Crypto Scams Guide
Cryptocurrency scams have cost users billions of dollars. The irreversible nature of blockchain transactions, combined with the pseudonymous environment and rapid innovation, creates fertile ground for sophisticated fraud schemes. Understanding the most common scam types and their warning signs is your best defense against losing funds to bad actors.
Table of Contents
Investment & Ponzi Scams
Investment scams promise guaranteed high returns with little or no risk — a fundamental impossibility in any legitimate market. Ponzi schemes use new investor deposits to pay returns to earlier investors, creating the illusion of profitability until the scheme collapses. In crypto, these often disguise themselves as trading bots, yield platforms, or mining operations claiming unrealistic daily returns.
Warning signs include guaranteed returns (no legitimate investment can guarantee returns), pressure to recruit others (pyramid structure), inability to withdraw funds easily, opaque investment strategies, and returns that seem too consistent regardless of market conditions. The crypto version of Ponzi schemes often adds technical jargon about algorithms and blockchain technology to appear more sophisticated.
Phishing & Impersonation
Phishing attacks in crypto take many forms: fake exchange login pages, fraudulent wallet connection prompts, malicious token approval requests, and impersonation of support staff on social media. Scammers create pixel-perfect replicas of legitimate websites and use social media accounts that closely mimic official accounts of protocols, exchanges, and influencers.
A particularly dangerous form is transaction phishing, where users are tricked into signing blockchain transactions that grant unlimited token approvals or directly transfer assets to the attacker's wallet. Address poisoning involves sending tiny transactions from addresses that look similar to your contacts, hoping you will copy the wrong address for future transfers.
Rug Pulls & Exit Scams
Rug pulls occur when project developers abandon a project after raising funds, often by draining liquidity pools or selling large token holdings. These are common with new token launches where developers retain the ability to remove liquidity, mint unlimited tokens, or disable selling for everyone except themselves. The 2021 bull market saw thousands of rug pulls across multiple blockchains.
Exit scams are similar but involve more established-appearing projects that operate legitimately for a period before disappearing with user funds. These are harder to detect because the project may have a functional product, active community, and apparent legitimacy before the operators decide to abscond with accumulated assets.
Romance & Pig Butchering
Pig butchering scams combine romance fraud with fake investment platforms. Scammers build relationships over weeks or months through dating apps or social media, then gradually introduce victims to fake crypto investment platforms that appear to show growing returns. Victims are encouraged to invest increasingly larger amounts before discovering the platform is entirely fraudulent.
These scams are often run by organized criminal networks using scripted conversations and professional-looking fake platforms. The emotional manipulation makes victims reluctant to seek help or accept they have been defrauded. Losses can be devastating, with individual victims sometimes losing their entire savings over the course of the manipulated relationship.
Technical Scams
Technical scams exploit blockchain-specific vulnerabilities: malicious smart contracts that steal funds when you interact with them, fake tokens that mimic real ones but contain hidden transfer restrictions, and clipboard malware that replaces copied wallet addresses with attacker-controlled addresses. Dusting attacks send tiny amounts of tokens to track wallet activity and identify targets for social engineering.
Fake wallet applications on app stores have stolen millions by appearing legitimate while secretly sending private keys to attackers. Malicious browser extensions can modify transaction details or inject code into DeFi interfaces. Always download wallet software from official sources, verify URLs carefully, and be suspicious of any application that requests your seed phrase.
Universal Red Flags
Guaranteed or unrealistic returns, pressure to act quickly, requests for private keys or seed phrases, unsolicited contact about investment opportunities, inability to verify team identities, anonymous developers for projects handling significant funds, and locked or restricted withdrawals are all major warning signs. Any legitimate project or service will never ask for your seed phrase or private keys.
Additional red flags include newly created social media accounts with purchased followers, projects that lack technical documentation or audits, aggressive marketing that focuses on price rather than utility, and communities that suppress criticism or questioning. Trust your instincts — if something feels wrong or too good to be true, it very likely is.
Protecting Yourself
Use hardware wallets for significant holdings, verify all URLs manually, never click links in unsolicited messages, research projects thoroughly before investing, use separate wallets for different risk levels (keep a hot wallet with small amounts for exploring new protocols), and regularly revoke unnecessary token approvals using tools like Revoke.cash.
Stay informed about current scam tactics through crypto security communities and news sources. Practice skepticism as a default — assume any unsolicited opportunity is a scam until proven otherwise. Never share screen access, seed phrases, or private keys with anyone for any reason, including people claiming to be support staff from legitimate services.
Frequently Asked Questions
What is the most common crypto scam?
Phishing attacks are the most prevalent, where scammers create fake websites, emails, or social media accounts mimicking legitimate services to steal credentials or trick users into signing malicious transactions. Investment scams promising guaranteed returns are the most costly in total dollar terms.
Can you recover scammed crypto?
In most cases, cryptocurrency sent to scammers cannot be recovered due to the irreversible nature of blockchain transactions. Some law enforcement agencies have blockchain forensics capabilities, and in rare cases funds have been frozen on exchanges. Prevention is far more effective than recovery.
Are crypto airdrops scams?
Legitimate airdrops exist, but many airdrop claims are scams designed to steal wallet credentials or trick users into approving malicious smart contracts. Never connect your wallet to unknown sites, and be extremely cautious of unsolicited airdrop notifications.
How do I report a crypto scam?
Report to local law enforcement, the FBI's IC3 (in the US), the FTC, your country's financial regulator, and the platform where the scam occurred. While recovery is unlikely, reports help authorities track criminal networks and potentially prevent future victims.