Stay Safe
Crypto Scams Explained
Crypto's openness is its greatest feature — and the scammer's favorite playground. Learn the playbook below and you'll dodge 95% of attacks aimed at beginners.
The 12 most common crypto scams
Rug pulls — developers launch a token, attract liquidity, then vanish with the funds. Phishing — a fake site or email gets you to enter your seed phrase or sign a malicious approval. Romance scams (sometimes called 'pig butchering') — a long-term emotional con that ends in a fake investment platform. Fake support — impersonators reach out via Discord or Telegram offering 'help' that drains your wallet.
SIM swaps — attackers port your phone number, intercept SMS 2FA, and reset your exchange password. Address poisoning — a tiny transaction from a lookalike address tricks you into sending funds to the attacker. Fake giveaways — Elon Musk and other celebrities are impersonated to promise 'send 1, get 2 back.' Approval drainers — malicious smart contracts ask permission to spend your tokens, then drain them.
Investment 'managers' — strangers DM you with screenshots of fake profits, then offer to trade on your behalf. Ponzi yield schemes — promised 30%+ APY paid from new deposits, not real returns. Cloned exchanges — a near-identical website to a real exchange that captures your login. Malicious browser extensions — fake MetaMask or Phantom clones in the Chrome store.
The simple habits that beat almost all of it
Never enter your seed phrase into a website — ever, for any reason. No legitimate app or support agent will ask for it. Use an authenticator app for 2FA, not SMS. Bookmark the real URLs of every exchange and wallet you use, and only navigate via bookmark. Treat unsolicited DMs and 'too good to be true' offers as scams by default.
Use a hardware wallet for any amount you can't afford to lose. Verify smart contract addresses against the project's official site before approving transactions. Use revoke.cash periodically to cancel old token approvals. And run a separate 'hot' wallet for experimentation that holds only a small amount.
Red flags that signal a scam
- Guaranteed returns — No legitimate investment guarantees yield. 'Risk-free 30% APY' is always a Ponzi or a scam.
- Pressure to act fast — Limited-time mints, 'last chance' airdrops — urgency is the scammer's #1 tool.
- Asking for your seed phrase — Zero exceptions. If they ask, they're stealing.
- DMs from 'support' — Real support never reaches out first.
- Free money offers — 'Connect your wallet to claim' is the most common drain pattern.
- Lookalike URLs — uniswap.org vs uniswap-app.org. Always check the domain character by character.
Frequently Asked Questions
What should I do if I get scammed?
Move any remaining funds to a fresh wallet immediately. Revoke all token approvals via revoke.cash. Report to the FBI's IC3 (US), Action Fraud (UK), or your local cybercrime unit. Recovery is rare, but reporting helps law enforcement track patterns.
Can stolen crypto be recovered?
Sometimes, when funds end up on a major exchange that freezes them. Most often, no. 'Recovery agents' who promise to get your funds back for an upfront fee are themselves scams.
Why do crypto scams work so well?
Crypto transactions are irreversible, anonymous, and global. There's no chargeback button. That makes it the perfect target for fraud — and a reason to be far more careful than with a credit card.
What's a rug pull?
When developers of a new token (often on a DEX) abandon the project and drain the liquidity pool, leaving holders with worthless tokens. Common in unaudited new projects on Solana, BSC, and Base.
How do I check if a project is legit?
Look for a real team with public identities, an audited smart contract, a multi-year track record, and active community discussion outside of just hype. If any of those are missing, treat it as high risk.