The cryptocurrency space offers incredible financial opportunities, but it also attracts bad actors who exploit newcomers and even experienced traders. Understanding the most common scams is your first line of defense. This guide walks through six major scam types, how to recognize them, and practical steps to protect your assets.
Phishing is the most widespread crypto scam. Attackers create fake websites, emails, or social media messages that mimic legitimate platforms โ exchanges, wallet providers, or DeFi protocols โ to trick you into entering your private keys, seed phrases, or login credentials.
โ ๏ธ How It Works
You receive an email claiming your exchange account is "at risk" with a link to verify your identity. The link leads to a pixel-perfect clone of the real site. Once you enter your credentials, the attacker drains your funds within minutes.
โ How to Protect Yourself
Always type exchange URLs manually or use bookmarks. Enable 2FA on every account. Never click links in unsolicited emails or DMs. Check the URL bar carefully โ scammers use lookalike domains like "binnance.com" or "coinbbase.com".
Airdrops are a legitimate marketing tactic where projects distribute free tokens to build community. Scammers exploit this by creating fake airdrop campaigns that require you to connect your wallet to a malicious smart contract or send cryptocurrency to "qualify."
โ ๏ธ Red Flags
The airdrop asks you to send crypto first ("gas fee" or "activation fee"). The contract requests unlimited token approvals. The project has no verifiable team, no GitHub, and only appeared days ago. The offer creates urgency with countdown timers.
โ How to Protect Yourself
Legitimate airdrops never ask you to send money. Use a separate "burner" wallet for interacting with unknown contracts. Check official project channels to verify airdrop legitimacy before connecting your wallet.
A rug pull occurs when developers create a token, build hype to attract buyers, then suddenly withdraw all liquidity from the trading pool โ leaving investors with worthless tokens. This is especially common on decentralized exchanges where anyone can list a token.
โ ๏ธ How It Works
Developers launch a token with a slick website and aggressive social media marketing. They add initial liquidity to a DEX. As people buy in, the price rises. The devs then remove all liquidity in a single transaction, crashing the price to zero.
$2.8B
Lost to rug pulls in 2021
37%
Of all DeFi scam revenue
< 24hrs
Many tokens last only hours
โ How to Protect Yourself
Check if liquidity is locked using tools like our RugCheck feature. Look for verified contracts and audits. Be skeptical of anonymous teams. If the liquidity pool is small or unlocked, the risk of a rug pull is extremely high.
Pump-and-dump schemes involve coordinated buying to artificially inflate a token's price, followed by a mass sell-off by the organizers. These are often orchestrated through Telegram or Discord groups where insiders buy before the "signal" goes out to the wider group.
โ ๏ธ Warning Signs
Sudden massive price spikes with no news or development updates. Aggressive shilling on social media with unrealistic price targets. "Buy now before it's too late" messaging. Coordinated buying signals from group chats promising guaranteed profits.
โ How to Protect Yourself
If a token's price rises 100%+ in hours with no clear catalyst, approach with extreme caution. Avoid "signal groups" that promise guaranteed gains. Check on-chain data for suspicious wallet concentration. By the time you see the "signal," insiders have already bought lower.
A honeypot is a smart contract designed to let you buy but prevent you from selling. The token's code includes hidden restrictions that block sell transactions for everyone except the creator. You can watch your "profits" grow on paper, but you can never cash out.
โ ๏ธ How It Works
The contract code contains sell restrictions hidden in complex functions. You buy the token successfully. When you try to sell, the transaction fails or reverts. The only wallet able to sell is the deployer's address.
โ How to Protect Yourself
Use honeypot detection tools before buying any new token. Check if other wallets have successfully sold the token. Look at the contract code on a block explorer โ if the transfer function has unusual conditions, walk away. Start with a tiny test buy and try to sell immediately.
Scammers impersonate well-known figures in crypto โ founders, influencers, exchange CEOs โ to gain your trust. They create fake social media profiles, YouTube livestreams, or support channels where they offer "giveaways" that require you to send crypto first.
โ ๏ธ Common Tactics
Fake YouTube streams showing old footage with "send 1 ETH, get 2 back" overlays. Fake exchange support on Telegram that asks for your seed phrase to "verify" your account. Cloned Twitter accounts with slight username variations.
โ How to Protect Yourself
No legitimate person or company will ever ask you to send crypto to receive more back. Always verify accounts through official channels. Check for verified badges. Official support teams will never DM you first or ask for seed phrases โ ever.
๐ก Golden Rules
If it sounds too good to be true, it is. Never share your seed phrase with anyone โ not support, not admins, not friends. Use hardware wallets for significant holdings. Verify everything independently before acting on urgency.
Do: Use hardware wallets
Do: Enable 2FA everywhere
Do: Research before investing
Do: Use burner wallets for new contracts
๐ช Track crypto in real-time with our free tool
Open Tracker โ