You may have gotten a random text from a number you don’t know with the text
Your Gemini Earn balance is now available to withdraw at [domain]
Maybe you have a Gemini account, and you’re wondering if you have some crypto that you transferred recently. Or maybe you’re thinking you participated in some kind of free crypto giveaway you forgot about, and this is some kind of reward. Whatever you’re thinking, DO NOT CLICK THE LINK. This is a scam. The text is not from the real Gemini company, and there is no money for you to withdraw.
In fact, if you actually do have money on Gemini, attackers could be able to withdraw all the money from your account. Even if you have your bitcoin or crypto in cold storage and have secured your private keys offline, it could still be possible for malicious software or individuals to steal your money.
How Do You Know It’s A Scam?
Texting Is Not A Form Of Official Communication From Gemini
The first indication is that Gemini is texting you rather than emailing you. Though you may be using a phone number for 2-Factor Authentication, Gemini doesn’t actually have your phone number. They may have used your number for some kind of verification process at some point, but your phone number is not part of their normal communications with you as a customer.
You should always be suspicious if a “trusted” entity sends you an unsolicited message about your account, asking you to click a link, especially in the realm of crypto.
For example, your bank may text you for fraud prevention, but they won’t ask you to sign into your account from a text message. They will ask you to reply YES or NO, or go to email to confirm. Confirming information via email has its own set of risks, but in general, you should be very wary of clicking any links from text messages.
Not Related To Main Gemini Domain (Gemini.com)
The second indication that this is a scam is that the domain is not the official Gemini.com domain name. Anyone in the world can register a domain name, and many times common words or phrases can be used for different businesses in different jurisdictions. It’s feasible that someone in Singapore has a registered business using the name “Gemini”, but are not infringing on Gemini’s crypto exchange copyright.
The point being, anyone can register a domain name with the phrase “Gemini” in it. The domain names used may contain the world Gemini, but they are things like getgeminiearn.com and geminiclaim.net. There are an infinite number of combinations that could be used like redeemgemini.com or geminicash.com, any of which might seem related, but are actually registered to a completely different entity.
Gemini may use subdomains, but the format is like this: exchange.gemini.com, where the subdomain precedes the root domain. In this case, exchange is a subdomain of the root domain gemini.com, and owned by the same company.
Two other subdomains that Gemini uses are shop.gemini.com and support.gemini.com. I’m not aware of any other specific subdomains that Gemini uses, but one could conceivably be earn.gemini.com. See how the gemini.com portion remains the same? Gemini would never change that part and ask you to go to that domain.
Anti-Phishing Warning From Gemini
Lastly, because of this barrage of texts to their customers, Gemini actually sent out a warning email to all its customers stating:
Our security team has learned that some Gemini customers are being targeted by phishing campaigns via calls, texts, and emails claiming their Gemini Earn balance is available for withdrawal.[Gemini.com]
Please be aware that you do not have any pending redemptions from the Earn program. If you received one of these messages you should not click on the link provided.
Gemini will never text you. Gemini’s primary support channel is email. Gemini will only call customers in special cases upon request and after coordinating a date and time via email correspondence from email@example.com.
Earlier this year, Gemini Earn balances were frozen amid cascading liquidations of leveraged bets, fraud, and bad loans in the crypto industry. Gemini was part of the entire mess, as they had assets and loans tied up up GCG (Genesis Global Capital). Gemini is pissed, of course, but what do they expect playing games with shitcoins?
Where does the yield come from? The yield comes from suckers lending their bitcoin to shitcoiners, and people found out the hard way that when the Ponzi crumbles, only the people holding their private keys will still have access to their bitcoin.
Do You Even Have Assets On Gemini Earn?
I guess that’s all besides the point. If you got caught up in the whole Gemini earn thing, I can’t blame you. Tons of people were doing it. In fact, I had money on BlockFi at one point because I simply didn’t know any better. If you lost money, or are still waiting on some sort of redemption, good luck to you, but the most valuable thing you’ll get out of all this is the lesson to hold your own keys.
Personally, I never had any assets on Gemini Earn, which is partly why I knew this text I got was a scam. I did have a Gemini account, and I did have a BlockFi account, so I thought for a split second that maybe I did have some kind of balance I forgot about, but I knew the routine: DO NOT CLICK THE LINK.
I logged in on a separate computer. I have 2FA activated, and generally keep no balance on my accounts, so I wasn’t worried about getting my account hacked. Of course there was no unusual activity, and it was clear the texts were a scam. I probably has my email address leaked as part of a data breach for BlockFi or Gemini at some point, and now I’m just a part of the scam network forever.
This is why you should never keep a balance on any bitcoin exchange, and why you should always have the most stringent security measures in place for your accounts (2FA, whitelisting, balance withdrawal limits, email confirmations, etc), even if it seems inconvenient at the time. There may be a time where your future self thanks your paranoid current self.
You may have, or have had assets on Gemini Earn in the past. If you do/did, you can still ignore these texts, and any other texts related to Gemini Earn.
List of Scam Domains Related To Gemini Earn
No doubt I’ll continue to get scam texts as I’m a mark with an account at a crypto exchange, and I’ll continue to update this list as I find more scam domains related to Gemini.
How Can Attackers Steal My Crypto Balance on Gemini?
Even with the most stringent security measures in place, attackers can steal any money in your Gemini account. Your account is not insured, and if the breach is the result of your mishandling of your security, it’s likely you’ll have no recourse to get your money back.
If you have very low security measures like an easy-to-guess password and no 2-Factor Authentication activated on your account, an attacker could steal your balance simply by hacking your password and logging into your account and sending your crypto to their own address. Once the crypto leaves your account, there is no way to claw back the asset.
Internal security measures within Gemini might block an unfamiliar IP, or require extra verification via email. The same may apply to withdrawals initiated from an unknown device or strange IP location. Or maybe they don’t.
A more advanced attack could involve compromising your email address. If you have purchased any crypto-related devices like Ledger in the past, or have held any crypto-related accounts, your email address could be part of any number of data breaches. If any of the information leaked contained balance information, high balance users could be at risk for a more long term, advanced attack on their account.
This is a good reason to lock down your email with 2FA or even physical security keys like YubiKey to prevent unauthorized access to your email, as this can be a central point of failure for identity verification.
Even with advanced security measures in place, we are all human, and you can still be susceptible to social engineering. A phone call from a scammer could get you to compromise anything like security questions (birth place, dog’s name, mother’s name, etc) or even your 2FA security codes. Social engineering is how a teenager hacked Twitter in 2020. Social Engineering is how Bitfinex was hacked in 2016 for billions of dollars in bitcoin.
Clicking the links in these text messages likely takes you to a fake website asking you to enter your Gemini credentials. Even if they can’t actually access your Gemini account as a result of Gemini security, they are one step closer.
How Can Attackers Steal My Crypto In Cold Storage?
Even if your crypto is in cold storage, there are still plenty of ways that an attacker could steal your money.
The most obvious one would be if you click the link from the text message and it asks you to enter your private keys to any crypto. Because the private keys to any type of crypto are essentially the master key to spending your balance, if you type these into any platform, your money will be gone instantly.
NEVER TYPE YOUR PRIVATE KEYS INTO ANY WEBSITE.
This is the #1 way people get duped into losing all their crypto online. They go to a website, open up a malicious app, or run a malicious browser extension, and type their private key into the thing. Poof. Money gone. Impossible to get back. No customer service. No clawbacks. No refunds. No do-overs.
If your bitcoin is safe in cold storage, and the keys were generated properly, then it’s impossible for hackers to get it. With other crypto, I can’t say the same, as code varies, cold storage methods vary and there have been many vulnerabilities which have been exploited in the past. Though I’m writing about crypto in general when it comes to Gemini Earn and these scam texts, with regards to cold storage safety, I’m referring only to bitcoin. I can’t say much about the world of shitcoins and their security.
As long as your bitcoin is in cold storage and not on the Gemini.com crypto exchange, then even if your Gemini account is compromised, your bitcoin is safe. However, you should consider that you are on the radar of malicious attackers, and should review your cold storage and bitcoin security practices to ensure the highest levels of safety.