Security

Crypto Scams: The 10 I See People Fall For Every Week

Alan

Six years in crypto and the saddest DMs I get aren’t from people asking how to make money. They’re from people asking how to get their money back after a scam. The honest answer is: usually, you can’t. Crypto is irreversible by design. The only defence is not falling for it in the first place.

This is the list of every scam I’ve seen friends, readers, and acquaintances lose money to in the last twelve months. With the actual playbook the scammers use, and what to do instead. Some links in here are affiliate. I’ll flag them.

Short answer: The 10 most common crypto scams are phishing emails, address poisoning, SIM swap attacks, pig butchering, fake customer support, fake giveaways, malicious dApp drainers, Telegram pump groups, fake job offers, and SEO-bought lookalike exchange sites. Defence: hardware wallet for storage, app-based 2FA, VPN on public WiFi, verify URLs manually, and never share a seed phrase — ever.

Get a Ledger to keep crypto offline → (affiliate)

Key takeaways

  • Chainalysis reported $24.2 billion in illicit crypto activity in their most recent annual Crypto Crime Report — much of it scam-related.
  • The FTC’s consumer fraud database shows crypto as one of the top three loss categories by dollar amount, with romance scams alone costing victims hundreds of millions.
  • Crypto is irreversible — once a transaction confirms, it cannot be reversed by an exchange, a court, or the network itself.
  • The majority of losses are not from technical hacks. They’re from users being tricked into approving the transaction themselves.
  • A hardware wallet, app-based 2FA, and a habit of typing URLs instead of clicking them block 90% of attacks.

Why scams target crypto (irreversibility)

When your bank account gets drained, you call the bank and they freeze it. When your crypto wallet gets drained, you call nobody — there is nobody to call. The transaction is on-chain. It is final. The address it went to is some scammer’s wallet on a chain Tether refuses to freeze unless ordered to by a court in a friendly jurisdiction.

That irreversibility is what makes crypto valuable. It’s also what makes it the perfect target for fraud. A scammer who tricks you into signing a transaction has won, and the win cannot be undone.

The other thing that matters: most crypto users are self-custodial. There’s no bank between you and the loss. That cuts both ways — you keep your money during a bank failure, but you also wear the loss if you click the wrong link.

The implication: the bar for opsec is much higher than it is for normal online banking. Most people don’t know that until it’s too late.

Scam 1: Phishing emails + fake exchange pages

The classic. You get an email “from BitGet” or “from Ledger” saying your account has been flagged for review, your withdrawal is pending verification, or your seed phrase needs to be re-confirmed for a security upgrade. The link goes to a page that looks identical to the real one.

You enter your login. They have your login. You confirm 2FA. They proxy the request through to the real site and now they’re logged in too. Withdrawals are queued. By the time you realise, the funds are gone.

How to spot it

  • The sender domain is slightly off: support@bitget-help.com instead of support@bitget.com
  • The URL in the link doesn’t match the real one (hover before clicking)
  • The email creates urgency (“respond in 24 hours or your account will be locked”)
  • The page asks for your seed phrase — no exchange or wallet ever asks for this

What to do instead

  • Never click links in crypto emails. Type the URL manually or use a bookmark.
  • If an email looks legitimate, log in via the bookmarked URL and check for the same message in-app.
  • Treat any seed phrase request as automatic fraud, regardless of how official the sender looks.

Scam 2: Address poisoning (the lookalike address attack)

This one is sneaky because nothing is broken on your end.

The scammer sends a tiny transaction (often 0 USDT or a dust amount) to your wallet from an address that looks similar to one you’ve used before. The first 4 and last 4 characters match the real address. The middle is different.

Next time you want to send funds, you scroll your transaction history, copy what looks like the address you used last time, paste it, send. The funds go to the scammer’s wallet.

Real numbers

Reports from on-chain analytics firms have flagged address-poisoning losses in the tens of millions across Ethereum and Tron. The attack costs the scammer almost nothing to run at scale — they spray dust at thousands of wallets and wait for one mistake.

How to defend

  • Verify the full address every time you paste. Not just the first and last characters — the middle too.
  • Use a contacts/whitelist feature in your wallet or on the exchange so you select from a saved list instead of copying from history.
  • When you do a first-time send to a new address, send a small test amount first.

Scam 3: SIM swap (and how to defend with YubiKey)

SIM swapping is when an attacker convinces your mobile carrier to port your phone number to a SIM they control. Once they have your number, any SMS-based 2FA code lands on their device. They can reset exchange passwords, intercept verification codes, and drain everything connected to your number.

Reuters has covered multiple high-profile SIM swap cases — including a Bitcoin Magazine reporter who lost the keys to large holdings this way — and the FBI’s IC3 unit has flagged SIM swapping as a major source of crypto theft.

How to defend

  • Disable SMS 2FA on everything. Use an authenticator app (Google Authenticator, Authy) or a hardware key (YubiKey).
  • Add a port-out PIN with your mobile carrier so they can’t transfer your number without it.
  • Use a dedicated email address for crypto exchanges — one not linked to your phone number publicly.
  • Consider an eSIM on a separate device just for 2FA.

I run authenticator app codes for everything, with a YubiKey for the exchange accounts where it’s supported. The day I switched off SMS 2FA is the day I stopped worrying about my carrier’s customer service desk.

Scam 4: Pig butchering / romance scams

This is the scam that’s destroyed the most lives I know of personally. The FTC and FBI both flag pig butchering (sha zhu pan) as one of the fastest-growing fraud categories — hundreds of millions in reported losses, with most cases going unreported because victims are embarrassed.

How it works

  • Cold contact via dating app, LinkedIn, WhatsApp, or “wrong number” text
  • Weeks of friendly conversation building trust — the “fattening” of the pig
  • Eventual mention of crypto trading, a “great platform” they use, “let me show you”
  • You’re invited to deposit into a fake trading platform that looks legitimate
  • Early “profits” appear, you can withdraw small amounts to build trust
  • You deposit larger amounts. Eventually withdrawals stop. The platform vanishes.

Real cases I’ve heard

A reader emailed me after losing £180,000 to a woman he’d been “talking to” for four months. He was an experienced professional. The conversation looked normal because it was scripted by people who do this for a living.

How to defend

  • Anyone you’ve never met in person who introduces you to a crypto platform is running a scam. Full stop.
  • Real exchanges don’t get marketed by individual strangers on dating apps.
  • If “the woman/man you met online” asks you to install a specific app or wallet, the answer is no.

Scam 5: Fake customer support (Twitter, Telegram)

You post a question in a public crypto group: “anyone else having issues with their BitGet withdrawal?” Within 2 minutes, a friendly account messages you privately: “Hi! I’m from BitGet support. Can I help?” The account looks legit. Logo, similar handle, maybe even verified.

They walk you through a “verification” that ends with you entering your seed phrase into a “support tool.” You lose everything.

How to defend

  • No exchange offers DM support. Ever. Real support is in the official app or via a verified web form.
  • Real support never asks for your seed phrase, your private key, or your 2FA codes.
  • If someone DMs you within minutes of you posting a public crypto question, assume they’re a scammer.
  • Mute DMs from non-followers on Twitter/X. Set Telegram to “block all incoming messages from strangers.”

Scam 6: Fake giveaway (send 1 ETH get 2 back)

The “Elon Musk is giving away Bitcoin” scam will not die because it works. The format:

  • A YouTube live stream or Twitter thread “from Elon Musk” or “Vitalik” or a celebrity
  • “Send X amount to this address, we’ll send back double”
  • Real-looking transactions in the chat (“just got 4 ETH back!”)
  • Real losses

Variants now use AI-generated deepfakes of celebrities in video form. The voice and face are convincing. The wallet address is the same scam it has always been.

The rule

Nobody, ever, in the history of crypto, has given away money for free. There is no legitimate version of this. If you see it, scroll past.

Scam 7: Drain contracts (malicious dApp approvals)

This one catches experienced users.

You connect your wallet to what looks like a normal dApp — a new airdrop site, an NFT mint, a “claim your share” page. You click “Approve.” The transaction you sign isn’t to mint or claim anything — it’s to give the contract permission to spend any token in your wallet. Sometimes unlimited approval.

A few minutes (or weeks) later, the drainer sweeps your wallet of everything that approval covers.

How to defend

  • Read what you’re signing. If a transaction request shows a token approval to an unfamiliar contract address, reject it.
  • Use tools like Revoke.cash to view and cancel old approvals quarterly.
  • Use a separate “hot” wallet for connecting to dApps. Keep your main holdings in a different wallet that never touches a website.
  • A hardware wallet helps here too — it shows the transaction on-device for review before signing.

The hot vs cold wallet post covers the right wallet setup for this.

Scam 8: Telegram pump groups

The pitch: “Join our VIP Telegram group, we pump coins together, members make 10x on each pump.”

The reality: the group operators buy a low-cap token first. They tell the group to buy at a specific time. The price spikes. The operators sell into the spike. The group members buy the top and then dump on each other on the way down.

It’s a coordinated pump-and-dump where the only person guaranteed to make money is the operator. In most jurisdictions, it’s also illegal — but enforcement on crypto markets is patchy.

How to defend

  • If a group promises coordinated pumps, the people running it are extracting value from the people joining it.
  • “VIP” pump groups with paid memberships are even worse — you’re paying for the privilege of being the exit liquidity.
  • If you want to learn actual trading, the community I’m part of is Trade Travel Chill (affiliate). Education, not coordinated pumps. Personal recommendation.

The crypto trading bots guide covers the legitimate side of automated trading.

Scam 9: Fake job offers + malware

Recruiters on LinkedIn or Telegram approach you with a great-sounding crypto job — high pay, remote, light requirements. The interview goes well. They ask you to complete a coding task or download a “trial version” of their software.

The download is malware. It scrapes your wallet seed phrases from any local file, takes screenshots, and reads clipboard data (so when you copy a wallet address, it replaces it with a scammer’s address before paste).

This has hit Web3 developers especially hard. The Lazarus Group (North Korean state actors) ran a high-profile campaign of this against crypto engineering hires. CoinDesk and Reuters have both covered it in depth.

How to defend

  • Never download executables from a recruiter on a chat platform.
  • Use a separate device for “interview tasks” if you must run unknown code.
  • Keep crypto wallets and crypto activity on a dedicated machine, not your daily driver.
  • Seed phrases never live on a computer — paper or metal only.

Scam 10: SEO scam exchange clones

You Google “BitGet login” or “Trezor download.” The top result is an ad. The ad goes to bitget-login[.]net or trezor-suite[.]app — a perfect clone of the real site. You enter your credentials. They have them.

Worse with wallet downloads: the fake site serves a malicious version of the wallet app. You install it, set up a “new wallet” with a seed it generated for you (which the attacker also has), and within hours of any deposit, the funds are gone.

How to defend

  • Never click the ad result on Google for any crypto site. Always use the organic result, or better, a bookmark.
  • Download wallet software only from the official site. Verify GPG signatures if the project publishes them.
  • Be suspicious of any URL that uses hyphens or non-standard top-level domains. The real Ledger site is ledger.com, not ledger-app.com.

The Ledger vs Trezor post links to the official stores for both — bookmark them.

The 5-rule defence kit

If you remember nothing else from this post, remember these five rules.

1. Hardware wallet for anything you wouldn’t want to lose

A Ledger or Trezor stores keys offline. Even if your laptop is fully compromised, the seed never leaves the device. For long-term holdings, this is the single biggest security upgrade you can make. Order a Ledger here (affiliate) or compare it to Trezor.

2. App-based 2FA, never SMS

Google Authenticator, Authy, or a YubiKey. Disable SMS 2FA on every exchange. Add a port-out PIN with your mobile carrier.

3. NordVPN on any device that touches crypto on public WiFi

Coffee shops, hotels, airports, conference WiFi — these are the networks where account takeovers start. A VPN encrypts the connection and stops DNS-based attacks (where a malicious WiFi router redirects you to a fake exchange site). I use NordVPN (affiliate) — it runs about £3 a month and it blocks one whole category of attack. Personal habit, not a pitch.

4. Never type your seed phrase into anything

Not a recovery website. Not a “support” form. Not a password manager. Not an encrypted note. Paper and metal only. The seed exists on the hardware wallet and on your physical backup, and that is the entire list of places it should live.

The seed phrase storage post covers how to do this properly.

5. Verify URLs manually, every time

Type bitget.com, not “bitget login” into Google. Bookmark every site you care about. Hover any link before clicking. If anything looks slightly off — a hyphen, a misspelling, a different domain — close the tab.

NordVPN for public WiFi protection

I want to expand on rule 3 because it’s the one most people skip.

When you connect to a coffee shop WiFi, your device joins a network it has never seen before, controlled by an admin you don’t know. Most of the time it’s fine. But:

  • DNS hijacking — the router can intercept your DNS lookups and send you to a fake exchange site that looks identical to the real one.
  • Captive portals — the “click here to accept terms” page can serve malware or harvest credentials.
  • Lookalike SSIDs — “Starbucks_Free” might not be Starbucks. Anyone with a pocket router can create one.
  • Packet sniffing — even on HTTPS, your DNS lookups and SNI headers leak which sites you visit.

A VPN routes your traffic through an encrypted tunnel before it hits the local network. The coffee shop router can’t redirect you, can’t see your destinations, and can’t substitute fake pages.

I use NordVPN (affiliate) because it’s fast, has a kill switch (if the VPN drops, the connection drops with it instead of leaking unprotected), and runs on every device I use. It also gives me an option to look like I’m in a different country when I’m travelling, which is useful when on-ramps geo-block by IP.

This isn’t a pitch — it’s the same VPN I’ve been on for years. Pick whichever VPN you trust. But use one when you trade on a network you don’t own.

The single biggest defence: get crypto off the exchange.

A hardware wallet means a phishing email can’t drain your long-term bag, full stop.

Check the Ledger Nano X →

Affiliate link. I may earn a commission at no extra cost to you.

What to do if you’ve been scammed

The honest truth: usually nothing recoverable. Crypto is irreversible. But here’s the order of operations that gives you the best shot.

  1. Move everything else immediately. If one wallet is compromised, assume every wallet on the same device is compromised. Migrate any remaining funds to a fresh wallet on a clean device.
  2. Revoke approvals. Use Revoke.cash to cancel any active token approvals on the compromised wallet.
  3. Report the address to Chainalysis, OFAC, and the exchange the funds flowed to. If the funds hit a centralised exchange, there’s a small chance an investigator gets them frozen if you act quickly.
  4. File with local authorities + IC3 (FBI) if you’re in the US, Action Fraud if in the UK. The chance of recovery is low but it creates a paper trail.
  5. Do not pay any “recovery service” that DMs you offering to get your funds back. It is always another scam.

The best protection is the prevention. The post-event recovery rate is grim.

A short list of who NOT to trust

  • Anyone on Twitter/X DMing you about your “support ticket”
  • Anyone on a dating app introducing you to a crypto platform
  • Anyone with a YouTube channel running an “exclusive giveaway”
  • Anyone in a Telegram group offering coordinated pumps
  • Anyone calling you on the phone claiming to be from Binance, Coinbase, Ledger, Trezor, or any exchange
  • Recruiters with crypto jobs that need you to download software to “test”
  • Anyone offering you 30%+ guaranteed APY
  • Anyone whose URL has a hyphen in the wallet/exchange brand name
  • Anyone who asks for your seed phrase for any reason whatsoever

That covers most of the population of crypto scams. Live by this list and you avoid the majority of patterns I see.

How to learn trading without being a target

A lot of the worst scams target beginners. The fewer questions you have to ask in public, the smaller the target on your back. If you want structured education from people who don’t sell pump groups, the community I’m part of is Trade Travel Chill (affiliate). Real traders, real curriculum, no celebrity-shilled altcoins.

For exchange basics, the BitGet review goes deeper on the platform I use. The how to buy crypto post is the starting point if you’re still on day one.

Two purchases that block 90% of attacks.

A Ledger for cold storage. A VPN for any public WiFi you trade on. Both pay for themselves the first time they save you.

Get a Ledger → Get NordVPN →

Both affiliate links.

Frequently asked questions

What is the most common crypto scam?

Phishing — fake emails or websites that trick users into revealing login credentials or seed phrases. It remains the highest-volume attack and the one most beginners fall for first.

Can I get scammed crypto back?

Almost never. Crypto transactions are irreversible. The only chance of recovery is if the funds land on a centralised exchange and an investigator gets them frozen before they’re withdrawn — and even that is rare.

How do I know if a crypto site is a scam?

Verify the URL character-by-character against the official one. Check for hyphens, misspellings, or non-standard top-level domains. Never click ad results on Google for crypto sites. Use bookmarks for any exchange or wallet you use regularly.

Is it safe to give my wallet address to someone?

Yes. A wallet address is public — it’s the equivalent of a bank account number for receiving funds. The thing that must never be shared is your seed phrase (recovery phrase) or private key.

Why do scammers use Tether (USDT) so often?

USDT is widely available, holds a stable value, has low transaction fees on Tron, and is harder for authorities to freeze quickly compared to USDC. Scammers prefer it for those reasons.

Do hardware wallets prevent all scams?

No. A hardware wallet protects against malware on your computer and seed phrase theft. It does not protect against you voluntarily signing a malicious transaction, falling for a romance scam, or being tricked into installing a fake wallet app.

Should I use a VPN for crypto?

Yes, especially on public WiFi or networks you don’t own. A VPN prevents DNS hijacking, lookalike WiFi attacks, and packet inspection. I use NordVPN. Pick any reputable provider.

What’s a drainer contract?

A smart contract designed to extract funds from any wallet that approves it. They typically masquerade as airdrop claim pages or NFT mints, asking you to sign a token approval that gives the contract permission to spend your tokens.

Final word

The single biggest predictor of whether someone keeps their crypto is not how smart they are — it’s whether they treat opsec seriously. The smartest engineers I know have been scammed. The most successful traders have lost coins to phishing. It is not about intelligence. It is about habits.

Build the habits early. Hardware wallet for cold storage. Authenticator app, never SMS. Bookmark every site. VPN on any network you don’t own. Read every transaction before you sign. Never share a seed phrase.

Do those five things and most of the scams in this post can’t touch you.

Right — over to you.

Disclaimer: Crypto trading carries significant risk. You can lose all of your capital. Nothing in this article is financial advice — it’s my personal opinion and experience as a retail trader. Always do your own research before making any trade or investment decision.

Affiliate disclosure: Some links in this article are affiliate or referral links. If you sign up through them I may earn a commission, at no extra cost to you. I only link to products and platforms I actually use.

Last updated: May 2026.

Alan Spicer

Crypto trader since 2020 · Coin Bureau · Crypto Banter · Trade Travel Chill

Alan has been in crypto for nearly six years. He writes what he wishes someone had told him on day one — the wins, the rugs, and the stuff the YouTubers won’t say on camera.

More from Alan →

Related posts


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *