The complexity of cryptocurrencies plus the recent growth makes it easy for scammers to gain traction. BitPay has recently identified two new scams that take advantage of unsuspecting users. Educate yourself on how you can protect yourself from people online who may be trying to scam you.

BitPay is not a trading platform and does not employ traders. There are no BitPay employees selling cryptocurrency. BitPay employees will never reach out via social media, email or phone asking for personal information. The only legitimate means of communication to actual BitPay employees are:

The only way to buy cryptocurrency through the BitPay app is to go to the app and use Simplex or Wyre to purchase.

Here are two main types of scams we’ve identified:

  • Testnet
  • Mutisig

Testnet Scams and How to Identify Them

The bitcoin blockchain is called livenet. Testnet is a parallel network used exclusively for testing. The testnet network is necessary for our developers and testers to review the code and test app functionalities. Testnet and livenet coins are distinctly different since coins on livenet have monetary value and testnet coins do not have any monetary value. Therefore, you can't use livenet coins on the testnet network, and you can't use testnet coins on the livenet network.  

Scammers leverage the testnet network by reaching out to users as an alleged authorized cryptocurrency trader or vendor with an extremely lucrative offer, usually too good to be true. When the user agrees to purchase the cryptocurrency, the scammer assists the user in creating a testnet wallet. After the testnet wallet is created and the user has paid for the cryptocurrency, they receive testnet coins. These coins have zero monetary value.

Once the testnet coins are received in the user's wallet, the vendor then says the testnet wallet and coins must be activated or converted typically in one of these two scenarios:

  • The scammer impersonates the BitPay Support Team and informs the user that their testnet coins must be converted to be usable and in order to perform the conversion, they must pay the scammer an additional fee.
  • Once the user pays the fee and tries to send the testnet coins to another address, they realize that it is not possible. Then they reach out to the scammer, who asks for an additional fee to activate their wallet.

Typically, the user is scammed more than once by the initial scammer:  during the payment for the cryptocurrency, to “convert” funds and then to "activate" funds.

It is important to note that you cannot convert or activate testnet coins between livenet and testnet wallets. These scams are found with any cryptocurrency that has a testnet network, including Bitcoin (BTC), Bitcoin Cash (BCH), Ripple (XRP), Litecoin (LTC), Doge (DOGE), and Ethereum (ETH). This testnet scam is most common with Bitcoin.

Want to learn more about how to protect yourself from testnet scams? Read more here.

Multisig Scams and How to Identify Them

Multisig wallets are shared wallets between two to six users known as "copayers." Cryptocurrency transactions have to be signed before they can be broadcast. This wallet is unique because they may need more than one of the copayers to sign the transactions depending on their configuration, providing more security. However, it can also become a tool for scammers.

Let's consider the following scenario: John and Paul are two scammers and have a 3-2 multisig wallet. This configuration means the wallet has three copayers and requires two signatures to broadcast a transaction (move funds). John and Paul (the scammers) sell Bitcoin to Kristal (the user being scammed) and invite her to join their wallet. Kristal joins the wallet and can see funds that John and Paul (the scammers) have sent to that multisig wallet. However, because a multisig wallet requires two copayers to move the funds, Kristal cannot transfer funds from the wallet or prevent John and Paul (the scammers) from moving the funds out of the wallet. Similar to testnet scams, John and Paul (the scammers) may ask for additional money to unlock or release the funds. Because John and Paul (the scammers) are copayers, they never have to, and likely will never, release the funds.

Learn more about multisig wallets and scams here.

How to Protect Yourself from Scammers

We have compiled a list of recommendations below to help you avoid being scammed. While these may not protect against all scams, they are a great starting point.

Where to Buy Cryptocurrency

Never buy cryptocurrency from an individual. Always use a trusted vendor/exchange like Coinbase, Binance, OKEX, or you can buy cryptocurrency via Simplex or Wyre in the BitPay app. There are several exchanges to choose from worldwide. Make sure you choose one that operates in your country. Buying cryptocurrency from a trusted exchange will involve steps like account creation and identity verification in most cases. Purchasing cryptocurrency from a regulated exchange makes the operation clear and traceable. The payments are made through a bank account or credit card, which provides more security, and in case of fraud, as there is an intermediary (the bank or card institution), you can reach out to them and make a claim.

How to Identify If the Cryptocurrency is Legit

Here are some key points you need to know when thinking about purchasing cryptocurrency:

1. Regulations

Check if the exchange/broker complies with relevant regulations.

2.  Country

Some countries have stricter regulations than others. Therefore, financial institutions based in those countries tend to be considered more reliable.

3.  Website

Take some time to review the website of the company that is selling cryptocurrency. Here are typical red flags to watch out for:

  • URL without “HTTPS”: HTTP stands for HyperText Transfer Protocol, and HTTPS is the encrypted version of the protocol, which provides more security. Most fraudlent sites do not use a URL like HTTPS://. while having an HTTPS URL does not guarantee that the broker is reliable, not having it is a reason to consider it suspicious.
  • Dead links: Links on the page don't take you anywhere or only take you to the home page. Also, check that the social media links take you to the social media page.
  • Spelling errors: Fraudulent websites tend to have several spelling mistakes. Take your time to read as much of the page as possible.
  • Graphic elements: Ensure that elements on the page, like icons and pictures, load.
  • Not working elements: Dropdowns that are empty or say "object," "void," "empty," or other words that resemble a programming language and not the expected content. In many cases, the developers design the page taking a template, customizing some parts but leaving some untouched.
  • Phone numbers or email addresses: Try calling them to see if you can reach an actual person. If you send them an email, does it go through? If they reply to your email, does the email address look like it belongs to an actual company, for example, support@company.com? Or is it something suspicious like cryptotraders33@protonmail.com, millionairetoday@gmail.com, etc.?

Investment opportunities

Fake brokers usually offer "too good to be true" deals, incredible prices, and huge returns on the investment. Cryptocurrencies, like other assets, assume a risk, and nothing guarantees you will always make money with them. You may earn or lose, so brokers offering fixed gains of 20% monthly in your investment or of that nature are very likely a scam.

BitPay strongly recommends that users only acquire cryptocurrency from trusted parties and learn more before getting involved in these types of assets with a complex technical background.