Back to list

How to Avoid Crypto Scams in India (2015–2025)

Как избежать мошеннических криптосхем в Индии (2015–2025)

Cryptocurrency Security: A Complete Guide to Asset Protection

Who this article is for: This guide is designed for both beginners and experienced users.

  • Beginners should pay close attention to the sections on basic security and phishing protection.
  • Advanced users will find useful information in the sections on DeFi, multisig wallets, and incident response.

Important Warning: The instructions in this article require careful attention. Incorrect actions—such as mistakenly revoking the wrong permissions or transferring funds to the wrong address—can lead to irreversible loss of assets. If you are unsure of your actions, test them first with a wallet containing an insignificant amount.

What to Do If You’ve Been Hacked: A Minute-by-Minute Checklist

If you suspect your keys or seed phrase have been compromised, act immediately. The sequence of steps is critical due to the risk of front-running (a situation where an attacker's bot sees your transaction in the mempool and executes its own transaction first by setting a higher fee).

Step 1. Isolation (First Minute)

  1. Immediately disconnect the compromised device from the internet.
    • Actions: Turn off Wi-Fi and Bluetooth, unplug the Ethernet cable, and disable mobile data. This will interrupt any active attacks and prevent malware from transmitting new data.

Step 2. Saving Assets (First 30 Minutes)

Important: Perform all subsequent actions on a different, known-to-be-clean device (e.g., a new phone/laptop or a device with a freshly installed OS).

  1. Create a new secure wallet. On the clean device, create a new wallet (ideally, initialize a new hardware wallet). Securely save its seed phrase in an offline format.

  2. Revoke Permissions (Revoke) — This is the priority! From the clean device, go to Revoke.cash. Connect your compromised wallet in "read-only" mode or via a secure connector (e.g., WalletConnect) and immediately revoke all active permissions (approve), especially unlimited ones.

    • Why this is more important than transferring assets: Attacks often occur not through direct theft, but via permissions you’ve granted to DeFi protocols. Revoking permissions strips the attacker of the ability to spend tokens from your wallet through vulnerable smart contracts. This is your chance to beat them to it.
    • How to do it on Revoke.cash: Connect your wallet. The service will show a list of all granted permissions. Find suspicious or unlimited (∞ sign) ones and click the "Revoke" button next to each. You will need to sign a transaction for each revocation.

  3. Transfer remaining funds. Only after revoking permissions should you transfer all surviving assets to your new, secure wallet. Start with the most valuable assets.

Step 3. Evidence Collection and Notification (First 24 Hours)

  1. Change passwords and reset 2FA. Now that your assets are safe, change passwords on all linked services (exchanges, email, social media). Unlink and re-link your 2FA. Changing passwords before moving funds is pointless and can be dangerous if the device is still compromised.
  2. Collect evidence. Take screenshots, save the attacker's wallet addresses, transaction hashes (TxID), and document the chronology of events with precise timestamps.
  3. Notify exchanges and analysts. Send a report to the support services of exchanges where the funds might have been sent, and to blockchain analytics companies (e.g., TRM Labs, Crystal Blockchain, Chainalysis).
  4. File a police report. Provide law enforcement with all the evidence you have collected.

Section 1. Basic Security: The Foundation of Your Protection

1. Managing Keys, Seed Phrases, and Passwords

  • Hardware Wallets. For storing significant amounts, use hardware wallets (e.g., Ledger, Trezor). They store private keys offline, protecting against online attacks (viruses, computer hacking), but not against phishing (where you sign a malicious transaction yourself).
  • Seed Phrase Storage.
    • No digital copies: Do not store your seed phrase in password managers, cloud services, notes, or photos. Write it down on paper or engrave it on a metal plate. Store copies in several physically protected and geographically distributed locations (e.g., at home and in a bank safe deposit box).
    • Test Recovery: After creating a wallet, always perform a test recovery using the seed phrase to ensure it was recorded correctly.
  • Advanced Backup Methods:
    • Shamir’s Secret Sharing (SSS): A method that allows you to split a seed phrase into several parts (shards) such that only a certain number are required for recovery (e.g., 3 out of 5). This protects against the loss or theft of a single part.
    • BIP39 Passphrase (the "13th/25th word"): An additional password that, when combined with your main seed phrase, creates an entirely new set of wallets. If an attacker steals your seed phrase, they cannot access the assets without the passphrase. Warning: Store the passphrase separately from the seed phrase. Losing it is equivalent to losing access to the wallet.

2. Digital Hygiene

  • Two-Factor Authentication (2FA). Use app-based 2FA (e.g., Google Authenticator, Authy) everywhere. Avoid SMS-based 2FA due to vulnerability to SIM-swapping attacks. Save your 2FA backup codes in a secure offline location.
  • Protection Against SIM-swapping. Contact your mobile operator and request a ban on reissuing your SIM card without your physical presence in the office or a specific keyword.

Section 2. Secure Transactions and Phishing Protection

1. How to Recognize Phishing and Social Engineering

  • Malicious Browser Extensions: Install extensions only from official stores and from verified developers. They can swap wallet addresses in your clipboard.
  • Fake Mobile Apps: Download wallets and apps only from official developer websites or official stores (App Store, Google Play), verifying the name and publisher.
  • Domain Phishing: Always type the website address manually or use bookmarks. Scammers register similar-looking domains (e.g., cоinbase.com using a Cyrillic "о"). Check the URL and for the presence of an SSL certificate (https://).
  • Address Verification:
    • Use checksummed addresses (EIP-55) for EVM networks. The mixed casing in such addresses (e.g., 0xAb58…) helps wallets automatically detect typos.
    • Cross-check smart contract addresses with the project's official sources (documentation, verified social media).
    • Check for verified source code of the contract in a blockchain explorer (e.g., on Etherscan).

2. Project Due Diligence (DYOR — Do Your Own Research)

  • Team and Audit: Research the project team. Check for smart contract audits from reputable firms (e.g., Trail of Bits, ConsenSys, OpenZeppelin) and the presence of an active Bug Bounty program.
  • AML Address Screening: Receiving funds from "dirty" addresses (linked to hacks, mixers, or the darknet) can lead to your account being frozen on centralized exchanges. Before a large transaction with an unknown counterparty, check their address via AML services (e.g., Crystal Blockchain, TRM Labs).

Section 3. Advanced Protection: For DeFi Users

1. Permission Management (Approve/Allowance)

When you interact with a DApp, you give it permission (approve) to spend your tokens.

  • Unlimited Approval: Convenient but extremely risky. If the smart contract is hacked, you could lose all tokens of that type.
  • Limited Approval: Much safer. You only allow a specific amount to be spent (e.g., 1000 USDC).
  • Best Practices:
    • Regularly Revoke Permissions: Use Revoke.cash to view and revoke unnecessary or unlimited permissions.
    • Simulate Transactions: Before signing a complex transaction, use simulators (built into some wallets like Rabby, or available as separate services like Tenderly Simulate). A simulator will show exactly which assets will leave your wallet and which will enter, without actually sending the transaction to the blockchain.
    • Multichain Context: Tools like Revoke.cash and Etherscan work for EVM-compatible networks (Ethereum, Polygon, BSC, etc.). For other blockchains (Solana, Cosmos), use their native explorers and tools.

2. Using Multisig and Guards

  • Multisig Wallets: To manage large sums, use multi-signature wallets (e.g., Safe). A transaction from such a wallet requires confirmation from multiple keys (e.g., 2 out of 3), which protects against the compromise of a single key.
  • Guards: Additional smart contracts that can be connected to your wallet (e.g., to Safe) to set rules: transaction amount limits, withdrawal whitelists, or time delays for execution.

3. Risks of Bridges and Mixers

  • Bridges: These are complex systems that are frequent targets for hackers. Use only large, proven bridges with good reputations and audits. Remember that you may also be granting permissions to bridge contracts on different networks.
  • Mixers: Services for anonymizing transactions carry more than just technical risks. Their use can lead to legal consequences in some jurisdictions. Your funds may be flagged as high-risk, leading to freezes on centralized exchanges.

Section 4. Post-Incident: Investigation and Recovery

Step 1: Collect and Document All Evidence

  • Transaction IDs (TxID).
  • Wallet addresses (yours and the attacker's).
  • Screenshots of correspondence, websites, and messages with timestamps.
  • URLs of fraudulent resources.

Step 2: Contact Exchanges and Analytics Companies

Immediately send emails to the support services of exchanges (where funds might have been moved) and to blockchain analytics companies.

Message Template for Exchange/Analytics Company:

Subject: Urgent: Stolen Funds, Asset Freeze/Tracking Required

Dear [Company Name] Team,

I have fallen victim to cryptocurrency theft and request that you track and, if possible, freeze the stolen funds.

Incident Details:

  • Primary Transaction TxID: [Insert transaction hash]
  • My Source Address: [Insert your address]
  • Destination Address (Attacker): [Insert address where funds went]
  • Blockchain: [e.g., Ethereum, BSC, Polygon]
  • Amount and Asset: [e.g., 1.5 ETH]
  • Date and Time (UTC): [Specify exact time]
  • Brief Description:
    [e.g.: "Funds were stolen after signing a malicious transaction on a phishing site example-scam.com"]

I am attaching screenshots and other evidence. I am prepared to provide any additional information and cooperate with law enforcement.

Step 3: Contact Law Enforcement

File a report with your country's cybercrime division. Attach all collected evidence and the ticket number from the exchange, if available.

Template for Police Report:

Crime Report (Cryptocurrency Fraud)

I request the registration of this report and the prosecution of an unknown person who, on [date, time], fraudulently obtained my crypto assets in the amount of [crypto amount] (equivalent to [fiat amount] at the time of the transaction).

Circumstances of the Case:
[Describe in detail what happened: how you encountered the fraudulent resource, how the communication occurred, and what actions you took].

Transaction Data:

  • Transaction Hash (TxID): [Insert hash]
  • Network (Blockchain): [e.g., Ethereum]
  • My Address: [Your address]
  • Attacker Address: [Attacker address]

Attached Materials:
[List all materials: screenshots of chats, URLs, responses from exchanges, etc.].

Legal Aspects: Investigation procedures and timelines vary greatly by jurisdiction. Be prepared for the process to take months or years. International cooperation may require official document translations. Consulting a lawyer specializing in cybercrime will increase your chances.

Useful Resources and Contacts

Tags

crypto scam prevention india
cryptocurrency security guide
crypto wallet hacked recovery
revoke smart contract permissions
defi security practices