Loading prices…
Zipp Zipp Advertise
Sign up Sign in

The 10 Most Common Crypto Scams (and How to Avoid Them)

Crypto scams reuse the same ten or so playbooks year after year — rug pulls, phishing kits, romance scams, fake support, fake airdrops, SIM swaps. Learn to recognize each one before it costs you.

security Zipp · 9 min read ·
The 10 Most Common Crypto Scams (and How to Avoid Them)

Why this matters

Most retail crypto losses do not come from market crashes or smart contract exploits. They come from scams. The patterns are old, the technology gets a bit slicker each year, and the defenses are mostly free — but it still takes recognizing the shape of an attack before you respond to one. Reading through the ten patterns below is one of the highest-return hours you can spend in crypto, because each pattern you internalize is one whole class of losses you stop being vulnerable to.

None of this is financial advice. It is a practical map of how money actually gets taken in crypto, and what habits stop most of it. A lot of the material also applies to how to store crypto securely — recognizing scams and storing assets safely are two sides of the same wall.

The most common patterns

1. Rug pulls

Anonymous team launches a token, hypes it for weeks or months, recruits liquidity providers, then withdraws all the pool liquidity and disappears. Tokens go from $10 to $0 in minutes. Variants: "slow rugs" where the dev exits a position over weeks while telling holders to keep buying; "hard rugs" where the smart contract has a backdoor that lets the dev mint infinite tokens and dump on the market. Common on new chains and during memecoin manias.

2. Phishing

Fake email, fake popup, fake login page that mimics MetaMask, Phantom, Trezor, Ledger, a major exchange, or a popular DeFi protocol. The page asks for your seed phrase, your private key, or for you to sign a malicious transaction. The site usually arrives via a sponsored Google ad, a hijacked Twitter account, a paid Discord post, or a search-engine result that ranks above the real domain.

3. Romance scams ("pig butchering")

A stranger — often on a dating app, sometimes via WhatsApp or Telegram — builds a multi-week or multi-month relationship before suggesting you join them in a "high-yield" crypto investment platform they discovered. The platform looks real, shows fake profits, even lets you withdraw small amounts to build trust. Then you are encouraged to deposit larger sums. When you try to withdraw the bigger balance, you are told there are "taxes" or "fees" to pay first. There never were withdrawals. This is the biggest single source of crypto theft by dollar volume globally; the FBI's IC3 reports billions of dollars stolen per year.

4. Fake support

You post in a project's Discord or Twitter saying you have a problem. A "support agent" DMs you within minutes offering help. They send you to a "validator" or "migration" or "verification" link. The link is a phishing page or asks you to share your seed phrase. Real support never DMs you first. Ever. The biggest tell is the rapidity of the response and the warmness of the tone.

5. Pump-and-dump groups

A paid Telegram or Discord group claims to coordinate "buy signals" for low-cap coins. You pay to join. Insiders accumulate, then signal the group, then dump on the group as the group pumps the price. The structure literally cannot work for buyers because the people getting the earliest signal are the people emptying their bags into the pump. "Pump groups" are an organized form of theft.

6. Fake airdrops and giveaways

A tweet from a fake "@elonmusk" or "@VitalikButerin" account announces you can send 1 ETH and receive 2 ETH back. A site claims to offer a free airdrop to wallets that connect and "verify". An email tells you your wallet is eligible to claim X tokens. Connecting the wallet signs a transaction that drains it; "verifying" exposes your seed phrase; sending ETH to the "giveaway" address just sends ETH to a thief.

7. SIM swaps

An attacker convinces your mobile carrier to port your phone number to a SIM they control, often via social engineering of a customer service rep. They then use SMS-based 2FA to take over your email, then your exchange accounts. Defense: enable SIM-swap protection or a port-out PIN with your carrier, and use app-based 2FA (Authy, Aegis, hardware key) rather than SMS for anything important.

8. Malicious approvals (wallet drainers)

You visit a site that looks legitimate (a fake "claim" page, a fake DEX, a fake NFT mint). The site asks you to sign a transaction. The transaction is not a payment — it is an unlimited token approval that lets the attacker move your tokens out of your wallet whenever they want. You see the wallet popup, you click sign, and your funds drain over the next minutes or weeks. This category is so widespread it deserves its own page: what is a wallet drainer.

9. Fake wallets and fake apps

App stores periodically host fake versions of Trust Wallet, MetaMask, Exodus, Phantom and others. The fake app records your seed phrase on first use and forwards it to the attacker. Variants include fake Chrome extensions and fake desktop installers. Always download wallet software from the wallet's official website (linked from their verified social accounts), never from a search result, ad, or chat link.

10. AI deepfakes and impersonation

The newest category. AI-generated video and voice of Elon Musk, Michael Saylor, Vitalik Buterin, or your own exchange's CEO promoting a "limited-time" giveaway, an emergency "migration", or an investment opportunity. Sometimes the deepfake is in a livestream pinned to a hijacked YouTube account. The visual and audio quality is now good enough that you cannot tell from a 30-second clip. Defense: any video promoting a "send ETH, get ETH back" or urgent action is a scam regardless of who appears to be saying it.

Red flags / checklist

The patterns above all share a small set of red flags. If you see two or more of these in the same situation, treat it as a scam by default:

  • Urgency. "Only 24 hours left", "limited spots", "the team is migrating right now". Real crypto operations rarely depend on you acting in minutes.
  • Unsolicited contact. A DM, email, or call you didn't initiate. Especially if it offers help right when you posted about a problem.
  • Asks for seed phrase or private key. No legitimate party — wallet, exchange, custody, support, hardware manufacturer — will ever ask. Sharing them is always the end of your funds.
  • Guaranteed returns. Anything promising fixed, high, guaranteed yield is either a scam or about to become one. Real yields in crypto fluctuate and carry visible risk.
  • Pressure to download software. Especially from a chat partner, a screen-share session, or a "support" link.
  • The address looks similar but is wrong. Always verify the first and last 4 characters of a destination address before sending; clipboard hijackers swap addresses.
  • Off-platform escalation. A conversation that started on a dating app or chat tries to move you to a custom investment platform or app you never heard of.
  • Suspiciously high gas-free yield. A new "DeFi protocol" or "airdrop claim" offering 10x what known protocols pay is almost always a draining trap.

What to do if you've been hit

If a wallet has been compromised, every second counts. The standard playbook:

  1. Move what you can. Send any remaining tokens to a fresh wallet (new seed phrase) immediately. The attacker is usually scripting; the faster you move, the more you save.
  2. Revoke approvals. Use a service like revoke.cash (or your wallet's built-in approvals manager) on the compromised wallet to revoke every active token approval. This stops the wallet drainer category specifically.
  3. Treat the compromised wallet as burned forever. If a seed phrase was exposed, no key rotation will help — the attacker now and forever has the wallet. Do not move funds back into it.
  4. Document. Screenshot the malicious site, the chat history, the transactions involved. You will need this for any report or insurance claim.
  5. Report to local authorities and the platform. File a report with local police, IC3 (US), Action Fraud (UK), or equivalent. Report the scammer addresses to chain analytics firms (Chainalysis, TRM Labs); they may eventually be blacklisted and limit cashout. Recovery is rare but reporting is the only way it can happen.
  6. Beware "recovery scams". Within days of being scammed, you will often get DMs from accounts claiming they can recover your stolen crypto for a fee. This is itself a scam. There is essentially no legitimate paid recovery service for irreversible blockchain transfers.

How to stay protected

  • Use a hardware wallet for meaningful balances. Most of the above scams require either a seed phrase or a malicious transaction signature; a hardware wallet protects both, especially when you read every approval on the device screen.
  • Have a "hot" and "cold" wallet split. Keep small amounts in your interaction wallet (the one that visits sites and signs DeFi transactions). Keep meaningful balances in a hardware wallet that never connects to random sites.
  • Bookmark official URLs. Never reach a wallet, exchange, or DeFi protocol via search or social link. Bookmark the real domains and use the bookmark.
  • Use app-based 2FA, not SMS. SMS is the SIM swap surface. Authy, Aegis, Google Authenticator or a hardware key (YubiKey, Ledger) are dramatically safer.
  • Use a unique strong password and a password manager. Reusing the same password across exchanges is how dozens of accounts get drained from one leaked database.
  • Read every wallet popup. If a transaction asks to spend more than the amount you intended, or asks for unlimited approval of a token, reject it.
  • Slow down. The single most effective defense is treating any urgent crypto situation as a default scam until you have verified through an independent channel. "Sleep on it" defeats more attacks than any product.

For the broader treatment of safe key custody, see how to store crypto securely; for the specific approval-phishing category that has grown the fastest in 2024-2026, see what is a wallet drainer. None of this is financial advice. It is the working scam playbook you should know before you ever click "sign".

Watch the alerts, watch the news

Most major scam campaigns — wallet drainer surges, fake giveaway deepfakes, fake exchange impersonations — surface in security headlines hours before they hit the mass audience. Zippfeed tracks security and major-token headlines with sentiment and importance scoring, so you can see active campaigns early and know which sites or apps to avoid that week — useful whether you are running meaningful balances, exploring new DeFi protocols, or just trying to keep up with what new attack patterns look like.

Frequently asked questions

What is the most common crypto scam?
By dollar volume, romance / pig-butchering scams (long-relationship con jobs that move victims to fake investment platforms) are the largest single category globally — billions of dollars per year by FBI estimates. By incident volume, phishing and malicious approval transactions (wallet drainers) are more frequent. Almost every scam fits one of about ten reusable patterns.
How do you recognize a crypto scam?
Most scams share a small set of red flags: urgency, unsolicited contact, asking for a seed phrase or private key, guaranteed high returns, pressure to download software, suspicious wallet popups asking for unlimited approval. Treating any two of these together as a scam by default avoids most losses. The biggest defense is slowing down.
Can you recover stolen crypto?
Recovery is rare. Blockchain transactions are irreversible, scammers move funds through mixers and bridges quickly, and law enforcement has limited tools across jurisdictions. Reporting to authorities, exchanges, and chain analytics firms is worth doing — occasionally addresses get frozen at exchanges and partial recovery is possible. "Recovery services" advertised after a scam are themselves almost always scams.
How can I protect my crypto from scams?
Use a hardware wallet for meaningful balances, split funds between a small "hot" wallet for daily use and a cold wallet for storage, bookmark official URLs (never search), use app-based or hardware 2FA (never SMS), use unique passwords with a password manager, read every wallet approval, and treat anything urgent as a scam until verified independently. None of this is financial advice.

Related guides