Crypto scams are fraudulent schemes designed to trick people into handing over their funds or wallet access — and they are one of the leading causes of loss in the space. Because blockchain transactions are irreversible and pseudonymous, there is usually no way to recover stolen funds. Understanding the patterns scammers use is one of the most protective things you can do before putting any real money to work.
Why crypto attracts fraud
A few properties of cryptocurrency make it a target. Transactions cannot be reversed once confirmed. There is no customer support line to call, no chargeback, no fraud department. Many newcomers are still learning the technology, and the potential for rapid price appreciation makes people emotionally susceptible to “can’t miss” pitches. Scammers exploit all three of these facts simultaneously.
This does not mean crypto is uniquely dangerous — fraud exists in every financial system. It means the consequences of making a mistake are unusually permanent, so prevention matters more than it does with a traditional bank account.
The most common scams
Phishing attacks
Phishing is the attempt to impersonate a legitimate service to steal your credentials or seed phrase. You might receive an email that looks exactly like one from your exchange, a browser pop-up warning that your wallet needs to be “verified,” or a search ad that leads to a near-perfect copy of a real website.
The goal is always the same: get you to type your seed phrase, private key, or login password into a page the attacker controls. Once they have that information, your funds are gone.
Defense: Bookmark the real URLs of exchanges and wallet interfaces you use regularly. Never type your seed phrase into any website for any reason. No legitimate service will ever ask for it.
Fake giveaways and impersonation
A verified-looking social media account — often mimicking a well-known founder, exchange, or celebrity — announces that it is “giving away” cryptocurrency. To receive your share, you just need to send a small amount first to “verify your wallet address.” You send funds; you receive nothing back.
These accounts often purchase fake verification badges or use display names and profile pictures nearly identical to real accounts. The pitch feels credible precisely because the scammer has put effort into appearing legitimate.
Defense: No real giveaway ever requires you to send funds first. Treat every such announcement as fraudulent by default.
Rug pulls and exit scams
A team launches a new token or DeFi protocol, often with professional-looking documentation, an active community, and early price gains. Once enough people have invested, the founders drain the liquidity pool or treasury and disappear. The token price collapses to near zero.
Exit scams range from outright theft to more subtle “slow rugs” where developers quietly abandon a project after selling their allocations. Understanding token unlocks and vesting schedules can help you spot projects where insiders hold large amounts of tokens with short lock-up periods — a structural risk factor.
Defense: Treat anonymous teams and unaudited smart contracts as high-risk. Look for projects with transparent teams, independent security audits, and reasonable vesting schedules. Be especially skeptical of tokens that appear on decentralized exchanges with no track record.
Pig butchering (romance scams)
This is one of the most devastating scam categories in terms of dollar amounts lost. A scammer builds a relationship with the target over weeks or months — via social media, dating apps, or messaging platforms — and eventually steers the conversation toward a “great investment opportunity.” The target is walked through a fake trading platform that shows fabricated profits. When the target tries to withdraw, they are told to pay fees or taxes first. Those payments disappear too.
The name “pig butchering” refers to the practice of fattening a pig before slaughter — building trust and increasing the victim’s investment before the final theft.
Defense: Be deeply skeptical of any investment opportunity introduced by someone you have not met in person. Verify that any trading platform you use is a recognized, regulated exchange. If you cannot independently find reviews and regulatory information about a platform, do not deposit funds.
Malicious smart contracts and wallet drainers
When you interact with a smart contract, you are authorizing it to take certain actions with your wallet. Some contracts are written specifically to steal funds — either by requesting excessive token approvals or by disguising what they actually do. “Wallet drainer” scripts often appear on fake NFT minting pages or in links shared in compromised Discord servers.
Defense: Only interact with contracts from official project websites you have independently verified. Regularly review and revoke unnecessary token approvals using tools designed for that purpose. Understanding how crypto wallets work will help you recognize when an approval request looks unusual.
Pump-and-dump schemes
A coordinated group accumulates a low-liquidity token, then aggressively promotes it across social media to drive price up. When latecomers buy in, the group sells, the price crashes, and retail buyers are left holding a near-worthless asset. This is illegal in regulated securities markets; enforcement in crypto varies widely by jurisdiction.
Insight: A sudden spike in social media volume around a small, obscure token — especially accompanied by claims of imminent “partnerships” or “listings” — is one of the clearest warning signs of a pump-and-dump in progress.
Recovery scams
After someone has been defrauded, they may search online for help recovering stolen crypto. Recovery scam artists target these people specifically, claiming to be investigators or blockchain specialists who can retrieve lost funds for an upfront fee. They take the fee and vanish.
Defense: Blockchain transactions are final. No legitimate service can recover funds from a completed transaction. Anyone who claims otherwise for money is running a second scam.
A comparison of red flags
| Warning sign | What it usually means |
|---|---|
| ”Send crypto to receive more back” | Guaranteed scam |
| Seed phrase or private key requested | Phishing or impersonation |
| Unaudited contract from unknown team | High rug-pull risk |
| Guaranteed returns or “risk-free” profit | False promise; illegal in most jurisdictions |
| Pressure to act immediately | Manipulation tactic to prevent due diligence |
| Unknown platform introduced by a new online contact | Likely pig butchering |
Simple habits that keep you safe
You do not need to become a security expert to avoid most scams. A handful of consistent habits handle the majority of risk:
- Slow down. Urgency is a manipulation tactic. Legitimate opportunities do not evaporate in minutes.
- Verify independently. If someone sends you a link, navigate to the site yourself rather than clicking it.
- Guard your seed phrase absolutely. It goes nowhere, ever — not into a website, not into a direct message, not into a support ticket. See the full guide on seed phrases and backups.
- Keep most funds in cold storage. A hardware wallet that is not connected to the internet cannot be drained by a malicious website.
- Use separate wallets for risky interactions. If you want to explore new DeFi protocols, use a wallet that holds only what you can afford to lose entirely.
Key takeaways
- Crypto transactions are irreversible, so prevention is far more important than recovery.
- Phishing, fake giveaways, rug pulls, pig butchering, wallet drainers, and pump-and-dumps are the most common fraud types.
- Your seed phrase is the master key to your funds — no legitimate service will ever ask for it.
- Urgency, guaranteed returns, and unsolicited investment tips are reliable indicators of fraud.
- Keeping the bulk of your holdings in cold storage dramatically reduces your exposure to online attacks.
- If someone claims they can recover already-stolen crypto for a fee, that is itself a scam.
Next up: Crypto Security Best Practices