What is a crypto scam: fraudulent schemes and how to protect yourself

Common Cryptocurrency Scam Schemes

Cryptocurrencies offer new opportunities for financial freedom and decentralized operations. However, the absence of centralized oversight provides fertile ground for scammers, who continue to develop more sophisticated fraud schemes. This section examines the most prevalent types of cryptocurrency scams, their warning signs, and real-world case studies.

1. Phishing

Phishing remains one of the most widespread methods of cryptocurrency theft. Cybercriminals create counterfeit websites that are visually indistinguishable from legitimate crypto wallet or exchange platforms. The purpose of these sites is to trick users into entering their account credentials, private keys, or seed phrases.

Key signs of phishing attacks:

• Unexpected emails from well-known cryptocurrency platforms requesting urgent updates or account verification
• URLs that differ from the original by a single character (e.g., replacing the letter "o" with the number "0" or adding a hyphen)
• Spelling errors in the domain name or email content
• Requests for private keys or seed phrases under the guise of "verification" or "security updates"
• Threats to block your account if you refuse to provide information

Case study: Recently, users of one of the largest cryptocurrency exchanges received a mass distribution of fake emails demanding immediate security updates. The emails contained a link to a spoofed website, visually identical to the official platform. Users who entered their credentials on the phishing site lost access to their accounts. This attack resulted in more than $280 million in cryptocurrency being stolen. The scammers used the stolen data to withdraw funds to anonymous wallets, making recovery nearly impossible.

2. Scam Platform Impersonation

Scam platform impersonation involves creating entirely fake crypto platforms that imitate legitimate exchanges, wallets, or investment services. These platforms promise high returns, attractive trading conditions, or exclusive investment opportunities. At first, everything appears legitimate—the platform functions, users can make small transactions, and even withdraw funds. However, this is merely a ruse to attract more investors and larger deposits.

Common signs of scam platforms:

• Promises of guaranteed high returns with no risk (contradicting the inherent volatility of the crypto market)
• Numerous fake positive reviews on third-party sites
• Aggressive pressure to invest more ("limited offer," "last chance," etc.)
• Difficulty or impossibility of withdrawing funds under various pretexts
• Lack of transparent information about the project team or legal structure
• Requests for additional payments to "unlock" withdrawals

Case study: Not long ago, the investment platform Arbistar, which promised high returns from cryptocurrency arbitrage trading, attracted over 120,000 investors globally. The platform was actively advertised on social media, hosted webinars, and showcased impressive trading results. For the first few months, users received the promised payouts, creating an illusion of legitimacy. Suddenly, the platform cited "technical problems" and suspended all withdrawals. It soon became clear this was a classic Ponzi scheme, where early investors were paid with the funds from new participants. When the platform collapsed, investors lost about $1 billion, and the founders disappeared with the stolen assets.

3. Fraudulent Tokens

Token scams take various forms and are growing increasingly sophisticated. Attackers use several main tactics to steal funds through fake or malicious tokens.

First attack type: Scammers airdrop tokens to user wallets en masse. These tokens appear valuable and may mimic popular cryptocurrencies. When users try to trade or swap these tokens on a decentralized exchange, a malicious smart contract is triggered. This contract gains access to the user's wallet and steals real assets.

Second attack type — Pump and Dump schemes: Organizers launch a new token and artificially inflate its price through coordinated activities. They use social media, messaging apps, and forums to create hype and attract uninformed investors. When the price peaks, the organizers sell all their tokens for massive profits. The token price then collapses, leaving regular investors with worthless assets.

Key signs of fraudulent tokens:

• Tokens unexpectedly appear in your wallet without any action on your part
• Tokens have suspicious names or closely imitate popular cryptocurrencies
• Aggressive marketing campaigns on social media promising rapid price growth
• Lack of information about the project, development team, or technical documentation
• Inability to sell the token or sky-high fees when attempting to sell

Case study: Recently, the SQUID token was launched, inspired by the popular TV series "Squid Game." The project was aggressively marketed as a blockchain gaming platform and quickly attracted millions of investors. Within days, the token’s price soared thousands of percent, peaking near $2,800 per token. However, investors soon realized they could not sell their tokens due to smart contract restrictions. The developers then vanished, deleting all project social media and the website. The token’s price collapsed to nearly zero within minutes, and investors lost about $3.38 million in total.

4. Rug Pull (Rug Pull)

The rug pull is among the most devious types of crypto fraud, especially prevalent in decentralized finance (DeFi) and new token projects. Project creators develop a token, aggressively promote it through social media, crypto forums, and influencers, promising breakthrough technology and high returns. They set up professional-looking websites, publish whitepapers, and may even commission smart contract audits to appear legitimate.

After attracting enough investors and accumulating significant funds, the creators suddenly withdraw all liquidity from the pool, making the tokens worthless. They then disappear, wiping all traces of their online presence.

Typical signs of a rug pull:

• Extremely aggressive marketing campaigns with unrealistic promises
• Anonymous development team or use of fake profiles
• No liquidity lock or only a very short lock period
• Centralized control over the smart contract, allowing the creators to change protocol rules
• Pressure on investors to act quickly ("limited offer," "presale today only")
• The project abruptly loses all value after a period of rapid growth

Case study: YAM Finance was recently marketed as an innovative DeFi platform with a unique rebalancing mechanism. It quickly captured the crypto community’s attention and raised over $750 million in its first 24 hours. However, a critical bug in the smart contract code soon made it impossible to manage the protocol. Despite the community’s efforts to address the issue, the project lost most of its value and investors suffered substantial losses. While the creators claimed this was an unintentional error, many experts believe the lack of testing and the rushed launch signaled irresponsible or fraudulent conduct.

5. Giveaway Scams

Giveaway scams exploit human greed and trust in authority figures. Scammers promise to double, triple, or return your cryptocurrency with profit if you send a specified amount. These schemes often involve hacked or fake celebrity social media accounts.

Typical giveaway scam scenario:

1. Scammers hack a celebrity account or create a fake one that is visually identical
2. They post about a "giveaway" or "charity event," promising to return double the crypto sent
3. A wallet address is provided for deposits
4. Bots generate fake comments from "happy recipients"
5. The post is quickly deleted after enough funds are collected

Key signs of giveaway scams:

• Promises to "double" or "triple" any amount of crypto
• Posts from celebrities announcing sudden crypto giveaways
• Urgency ("first 100 participants only," "offer ends in one hour")
• Requirement to send crypto first to "verify your wallet address"
• Numerous fake comments expressing thanks for the "reward"

Case study: Recently, hackers executed one of the largest attacks on the social network X (formerly Twitter), compromising the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and other major public figures. The hacked accounts announced a Bitcoin "giveaway," urging users to send Bitcoin to a specified address and receive double in return. Despite clear signs of fraud, thousands believed the offer due to the account holders’ reputations. Victims sent over $120,000 in Bitcoin to the scammers within hours. This incident demonstrated how effective scams exploiting celebrity trust can be.

6. Social Media Scams (Romance Scam)

Social media scams, also known as romance scams, are long-term manipulative schemes where criminals use emotional attachment to steal funds. This type of scam is especially insidious because fraudsters spend weeks or even months building a relationship of trust with their target.

Typical romance scam scenario:

1. The scammer creates an appealing social media or dating profile using stolen photos
2. Initiates contact and begins frequent communication with the target
3. Quickly accelerates a romantic relationship, showing excessive affection and concern
4. Gradually introduces the topic of crypto investment, posing as a successful trader or investor
5. Offers to "help" the victim earn with crypto, directing them to a fake investment site
6. Convinces the victim to invest increasing amounts, promising high returns
7. Disappears after receiving a significant sum or if the victim becomes suspicious

Common signs of romance scams:

• A new online acquaintance rapidly expresses intense romantic feelings
• Refuses to meet in person or use video calls, always citing excuses
• Shows keen interest in your financial situation
• Shares stories of crypto investment success and offers to "help" you profit
• Directs you to obscure or suspicious investment platforms
• Pressures you to transfer crypto, leveraging emotional attachment
• Asks you to keep the relationship or investments secret from friends and family

Case study: Recently, a 75-year-old woman in the US met a man on social media who claimed to be a successful businessman. After several months of daily communication, he told her about lucrative crypto investments and offered to help her earn money. He referred her to a professional-looking investment platform, where she saw her "portfolio" grow. Gradually, she transferred over $300,000 through this fake platform. When she tried to withdraw funds, she was told to pay "taxes" to unlock her account. After additional payments, the platform shut down and her "friend" disappeared. The investigation revealed both the platform and the "businessman" were part of an organized crime ring specializing in romance scams.

7. Extortion and Blackmail Schemes

Crypto extortion and blackmail leverage the anonymity of cryptocurrency transactions to demand ransom. Criminals threaten to expose compromising information, publish personal data, or disrupt IT systems. Cryptocurrency is the preferred payment method for extortionists due to the difficulty of tracing transactions.

Main types of crypto extortion:

1. Ransomware: Malicious software encrypts the victim's files and demands crypto payment for a decryption key.

2. Data exposure threats: Scammers claim to possess compromising photos, videos, or personal information and demand payment to remain silent.

3. DDoS extortion: Attackers threaten to launch denial-of-service attacks on company websites unless a ransom is paid.

Common signs of extortion schemes:

• Threats to reveal personal data, compromising information, or passwords
• Ransom demands exclusively in cryptocurrency (most often Bitcoin or Monero)
• Strict payment deadlines with threats to increase the amount or immediately publish data
• Mass mailings with identical threats (indicative of automated blackmail)
• Presentation of "proof" of hacking (often from public data leaks)

Case study: Recently, the hacker group DarkSide carried out a large-scale attack on Colonial Pipeline, one of the largest fuel pipeline operators in the US. The attackers used ransomware to encrypt critical systems, halting pipeline operations and causing fuel shortages and panic on the East Coast. The hackers demanded a $4 million ransom in Bitcoin to restore system access. The company ultimately paid the ransom to resume operations. Although authorities later recovered part of the funds, the incident highlighted the severe risk crypto extortion poses to critical infrastructure.

8. Money Mule Schemes

Money mule schemes are a form of fraud where criminals recruit unsuspecting individuals to launder illicit funds. Victims often do not realize they are participating in illegal activities until faced with legal repercussions.

How the scheme operates:

Scammers post enticing job ads promising easy earnings through crypto transactions. The positions are described as "cryptocurrency agent," "transaction processing manager," or "remote financial assistant." Requirements are minimal, and promised pay is disproportionately high for the work required.

After "hiring," the worker is instructed to:

1. Open new crypto accounts in their name
2. Receive cryptocurrency into these accounts
3. Convert it to other cryptocurrencies or fiat currency
4. Transfer funds to specified addresses, keeping a commission

In practice, the individual becomes a "money mule"—a middleman in a money laundering operation.

FAQ

What is a crypto scam? What are the main types?

A crypto scam is a fraudulent scheme aimed at stealing cryptocurrencies. Main types include airdrop scams, phishing sites, impersonation of public figures, fake investment projects, and Ponzi schemes. Scammers often pose as major investors or promise unrealistic returns.

How do you identify fake crypto investment projects and Ponzi schemes?

Avoid promises of excessive returns. Verify the project’s background and team. Do not trust unverified claims. Review the whitepaper and the developers’ reputation before investing.

What is a Pump and Dump and Floor Price Scam?

Pump and Dump refers to artificially inflating an asset’s price through hype, then dumping it on the market. Floor Price Scam involves developers misappropriating project funds or removing liquidity, resulting in investor losses.

What are the hallmarks of phishing sites and fake wallet apps? How do you avoid being scammed?

Phishing sites and fake wallets ask for your 24-word seed phrase or offer free cryptocurrencies. Never share seed phrases. Use only official websites and verified apps. Always check URLs and only download apps from official sources.

What are common social engineering and impersonation tactics used in crypto scams?

Fraudsters impersonate celebrities or support staff, build fake trust via social media, offer deceptive investment advice, or send phishing links. Common tactics include fake airdrops, bogus job offers, requests for transfer verification, and cloning official websites to steal wallet data. Be wary of suspicious contacts, unrealistic promises of high returns, and urgent offers.

How can you safely buy and store crypto to prevent fraud and theft?

Use reputable, licensed platforms. Enable two-factor authentication. Store assets in hardware or cold wallets. Never share private keys or mnemonic phrases. Regularly update your software and antivirus protection.

What should I do if I become a victim of crypto fraud?

Contact law enforcement immediately and file a fraud report. Preserve all transaction and communication evidence. Notify the platform where the theft occurred and block your accounts. If possible, try to trace wallet addresses using blockchain analytics.

What features and certifications should legitimate crypto exchanges and projects have?

Legitimate crypto projects should use two-factor authentication, KYC/AML verification, regulatory registration, transparent team information, and security audits. These measures ensure user fund safety and legal compliance.