There are way too many scams in crypto to list them all, but here are some common scams to watch out for. Learn 10 signs you’re being scammed.
Contents:
What are crypto scams?
Unfortunately there are a ton of scams in crypto. Because crypto is a relatively new technology, scammers can exploit people’s lack of technical knowledge to steal their money.
This includes stealing secret recovery phrases, or convincing you that their project will make you rich, quickly.
You can protect yourself from scammers by learning about the hallmarks of a scam, as well as the types of crypto scams that are popular among scammers.
10 signs of a crypto scam
1. Someone asks for your secret recovery phrase or private keys.
The only time you would use your secret recovery phrase or private keys is to access your funds in a different wallet, which you would only do yourself.
2. Someone promises that you’ll make lots of money fast.
Pyramids and ponzis are common in crypto. Many projects will give you the promised returns once or twice, only to eventually disappear with your last– and largest– deposit.
If you don’t employ good risk management practices, you are more likely to lose lots of money fast.
3. An investment manager contacts you and says they can grow your money quickly.
Financial professionals will not reach out to you first. Actually, the only people who will reach out to you in regards to money or crypto are usually either family members in bull markets, or scammers.
4. A celebrity says if you send them crypto, they’ll send you more back!
Sadly, famous people will not send you crypto, no matter how much you send them.
5. A romantic interest you’ve never met in person wants money or crypto.
Scammers will use pictures of attractive women to try to entice you to send them money. Don’t fall for it! They probably stole the pictures off the internet or generated them with AI.
6. You get a text message or email that says your account is frozen or in some kind of danger unless you act immediately.
If you receive an email, text, or message on social media from a government, law enforcement agency, or utility company stating your accounts or assets are frozen, and says you need to send crypto or money, you can safely ignore the message.
If you’re concerned, contact the agency through an official channel. Do not reply to the original text message or email.
7. Someone says you can make a ton of money cloud mining.
Cloud mining is one of the oldest scams in crypto that resurfaces once in awhile. It sounds good, but the only way it works is by stealing your crypto.
8. Someone says they have explicit material of you that they will post unless you send cryptocurrency.
If this happens, report it to your local authorities. Blackmail and harassment is a crime.
9. Someone offers you free money or crypto.
Okay, sometimes this isn’t a scam, it’s just an airdrop. Even some airdrops can be scams! Most often there’s no such thing as a free lunch.
10. It’s too good to be true!
Phishing scams
Phishing scams are when scammers pretend to be from an official institution or trusted platform so that you’ll give them personal information. The goal is to steal your identity or get information that will allow them access to your funds.
In crypto, thieves are usually phishing for your secret recovery phrase or private keys. There is never any reason that anyone would need your secret recovery phrase or private keys unless they were trying to steal your money. This goes for crypto platforms, support teams, anyone.
Crypto transactions are irreversible. If you give a scammer your info and they send crypto out of your wallet, there is no way to get it back.
So what can you do? Know the signs, and prevent scammers from getting your information in the first place!
Be extra careful of anyone asking for your information. Always double check the source. You never have to feel stupid about ensuring that someone on the internet is who they say they are.
Fake websites
The goal of a fake or spoofed website is to convince you to enter in your information because it’s a website you trust. Think about how comfortable you are entering in your bank card number and password into your bank’s website.
Spoofed websites might look almost the same as an official website, but if you look closely, you can see minor differences.
Scammers will use an address (URL) that looks identical to the real address. They might change one letter of the address, like a lowercase L to an uppercase I. Or use other characters that look similar or identical to letters in the English alphabet, but lead to a different page.
Many spoofed websites are successful because scammers purchase advertising space on search engines. This allows their advertising links to appear higher in the search results which then makes people to think it’s the legitimate site.
How can you protect yourself from fake websites?
- Type in the address yourself
- Or only click on search engine results
- Do not click on ads
- Check that the address begins with https://
- Check that the URL is correct by copying it, pasting it into a document, and changing the font
Fake apps and wallets
Like fake websites, fake apps on the Apple App Store or Google Play Store are trying to get you to enter information in them so they can steal it.
Apple and Google are pretty good at screening their app stores, but fake and malicious apps can still sometimes get through.
When scammers succeed in getting fake versions in official stores, they use screenshots and pictures from the real app as well as fake reviews to make their apps look legitimate.
How can you protect yourself from fake apps and wallets?
- Only download apps and wallets from official sources
- Check to make sure your app is authentic
Leaked personal information (spear phishing)
Companies leak your personal information by mistake all the time. This often includes email addresses, phone numbers, and even passwords.
Scammers use personal information leaked from data breaches to launch targeted attacks. This is called spear phishing. If your email address has been involved in a data breach, then you could be at risk.
A great example of this is the Ledger data leak. Because Ledger is a crypto company, the people on the breached email database were likely to have crypto. Knowing this, scammers targeted campaigns to the leaked email addresses. They sent information from spoofed email addresses directing users to “validate” their wallets on malicious sites or apps.
Knowing if your email address has been compromised and being aware that scammers might contact you via email will keep you on alert.
You can check here to see if your email address has been leaked:
Never enter your passwords into an online service! You can check if your passwords have been compromised with an iPhone or Google:
- iPhone instructions:
- Go to Settings > Passwords > Security Recommendations, then turn Detect Compromised Passwords on or off
- Go to Settings > Passwords > Security Recommendations, then turn Detect Compromised Passwords on or off
- Google Chrome instructions:
- Go to passwords.google.com
- Select Go to Password Checkup. Click Check passwords. You might need to sign in.
Common crypto scams
These are some, but not all, of common crypto scams you’ll encounter.
How do you prevent falling for them? Knowledge is power.
Getting 2x if you send a celebrity money
Sometimes scammers impersonate famous people. The scammer, pretending to be Elon Musk or Britney Spears, promises to double any crypto you send them.
They say if you send me 1 BTC, I will send you back 2 in return!
So what happens if you send them 1 BTC? Well, they keep it.
And because crypto transactions are irreversible, there is no way you can get your crypto back.
Oops, wrong number
Someone texts you, but addresses you by a different name. Because you’re polite, you let them know they have the wrong number.
They apologize, and then continue the conversation. Maybe they send you a picture. They might look like an attractive young woman.
They tell you that they have an amazing investment opportunity, guaranteed to double, triple, ten times your money. They explain it to you, and it’s complicated, but sounds like a sure bet. Are you interested?
Of course! Who wouldn’t want to double their money?
So what happens if you send them money? Maybe the first time you get more back, so you send them a little more the second time. But eventually, you will lose your money and never hear from them again.
This works because it’s human nature to trust others and believe in fate. Sadly, if someone contacts you out of the blue to offer you a sure way to make you a bunch of money, it’s not destiny, it’s a scam.
You’re given a secret recovery phrase or private key
Someone reaches out to you with a secret recovery phrase or private key or both. They say there is an amount of crypto in the wallet that they don’t know how to recover. Or you find it on the internet.
You, a savvy crypto user, know exactly how to restore a wallet by its secret phrase into a wallet. When you do, you see they were telling the truth. There are thousands of dollars in this wallet!
However, it’s a token, and there’s not crypto to pay the transaction fee. So what do you do? Send enough crypto to pay the gas.
What you don’t know is that it’s a multi-sig wallet, which means you need more than one private key in order to authorize spending the funds.
And when you realize that you can’t access the funds, and go to retrieve your gas money? A bot has already sent it to another wallet.
Fake customer support
Fake customer support can come in many different forms.
There are fake customer support Twitter accounts, cloned websites, and scammers will even email you pretending to be from a customer support team.
This is effective because a lot of support teams in crypto are… slow to non-existent.
One common issue people in crypto have is that they lose (or never wrote down) their seed phrase from their self-custody wallet.
In this case there is nothing anyone can do to help you recover your funds. Because the seed phrase is generated locally, on your device, there is no way anyone, including the platform that provides the software (i.e. Trust Wallet) knows, or can know what it was.
Because this is so different than what people are used to with regular accounts, where you can reset your password or your 2FA, it’s easy for them to believe a scammer who promises a way to recover their funds.
It will never happen. There is no way to recover a lost non-custodial wallet. The only thing that will happen if they fill out a form or pay a recovery service is that they’ll lose even more money.
More crypto scams
Most crypto scams follow a theme. This theme is making it sound like you’re going to make a ton of money when really, only the founder is going to get rich. Take the money and run.
But in some cases, creators stick around! HEX is a famous Ponzi scheme that has devoted followers and a very rich leader who goes by the name Richard Heart. It’s one of those scams that everyone knows is a scam and somehow it keeps going, and no one is in jail.
Exit scams
An exit scam is when founders disappear with investor money.
In crypto, it usually involves promoters launching a new platform or token, marketing the heck out of it, raising as much money as they can from investors, maybe even running the business for awhile, and then abandoning the project and disappearing with the money.
How can you tell if a project is an exit scam? There are a few red flags:
- It’s heavily promoted (aka shilled) everywhere
- Lots of promises that seem too good to be true
- Team credibility is questionable or unknown
- No or few commits to GitHub
- No working model
Pump and dump groups
Pump and dumps are when scammers spread misinformation to artificially inflate the price of a token (Walmart is going to accept Litecoin!), known as pumping the price, before they sell their tokens (which tanks the market), known as dumping.
Pump and dump groups are the private messages where they plan how to do it.
If you see a bunch of influencers suddenly all talking about the same coin, it’s probably because they have a large amount of it they want to sell to you at a higher price.
Once you buy, in expectations of the price climbing even higher, it means that a million others have also bought, and it’s time for the members of the group to sell. You’ll watch the price of the coin plummet and be left holding the bag.
Cloud mining
In 2018 I spent the last of my ETH (what I hadn’t spent on crypto kitties) on a token that was issued by an Ethereum mining pool. Holding the token meant I was going to receive ETH returns every month. Not a lot, because it was only half an ETH or so, but still, a little ETH every month for sitting back and doing nothing. Not bad, I thought. Not bad.
I kind of forgot about crypto for a while. It was my first bear market, and while I didn’t think crypto was dead, I didn’t think it was alive either. So I did other things (except for buy more crypto, which was my biggest mistake).
Later, when I started getting into it again, I was checking out all my wallets, seeing what coins were dead and what had, miraculously, retained a little life, I came across this token in my MetaMask. Ah yes, the ETH returns! How much ETH had I received?
You won’t be shocked to find out it was zero.
This was a version of a cloud mining scam.
Scammers get you to give them money upfront to receive ongoing mining rewards. They don’t own the hash rate they say they do and once you send them money… you will never see a dime.
Crypto recovery
This was mentioned above, but deserves its own section.
Crypto recovery is a scam, full stop.
Once your secret recovery phrase and private keys are lost, that’s it. No force in the universe can recover them. Not even a quantum computer. This is the beauty and the terror of crypto.
If someone could reverse engineer your keys for a few thousand dollars, what would stop them reverse engineering wallets worth millions?
Crypto transactions are irreversible. That’s one of the core properties of blockchain technology, and what makes digital currency possible.
This is why the first and most important thing to learn in crypto is how to manage your secret recovery phrase.