for any reason whatsoever. The only time you ever have to use a seed phrase is if you are say, importing a wallet. 

So let's say I get new computer, I install Chrome or Brave on there and I want to put the MetaMask browser on there or the MetaMask extension. When I import my wallet, I'd have to put in my seed phrase to import it into MetaMask. Right? Outside of that, you will never need to enter it for tech support. You never need to enter it onto a website to go onto an exchange. If you win a contest, you don't need to give someone your seed phrase so they can send you money. It never, ever, under any circumstances outside of importing wallet, will you ever have to give away your seaframes? I really can't emphasize that one enough. 

The other major attack vector and we're seeing a lot more, especially in the NFT space, is malicious smart contracts. So anytime you connect your wallet to a contract, you get that little pop up that says this site is asking to blah, blah, blah, blah, blah. And most people see it as blah, blah, blah, blah, blah. And just like, yeah, whatever, let me click past so I can buy my eight pictures. 

And those permissions are really important to look at because when you go onto PancakeSwap or Trader Joe or any decentralized exchange like that, what you'll typically see is this site would like to view the contents of your wallet and suggest transactions for you to make right. So it just wants to view and suggest. Suggest means that you'll get a prompt whenever they want to make transactions right. It'll say like, do you want to enable this coin? Do you want to trade whatever. What the malicious contracts do is ask to set your permissions to all, which means they can view everything in your wallet. They can make transactions without asking permission. They can basically do anything they want in your wallet. And that's how you see all these stories of people clicked on a link, they thought there was a minting page, they connected to the contract, everything gets wiped out of their wallet because they set permissions to all. They told that contract it could drain everything out. 

If you simply pay attention to the permissions being asked when you connect to any site, even if it's something like Trader Joe or PancakeSwap that you've been on a thousand times before, there's always the possibility that those sites were compromised at some point and a different contract was put in place or there was actually a thing. 

A couple of weeks ago, EtherScan and a couple of other block explorers were targeted by these ads. Someone had managed to put an ad on EtherScan. That was basically a smart contract. So when you went to EtherScan, it asked you to connect your wallet. And most people were going there and thinking it's EtherScan. Why would I not trust this? But it wasn't EtherScan asking, it was that malicious ad. And they said, yeah, sure, connect whatever. I want to look up whatever coin and everything gets drained out. 

Always look at permissions, no matter what side you're on, no matter what you're doing. Always look at the permissions every single time. And that would prevent 95% of the most recent phishing scams I've seen. 

Resources for Educating ourselves against Crypto Scams

Roy: Absolutely. I think at this point, since you mentioned about people being ignorant, it is important to understand. For example, where do you go to do your research on security aspects and where can other people follow through with you, which are those particular resources that are useful in your opinion. 

Chris: So this is actually a problem that I've run into and one that I'm trying to correct. There is no one place, there's no single stop you can go to. Learn about all of these different attack vectors. Learn about all these different ways to keep yourself safe. Learn about all the latest trends. It's really something that I just have to aggregate from what I see on Twitter, what I see in Telegram channels, discord channels, just kind of looking at the world as a whole. Like looking at the social ecosystem around crypto as a whole and piecing everything together in terms of tools. 

There's a lot of different tools that can be used. There's a couple of different sites that will do smart contract scans and throw up warning signs as far as like, this is a honey pot. You can buy it, but you can't sell it or the ownership isn't renounced and they can blacklist any wallet and sell taxes to 100%. So it's really high risk. There are scanners out there that can do that. 

But like I said, there's no single source of all this information. 

And that's something that I'm trying to correct. I've been posting for a little while on a site called Mirror, which is like a substance or medium, but it's Web 3.0 based. So all the content I post on there is recorded to the blockchain and I own it. The website doesn't own it. So on there I've been posting DYOR guides like how to actually do your own research, Anatomy of a Scam, what scam and fraud actually look like. Anytime I'm playing along with somebody in my DMs, I'm taking screenshots of conversation and I'll post those so people can see what these scams look like when they play out. So I'm trying to make that resource that I wish was there when I first started in crypto. 

The other thing I'm trying to do is there's a lot of different communities out there that are focused on much of the same thing that I try to do. Exposing fraud, teaching people how to spot frauds and avoid them themselves, educating people on crypto basics and basics of safety. And there's a lot of different projects and communities out there doing this, and they're all kind of operating in their own little spaces within their own little niches. 

And I'm trying to now bring all of them together. I talked with a lot of them individually. I'm part of a lot of them. I mean, their telegrams and discords and talking with them on Twitter and all that. But I'm trying to bring them all in one place, and I'm trying to bring their collective knowledge and resources and just passion for education and for doing this stuff into one spot so we can kind of signal boost each other and we can start creating that single source that if somebody is new to crypto. Look, go to this place, go to this discord or this website or what have you, and just drink from the fire hose. Take it all in here's. Everything you need to know to successfully navigate this wild west of crypto. 

To circle back to the question, I pulled in stuff from absolutely all over the place, and I'm trying to have it coalesced into one spot. So there actually is that resource people can use. 

Roy: And for people who want to check that out, the link for the blog is in the description. If you're ever investing any penny into crypto, you should definitely first understand the security aspects of it before you actually invest in it. And always do your own research before investing into any new project. 

Chris: Absolutely. And do your research on how to research. If you're first starting out in crypto, you're going to hear that term. Do your own research, or DYOR where you are all the time. You will almost never see somebody tell you exactly how to do that. Which is why I put a guide together to tell you exactly how to do that or at least get started with it. 

Roy: Absolutely. For all the listeners out there, please go through that guide and do your own research before investing into any new crypto project that is out there. Because it is full of scammers and people like Chris are making it more safer for people like us to actually understand what are the security aspects around it and how to navigate that space. 

Hardware Wallets vs. Hot Wallets for Storing Crypto

Roy: Chris, this is a general question that has come up from the audience. They want to understand how important it is to invest in a cold wallet right away. Why can't they use their browser wallets to keep their crypto in? 

Chris: Right. So really, there are three kinds of wallets generally that your crypto could basically be sitting in there's, a wallet on a centralized exchange, something like Coinbase or Finance or cue coin, what have you. And when crypto is sitting on there, the old phrase goes, no keys, no cheese or not your keys, not your coins. You don't have the seed phrase. You don't have the private keys to the wallets on Coinbase or Finance or anything like that. So you don't really own that money. You kind of have an IOU, like a Promissory note for that money, and you have to ask them to actually send it to you. That's probably the riskiest place. You can hold funds. 

Centralized exchanges get hacked all the time. There was a thing CoinBase put out after their Q1 financials came out; basically saying, look, if we go bankrupt, we're probably going to take your funds to pay for it. So they just straight out said, your crypto will become our crypto if we need it to. So that's the riskiest place to keep it. Never keep funds on a centralized change. 

The second is hot wallets. These are wallets that you do have the seed phrase to like trust wallet, or MetaMask or Finney or any of the hundreds out there. You have the seed phrase to it. You actually have control over it. It is your own personal wallet you have custody over. The problem is they're entirely either browser or mobile based. And from that they're subject to all the vulnerabilities that your phone or your computer might be subject to. Even if something like the malicious contracts we were talking about earlier, where you go, you connected malicious contract, you hit accept and everything's gone because you said they could. They are more secure than a centralized exchange, but there's still risk in keeping them. There's still vulnerabilities that have been able to compromise wallets even without you connecting to a malicious contractors. 

So that's where the cold wallets come in. The Ledger and things like that. With the Ledger, you have to have a USB stick, the Ledger plugged into your laptop and connected before any kind of transaction or anything can happen to your wallet whatsoever. It's almost like a physical multi factor authentication. 

So with that in there, even if you connected to a smart contract, like a malicious contract, if you have a ledger and your ledger is not plugged in and connected, nothing will move out of your wallet. So that's why it's important that's one of the best ways to secure your funds, or at least the easiest way to really secure your funds is to actually have that physical cold wallet device. 

Roy: Absolutely. I personally use it myself, and I recommend anybody in the audience actually trying to invest in crypto to always get either a Ledger or Trezor or whatever device it is. But a cold wallet and a hardware wallet for it. Don't keep your crypto in the exchanges. Don't keep it on your browsers. Only keep what you can probably lose or you can probably use in the near future. 

Chris: Right. It is important to remember all the wallets that we have, like Metamask, Trustwallet, and all that. These are basically gateways to access your crypto. Your crypto isn't actually on MetaMask, it's on the blockchain. But MetaMask has the private and public keys with which to access those funds. 

The Ledger is kind of the same thing. Your funds are still on the blockchain, but it adds an extra barrier, an actual physical, real world barrier to accessing those funds. Whereas something like using just Metamask alone, there's only a digital barrier to accessing the funds. 

Roy: Absolutely. This question was actually posed by my wife. She actually was like, why do you keep so many Ledgers lying around? And I was like, hey, you know what? It's the new way of protecting your money. And she almost felt like I was like, Heisenberg or something protecting so much money, even though I didn't have any. But my wife actually understood that the purpose of it was actually to safeguard because there is no person who can actually approach. If your money is gone, it's gone. It's gone. 

Seperate Wallets for High Value Assets

Chris: That actually brings up a really good point too. You should not have all of your funds and all of your assets in one wallet. Use multiple wallets. If you have high value assets, like if you have a Bored Ape or Mutant Ape or anything like that, it should be sitting in its own wallet. If one wallet gets compromised, they shouldn't be able to get five apes and hundreds of thousands of dollars of coins and all that. Always have multiple wallets. Some for connecting with exchanges and Dapps and all that, some for minting, some for just holding. 

One really common thing, especially in the NFT space, is if you are ever going to do a mint, you do it from a fresh wallet that only contains enough money for gas and the mint. So create a brand new wallet, transfer over how much BNB or SOL or whatever you need, and do the mint from that. Once you have the asset, then you can transfer it to your OpenSea wallet or your holding wallet or whatever. But that way, if it is a malicious contract, if it is something that is designed to drain a wallet, they got gas money and that's it. 

The other thing I will note, since we're talking about hardware wallets, not if you decide to purchase one, but when you decide to purchase one, do so directly from the website. So if you're going to buy a ledger, go to the ledger website. Confirm it's the right website. Buy it directly from there. Don't buy it from Amazon or resellers or ebay or anything like that, because these are a piece of hardware. They can be compromised. They can be basically altered by scammers or by hackers so that when you plug it in and connect it to your wallet, everything gets drained out. 

And there's been instances of this in the past. I believe it was Ledger. Actually, somebody had mailed out a bunch of supposedly replacement ledgers saying, hey, we're sorry, there was X, Y, and Z issue; here's a replacement ledger, and they were all compromised to basically drain funds as soon as they were connected. So always buy directly from the website. Never a reseller, never a third party site. Doesn't matter how efficient they tell you they are, just go right to the website. 

Roy: Yeah, and it's scary. I think it happened in 2020, right? That Ledger's marketing list was email list was stolen. Right? And even that was a hack of epic proportions, like all of the marketing emails were stolen and people were actually wondering whether even Ledger is safe or not. Right? So even that can happen. But as far as we know, as of now, it's probably the safest solution to actually invest in a Ledger or a Trezor device and always keep your own keys and always have separate devices for high value assets. That's what Chris recommends at least. 

Chris: Yeah. Separate for high value assets, separate for connecting to any kind of Dapps out there or decentralized exchanges, things like that. Different wallets for different purposes. 

Roy: Yeah, exactly. 

Can Quantum Computing Break Down a Seed Phrase?

Roy: Chris, this is just a fun question. 

Chris: I like fun. 

Roy: When do you foresee seed phrases being cracked by quantum computing? 

Chris: I've had a lot of conversations about this. I don't know if people realize or not, but see phrases pull from a list of. I think it's 1000 words. So it's not like you can use any possible word in the dictionary. There's a thousand words. And seed phrases are twelve to 24 words long. So you have, say, twelve times 1000 possibilities in each one or 1000, 999, nine, eight each one. There are a finite number of seed phrases. 

I think that before we see seed phrases being cracked by quantum computing or anything like that, I think that's probably going to be a little ways off. What I think we're going to see beforehand, though, is people being able to randomly brute force seed phrases is every day more new wallets are getting created, right? And oftentimes they're kind of single use wallets. They are used for mint, something like that. And people create it. They do the mint, they forget about it. But there's a lot of wallets out there being created that are being used. The more wallets that are being created, the more seed phrases are being used. 

So that increases the likelihood that if you were to just enter a random seed phrase, just randomly pick twelve words out of the 1000 word list and enter it in, it's getting more and more likely that you'll actually hit a wallet. And it's not like you specifically targeted anybody. It's just that you brute forced it. You extrapolate that out. And instead of having somebody just sitting there and hand jamming each one, you set up a computer program. You set up a script to just randomly enter in seed phrases and see if there's a wallet associated with it. That I could actually see is becoming an issue. 

I think eventually seed phrases will start to force longer ones, like 14, 16, 18 words, what have you. But the wallets that are in existence can't change. So the ones that are being created now, it's just adding to that pool that could potentially be randomly sniped. Still an extraordinarily low possibility. Like, if you actually look at the numbers and the math behind it, it's still really low, but it's still a possibility. Never say never. 

Roy: Exactly. Never say never. There's no never in this. Yeah. I think I've been exposed to technology so much that it's always a possibility. There is always a possibility that you may be attacked in that manner. But till then, hold on to your hardware wallets and hold on to your keys and never let it reach that point.

Chris: Exactly. 

Where is the Future of Crypto heading?

Roy: On that note, this is just a general question. Where do you see crypto heading in the future? 

Chris: So I do see it eventually becoming kind of a ubiquitous part of daily life worldwide. I do think that eventually we will see mass adoption in one form or another. I think before that happens, we're going to see a regulatory revolution of it. And I think we're already starting to see the beginnings of that now. We're starting to see proposed bills like in the US. There's a couple of bills being proposed that specifically target cryptocurrencies for one reason or another. There's, of course, the SEC, the ongoing SEC suit with Ripple XRP. So on a regulatory front, we're already seeing the seeds being planted. 

At the same time, in the US, at least, investment firms that specifically deal with crypto donated more to political campaigns than the defense industry and pharmaceutical industry in the last year. So there's a ton of money pouring in to try to slow this, or at least if it's going to come make it as favorable to crypto as possible. So it's going to be a slow revolution. 

But I think the next major thing we're going to see is the regulation and kind of the legal aspects around it. The other thing we're starting to see is actual consequences for running scams. The other day, the DOJ announced an indictment against a former OpenSea executive who was indicted for insider trading, wire fraud. Now, overall, what this guy had done was relatively small potatoes compared to other crypto scams out there. But the fact that we actually saw legal charges for insider trading from somebody that used to be an OpenSea means that basically the floodgates are open. Now they're actually looking at this and saying this is something with actual value. And if you steal it or you do insider trading, we're going to prosecute you for it just like it was any other valuable assets, stock, commodities, anything. So we're starting to see consequences for bad action coupled with regulation. 

I think that starts going to be kind of the next level of building blocks toward mass adoption. So that's where I see things. It's going to be a slow, bumpy road. A lot of things that we see now are going to probably go away. I don't think we're going to see a quarter million dollar PFPs lasting very long, but NFTs themselves have a load of other technological capabilities to them. NFTs will live on. I just think that how they are used and how they are the form that they take later on is going to change. 

A Message to the Audience

Roy: Absolutely, Chris, as a message to our audience, if there are like three points you have to absolutely mention on this podcast as a message for new investors or people new to the crypto space, what would that message be? 

Chris: So for people new to the crypto space, never under any circumstances give out your seed phrase in any way, shape, or form. And I really can't stress that one enough. Always look at permissions when you connect to a smart contract every single time. Doesn't matter what size it is always look at the permissions and there is never a need to hurry up there's always time to do research on a trade buy anything if there's ever any kind of urgency if somebody is pushing you if it's hurry up and buy now the Mint is going to end in 20 minutes or we just went live. Get in now before we moon. Move on. If anyone tries telling you there's not enough time to do research they do not have your best interests in mind. Move on. There will always be another one there's always going to be another major project there's always going to be another opportunity. You're not missing out on anything. You're just delaying a little bit. 

So I think those are the three. Don't forget about your seed phrase always look at permissions there is always time to do your research

Roy: And the fourth one is always follow Chris's blog. Again link is in the description.

Closing Thoughts

Roy: On that note Chris thank you so much for speaking with us today. I especially loved how simple you made it for us to understand these important concepts about security, about protecting ourselves, protecting our money and thank you for sharing this insights and I wish you all the best in your future endeavors as well. 

Chris: I absolutely appreciate you having me on here. It has been a pleasure. I really hope that people find this useful. I try to make it accessible and I think that's what we really need to see in crypto is this information needs to be accessible and understandable for everyone if we want everyone to use it if we want everyone to be in this world so thank you very much for having me on and letting me ramble on a bit. 

Roy: Thank you so much.

Chris (KnowYourCrook.eth) Profile Photo

Chris (KnowYourCrook.eth)

Crypto Fraud Investigator

Crypto safety advocate, fraud investigator, and data nerd. I engage with scammers so you don't have to.