How to Avoid Crypto Scams

Most crypto is lost to scams, not to hacks. The attacks aren't sophisticated — they're engineered to exploit urgency, trust, and the unfamiliarity of new users. Once you understand how they work, they're not hard to spot.

This guide covers the most common attacks hitting people right now, how each one works, and exactly what to look for.

The Seed Phrase Scam (Most Dangerous)

How it works: Someone contacts you — through Discord DMs, Twitter, a fake support chat, a pop-up on a website, or even text message — and finds a reason to ask for your seed phrase. Common scenarios:

• "You need to verify your wallet to claim your airdrop"
• "There's an issue with your account — enter your recovery phrase to restore access"
• "I'm from Ledger/MetaMask support. We need to confirm your seed phrase to fix your wallet"
• A website that looks exactly like your wallet's homepage asks you to "reconnect" by entering your phrase

The reality: No legitimate service, person, or protocol ever needs your seed phrase. Not Ledger. Not MetaMask. Not Coinbase. Not the IRS. Not anyone. If your seed phrase is requested, it is a scam. Full stop.

Once entered, funds are swept automatically within seconds. There's no undo.

Impersonation Scams

How it works: Scammers pose as someone you trust — customer support for a major exchange, a crypto influencer, a friend, or even a government agency. They contact you with a "problem" that requires immediate action, usually involving sending crypto or connecting your wallet.

Common flavors:

• Fake exchange support in Discord or Telegram DMs asking you to "verify" your account
• An account impersonating a YouTuber or Twitter personality offering a "giveaway" if you send first
• Someone pretending to be a friend or family member who "lost access" to their wallet and needs help

What to look for:

• The contact is uninvited — you didn't initiate it
• There's urgency ("you have 24 hours or your account will be locked")
• They're asking you to move funds, share credentials, or connect your wallet to an external site
• The username is slightly off (exampl_e.eth vs. example.eth)

Legitimate exchanges don't DM you to solve problems. If something seems off, go directly to the official website or app and contact support from there.

Fake Websites and Phishing

How it works: You search for something like "MetaMask download" or "Uniswap exchange" and click the first result — which is a paid ad for a convincing fake. The site looks identical to the real one. You either download fake wallet software that steals your keys, or you're prompted to connect your wallet and approve a malicious transaction.

Real examples:

• Googling "Ledger Live download" and clicking an ad that leads to ledger-live.io instead of ledger.com
• Searching for a DEX and landing on a lookalike that drains your wallet when you approve a transaction

What to do:

• Bookmark the real sites. Use your bookmarks, not search results, for anything financial.
• Check the URL carefully before connecting a wallet or entering credentials
• Use a browser extension like MetaMask's built-in phishing detection
• Be especially suspicious of anything that appeared in a Google ad

Rug Pulls and Fake Token Projects

How it works: A new crypto project launches with a website, a Twitter account, a Discord, and promises of massive returns. Sometimes there's a presale. The team is anonymous. After raising money, they disappear — taking the funds with them. Sometimes they drain the liquidity pool instead of disappearing outright.

Warning signs:

• Anonymous team with no verifiable track record
• Promises of guaranteed returns or "10x in 30 days"
• Presale with an aggressive countdown timer
• No clear use case — just vibes and roadmap PDFs
• Liquidity pool not locked (easily drained)
• Very new token with no audit

Not every new project is a scam. But treat every anonymous project as high-risk by default. The burden is on the project to prove legitimacy, not on you to assume it.

Romance and "Pig Butchering" Scams

These have become one of the largest categories of crypto fraud by dollar volume.

How it works: Someone befriends you online — often through dating apps, WhatsApp, LinkedIn, or social media. They build a real-seeming relationship over days or weeks. Eventually, they mention they've been making great returns on a crypto platform and offer to help you do the same.

They walk you through depositing on a platform they recommend (which they control). Your "balance" shows growing returns. When you try to withdraw, there are fees, taxes, or minimum balances required. Every payment goes deeper in. Eventually either the platform disappears or you run out of money.

The "fattening before slaughter" name reflects how the relationship is built up before the ask comes.

Red flags:

• Unsolicited contact from someone unusually attractive and interested in you
• Early mention of crypto or investing as a hobby
• They suggest a specific platform you've never heard of
• They have trading "tips" or access to insider information
• The platform isn't on any major app store and has a domain registered in the last 90 days

If this sounds paranoid, note that the FBI reported billions in losses to this scam type in 2024 alone.

Fake Airdrops and Token Claims

How it works: You receive tokens in your wallet you didn't ask for. There's a website linked in the token's contract that says you can "claim" or "swap" these tokens. When you connect your wallet to claim, a malicious transaction drains your real holdings.

This is an unsolicited transaction designed to get you to interact with a malicious contract.

What to do: Ignore tokens that appear in your wallet unsolicited. Don't try to sell them. Don't interact with any website linked from the token's metadata. In many cases you can simply hide them in your wallet interface.

Approval Draining (DeFi Wallets)

How it works: Many DeFi interactions require you to "approve" a contract to spend your tokens. Scam sites get you to approve unlimited spending of a token, then drain it.

You might not even notice until it's gone.

What to do:

• Use tools like revoke.cash or Etherscan's token approval checker to review what contracts have approval to spend your tokens
• Revoke approvals you don't recognize
• When approving contracts, approve only the amount you need — not unlimited — when the interface allows it
• Only interact with DeFi contracts through official project links you've verified independently

General Rules That Prevent Most Scams

1. If someone contacts you, be suspicious. Legitimate organizations wait for you to reach out.
2. Urgency is a weapon. Scammers create pressure to prevent you from thinking. Slow down.
3. Verify independently. If an exchange support person contacts you, close the conversation and go directly to the official site yourself.
4. Seed phrase stays offline. Anyone asking for it is running a scam. Always.
5. If it sounds too good to be true, it is. High guaranteed returns don't exist.
6. Bookmark your financial sites. Don't use search results for wallet interfaces or exchanges.
7. Don't click links in DMs. Even from people you know — their accounts may be compromised.

If You Think You've Been Scammed

Act fast:

1. If you still have access to the wallet, move any remaining funds to a new wallet immediately
2. Revoke any token approvals the malicious contract may have
3. Report it to the FTC (reportfraud.ftc.gov) and the FBI's IC3 (ic3.gov)
4. If it happened on an exchange, contact their support — they may be able to flag or freeze accounts involved

The painful reality is that most crypto lost to scams is not recoverable. Anyone offering to recover your funds for a fee is running another scam.

Want to go deeper?

• Seed Phrase Best Practices — How to Store It (and What NOT to Do)
• Hardware Wallet Setup Guide — Step by Step