CryptoExchangePicks

Spotting Crypto Scams: Scams, Rug Pulls & Phishing

Last updated: March 2026

Why Crypto Scams Are More Dangerous Than Ever

The crypto industry lost over $5.6 billion to scams in 2023 alone, according to FBI data. As digital assets become mainstream, scammers are deploying increasingly sophisticated tactics to separate you from your funds. From fake exchange websites that look identical to the real thing, to elaborate social engineering schemes that unfold over weeks or months — the threat landscape is vast and constantly evolving.

This guide breaks down every major scam type you need to know about, gives you a concrete red-flags checklist, and walks you through exactly what to do if you or someone you know falls victim.

Common Crypto Scams Warning

Common Crypto Scam Types

Phishing Attacks

Phishing remains the single most common attack vector in crypto. Scammers create pixel-perfect replicas of exchange login pages, wallet interfaces, or DeFi platforms. They distribute links via email, social media DMs, fake customer support channels, and even Google Ads that appear above legitimate search results. Once you enter your credentials or connect your wallet, your funds are drained within seconds.

Always double-check the URL in your browser bar. Bookmark your exchange login pages and never click links from emails or messages. Reputable exchanges like Binance and Kraken offer anti-phishing codes that appear in every legitimate email they send.

Rug Pulls

A rug pull occurs when a project's developers abandon it after collecting investor funds. This is especially common with new tokens launched on decentralized exchanges. The team hypes the token through social media, influencer partnerships, and artificial trading volume. Once the price pumps, they drain the liquidity pool and disappear. In 2023, rug pulls accounted for over $2 billion in losses.

Warning signs include anonymous teams with no verifiable track record, locked liquidity that actually isn't locked (check the smart contract), and aggressive marketing that focuses on price targets rather than utility.

Ponzi and Pyramid Schemes

These schemes promise guaranteed returns — often 1-5% daily or 100%+ monthly. They use funds from new investors to pay existing ones, creating the illusion of a working investment strategy. Eventually, new deposits can't cover withdrawals and the scheme collapses. BitConnect, OneCoin, and more recently HyperFund are notable examples that collectively defrauded investors of billions.

No legitimate investment guarantees fixed returns. If a platform claims to generate consistent profits regardless of market conditions, it is almost certainly a scam.

Fake Exchanges

Fraudulent exchange websites mimic real platforms or present themselves as new, feature-rich alternatives. They may allow small withdrawals initially to build trust before blocking larger ones. Some fake exchanges are promoted through dating apps and social media as part of "pig butchering" scams. Stick to well-established exchanges with verifiable regulatory status like Binance, Bybit, or Crypto.com.

Pump and Dump Schemes

Coordinated groups buy large quantities of a low-cap token, then promote it aggressively through Telegram groups, Twitter, and YouTube. When retail investors pile in and drive the price up, the organizers dump their holdings. The price crashes and latecomers are left holding worthless tokens. These schemes often target tokens with low liquidity where even small buy orders can move the price significantly.

Romance and Impersonation Scams

Romance scams (also called "pig butchering") involve scammers building a relationship with victims over weeks or months before introducing a "guaranteed" crypto investment opportunity. Impersonation scams involve fake social media profiles of celebrities, influencers, or exchange support staff who direct victims to send funds or share credentials. Elon Musk giveaway scams alone have stolen tens of millions.

Red Flags Checklist

Use this checklist to evaluate any crypto project, platform, or opportunity. If you spot even two or three of these red flags, proceed with extreme caution:

Guaranteed or fixed returns with no risk. Anonymous team with no LinkedIn profiles or verifiable history. Pressure to invest quickly ("limited time offer"). Unsolicited contact via DM, email, or dating apps. No verifiable smart contract audit from a reputable firm. Withdrawal issues or escalating deposit requirements. Too-good-to-be-true referral commissions (20%+). Website domain registered recently (check WHOIS). No physical address or regulatory registration. Whitepaper is vague, copied, or full of buzzwords without technical substance.

How to Verify a Project

Before investing in any token or platform, run through this verification process. Check the team's identities on LinkedIn and GitHub. Search for the project name plus "scam" or "review" on Reddit and Twitter. Verify smart contract addresses on block explorers like Etherscan. Look for audits from firms like CertiK, Trail of Bits, or OpenZeppelin. Check if the token is listed on established exchanges like Binance or Kraken — listing on reputable platforms means at least basic due diligence was performed.

Protecting Yourself

Enable two-factor authentication (2FA) on every exchange account — use an authenticator app, not SMS. Use a hardware wallet for long-term holdings. Never share your seed phrase or private keys with anyone, under any circumstances. Use unique, strong passwords for each platform. Be skeptical of unsolicited messages about investment opportunities. Verify URLs manually before entering credentials. Consider using a dedicated email address for crypto accounts.

What to Do If You've Been Scammed

Act immediately. Document everything — screenshots of conversations, transaction hashes, wallet addresses, website URLs. Report the scam to the FBI's Internet Crime Complaint Center (IC3) at ic3.gov. File a complaint with the FTC at reportfraud.ftc.gov. If the scam involved a specific exchange, contact their support team — some exchanges can freeze funds if notified quickly. Report fraudulent social media profiles and websites to the respective platforms. Consider consulting a lawyer who specializes in crypto fraud recovery.

While recovery is difficult (blockchain transactions are irreversible), reporting helps law enforcement track and shut down scam operations. Several major scam networks have been dismantled thanks to victim reports.

Frequently Asked Questions

Phishing attacks are the most common crypto scam. Scammers create fake websites that look identical to real exchanges or wallets, then trick users into entering their login credentials or connecting their wallets. Always verify URLs carefully and bookmark your exchange login pages.
Key red flags include guaranteed returns, anonymous teams, pressure to invest quickly, recently registered domains, no smart contract audits, and vague whitepapers. Always research the team, check for audits from reputable firms, and search for scam reports on Reddit and Twitter before investing.
Recovery is difficult because blockchain transactions are irreversible. However, you should report the scam to the FBI IC3 (ic3.gov) and the FTC (reportfraud.ftc.gov) immediately. If the scam involved an exchange, contact their support — some can freeze funds if notified quickly. Consulting a crypto fraud recovery lawyer may also help in some cases.
No, but new tokens carry significantly higher risk. Legitimate projects typically have transparent teams, audited smart contracts, clear roadmaps, and listing on established exchanges. Tokens that appear only on decentralized exchanges with anonymous teams and aggressive marketing deserve extra scrutiny.
Pig butchering scams involve a scammer building a personal relationship with the victim over weeks or months, often through dating apps or social media. Once trust is established, the scammer introduces a fake crypto investment platform showing fabricated profits. Victims deposit increasingly larger amounts before discovering they cannot withdraw their funds.
Report to the FBI Internet Crime Complaint Center (IC3) at ic3.gov, the Federal Trade Commission at reportfraud.ftc.gov, and your state attorney general. If the scam involved a specific exchange or financial product, also file a complaint with the SEC or CFTC. Reporting helps law enforcement track and shut down scam operations.