What Is a Crypto Scam — Common Fraud Schemes and How to

Popular Cryptocurrency Scam Schemes

Crypto scams cover a broad spectrum of schemes aimed at stealing users’ digital assets. Fraudsters constantly evolve their techniques, exploiting technological vulnerabilities and psychological manipulation. Understanding the main types of scams is the first step toward securing your funds.

1. Phishing

Phishing in the crypto world is a social engineering tactic where scammers create fake websites or send deceptive emails impersonating legitimate crypto services. Their goal is to trick users into entering login credentials, private keys, or seed phrases on a fraudulent platform.

Phishing Indicators:

• Unsolicited emails from crypto exchanges demanding urgent data updates or transaction confirmations
• URLs with minor differences from the original (for example, swapping the letter "o" with the number "0")
• Spelling mistakes in official emails
• Pressure and urgency tactics: "Your account will be blocked in 24 hours"
• Suspicious attachments or download links

Case Example: Recently, users of a major exchange received mass phishing emails demanding urgent account verification. These emails included links to a fraudulent site visually indistinguishable from the authentic platform. Users who entered their information lost access to funds totaling over $280 million. Scammers used the stolen credentials to withdraw crypto to their own wallets.

2. Fake Platforms (Fake Exchanges)

Fake platforms involve creating entirely fraudulent crypto exchanges, wallets, or investment services. These sites appear professional, offer full functionality, and may even display "growth" in your investments. However, users attempting to withdraw funds face blocked accounts or endless "technical issues."

Scam Platform Indicators:

• Promises of guaranteed high returns (for example, 20–50% monthly)
• Fabricated testimonials and recommendations from "successful investors"
• Aggressive marketing on social media and messaging apps
• Lack of company registration or licensing information
• Pressure to deposit more money to "unlock" withdrawals
• Minimal requirements to start trading
• Unable to withdraw funds without paying additional "fees"

Case Example: In recent years, the Arbistar platform—promoted as an automated crypto arbitrage trading system—attracted tens of thousands of investors with promises of steady passive income. The platform paid profits to early participants, building an illusion of legitimacy. Suddenly, all operations were halted due to "technical issues," and the founders disappeared with approximately $1 billion in assets.

3. Fraudulent Tokens (Token Scams)

Fraudsters create and distribute tokens that seem valuable at first glance. These tokens may appear in your wallet without notice (airdrop scam) or be marketed as an "exclusive investment opportunity." Attempting to sell or swap such tokens can trigger a malicious smart contract that accesses your wallet and steals real assets.

Fraudulent Token Indicators:

• Tokens of unknown origin that suddenly appear in your wallet
• No project information on reputable crypto resources
• Unrealistically high token prices with zero liquidity
• Requests to connect your wallet to unknown sites for "activation"
• Suspicious smart contract permissions (unlimited approval)

Case Example: Recently, the SQUID token—named after the popular series "Squid Game"—attracted millions of investors with aggressive marketing and promises of a crypto game. The token price soared to $2,856 each. However, investors soon discovered they couldn’t sell their tokens—the smart contract blocked sales. After the developers vanished and the price crashed to zero, investors lost about $3.38 million.

4. Rug Pull (Rug Pull)

A rug pull is a scam where crypto project creators aggressively promote a new token or DeFi platform to attract investments. After significant capital is invested, developers suddenly withdraw all liquidity from the pool and disappear, leaving investors with worthless tokens.

Potential Rug Pull Indicators:

• Aggressive social media campaigns promising "the next Bitcoin"
• Anonymous developer team with no public crypto industry track record
• No smart contract audit by reputable firms
• Large token concentrations held by a few addresses
• No liquidity lock
• Project value collapses after initial growth
• No real product or service behind the token

Case Example: YAM Finance recently drew attention as an innovative DeFi protocol with a rebasing mechanism. In just a few days, over $500 million was locked in the protocol. However, a critical smart contract bug made the protocol impossible to manage, resulting in the loss of access to more than $750 million. While this wasn’t a classic rug pull—the error was unintentional—the case highlights the risks of unchecked projects.

5. Giveaway Scams

Scammers claim they’ll double or multiply your crypto if you send them a specified amount. These schemes often pose as "giveaways" or "charity events" from well-known figures in crypto.

Giveaway Scam Indicators:

• Promises to "double" or "triple" your investment in a short period
• Messages allegedly from celebrities or crypto entrepreneurs about a crypto giveaway
• Requests to send crypto first for "verification" or "participation activation"
• Artificial urgency: "Offer ends in 1 hour!"
• Fake social media accounts with large numbers of (purchased) followers
• QR codes for "quick entry" into the giveaway

Case Example: Recently, hackers staged a large-scale attack on platform X (formerly Twitter), hacking accounts belonging to Elon Musk, Bill Gates, Barack Obama, and other prominent figures. Messages were posted about a "charitable Bitcoin giveaway": "Send any amount to the listed address and we’ll send back double." Victims sent over $120,000 in Bitcoin to scammers within hours.

6. Social Media Scams (Romance Scam)

This is a long-term scam where fraudsters build emotional relationships with victims via social media or dating sites. After gaining trust, the scammer offers "help" with crypto investments or requests financial assistance in cryptocurrency.

Romance Scam Indicators:

• Rapid relationship development with intense emotional expressions
• Reluctance to meet in person or communicate by video (always with "reasons")
• Suggestions to invest in "exclusive" crypto projects
• Requests for crypto financial help due to "temporary difficulties"
• Pressure to transfer funds via obscure platforms
• Claims of "successful" investments and high earnings
• Gradually increasing amounts requested

Case Example: In recent years, an elderly woman in the US met a man on a dating site who claimed to be a successful crypto investor. After months of communication, he convinced her to invest in a "high-yield" crypto platform. She sent more than $300,000 through a fake platform controlled by scammers. When she tried to withdraw funds, the platform stopped responding and her "friend" vanished.

7. Extortion and Blackmail Schemes (Crypto Extortion)

Scammers use threats and blackmail, claiming to possess compromising information (personal photos, videos, browsing history) and demanding ransom in cryptocurrency. Ransomware attacks that encrypt victims’ computer data are also common.

Extortion Scheme Indicators:

• Threats to publish personal or compromising information
• Ransom demands exclusively in crypto (usually Bitcoin or Monero)
• Strict payment deadlines
• Use of your actual passwords (often leaked in prior breaches) to add credibility
• File encryption on your computer with ransom demands
• Threats against your business or company infrastructure

Case Example: Recently, the hacker group DarkSide carried out a cyberattack on Colonial Pipeline, the largest pipeline operator in the US. Using ransomware, they encrypted critical company data and demanded $4.4 million in Bitcoin for restoration. The attack led to a temporary pipeline shutdown and fuel shortages on the East Coast. The company paid the ransom, though law enforcement later recovered part of the funds.

8. Money Mule Scams

Scammers offer easy jobs processing crypto transactions or "testing" platforms, effectively involving victims in money laundering. The victim becomes a middleman in illegal financial operations, risking criminal liability.

Money Mule Scheme Indicators:

• Remote job offers with low requirements and high pay
• Tasks include receiving crypto and sending it to other addresses
• Requests to open new crypto accounts or wallets
• Promises of earnings for "converting" or "testing" crypto transactions
• Requests to use your bank accounts for receiving and sending funds
• No formal employment contract
• Impossible to verify employer legitimacy

Case Example: In recent years, US law enforcement uncovered a criminal network recruiting people through job ads to "convert funds to crypto." Hired individuals received bank transfers from scam victims, exchanged them for crypto, and sent them to criminals’ wallets. Many participants were unaware they were laundering money and later faced criminal charges for aiding fraud.

Largest Crypto Industry Thefts in History

The history of cryptocurrency is full of massive frauds and thefts that have cost investors billions. Reviewing these cases reveals how crypto scams work and why due diligence is essential when managing digital assets.

1. FTX — $8 Billion

The collapse of the FTX crypto exchange and related trading firm Alameda Research ranks among the biggest financial scandals in crypto history. The exchange, long considered highly trustworthy, suddenly declared bankruptcy at the end of 2022.

Founder Sam Bankman-Fried stands accused of illegally misappropriating client funds totaling about $8 billion. Investigators found that client money was used for risky investments via Alameda Research, real estate purchases, and political donations. FTX clients lost access to their funds, and the native FTT token’s value plunged nearly to zero.

2. OneCoin — $4 Billion

OneCoin was one of the largest Ponzi schemes in crypto, operating from 2014–2017. Project founders, including Ruja Ignatova ("Cryptoqueen"), promised a revolutionary cryptocurrency to surpass Bitcoin.

In reality, OneCoin wasn’t a real cryptocurrency—no blockchain existed, and "mining" was entirely simulated. The project ran as a multi-level marketing scheme, rewarding members for recruiting new investors. It attracted about $4 billion globally. Ruja Ignatova vanished in 2017 and remains internationally wanted.

3. PlusToken — $2 Billion

PlusToken was marketed as a crypto wallet and investment platform, promising high returns from arbitrage trading and mining. It gained popularity among Asian investors, especially in China and South Korea.

The platform promised monthly returns of 10–30%, attracting millions of users. In reality, PlusToken was a classic Ponzi, paying "profits" to early investors with funds from new users. In 2019, operators vanished with about $2 billion in crypto. Chinese authorities arrested several organizers, but most funds were never recovered.

4. Thodex — $2.6 Billion

Thodex was one of Turkey’s largest crypto exchanges, attracting users with low fees and aggressive marketing. In April 2021, the exchange abruptly halted operations, and founder Faruk Fatih Ozer fled the country.

At shutdown, roughly 400,000 users’ assets—totaling $2.6 billion—were frozen on the exchange. Users couldn’t withdraw crypto, and support stopped responding. Turkish authorities issued an arrest warrant for Ozer, who escaped to Albania. The case became Turkey’s largest crypto scam, leading to stricter industry regulation.

5. BitConnect — $2 Billion

BitConnect was one of the most notorious projects, operating as a Ponzi from 2016–2018. The platform promised up to 1% daily returns via a "trading bot" and "volatile software" allegedly generating crypto profits.

It used a multi-level referral system, incentivizing users to recruit new investors. Despite many warnings about pyramid scheme signs, BitConnect attracted billions. In January 2018, the platform abruptly closed after orders from US state regulators. The BCC token lost over 90% of its value in hours, and investors lost about $2 billion.

6. Mt. Gox — $450 Million

Mt. Gox was the world’s largest Bitcoin exchange from 2010–2014, handling up to 70% of all Bitcoin transactions. The exchange suffered hacks and management failures, losing about 850,000 Bitcoins (worth $450 million at the time).

In February 2014, it suspended all operations and declared bankruptcy. Investigations found that the thefts occurred gradually over years due to security flaws. Some funds were later recovered, and creditor reimbursements are ongoing. The collapse marked a turning point, highlighting the importance of strong security and regulation in crypto.

7. QuadrigaCX — $190 Million

QuadrigaCX was Canada’s largest crypto exchange until its sudden collapse in 2018. The exchange shut down after the death of its founder and CEO Gerald Cotten, who was reportedly the only person with access to cold wallets holding client funds.

According to the official account, Cotten died from Crohn’s disease complications while traveling in India, taking wallet passwords for about $190 million in assets with him. Later investigations found widespread violations and signs of fraud, including fake trades and misuse of client funds. Some experts suspect Cotten’s death may have been staged.

8. Africrypt — $3.6 Billion

Africrypt was a South African crypto investment platform founded by brothers Raees and Ameer Cajee. The platform promised high returns from crypto investments, attracting thousands of investors, mainly from South Africa.

In April 2021, Africrypt abruptly ceased operations, and the founders disappeared with Bitcoins worth about $3.6 billion (by some estimates). Before vanishing, the brothers told investors about a "system hack" and asked them not to involve police to avoid "complicating recovery." Investigations revealed the funds were moved through a complex transaction network, making them hard to trace.

9. Coincheck — $534 Million

In January 2018, Japanese exchange Coincheck suffered one of the biggest hacks in crypto history. Hackers stole 523 million NEM tokens worth about $534 million.

The attack was possible because most assets were kept in online hot wallets, violating security best practices. After the incident, Coincheck compensated affected users about $425 million from its own funds. The event led to stricter exchange regulation and improved security standards in Japan’s crypto market.

How to Protect Yourself from Crypto Scammers

Protecting yourself from crypto scams requires a comprehensive approach: technical security, critical thinking, and constant vigilance. Following the guidelines below will greatly reduce your risk of falling victim to a crypto scam.

1. Use Only Official Websites and Apps

One of scammers’ most common tactics is creating fake versions of popular crypto services. Protect yourself by:

• Download apps only from official sources: Use Google Play for Android and Apple App Store for iOS. Avoid downloading APK files from unverified sources.
• Check URLs: Scammers create domains nearly identical to originals (e.g., binаnce.com vs. binance.com, swapping "a" for the Cyrillic "а"). Always carefully check your browser’s address bar.
• Use bookmarks: Save official crypto service sites as browser bookmarks and always access them via bookmarks, not search engines that may show ads for fakes.
• Check SSL certificates: Make sure the site uses HTTPS (lock icon), but remember that HTTPS doesn’t guarantee legitimacy.
• Be cautious with browser extensions: Install only verified crypto extensions and regularly review your installed extensions.

2. Never Share Private Keys or Seed Phrases

Private keys and seed phrases are the ultimate control over your crypto assets. Their compromise means irreversible loss.

• "Not your keys, not your coins": Only you should know your private keys. No legitimate platform, exchange, or support will ever ask for them.
• Safe storage: Write your seed phrase on paper and store it securely (safe, bank deposit box). Never store it digitally on internet-connected devices.
• Use hardware wallets: For large sums, use hardware wallets from trusted manufacturers for maximum security.
• Spread your funds: Don’t keep all assets in one place. Use hot wallets for routine transactions and cold wallets for long-term storage.
• Beware of fake wallets: Download wallet apps only from official developer sites.

3. Enable Two-Factor Authentication (2FA)

2FA adds an extra layer of protection, requiring login confirmation from a second device.

• Use authenticator apps: Prefer Google Authenticator, Authy, or Microsoft Authenticator over SMS codes, which can be intercepted.
• Enable 2FA everywhere: Activate two-factor authentication on all exchanges, wallets, and related services.
• Save backup codes: When setting up 2FA, securely store backup codes for recovery in case you lose access to your authentication device.
• Use a dedicated email: Create a separate email for crypto accounts, protected by 2FA.
• Beware of SIM swapping: If using SMS-based 2FA, contact your carrier to add extra protection against unauthorized SIM replacement.

4. Avoid Unrealistic Income Offers

Crypto does not offer guaranteed high returns without risk. Critically evaluate all investment proposals.

• "Too good to be true": If an offer promises guaranteed high returns (e.g., 20% per month or doubling your money), it’s almost certainly a scam.
• Know the risks: Legitimate platforms always disclose risks and do not guarantee profits.
• Check the math: Ponzi schemes are mathematically unsustainable. If a project promises high interest to everyone, it will eventually collapse.
• Study income sources: Legitimate projects clearly explain how profits are generated. If the mechanism is unclear or vague, that's a red flag.
• Beware of pressure: Scammers often create artificial urgency ("offer only valid today") to rush you into decisions.

5. Never Enter Data on Unknown Sites

Phishing sites are among the most common threats in crypto. Protect your credentials:

• Check link sources: Never click links from emails, messenger messages, or social media—even if they look official.
• Use password managers: Password managers auto-fill credentials only on saved sites, helping prevent entry on phishing copies.
• Create unique passwords: Use different complex passwords for each crypto service. If one account is compromised, others remain safe.
• Be careful with Wi-Fi: Avoid accessing crypto accounts over public Wi-Fi networks, which may be compromised.
• Regularly check active sessions: Many platforms allow you to review active login sessions. Check them often and terminate suspicious sessions.

6. Review Project Feedback and Documentation

Before investing in any crypto project, conduct thorough due diligence.

• Read the whitepaper: Carefully review the project’s technical documentation. Vague promises without technical details are a warning sign.
• Check the team: Research team member bios, LinkedIn profiles, and past projects. Anonymous teams require extra caution.
• Seek independent reviews: Read opinions on reputable crypto forums and communities. Be wary of fake reviews on the project’s own site.
• Check smart contract audits: For DeFi projects, audits from reputable firms (CertiK, Quantstamp, Trail of Bits) are crucial signs of legitimacy.
• Analyze tokenomics: Study token distribution, emission mechanisms, and any team token lockups (vesting).
• Check development activity: For open-source projects, review GitHub activity—regular updates and commits indicate ongoing work.
• Watch for red flags: Copycat whitepapers, grammar errors, lack of a working product, aggressive marketing with no tech foundation.

7. Protect Your Devices

Your crypto asset security starts with your device security.

• Use antivirus software: Install reputable antivirus programs and keep them updated.
• Update your operating system: Promptly install security updates for your OS and all apps.
• Avoid suspicious extensions: Don’t install browser extensions from unverified sources; some can intercept wallet data or swap recipient addresses.
• Use a dedicated device: Consider a separate device for major crypto transactions, not used for daily internet browsing.
• Verify recipient addresses: Always double-check the recipient address before sending a transaction; some malware swaps clipboard addresses.
• Beware of phishing apps: Download mobile apps only from official stores and check the developer.
• Regularly scan for malware: Use specialized tools to detect cryptojacking and other crypto threats.

Additional Recommendations

• Stay educated: Continuously learn about new scam tactics and protective measures. Crypto scammers are always advancing their methods.
• Don’t rush: Most scams use psychological pressure and artificial urgency. Always take time to verify and consider investment decisions.
• Trust your instincts: If something feels off, it probably is. Better to miss out than lose your money.
• Diversify: Don’t keep all assets on one exchange or in one wallet. Asset distribution lowers risk of total loss if one service is compromised.
• Report scams: If you encounter fraud, report it to law enforcement and alert the crypto community to protect others.

Remember: in crypto, security is your own responsibility. Transactions are irreversible, and once stolen or lost, funds are nearly impossible to recover. Vigilance, education, and following security best practices are your best defense against crypto scams.

FAQ

What is a crypto scam, and what are the common types?

A crypto scam is a fraudulent scheme on the blockchain intended to steal user funds or personal data. Common types include phishing (fake sites and emails), Pump & Dump (artificial price spikes), Ponzi schemes, and fake wallets. Protect yourself by verifying sources and never sharing private keys.

How can you spot and prevent common crypto scams like fake exchanges and price manipulation (pump and dump)?

Verify trading volumes across multiple platforms, research the project and development team, avoid coins with low liquidity and suspicious price spikes. Use reputable platforms, review whitepapers, and don’t fall for FOMO.

What should I do if I’ve been scammed investing in crypto? What steps can I take to protect and recover my assets?

Stop trading immediately and secure your credentials. Contact local law enforcement and gather all evidence of the scam. Consider consulting crypto asset recovery specialists for professional help.

What specific methods do phishing scammers, fake official accounts, and fraudulent airdrops use?

Phishing scams use fake sites and links to steal private keys. Fake accounts impersonate officials on social media. Fraudulent airdrops demand payments or wallet access in exchange for promised free tokens. Never share private keys and always verify official channels before participating.

What should you check before investing in crypto to confirm a project’s legitimacy and authenticity?

Examine the project’s whitepaper, team credentials, source code on GitHub, community engagement, and regulatory compliance. Ensure transparency and look for any red flags.

How does crypto fraud differ from traditional financial fraud, and why is the crypto sector so attractive to scammers?

Crypto fraud is marked by anonymity, decentralization, and complex schemes (like Ponzi schemes). Cryptocurrency attracts scammers due to irreversible transactions, the lack of central regulation, and laws lagging behind blockchain and crypto payment innovation—making it easier to hide crimes and transfer funds.