If you own bitcoin or other cryptocurrencies, you are vulnerable to fraud and scams.
There are many types of crypto scams since scammers are always figuring out new ways to steal your crypto holdings.
Most cryptos scams tend to fall into two categories:
- The scammer tricks you into sending them cryptocurrency directly.
- The scammer obtains access to your crypto wallet without your permission and steals your holdings.
Types of Common Crypto Scams
Here are the most common types of crypto scams.
Fake Websites and Apps
Scammers will create cryptocurrency trading platforms (also known as “cryptocurrency exchanges“) that are FAKE.
They may even create fake versions of real cryptocurrency trading platforms. These fake websites will look very similar to the real ones, making it hard for new crypto traders to tell the difference.
Even the website address will be similar, with just a slight change in the spelling.
These websites will entice you with promotional offers such as “free bitcoin” or “deposit bonuses” if you deposit a certain amount.
Once you sign up and make an initial deposit, you won’t be able to withdraw, or worse, the website shuts down. Basically, once they have your money, it’s gone forever.
Not only can websites be faked, but mobile apps as well. Scammers have been able to create fake crypto wallet apps that mimic real ones such as Trust Wallet and MetaMask. The goal is to get you to enter your seed phrase (or “recovery phrase”).
Using phishing attacks (explained below), scammers will text or email you telling you that the current version of your crypto wallet app is out of date and needs to be updated. You’ll then be provided a link to click on to download the latest version.
Phishing Scams
Phishing is a type of social engineering attack that uses email, phone, or text to entice individuals into providing sensitive information, ranging from passwords, credit card information, and other confidential details about a person or company.
In the context of crypto, phishing scams try to get access to your crypto exchange account or crypto wallet.
“Social engineering” is a method used to extract sensitive details by way of human manipulation. With social engineering, cybercrimiinals connect with users while pretending to represent atrusted individual or legitimate organization and seek to acquire critical information such as account numbers or passwords.
Phishing can take on many different forms but in general, a phishing attack begins with the scammer contacting you via email, text, phone, social media post, or DM.
The scammer will pretend (or “spoof”) to be someone that you will likely know and trust. It could be an individual, like a friend or family member, or a representative from a large company.
You will be asked to click a link (or download an attachment). If you’re gullible enough to click the link, you’re sent to a fake website that looks identical to the crypto exchange or wallet app you use, but it’s actually a trap.
If you enter your login information, you’ve actually given this information to the scammer who can now access your real account and steal your crypto. Don’t be surprised if all your holdings are immediately transferred to the scammer’s wallet(s).
Beware of strangers randomly contacting you, especially with email. Even if you receive an email from someone you know but it seems suspicious, contact that person using a different method (like a text message), rather than replying to the email.
Direct Message (DM) Scams
Beware of scammers sending you a “DM” (direct message) on Telegram, Discord, Instagram, Twitter, and other social media apps.
These messages include offers of “early access” and “alpha” and provide a link(s) on how to get in on the action. Do NOT click on any links. These fake accounts are simply trying to steal your crypto.
If a stranger DMs you about a new cryptocurrency or crypto project, assume it’s a scam.
Investment Scams
Investment scams come in different forms but in the end, they all try to ask you to “invest” money in crypto and earn huge returns, sometimes promising guaranteed returns, with little to no risk.
You may receive unsolicited messages from “investment managers or “investment advisors” or “traders”.
They will claim to help you “grow” your crypto if you give it to them. But in reality, they want to steal your crypto. Once payment is received, they will stop communicating with you and shut down the website or social media account used to trick you.
Other scams operate like Ponzi schemes, where you’ll be pitched a “once in a lifetime” opportunity and be asked to pay in cryptocurrency. Then you’ll be asked to convince other people to join and also “invest'” and for every person, you recruit, you’ll earn rewards paid in cryptocurrency.
But in reality, it’s the funds from the new people “investing” that are used to pay earlier “investors” their profits or any rewards.
A Ponzi scheme (named after Charles Ponzi) is a fraud designed to give investors the impression that an investment is profitable. In a Ponzi scheme, the fraudster pays early investors with money that is thought to be profits from the investment, but it is actually money from more recent investors. As money is paid out to investors, the fraudster needs to constantly sign up new investors to continue funding the “payments” made to earlier investors.
Romance Scams
In 2021, there were $1 billion in losses reported by victims of romance scams. On social media, it’s the second most profitable fraud (investment scams being the first).
A romance scam is when a scammer uses the illusion of a romantic or close relationship to manipulate and steal from you. Victims are contacted on social media or dating apps like Tinder Bumble and Grindr.
It often starts with a seemingly innocent friend request from a stranger. This stranger adopts a fake online identity and uses sweet talk to gain your affection and toy with your heart.
He or she may seem caring and genuine but their ultimate objective is o establish a relationship as quickly as possible and gain your trust. Once accomplished, conversations will turn to a request for cryptocurrency or lucrative crypto investing “opportunities”.
Giveaway Scams
A giveaway scam is where a scammer will post a message on social media, like Twitter, asking people o send them cryptocurrency and promising to double (or more) the amount you send.
These posts will look genuine, possibly mention celebrities involved, and include replies from fake accounts claiming they doubled their money to trick people into thinking the giveaway is legit.
A link or QR code will be shared to enter the giveaway.
When you visit the website, you’ll be asked to “verify” your wallet address by sending cryptocurrency. Of course, there is no actual giveaway and you just “donated” your crypto to a bunch of scammers.
Blackmail Scams
Blackmail is when a criminal threatens to disclose embarrassing information or information that is potentially damaging to your standing in the community, family or social relationships, or professional career unless you surrender money.
Scammers will send you an email and claim to have proof that you have visited adult websites or other illicit websites. Unless you send cryptocurrency or share your seed phrase (or private keys), this proof will be shared publicly.
Or an email may say that the scammer has compromising photos or videos of you. And threaten to leak it online to your email or social media contacts unless you pay them in cryptocurrency.
Don’t fall for it. Unless your phone or computer has actually been hacked or you’ve been dancing butt naked in an outdoor public area for all to see, the probability that the blackmailer actually has anything is close to zero.
The scammers have probably sent out the same email to many people and are just hoping that some get scared enough and give in to their demands.
Initial Coin Offering (ICO) Scams
An initial coin offering (ICO) is the crypto equivalent of an initial public offering (IPO) for a stock.
The big difference is that an IPO occurs in a regulated environment that involves private companies that have an established operating history, while an ICO occurs in an unregulated environment which means there are many companies with little to no operating history.
Through an ICO, companies can raise money to fund a new crypto project like a new cryptocurrency. It’s e essentially a way for a crypto startup to raise money from its future users. And in exchange for providing funds, ICO investors receive newly minted coins.
There was an ICO boom in 2017, and less than a year later, over 1,000 ICOs were dead. Many ICOs have turned out to be huge scams.
This wasn’t a surprise since most new crypto projects were simply copycats of existing cryptocurrencies with some literally plagiarizing documentation from other projects. Some ICOs were led by teams who were anonymous or had no track record in the crypto space.
ICO scammers would promote a new type of cryptocurrency that claimed to be the next big thing, share convincing marketing materials, ask people for money to be early investors, and once enough money has been collected, they disappear with everyone’s funds.
“Pump and Dump” Schemes
A “pump and dump” scam involves an individual or group effort to inflate the price of a cryptocurrency and allow them to sell their holdings and make a quick fortune.
The cryptocurrencies are often newly issued with little trading history or are thinly traded (low trading volume).
The scheme starts with scammers first buying up a particular coin or token. Once they’ve finished accumulating, in a coordinated manner, they start hyping up (“pumping“) a coin or token, through word of mouth, social media, group chats, email, forums, and other channels, in hopes of creating a buying frenzy that will push up the price quickly.
In their messages, they’ll use emojis like 🚀 and 🌙 (implying price will soon skyrocket) or 💎and 🙌 (implying to buy and never sell). They’ll post fake or misleading information to excite people about the crypto’s potential.
As the price steeply rises due to strong buying pressure, the scammers are selling (“dumping“) the crypto. Eventually, when there are no more buyers left, the price starts falling.
And once people realize the hype was fake, they start selling to limit their losses, which further accelerates the price decline. A lot of the folks who bought during the buying frenzy end up with losses.
The entire pump-and-dump scheme can happen in a matter of minutes.
“Rug Pull” Scams
Rug pulls occur when creators of a new crypto project promote their new token to raise awareness and attract people to buy it on a decentralized exchange (DEX), increasing demand for the token and causing its price to rise, before disappearing with the funds.
People who bought are left with a worthless token.
Similar to ICO scams, rug pulls collect the funds of early investors only to abandon the project shortly after, but rug pulls are even shadier.
For example, in a recent rug pull, developers behind a crypto project wrote into the token’s software code a so-called “anti-dumping mechanism” that would block others from selling.
The tokens were listed (without any regulation or due diligence) on a decentralized exchange (DEX), which is where other people were able to buy (or “swap”) the token in exchange for a legitimate cryptocurrency.
Once the liquidity pool was up and running on the DEX, the crypto project’s owners, who held most of the token’s supply, heavily promoted the token to lure in new buyers. As the price started rising, it attracted media attention, which lured in more buyers.
More and more people swapped their legitimate cryptocurrency with this shady token. So as the scammers were selling their tokens, the scammers were accumulating the legitimate cryptocurrency.
Eventually, they disappeared with large holdings of the legitimate cryptocurrency, leaving victims holding worthless tokens.
Crypto noobs can prevent being “rug pulled” by not buying new tokens and sticking with cryptocurrencies that are trading on reputable, centralized exchanges (CEXs).
It’s assumed that these centralized exchanges have properly vetted a cryptocurrency before they list it on their exchange and allow their users to trade them. That said, don’t fully trust the exchange. DYOR.
Impersonation Scams
An impersonation scam is when scammers pose as a trusted source to convince you to complete a cryptocurrency transaction.
They’ll use contact you via phone or email and pretend to be government agencies like the IRS or the Social Security Administration, credit card companies, banks, and service providers like telco or cable companies.
It might be about the need to pay a fine or a past-due bill. They’ll request you to complete the payment with cryptocurrency.
Technical Support Scams
A technical support scam is a specific type of impersonation scam when a person poses as a technical support agent to try and gain access to your crypto holdings.
The scammer will contact you via phone, email, text message, or Telegram, and claim to be from a legitimate company and mention that something is wrong with your account, and offer to help manage your crypt. Then they’ll ask for your login information and 2FA (Two-Factor Authentication) security code.
Other tactics include asking you to send crypto to another wallet address or needing full remote access to your computer. In these scenarios, they will sound very convincing or make the issue sound urgent.
These scammers will be skilled in convincing you to share confidential information. Even the phone number or email they contact you with may look real. But it’s important to know that a legitimate company will NEVER ask you for your login information or 2FA code.
Customer support agents from any legitimate exchange will NEVER ask for the following information:
- Your account’s username
- Your account’s password
- Your 2FA code
- Wallet addresses or seed phrases
- Remote access to your computer
- Request to remove or change your security settings on your account or on your device
Fake Celebrity Endorsements
This is similar to impersonation scams but more specifically involves famous celebrities and online influencers.
Scammers will pose as celebrities or influencers to promote their crypto “investment” or ask them directly to send them crypto.
These messages will come from social media accounts that look real or are actually real but have been hacked and taken over by the scammer. Photos or videos of the famous person will be used to make the message look even more legit.
If you see a post on social media from a celebrity or influencer that tells you to send cryptocurrency, it’s a scam. You might even see other users replying to the post and saying how they made money. But these replies are fake and created by bots.
Loader or Load-Up Scams
In this scam, a stranger will ask you for your login information to your crypto exchange account because they need an “account with a high limit”. In exchange, the scammer will share a percentage of the profits he or she makes on your account.
Once they have access, they “load up” your account with crypto. Where did the crypto come from? They buy them on your account using the credit card method. What credit card are they using? Credit card information they’ve stolen, of course. (Usually, YOUR credit card information.)
Basically, your account is used to buy crypto with fraudulent credit card charges, and then the scammer transfers all the crypto (including yours) to another address, draining your entire account.
Once the legitimate cardholder discovers the fraud, he won’t be liable for the charges. Since the crypto purchases happened on your account, YOU will be responsible for the charges.
Employment Scams
An employment scam occurs when a scammer poses as a job recruiter and tricks job seekers into sending them crypto.
Scammers will look for people who have posted their resumes online and email them “job offers“. But in order to join the company, you must first pay for training. which must be paid in cryptocurrency. In truth, there is no job.
In the email, disguised as an “employment agreement”, they may provide a link for you to click on or include an attachment. Do not click on any links or open any attachments!
Another type of employment scam targets freelancers or gig workers. This “pay for work” scam requires you to sign up and pay a fee or buy a product using cryptocurrency before you can do work for them.