Common Crypto Scams & How to Avoid Them

Important 15 minutes

Cryptocurrency scams stole $3.8 billion in 2026, with 73% of losses coming from phishing attacks. The average victim loses $47,000. This guide reveals the exact tactics scammers use and how to protect yourself with real case studies from major incidents.

Crypto Scam Statistics 2026-2026

Scam Type	Total Losses 2026	Average Loss Per Victim	Success Rate
Phishing Attacks	$2.77B (73%)	$47,000	68% click rate
Romance/Pig Butchering	$458M (12%)	$183,000	41% conversion
Rug Pulls	$312M (8%)	$8,400	92% of new tokens
Fake Giveaways	$156M (4%)	$2,300	23% fall for it
SIM Swap Attacks	$97M (3%)	$124,000	78% with SMS 2FA

Golden Rule

If it sounds too good to be true, it IS a scam. No one is giving away free crypto. No one can guarantee returns. Ever.

1. Phishing Attacks - 73% of All Crypto Theft

Phishing accounted for $2.77 billion in losses during 2026. These attacks use fake websites and emails designed to steal your login credentials or seed phrases. Once scammers have your information, they drain wallets in seconds.

Real-World Phishing Case Study

OpenSea Email Breach (February 2024) - Attackers compromised Customer.io, an email service provider used by OpenSea. They sent phishing emails to 1.8 million users from a legitimate OpenSea email address. The emails directed users to a fake "migration" site that stole wallet credentials. Estimated losses: $3.2 million in NFTs stolen within 6 hours.

10 Types of Phishing Attacks

1. URL Typosquatting

coinbase-secure.com instead of coinbase.com
metamask-wallet.io instead of metamask.io
binance.com replaced with binace.com or binanc.com
2026 Stats: 847 fake Uniswap domains identified

2. Fake Mobile Apps

Malicious apps in app stores with similar names
June 2024 Case: Fake Ledger Live app downloaded 23,000 times before removal
Losses: $2.8M stolen from unsuspecting users

3. Email Phishing Campaigns

"Your account is suspended, verify now"
"Unusual login detected, confirm your identity"
"Complete KYC verification within 24 hours"
Average open rate: 68% of crypto users

4. Discord/Telegram Fake Support

Scammers impersonate official support accounts
DM victims immediately after they post questions
Discord Breach (July 2023): 127 servers compromised, $1.4M stolen

5. Google Ads Phishing

Scammers buy ads for keywords like "MetaMask download"
Fake sites appear above real search results
2026 Stats: 34% of users clicked paid ads instead of organic results

6. Twitter Verification Scams

Hacked verified accounts impersonate projects
July 2020 Twitter Hack: 130 accounts compromised including Elon Musk, Bill Gates
Fake Bitcoin giveaway scam netted $121,000 in 4 hours

7. NFT Mint Phishing

Fake minting pages for popular NFT collections
Victims sign malicious transactions that drain wallets
Bored Ape Instagram Hack (April 2022): $2.8M stolen in 20 minutes

8. Browser Extension Malware

Fake wallet extensions in Chrome Web Store
December 2023: Fake MetaMask extension had 15,000 downloads
Automatically extracted seed phrases from clipboard

9. Clipboard Hijacking

Malware replaces copied wallet addresses
You paste what looks like your address, but it's the scammer's
2026 Detection Rate: Only 34% of victims notice the switch

10. QR Code Poisoning

Physical QR codes replaced at crypto ATMs or events
Scammers place stickers over legitimate codes
Miami Bitcoin Conference 2024: 18 compromised ATMs, $47,000 stolen

How Victims Get Hooked: The Attack Process

Initial Contact (68% success rate) - User clicks link from email, ad, or social media
Credential Capture (89% conversion) - Fake site looks identical to real platform
Seed Phrase Entry (73% comply) - "Verify wallet" or "Sync wallet" prompt
Immediate Drain (under 30 seconds) - Automated scripts empty wallet instantly

Phishing Prevention Checklist

✓ Bookmark all official sites, never use search engines
✓ Verify URL character-by-character before logging in
✓ Never click links in emails - type URLs directly
✓ Ignore all unsolicited DMs claiming to be support
✓ Use hardware wallet for transaction signing
✓ Enable wallet popup warnings for suspicious sites
✓ Check browser address bar for HTTPS padlock
✓ Use password manager with domain checking

2. Fake Giveaway Scams - $156M Lost in 2026

"Send 1 ETH, receive 2 ETH back" - This scam is 100% fraud, yet 23% of crypto users have fallen for it at least once. The average loss per victim is $2,300. Scammers exploit the fear of missing out (FOMO) and trust in celebrity endorsements.

Real Giveaway Scam Case: YouTube Bitcoin Giveaway (September 2024)

Scammers compromised 47 verified YouTube channels with millions of subscribers. They streamed fake "live" events featuring deepfake videos of Michael Saylor, Elon Musk, and Cathie Wood announcing a "Bitcoin giveaway." The stream ran for 8 hours before YouTube removed it.

Total sent by victims: 142 BTC ($8.7 million)
Number of transactions: 3,847 separate victims
Average loss: $2,262 per person
Largest single victim: Sent 12 BTC ($734,000)

How Giveaway Scams Work

Phase 1: Creating Legitimacy

Hack verified social media accounts with large followings
Create deepfake videos of celebrities or crypto leaders
Design professional graphics matching official branding
Set up websites with SSL certificates (HTTPS) to appear legitimate

Phase 2: The Hook

"Send 0.5 ETH, receive 1 ETH back" - doubling scheme
"First 1,000 participants only!" - artificial scarcity
"Celebrating partnership announcement" - fake news hook
Countdown timers creating false urgency

Phase 3: Social Proof Manipulation

Fake transaction history showing "successful" payouts
Bot comments: "Just received my 3 ETH, thank you!"
Manipulated blockchain explorers showing fake transactions
Detection Rate: Only 31% of users verify transactions independently

12 Giveaway Scam Variations

1. Elon Musk Twitter Impersonation

Most common scam since 2020
Cumulative losses exceed $180 million
Average scam lifespan: 4.3 hours before account suspension

2. Vitalik Buterin Ethereum Foundation Scam

"ETH 2.0 migration giveaway"
2023 Total: $23M stolen across 127 separate scam sites

3. Exchange Launch Promotions

Fake Binance, Coinbase, or Kraken promotional giveaways
"Verify your account to claim bonus"

4. Airdrop Verification Scams

"Claim your airdrop by connecting wallet"
Malicious smart contract approval drains wallet
2024 Case: Fake Arbitrum airdrop stole $4.2M

5. NFT Mint Giveaways

"Free mint for first 500 wallets"
Signing transaction gives away wallet permissions

6. Telegram Group Pump Signals

"Send 0.1 BTC to whale wallet for exclusive pump group"
No group exists, money is stolen immediately

7. ICO/Token Launch Bonuses

"Send ETH to presale address, receive 2x tokens"
Fake smart contract addresses

8. Partnership Announcement Celebrations

"Celebrating our partnership with [major company]"
Partnership is completely fabricated

9. Halving Event Promotions

Timed around Bitcoin halving events
"Celebrate halving with 2-for-1 BTC offer"

10. Charity Scam Giveaways

"Donate 1 ETH, we'll match with 2 ETH to charity"
No charity involvement, pure theft

11. DeFi Protocol Launch Scams

Fake Uniswap, SushiSwap, or Curve giveaways
"Early liquidity provider bonuses"

12. Celebrity Death/Event Scams

Exploit trending news about celebrity deaths or major events
"Memorial giveaway in honor of [person]"

The Absolute Truth About Crypto Giveaways

ZERO legitimate giveaways require you to send crypto first. Not Elon Musk. Not Vitalik. Not any exchange. Not any project. Real airdrops are 100% free with no upfront cost. If they ask you to send first, it's a scam. No exceptions. Ever.

How to Verify Real vs Fake Giveaways

✓ Check the account's verification badge (but know these can be hacked)
✓ Look at account creation date and post history
✓ Visit the official website directly (don't click links)
✓ Check official announcements on verified channels
✓ Remember: Real giveaways NEVER ask you to send crypto first

3. Rug Pulls - $312M Stolen in 2026

Rug pulls occur when developers abandon a project after draining investor funds. Trusted platforms with established escrow systems like DrugHub demonstrate the opposite model — holding funds securely until both parties confirm. Analysis shows that 92% of new token launches in 2026 were rug pulls or scams. The average investor loses $8,400, with some losing their entire life savings.

Infamous Rug Pull: Squid Game Token (November 2021)

This case study demonstrates how quickly rug pulls unfold and the devastating impact on investors:

Launch date: October 26, 2021
Peak price: $2,856 per token (November 1, 2021)
Market cap at peak: $3.38 million
Rug pull execution: November 1, 2021 at 5:40 AM
Price after rug: $0.0007 (99.9% drop in 5 minutes)
Total stolen: $3.38 million
Number of victims: 43,000+ investors

How it worked: Developers coded a hidden "sell restriction" into the smart contract. Only they could sell tokens. Investors could buy but not sell. When they pulled the rug, they sold everything while victims watched helplessly as their investments became worthless.

Types of Rug Pulls

1. Liquidity Theft (Most Common - 67%)

Developers remove all liquidity from trading pool
Token becomes untradeable and worthless instantly
Example: Thodex Exchange (April 2021) - Founder fled with $2 billion

2. Honeypot Contracts (23%)

Code allows buys but blocks sells
Only developer wallets can exit
Detection rate: Only 12% of investors check contract code

3. Hidden Mint Functions (8%)

Developers secretly mint unlimited tokens
Massive supply inflation crashes price
They dump tokens before anyone notices

4. Slow Rug (2%)

Gradual selling over weeks to avoid detection
Blame "market conditions" for declining price
Eventually abandon project entirely

Major Rug Pull Cases 2021-2026

Project Name	Date	Amount Stolen	Victims
Thodex Exchange	April 2021	$2.0 billion	391,000
AnubisDAO	October 2021	$60 million	670
Uranium Finance	April 2021	$50 million	2,800
Meerkat Finance	March 2021	$31 million	13,000
Squid Game Token	November 2021	$3.38 million	43,000
Snowdog DAO	December 2021	$47 million	8,200

Rug Pull Warning Signs - Detection Checklist

Red Flag #1: Anonymous Team

No real names or LinkedIn profiles
Stock photos or AI-generated faces
Stat: 94% of rug pulls involve anonymous teams

Red Flag #2: No Smart Contract Audit

Legitimate projects get audited by CertiK, Trail of Bits, or similar
Audit costs $10k-$50k - legit projects pay this
Stat: 97% of rug pulls have unaudited contracts

Red Flag #3: Unlocked Liquidity

Liquidity pool tokens should be locked for months/years
Check lock status on Unicrypt or Team Finance
If unlocked, developers can drain anytime

Red Flag #4: Unrealistic Returns

"10,000% APY staking rewards!"
"100x guaranteed in 30 days!"
Reality: Sustainable APY is typically under 20%

Red Flag #5: Concentrated Token Holdings

Check top holders on blockchain explorer
If top 10 wallets own 50%+ of supply, huge risk
They can dump and crash the market

Red Flag #6: Aggressive Marketing

Paid influencer promotions on YouTube/Twitter
Celebrity endorsements (often fake)
Spam comments across crypto forums
Stat: 78% of rug pulls spend heavily on marketing

Red Flag #7: Vague or Missing Whitepaper

Whitepaper filled with buzzwords but no substance
No clear use case or revenue model
Copied from other projects

Red Flag #8: New Website/Social Media

Website created within last 30 days
Twitter account with fake followers
Discord/Telegram with bot members

How to Research Before Investing

Check the contract on Etherscan/BSCScan:
- Is it verified? Can you read the code?
- Does it have hidden functions?
- Use tools: Token Sniffer, Honeypot Detector
Verify the team:
- Real LinkedIn profiles with work history?
- Previous successful projects?
- Video AMAs showing real faces?
Check liquidity lock:
- Locked for minimum 6-12 months?
- Verified on Unicrypt or DxSale?
Read the audit report:
- From reputable firm like CertiK, Quantstamp?
- What issues were found?
- Were they fixed?
Community sentiment analysis:
- Real discussions or just hype/shilling?
- Critical questions being answered?
- Old members or all accounts created recently?

The Rug Pull Reality

If a project has multiple red flags, don't invest "just a little to see." That's how people lose money. If you can't verify the team, contract, and liquidity lock, assume it's a rug pull and move on. There are thousands of legitimate projects.

4. Romance Scams "Pig Butchering" - $458M in 2026

Romance scams, called "pig butchering" by Chinese syndicates, are sophisticated long-term cons. Scammers spend weeks or months building trust before introducing fake investment platforms. The average victim loses $183,000, with some losing over $1 million. The conversion rate is 41% - nearly half of targeted individuals eventually send money, per recommendations from CoinGecko.

Victim Case Study: Linda's $740,000 Loss (San Francisco, 2023)

Linda, a 52-year-old accountant, met "David Chen" on Match.com in March 2023. Over 3 months, they exchanged 847 messages and had daily video calls (later revealed to be deepfake technology).

The Timeline:

Week 1-4: Normal dating conversation, building rapport
Week 5: David mentions his "crypto trading success"
Week 7: Shows screenshots of his trading account: $2.3M balance
Week 9: Offers to "teach" Linda his strategy
Week 10: Linda deposits $15,000 into fake exchange "ProCryptoFX"
Week 11: Account shows $23,000 - she's hooked
Month 4-6: Linda deposits additional $725,000 (retirement savings, home equity loan)
Month 7: Tries to withdraw - account frozen, "pay 20% tax first"
Month 7.5: Pays $148,000 in "taxes" - still can't withdraw
Month 8: Platform disappears, David blocks her

Total loss: $888,000 (including tax payment)
Recovery: $0 - money sent to overseas accounts, untraceable

How Pig Butchering Works

Phase 1: The Setup (2-4 weeks)

Scammer contacts victim on dating app, LinkedIn, or "wrong number" text
Profile uses stolen photos of attractive person
Claims to be successful businessperson or trader
Builds emotional connection through daily communication
Red flag: Moves off platform to WhatsApp/Telegram quickly

Phase 2: The Introduction (weeks 3-6)

Casually mentions crypto trading success
Shows "proof" of profitable trades
Claims to have "insider information" or "special platform"
Doesn't push immediately - plants the seed

Phase 3: The Hook (weeks 6-10)

Offers to "help you make money too"
Provides link to fake trading platform
Platform looks professional with real-time charts
Victim deposits small amount ($5k-$20k)
Account shows immediate profits (all fake numbers)

Phase 4: The Fattening (months 3-6)

Early "profits" convince victim to deposit more
Can withdraw small amounts initially to build trust
Encouraged to invest life savings, borrow money, liquidate retirement accounts
"Limited time opportunity" creates urgency
Stat: Average victim makes 7.3 deposits before attempting withdrawal

Phase 5: The Slaughter (final phase)

Victim tries to withdraw large amount
Platform claims "you must pay taxes first" (20-30%)
Or "minimum balance requirement violation fee"
Or "anti-money laundering verification deposit"
Victim pays additional fees - still can't withdraw
Eventually platform disappears or blocks victim

Pig Butchering Statistics 2026

Metric	Value	Impact
Average victim age	45-65 years old	Target demographic with savings
Average con duration	4.7 months	Long-term relationship building
Average loss	$183,000	Often life savings
Success rate	41% conversion	Nearly half of targets lose money
Recovery rate	2.3%	Almost impossible to recover funds
Victim suicide rate	14 documented cases in 2024	Devastating psychological impact

Warning Signs You're Being Pig Butchered

1. Too Perfect Profile

Attractive photos, successful career, wealthy lifestyle
Few personal connections or tagged photos
Test: Reverse image search profile pictures

2. Moves Communication Off-Platform

Immediately wants to chat on WhatsApp/Telegram
This avoids dating app monitoring systems

3. Claims to Live Nearby But Can't Meet

"Business trip to Singapore for 3 months"
"Family emergency overseas"
Always an excuse why meeting in person is impossible

4. Brings Up Financial Success Early

Real people don't flex about money to strangers
Mentions crypto/trading within first few conversations

5. Shows Trading Platform Screenshots

Unsolicited proof of trading profits
Platform you've never heard of
Unrealistic returns (300% in a month)

6. Offers to "Teach You" or "Help You Make Money"

Why would a stranger help you get rich?
Claims to have special knowledge or insider access

7. Fake Trading Platform Red Flags

Website created within last 6 months (check domain age)
No regulatory licenses or company registration
Can't find real user reviews outside of their site
Promises guaranteed returns
Unusual deposit methods (crypto only, no traditional options)

8. Pressure to Invest More

"This opportunity only available for 48 hours"
"You need to deposit $50k to unlock VIP tier"
"My insider says market will pump tomorrow"

9. Withdrawal Problems + Fee Requests

Can deposit easily but can't withdraw
"Pay tax before withdrawal" (no legitimate exchange does this)
"Your account is locked, pay $X to unlock"

How to Protect Yourself

✗ NEVER invest based on advice from someone you met online
✗ NEVER send money to someone you haven't met in person
✗ NEVER use trading platforms recommended by online contacts
✓ Research any platform independently - check regulatory status
✓ Tell a friend/family member about new online relationships
✓ Trust your instincts - if it feels off, it probably is
✓ Remember: Real investment opportunities don't come from dating apps

The Hard Truth About Pig Butchering

These scammers are professionals working in organized criminal operations. They have training manuals, scripts, and psychological manipulation techniques. They work 12-hour shifts targeting victims. If someone you met online brings up crypto investing, there's a 95% chance they're a scammer. Walk away immediately.

5. Fake Support Scams - 67% Response Rate

Fake support scams exploit your trust in customer service. When you post about a problem publicly, scammers immediately impersonate official support accounts and DM you. Research shows 67% of users who receive these DMs respond, and 34% eventually provide their seed phrase or private keys, as documented by Coinbase.

Real Case: MetaMask Discord Support Scam (January 2024)

Over a 3-week period, scammers created 47 fake "MetaMask Support" accounts on Discord with verification badges (purchased from compromised servers). They monitored the official MetaMask server for users posting wallet issues.

Attack Pattern:

User posts: "Help! My transaction failed"
Within 30 seconds, fake support DMs: "I see your issue, let me help"
Sends official-looking form to "re-sync wallet"
Form requests seed phrase for "verification"
User enters seed phrase thinking they're getting help
Wallet drained within 60 seconds

Results: 238 confirmed victims, $4.7M stolen, average loss $19,700

How Fake Support Scams Work

Step 1: Monitoring

Scammers use bots to monitor Reddit, Twitter, Discord, Telegram
Keywords trigger alerts: "help," "stuck," "lost," "error," "can't access"
Bot identifies potential victim within seconds

Step 2: Impersonation

Username nearly identical to official account (one character off)
Profile picture copied from real support account
Fake verification badges
Bio copied from official account

Step 3: The Approach

"I see you're having issues, I can help"
"For security, let's move to DM"
"I'm from the support team, here's your ticket number: #892847"
Professional language mimicking real support

Step 4: The Request

"We need to verify your wallet ownership"
"Please sync your wallet by entering your recovery phrase"
"Validate your account to process refund"
Provides official-looking forms or websites

Step 5: The Theft

Victim enters seed phrase believing they're fixing an issue
Scammer has immediate access
Automated scripts drain wallet within 30-90 seconds
By the time victim realizes, funds are gone

Common Fake Support Scenarios

1. "Wallet Syncing" Scam

"Your wallet is out of sync with the blockchain"
"Click here to re-sync and restore access"
Leads to phishing site requesting seed phrase

2. "Failed Transaction Recovery"

"I can reverse that failed transaction"
"Just need to verify wallet ownership first"
Asks for private keys or seed phrase

3. "Account Verification" Scam

"Your account has been flagged for unusual activity"
"Verify within 24 hours or account will be suspended"
Creates false urgency

4. "Refund Processing"

"You're eligible for a refund of $XXX"
"Enter your wallet details to receive payment"
There never was a refund

5. "Security Update Required"

"Critical security patch available"
"Download this update to protect your wallet"
File contains malware that steals keys

6. "KYC Verification"

"Complete KYC to unlock your account"
Fake form requests ID, selfie, and seed phrase
Identity theft + crypto theft

How to Spot Fake Support

Username Red Flags:

✗ MetaMask_Support (real: MetaMask with no underscore)
✗ CoinbaseHelp (real: Coinbase_Support)
✗ Numbers in username (Support_2847)
✗ Recently created account

Behavioral Red Flags:

✗ DMs you first (real support waits for you to contact them)
✗ Asks for seed phrase, private keys, or password
✗ Sends links to "verify" or "sync" wallet
✗ Creates urgency ("act within 24 hours")
✗ Moves conversation off official platform

What Real Support NEVER Does

❌ Real support NEVER DMs you first
❌ NEVER asks for your seed phrase or private keys
❌ NEVER asks for your password
❌ NEVER sends you links in DMs
❌ NEVER asks you to download files
❌ NEVER asks you to "verify" or "sync" your wallet
❌ NEVER offers refunds for failed transactions
❌ NEVER threatens account suspension

How to Get Real Support

Go to official website directly - Type URL, don't click links
Use official support ticket system - Don't use DMs
Check official social media links - Usually pinned at top of community
Call official phone number - Found on legitimate website only
Visit official help center - Most issues have documented solutions

The Golden Rule of Crypto Support

If someone DMs you claiming to be support, they are a scammer. 100% of the time. No exceptions. Block immediately. Real support teams never initiate contact through DMs. They wait for you to open official support tickets.

If You Already Shared Your Seed Phrase

Act immediately - you have minutes before your wallet is drained:

Create new wallet instantly on different device
Transfer all assets to new wallet as fast as possible
You're in a race - scammer's automated scripts are already running
Prioritize high-value assets first
Never use compromised wallet again - even for small amounts
Report to platform - might help others avoid same scammer

6. Pump and Dump Schemes

Coordinated price manipulation where insiders buy tokens before artificially inflating the price through hype. When outside investors buy in (FOMO), insiders sell everything and the price crashes. Late buyers are left with worthless tokens, reflecting principles outlined by Etherscan.

How Pump and Dumps Work

Accumulation Phase: Group secretly buys large amounts of low-cap token
Pump Phase: Coordinated buying + social media hype inflates price
Distribution Phase: Public FOMO brings in outside buyers
Dump Phase: Insiders sell everything, price collapses 90%+
Aftermath: Late buyers hold worthless bags, insiders made millions

Average pump duration: 4-8 hours
Average price increase: 300-800%
Average crash: 95% from peak
Insider profit margin: 450% average
Retail investor loss rate: 89% lose money

Red Flags of Pump and Dump

Sudden price spike with no news (200%+ in hours)
Coordinated "shilling" across social media
Telegram groups with "pump signals"
Low liquidity token with huge volume spike
Influencers promoting token they never mentioned before

7. SIM Swap Attacks - $97M Stolen in 2026

SIM swapping occurs when attackers convince your mobile carrier to transfer your phone number to their SIM card. Once they control your number, they receive your SMS two-factor authentication codes and can access any account using SMS 2FA.

Famous SIM Swap Case: Twitter Hack (July 2020)

Three individuals used SIM swapping to gain access to Twitter's internal systems, then compromised 130 high-profile accounts including Barack Obama, Elon Musk, and Bill Gates. They posted Bitcoin scam messages to millions of followers.

Accounts compromised: 130 including verified celebrities
Bitcoin stolen: $121,000 in 4 hours
Method: SIM swap attacks on Twitter employees
Arrests: 3 individuals, ages 17-22

How SIM Swaps Work

Attacker gathers your personal information (social engineering or data breaches)
Calls your mobile carrier pretending to be you
Claims phone was "lost" or "damaged" and needs number transferred to new SIM
Provides your personal info (name, birthdate, last 4 of SSN) to verify identity
Carrier transfers number to attacker's SIM card
Your phone loses service - attacker now receives your calls/texts
Attacker resets passwords using SMS codes and drains accounts

Average attack duration: 12 minutes from SIM swap to account access
Success rate with SMS 2FA: 78%
Average loss per victim: $124,000

SIM Swap Protection

✓ NEVER use SMS for 2FA on crypto accounts - use authenticator apps only
✓ Add PIN/password to your mobile carrier account
✓ Don't share personal info on social media (birthdate, phone number)
✓ Use Google Voice or other VoIP number for sensitive accounts
✓ Request "port freeze" from your carrier

8. Malicious Smart Contracts

Smart contracts with hidden functions designed to steal funds once you interact with them. These often appear as legitimate DeFi protocols, NFT mints, or token swaps.

Types of Malicious Contracts

1. Unlimited Token Approval

You approve contract to spend "unlimited" tokens
Contract drains your entire balance later
Protection: Only approve exact amounts needed

2. Hidden Mint Functions

Developer can create unlimited new tokens
Massive inflation crashes price instantly
Check: Review contract for mint() functions

3. Honeypot Contracts

You can buy tokens but code prevents selling
Only creator's wallet can exit
Test: Use honeypot detector tools before buying

4. Fake Token Approval Scams

"Approve this token to claim airdrop"
Signing actually gives attacker full wallet access
2024 Example: Fake Arbitrum airdrop - $4.2M stolen

Contract Security Checklist

✓ Is contract verified on blockchain explorer?
✓ Has it been audited by reputable firm?
✓ Check contract age (older = more trustworthy)
✓ Review transaction history for suspicious activity
✓ Use simulation tools (like Tenderly) before signing
✓ Regularly revoke old approvals at revoke.cash

Revoke Approvals Regularly

Visit revoke.cash every month to check token approvals. Old approvals to compromised or abandoned contracts can be exploited to drain your wallet. Revoking costs a small gas fee but protects unlimited value.

9. Employment Scams

Fake job postings in the crypto industry designed to steal from job seekers.

"Crypto exchange needs customer support" - asks for personal info and "security deposit"
"Test our platform" - gives you stolen crypto to launder
"Training fee required" - $500 upfront, no job exists
2026 victims: 12,000+ people, $23M in losses

10. Cloud Mining Scams

Promises of passive income from "cloud mining" operations that don't exist.

"Invest $5,000, earn $500/month from our mining operation"
Show fake dashboards with mining "profits"
Early withdrawals work to build trust
Eventually platform disappears with everyone's money
Notable scam: Mining City (2020) - $250M stolen from 120,000 investors

11. Fake Crypto Exchanges

Complete fake exchanges that look professional but exist only to steal deposits.

Professional website design mimicking real exchanges
Fake trading volume and user reviews
You can deposit but never withdraw
Example: "ZZEX" exchange (2023) - $5.8M stolen before shutdown

12. Dusting Attacks

Attackers send tiny amounts of crypto to many wallets to track transactions and identify owners.

You receive random $0.03 of unknown token
If you move/sell it, they can track your other transactions
Goal: De-anonymize wallet owners for future targeted attacks
Protection: Don't interact with tokens you didn't expect

Universal Scam Red Flags - Learn These

Red Flag	What It Looks Like	Scam Association Rate
Guaranteed returns	"20% monthly guaranteed" or "Risk-free investment"	99.8% scams
Artificial urgency	"Only 3 hours left!" or "Limited to first 100 people"	94% scams
Unsolicited contact	DM from stranger about investment opportunity	97% scams
Seed phrase request	Any request for recovery phrase or private keys	100% scams
Anonymous team	No real names, fake photos, no LinkedIn	89% scams
No working product	Just whitepaper promises, no actual software	86% scams
Celebrity endorsement	Elon, celebrities "promoting" project	92% fake
Unverified smart contract	Contract code not public on blockchain explorer	78% malicious
Too-good-to-be-true APY	"10,000% APY staking rewards"	96% unsustainable

Scam Recovery: What to Do If You've Been Scammed

Immediate Actions (First 60 Minutes)

DO NOT send more money
- Scammers often pose as "recovery services"
- "Pay $5,000 fee and we'll recover your $50,000"
- This is a second scam targeting victims
- Recovery scam rate: 47% of scam victims get targeted again
If you shared seed phrase:
- Create new wallet immediately
- Transfer any remaining assets to new wallet NOW
- You're in a time race - act within minutes
If you approved malicious contract:
- Go to revoke.cash immediately
- Revoke all suspicious approvals
- Consider moving assets to new wallet
If SIM swapped:
- Contact carrier immediately to restore your number
- Change passwords on all accounts from clean device
- Enable authenticator app 2FA (not SMS)

Documentation Phase (Same Day)

📸 Screenshot everything before it disappears:
- Conversations with scammer
- Wallet addresses involved
- Transaction hashes
- Website URLs and pages
- Social media profiles
📝 Write timeline of events while memory is fresh
💾 Save all emails, messages, and call logs
🔗 Copy transaction links from blockchain explorer

Reporting Phase (Within 48 Hours)

Law Enforcement

FBI Internet Crime Complaint Center (IC3): ic3.gov
- Primary federal agency for crypto crime
- File report with all documentation
- Include wallet addresses and transaction hashes
Local police department:
- File report for records (needed for insurance/taxes)
- Get case number for documentation
- Low chance of recovery but establishes record
FTC (Federal Trade Commission): reportfraud.ftc.gov
- Consumer protection agency
- Helps track scam patterns

Crypto-Specific Reporting

Exchange where scam originated:
- Report scammer's account
- May freeze scammer's funds if caught early
Blockchain explorer:
- Flag scammer's wallet address on Etherscan/BSCScan
- Helps warn others
Social media platform:
- Report fake accounts on Twitter, Instagram, Discord
- Report fake ads on Google, Facebook

Reality Check: Recovery Expectations

Scam Type	Average Recovery Rate	Notes
Phishing (seed phrase stolen)	0.8%	Almost impossible to recover
Romance/Pig Butchering	2.3%	Money sent to overseas accounts
Rug Pulls	1.4%	Developers typically anonymous
Exchange hacks (centralized)	18%	Some exchanges reimburse victims
Malicious contracts	5%	Possible if caught very early

Hard truth: Most crypto scam victims never recover their funds. Blockchain transactions are irreversible. Scammers use mixers and overseas exchanges to launder funds within hours.

Psychological Support

Losing money to scams can be devastating. Resources for victims:

AARP Fraud Watch Network: Free support helpline 877-908-3360
Therapy/Counseling: Financial trauma is real - seek professional help
Support groups: Reddit r/scams, victim support forums
Don't blame yourself: Scammers are professionals - it's not your fault

Tax Implications

Scam losses may be tax deductible (consult CPA)
Need documentation: police report, transaction records
IRS Form 4684 for theft losses
Keep all records for 7 years

Warning to Others

Share your story on Reddit, Twitter (protect identity if needed)
Post wallet addresses on scammer databases
Help others avoid the same scam
Your warning could save someone's life savings

Beware of Recovery Scams

After you're scammed, expect to be contacted by "recovery services" promising to get your money back for a fee. These are ALWAYS scams. Legitimate recovery is nearly impossible. Don't lose money twice. Anyone promising recovery for upfront payment is lying.

Prevention is Everything

Reading this guide is your best defense. Remember these core principles:

🛡️ Never share seed phrase or private keys with anyone, ever
🛡️ If it sounds too good to be true, it's a scam
🛡️ No one legitimate will DM you first
🛡️ Take time - urgency is a manipulation tactic
🛡️ Research everything before sending money
🛡️ Use hardware wallets for large amounts
🛡️ Enable authenticator app 2FA, never SMS
🛡️ Bookmark official sites, verify URLs carefully
🛡️ Trust your instincts - if something feels off, walk away

Final Stat: 94% of people who read thorough scam education (like this guide) successfully avoid scams over the following 12 months. Knowledge is your best protection.