Identify, avoid, and protect yourself from every type of cryptocurrency scam
Last updated: February 2026 | Covers 19 scam types
Scammers impersonate celebrities, influencers, or public figures like Elon Musk on X (Twitter), YouTube, and Telegram. They promise to double or multiply any Bitcoin sent to them — "Send 0.1 BTC, get 1 BTC back." They use hacked verified accounts, deepfake livestreams, and professional-looking landing pages to appear legitimate. Some create fake YouTube livestreams with deepfake videos of well-known figures appearing to endorse the giveaway.
🔗 Learn more: Crypto glossary | Start Here guide
Attackers create convincing replicas of popular exchange and wallet login pages (Coinbase, Binance, MetaMask clones). They distribute links through fraudulent emails, SMS messages, and social media ads. Fake wallet apps appear on app stores mimicking legitimate ones. Typosquatting domains are registered that closely resemble real ones — for example, "coiinbase.com" or "binance-login.com" — hoping users won't notice the subtle difference.
Developers create a new token, build hype through social media marketing and influencer promotions, attract investors to provide liquidity, then suddenly drain all liquidity from the trading pool and disappear with investors' funds. This is especially common in DeFi and new meme token launches on decentralized exchanges. Some rug pulls are coded directly into the smart contract — the contract may prevent anyone except the creator from selling.
🔗 Related: Track verified Bitcoin ETFs | Monitor whale wallets
Scammers build long-term relationships with victims on dating apps, social media, or messaging platforms over weeks or months. The "pig butchering" name refers to the practice of "fattening" the victim with trust before the "slaughter." Once trust is established, they introduce a fake investment platform showing fabricated profits. They encourage victims to deposit more and more money, showing fake portfolio growth. When the victim tries to withdraw, they're told they need to pay "taxes" or "fees." Many victims lose their entire life savings.
🔗 Stay safe: Practice with our wallet simulator
These schemes promise guaranteed high returns, sometimes as extreme as "2% daily" or "guaranteed 10% monthly." Early investors receive their promised returns, which are actually funded by deposits from newer investors — not from any legitimate trading or business activity. The scheme requires a constantly growing number of new investors and inevitably collapses when the flow of new money dries up. Many use referral bonuses to incentivize existing members to recruit new victims.
🔗 Learn more: How real Bitcoin works | Trading Academy
When interacting with DeFi protocols, you often need to approve token spending. Malicious contracts request unlimited token approvals, allowing them to drain your wallet at any time after you approve. Scammers airdrop unknown tokens to your wallet, and when you try to interact with or sell these tokens, you're directed to malicious websites that request broad wallet approvals. "Claim your airdrop" sites are a common vector for these attacks.
Scammers monitor social media for users posting about problems with exchanges or wallets. They then impersonate customer support representatives on X, Discord, and Telegram, responding with "DM us for help." They create accounts with names very similar to official support channels. Once in a private conversation, they ask for seed phrases, passwords, or request remote access to your device via screen-sharing tools.
Organized groups coordinate buying of low-market-cap tokens through private Telegram or Discord channels. Influencers promote coins they've already bought at low prices, calling them "100x gems" or "the next Bitcoin." Once enough retail investors buy in and drive the price up, the insiders sell their holdings, causing the price to crash. The late investors are left holding worthless tokens. This is illegal in traditional markets and increasingly prosecuted in crypto.
Attackers gather personal information about you from data breaches, social media, or social engineering. They then contact your mobile phone carrier, impersonating you, and convince them to transfer your phone number to a new SIM card they control. Once they have your phone number, they can intercept SMS-based two-factor authentication codes, reset passwords on your exchange accounts, and drain your funds. High-value crypto holders are specifically targeted.
🔗 Related: Bitcoin security tools
Malware installed on your computer monitors your clipboard for cryptocurrency wallet addresses. When you copy a wallet address to send funds, the malware silently replaces it with the attacker's address. If you paste and send without verifying, your funds go directly to the attacker and cannot be recovered. This malware is often distributed through pirated software, fake crypto tools, or infected downloads.
Scammers build completely fabricated cryptocurrency exchange platforms that look professional and fully functional. These fake exchanges display fake balances and fabricated trading activity. Victims deposit funds and see profits on their dashboard, but when they try to withdraw, the platform demands additional "fees," "taxes," or "verification deposits." These fake exchanges are often the endpoint of romance and pig butchering scams, where the scammer directs their victim to this specific platform.
Fraudsters create professional-looking websites for fake initial coin offerings (ICOs) or token sales. They fabricate team member profiles using stock photos or AI-generated faces, copy whitepapers from legitimate projects with minor modifications, and create fake roadmaps with ambitious milestones. They collect funds during the "sale" period and then disappear. Some go further by listing fake advisors or fabricating partnerships with well-known companies.
Scammers exploit Ethereum's gas fee mechanism in several ways. Malicious smart contracts are designed to consume excessive gas, draining far more ETH than expected when users interact with them. Some contracts contain hidden functions that trigger additional costly transactions or approvals when called. "Gas token" schemes trick victims into buying worthless tokens with promises of saving on gas fees. Another tactic involves fake DApps that display artificially low gas estimates, then execute transactions that consume significantly more gas. Front-running bots monitor pending transactions and insert their own higher-gas transactions to profit at your expense.
Attackers send tiny amounts of cryptocurrency ("dust") to a large number of wallet addresses. When recipients spend or move these small amounts, the attacker can trace the transaction patterns through blockchain analysis to link multiple addresses to a single owner and potentially de-anonymize them. This information can then be used for targeted phishing, extortion, or physical threats against high-value holders.
Companies promise passive income from "cloud mining" contracts where you pay upfront for a share of mining hash power. In reality, they take your money and never actually mine anything. Some operate as Ponzi schemes, paying early investors with funds from later investors to build credibility and encourage larger investments. When enough money has been collected, the operation shuts down.
Scammers create fake NFT collections that closely mimic popular, high-value projects like Bored Ape Yacht Club or CryptoPunks. They use wash trading — buying and selling between their own wallets — to create fake volume and artificially inflate prices. Malicious minting sites trick users into signing transactions that grant the contract permission to drain their wallets. Counterfeit NFTs are listed on secondary marketplaces at tempting prices.
Attackers generate wallet addresses that closely resemble addresses you've previously transacted with — matching the first and last several characters. They send small transactions from these look-alike addresses to "poison" your transaction history. The attacker relies on the common habit of copying addresses from recent transaction history and only checking the first and last few characters. If you accidentally copy the attacker's address, your funds are sent to them.
Scammers create fake airdrop announcements on social media and messaging platforms, requiring users to connect their wallets to claim free tokens. Some sites request seed phrases to "verify eligibility" — an immediate red flag. Others hide malicious smart contracts in the claim process that, when approved, grant the contract permission to transfer tokens out of your wallet. Legitimate airdrops never require you to send funds or share your seed phrase.
Mass emails are sent claiming the sender has compromising photos or videos of the recipient and demanding Bitcoin payment to prevent their release. These emails are almost always completely fabricated — the scammer has no actual compromising material. To seem credible, they often include an old password from a previous data breach, which they obtained from leaked databases. The emails are sent to millions of addresses with the hope that some recipients will pay out of fear.