WikiCrypto

Crypto Scams & Fraud: How to Stay Safe

Crypto scams are one of the biggest risks facing anyone who holds digital assets. Because blockchain transactions are fast, global, and effectively irreversible, fraudsters treat cryptocurrency as the perfect getaway vehicle: once your coins leave your wallet, no bank can claw them back and no chargeback exists. Law-enforcement bodies such as the FBI's Internet Crime Complaint Center (IC3) have repeatedly reported that crypto-related fraud accounts for billions of dollars in losses each year, and the figure has climbed as criminals adopt artificial intelligence, deepfakes, and industrial-scale "scam centers."

The encouraging news is that most crypto scams rely on the same handful of tricks: impersonation, false urgency, promises of guaranteed profit, and convincing you to hand over a password, a seed phrase, or a transfer you would never normally make. Once you recognize those patterns, most attacks fall apart. This guide covers the common types of crypto scams, how phishing and fake sites work, how Ponzi schemes and rug pulls operate, and the habits that keep your funds safe. It is educational only and is not financial, legal, or tax advice.

Common crypto scams

Crypto fraud comes in many shapes, but the categories below cover most cases reported to consumer-protection agencies. Schemes often blend several of these techniques.

Investment and "pig butchering" scams

Currently the costliest category by far. A stranger contacts you through a dating app, social media, or a "wrong number" text and builds trust over days or weeks. Eventually they introduce a can't-lose crypto opportunity on a slick but fake platform that shows your balance growing. The fake gains are bait: when you try to withdraw, you are told to pay taxes or fees first, then the platform and the "friend" vanish. The slow grooming followed by the financial slaughter is known as "pig butchering."

Phishing and impersonation

Fraudsters pose as an exchange, wallet provider, government agency, or well-known company to trick you into revealing login details, two-factor codes, or your recovery phrase. This is covered in the next section.

Romance scams

A fake online partner steers conversations toward money, eventually asking you to send crypto for an emergency or a shared investment. These overlap heavily with pig-butchering fraud.

Giveaway and celebrity-impersonation scams

You are promised that if you send a small amount of crypto, you will get double back. Scammers spoof the names and faces of well-known founders using hacked or look-alike accounts, livestreams, and increasingly AI-generated deepfake videos. No legitimate giveaway ever requires you to send funds first.

Fake exchanges, wallets, and apps

Malicious apps and sites mimic real services to capture your credentials or seed phrase, or let you "deposit" funds you can never withdraw. Some malware silently swaps a copied wallet address for the attacker's when you paste it.

Ransomware, extortion, and blackmail

Criminals lock your files or threaten to release embarrassing material and demand crypto because it is hard to trace. Paying rarely makes the threat go away and may invite further demands.

Recovery and refund scams

After someone is defrauded, a second scammer poses as a "fund recovery" service, lawyer, or regulator, promising to retrieve lost crypto for an upfront fee. This re-victimizes people who have already lost money.

Phishing & fake sites

Phishing is the engine behind a large share of crypto theft. The goal is always the same: get you to type a secret (password, 2FA code, or recovery phrase) into something the attacker controls, or to approve a transaction or token permission you do not understand.

How phishing attacks reach you

  • Email and SMS: Messages that look like they come from your exchange or wallet, warning of "suspicious activity," a "locked account," or "required verification," with a link to a fake login page.
  • Fake or look-alike websites: Domains that differ from the real one by a single character, a different ending, or a hyphen. Search-engine ads are a common delivery method, so the top result is not always the official site.
  • Fake support staff: Imposters in social media replies, Telegram, Discord, and forums offer to "help," then ask you to share your screen, enter your seed phrase into a "validation tool," or connect your wallet to a malicious site.
  • Malicious wallet approvals: Rather than steal a password, some sites trick you into signing a transaction that grants permission to move your tokens or NFTs.

Red flags of a phishing attempt

  • Pressure and urgency: "Act now or your account will be frozen."
  • A sender address or URL that is almost, but not exactly, the real one.
  • Spelling, grammar, or formatting that feels slightly off (though AI has made many messages look polished).
  • Any request for your recovery phrase, private key, or full password. No legitimate company will ever ask for these.
  • Unexpected attachments, QR codes, or links you did not request.

How to protect yourself

  • Never enter your seed phrase or private key into any website, app, form, or support chat. The only time you should ever type a recovery phrase is when restoring a wallet in trusted, official software.
  • Reach sites by typing the address yourself or using a saved bookmark, not by clicking links in messages or ads.
  • Verify the full domain character by character before logging in, and check for a valid HTTPS connection (though HTTPS alone does not prove a site is legitimate).
  • Treat unsolicited contact from "support" as hostile until proven otherwise, and reach out through the company's official channels instead.
  • Before approving any wallet transaction, read what it actually authorizes, and periodically review and revoke token approvals you no longer use.

Ponzi & rug pulls

Some of the largest crypto losses come not from a single stolen password but from schemes that are fraudulent by design. Ponzi schemes and rug pulls dress fraud up as an investment opportunity.

Ponzi and high-yield schemes

A Ponzi scheme pays "returns" to earlier participants using money from newer participants rather than from any real profit. They advertise fixed, guaranteed daily or weekly returns and lean on referral bonuses to recruit a constant stream of new deposits. They look stable while money flows in and collapse the moment withdrawals outpace new deposits. Warning signs include guaranteed or suspiciously consistent returns, secretive "strategies" that are never clearly explained, and rewards for recruiting friends and family.

Rug pulls

A rug pull happens when the creators of a token hype it up, attract buyers, then disappear with the money, often after draining the liquidity that let the token be traded. The price crashes to near zero and holders cannot sell. Rug pulls are most common with brand-new tokens that have anonymous teams and little real product.

A note on smart contracts

Smart contracts can reduce certain fraud because they execute automatically and record every transaction on a public, tamper-resistant ledger. But they are not magic. A contract only does what it was written to do, and poorly written or malicious code can hide functions that let insiders mint unlimited tokens, block withdrawals, or seize funds. "On the blockchain" and "audited" are not guarantees of safety on their own.

Warning signs of a Ponzi or rug pull

  • Promises of high returns with little or no risk; legitimate investments cannot guarantee profit.
  • Anonymous or unverifiable founders, or a team that dodges questions about its background.
  • Heavy reliance on recruitment, referral commissions, and hype rather than a working product.
  • Difficulty withdrawing, sudden new "fees" before you can cash out, or rules that lock up funds.
  • Vague answers about how the project is registered or regulated.
  • Tokens with concentrated ownership, unlocked liquidity, or contracts that have not been independently reviewed.

This section is educational and is not investment advice. If you are evaluating any project, confirm details independently and consider seeking guidance from a qualified, licensed professional.

Red flags & safety

You do not need to memorize every scam to stay safe. A short list of universal red flags, combined with strong wallet habits, will stop most attacks before they start.

Universal red flags

Red flagWhy it matters
Guaranteed or unusually high returnsNo legitimate investment can promise risk-free profit.
Pressure to act immediatelyUrgency is designed to stop you from thinking or checking.
Unsolicited contact about an "opportunity"Strangers who message you first about crypto are usually working an angle.
Any request for your seed phrase or private keyNo real company or support agent ever needs these.
Pay-a-fee-to-withdraw demandsA classic sign that the platform is fake and your balance is not real.
Payment only in crypto, gift cards, or to a personal walletChosen because it is fast and hard to reverse or trace.

Wallet and account security habits

  • Protect your recovery phrase above all else. Store it offline in a secure place. Never type it into a website or save it in a screenshot, cloud note, or email, and never share it.
  • Use a hardware wallet (cold storage) for meaningful amounts, keeping the bulk of your crypto offline while a smaller "hot" wallet handles day-to-day activity.
  • Enable strong two-factor authentication. Prefer an authenticator app or hardware security key over SMS codes, which can be intercepted through SIM-swap attacks.
  • Use long, unique passwords for every account, ideally via a reputable password manager. Never reuse passwords across platforms.
  • Keep software updated for your wallet, browser, operating system, and antivirus so known vulnerabilities are patched.
  • Avoid managing crypto over public Wi-Fi, and double-check any address before sending, since address-swapping malware can alter a pasted address.
  • Slow down. Most scams fail if you pause, verify through official channels, and refuse to be rushed.

If you think you have been scammed

  • Stop all contact and send no more money, including to anyone promising to recover your funds.
  • Move any remaining assets to a new, secure wallet if you suspect your keys or device are compromised.
  • Document everything: addresses, transaction IDs, usernames, screenshots, and messages.
  • Report it to your exchange or wallet provider and to the authorities in your country. In the United States, that includes the FBI's Internet Crime Complaint Center (IC3.gov) and the Federal Trade Commission; elsewhere, contact your national cybercrime or consumer-protection agency.
  • Be aware that recovering crypto is difficult and often impossible, which is why prevention matters most.

This guide is for general education only and is not financial, legal, or tax advice. For your specific situation, verify details with official regulators and consult a qualified professional.

Frequently asked questions

Can stolen cryptocurrency be recovered?

Usually not. Blockchain transactions are designed to be irreversible, and there is no bank or central authority that can reverse a transfer or issue a chargeback. Law enforcement occasionally seizes funds from large criminal operations, but for individual victims recovery is rare. Be especially wary of any "fund recovery" service that asks for an upfront fee, as these are frequently follow-up scams targeting people who have already lost money. Report the theft to your exchange and to the appropriate authorities, but do not count on getting funds back.

Will a legitimate exchange or wallet ever ask for my seed phrase or private key?

No. Your recovery phrase and private keys are the keys to your funds, and no legitimate company, support agent, or government agency will ever ask you to share them or type them into a website. Anyone who does is trying to steal your crypto. The only time you should enter a recovery phrase is when you are restoring your own wallet inside trusted, official software on a device you control.

What is a "pig butchering" scam?

It is a long-con investment scam in which a fraudster builds a personal or romantic relationship with you over time, then lures you into a fake crypto trading or investment platform. The platform shows fake profits to encourage larger deposits, and when you try to withdraw you are hit with endless fees and excuses before the scammer disappears. These scams have grown rapidly and now rank among the most damaging categories of crypto fraud reported to agencies such as the FBI's IC3.

How is AI changing crypto scams in 2026?

Artificial intelligence has made scams more convincing and easier to run at scale. Criminals use AI to write flawless phishing messages, run realistic chatbots in romance and investment scams, and create deepfake audio and video that impersonate executives, celebrities, or even people you know. The defenses are unchanged, though: be skeptical of unsolicited contact, never act under pressure, verify identities through independent official channels, and never share secrets or send funds based on a message, call, or video alone.

Are hardware wallets really safer than keeping crypto on an exchange?

For funds you are not actively trading, a hardware wallet (cold storage) is generally safer because your private keys stay offline and out of reach of remote hackers, phishing sites, and exchange breaches. The trade-off is that you are fully responsible for safeguarding your device and recovery phrase. A common approach is to keep the bulk of your holdings in cold storage and only a small spending balance in a hot wallet or on a reputable, well-secured exchange. Whatever you choose, protecting your recovery phrase is the single most important step.

Last updated: 2026-06.

Related guides