Common Cryptocurrency Scams

Crypto scams remain a significant threat despite increased awareness and security measures, with fraudsters using sophisticated tactics across DeFi, phishing, social engineering, and romance-based scams.

Crypto Scam and Hack Losses: 2023–2025

• In H1 2023, losses from hacks, phishing, and rug pulls totaled $656 million, including $471.4 million from protocol hacks, $108 million from phishing, and $75.9 million from rug pulls.

• For the full year 2023, security firm Beosin reported a decline of ~54%, with total Web3 losses of $2.02 billion, comprising $388 million from rug pulls, $238 million from phishing, and $1.397 billion from hacks.

• In 2024, global crypto scam and fraud losses surged to $5.9 billion, according to Chainalysis data—a significant increase from the previous year. Of that total, approximately $1.1 billion was lost due to fraud on centralized exchanges, while DeFi platforms accounted for roughly 55 % of all scam-related losses

• A surge in AI-enhanced scams, including deepfakes and pig-butchering schemes, contributed significantly to the rise in losses in 2024.

Major Incidents in 2024–2025

• The February 2025 Bybit hack resulted in a record theft of $1.5 billion in ETH, traced to North Korea’s Lazarus Group, making it the largest crypto theft to date.

• The U.S. DOJ filed to seize $225 million in crypto tied to pig-butchering (investment/romance) scams, affecting over 400 victims.

Cryptocurrency scams to watch out for

Rug pulls

Rug pulls are a widely recognized form of fraudulent activity within the decentralized finance (DeFi) and broader cryptocurrency landscape, especially common among newer and speculative projects. In essence, rug pulls occur when developers promote a seemingly legitimate token or DeFi protocol, only to abruptly withdraw investor funds once enough capital has been raised. The term “rug pull” is metaphorical, referring to the sudden removal of support beneath unsuspecting investors, leaving them with tokens that have little to no value.

There are generally two main types of rug pulls: hard rug pulls and soft rug pulls. Hard rug pulls are inherently malicious and involve deliberately coded backdoors or functions within the smart contract that allow developers to steal funds directly or disable trading. These are unambiguously fraudulent and can lead to legal action. Soft rug pulls, while less overtly illegal, are still unethical. They involve developers abandoning the project or dumping large volumes of tokens on the market, causing the price to collapse and leaving retail investors at a loss.

Tactics employed in rug pulls vary but commonly include the sudden removal of liquidity from decentralized exchanges (DEXs), leading to a rapid decline in token value. Other variations involve creating completely fake projects or orchestrating abrupt team exits, leaving holders with no support or communication. Often, these scams begin with developers launching a new token, accompanied by aggressive marketing, exaggerated claims, and sometimes influencer endorsements. These campaigns may highlight unique features, revolutionary technology, or promises of high returns to build hype and attract retail participation. To build trust, teams may initially lock liquidity or contribute personal funds, creating a false sense of legitimacy.

Once the token gains momentum and sufficient investor capital has been amassed, the developers execute the rug pull. This is typically done by removing all liquidity from trading pools or selling off large quantities of pre-mined tokens, triggering a sharp price crash. At this point, the developers disappear, and investors are left with devalued or worthless tokens.

There are several red flags that may indicate a potential rug pull. These include anonymous or unverifiable team members, a lack of third-party smart contract audits, vague roadmaps, and a disproportionate focus on hype-driven marketing rather than transparent project updates. Additional warning signs include short or absent liquidity lock periods, excessive token concentration in a handful of wallets, and sudden shifts in liquidity or trading activity. Communities with limited or highly censored engagement may also signal manipulated investor sentiment.

To avoid falling victim to a rug pull, investors should conduct comprehensive due diligence. This involves reviewing the project’s whitepaper, examining the team's credentials and history, and verifying any claimed partnerships or use cases. Investors should check whether the project’s smart contract has been audited by a reputable firm such as CertiK, PeckShield, or SlowMist. Tokenomics should be carefully reviewed—particularly the allocation and distribution of tokens—to identify if a few wallets control the majority of the supply. It is equally important to verify whether liquidity is securely locked using services like Team Finance, and for what duration.

Engaging with the community on platforms like Discord, Telegram, or Twitter can also provide valuable insight into the project's legitimacy. Transparent communication and ongoing development activity are strong indicators of reliability. Additionally, tools like Etherscan or BscScan can be used to track wallet activity, helping to identify suspicious transactions or large token movements from developer wallets.

Pump and dumps

Pump and dump schemes are manipulative tactics designed to artificially inflate the price of a cryptocurrency before selling it off at its peak. While this practice has long existed in traditional stock markets—particularly in penny stocks—it has found fertile ground in the cryptocurrency space due to the relatively unregulated environment and the anonymity it affords. These factors make it easier for bad actors to operate with limited oversight and accountability.

There are generally two main types of pump and dump schemes observed in the crypto market. The first involves insiders or early holders who begin promoting a token through exaggerated claims and hype, all while gradually offloading their holdings. The second occurs within small or newly formed token communities, where members are encouraged—often via social platforms like Telegram or Discord—to buy the token in coordination, pumping up the price. Those who fail to sell in time are left "holding the bag" as the price collapses.

The operation typically begins when organizers—often developers, insiders, or large holders—quietly accumulate a significant amount of a low-liquidity or obscure token. Once they hold a sizable share, they launch the "pump" phase by disseminating misleading information, exaggerated news, fake partnerships, or overly optimistic forecasts. Promotion is usually done through social media, online forums, influencers, or even paid advertisements. These tactics generate FOMO (fear of missing out) among retail investors, who then begin buying the asset, causing a rapid and artificial price increase.

Once the token reaches an inflated price, the perpetrators initiate the "dump" phase, liquidating their holdings at peak value. As large volumes flood the market, the price crashes, often dramatically. Retail investors who entered late suffered significant losses, having bought in during the hype but exited too late to recover their funds.

Several warning signs can help identify potential pump and dump schemes. These include sudden, unexplained spikes in price or volume, particularly when not accompanied by meaningful news or product developments. A high frequency of promotional content over a short period—especially from previously inactive sources—is another red flag. Investors should also be cautious of anonymous investment tips, hype-driven Telegram or Discord groups, and tokens with low liquidity, which makes it easier to manipulate prices.

To protect against pump and dump schemes, investors should approach overly optimistic investment opportunities with skepticism, especially when they lack verifiable fundamentals. It's essential to conduct independent research, review the project’s long-term viability, and avoid relying solely on promotional materials or community chatter. Being wary of herd behavior and assessing an asset’s liquidity, utility, and development activity can significantly reduce the risk of falling victim to such manipulation.

Phishing

In 2023, more than 324,000 crypto users fell victim to phishing scams, resulting in approximately $295 million in losses, according to Scam Sniffer. However, 2024 saw a sharp rise, with phishing attacks draining nearly $494 million from over 332,000 addresses—a 67% annual increase. The first quarter of 2024 alone accounted for $187.2 million in losses, with 175,000 victims targeted.

Unlike traditional phishing that targets banking or personal data, crypto phishing deceives users into exposing private keys, seed phrases, or wallet passwords, or approving malicious transactions. Due to blockchain’s irreversible and pseudonymous nature, a compromised wallet typically results in permanent loss with no recourse for victims.

Crypto phishing takes many forms: fraudulent emails, fake websites, spoofed applications, and social media impersonation attacks. Scammers often impersonate legitimate services (exchanges or wallets), use fake URLs or domains, and engage users through compelling yet false alerts or offers.

An advanced variant, approval phishing, tricks users into signing transactions that authorize smart contracts to drain wallet funds. These scams often begin via malicious links directing users to counterfeit DeFi platforms, where signing a transaction unknowingly grants scammers control over assets.

Red flags include unsolicited connection or approval requests, unfamiliar or slightly misspelled URLs, urgent messaging, and unrealistic promises. Spelling mistakes, rushed communications, and unexpected requests for access are also strong indicators of phishing attempts.

To protect against these attacks:

• Avoid clicking links in unsolicited messages—type web addresses manually.

• Enable two-factor authentication (2FA) on exchange and wallet accounts.

• Use hardware wallets where possible.

• Periodically audit and revoke unnecessary smart-contract approvals using tools like Etherscan’s Token Approval Checker or Revoke.cash.

• Stay cautious of new wallet connection prompts, especially from unknown sites.

Airdrop scams

Airdrop scams lure victims with the promise of free cryptocurrency tokens as part of promotional events or token distributions. Scammers exploit the excitement around airdrops to steal assets or personal information by creating fake airdrop campaigns. Participants may be asked to provide private keys, send a small amount of crypto to a specified address to "verify" their wallet, or complete tasks that compromise their security.

The operation of this scam relies on the creation of hype and the exploitation of FOMO. Scammers advertise their fake airdrops through social media, forums, and even through direct messaging on platforms like Discord or Telegram.

To identify airdrop scams, watch for red flags like requests for private keys or wallet seed phrases, the requirement to send crypto to participate, and a lack of verifiable information about the airdrop on official project channels. Genuine airdrops rarely, if ever, ask participants to send funds or disclose sensitive information.

Romance Scams (Pig Butchering)

In cryptocurrency romance scams, or "pig butchering," scammers build fake romantic relationships online and then guide the conversation to cryptocurrency investment opportunities. The scammer "fattens" the victim with promises of wealth and financial freedom through crypto investments, only to "slaughter" by eventually convincing them to transfer funds into fraudulent schemes or directly to the scammer.

These scams are often elaborate, with scammers investing weeks or months into building a believable relationship. They prey on loneliness, the desire for connection, and the allure of easy money. The operation escalates from casual conversation to discussing crypto investments, sharing "tips," and eventually directing victims to fake platforms or convincing them to make direct transfers.

If you experience a sudden shift from romantic or friendly conversation to financial advice or opportunities, reluctance to meet in person or via video call, and the urgency around making immediate investments, take a step back and pause on your communications with the potential scammer. Protecting oneself involves being extra wary of financial advice from strangers online, never sending money to someone you've only met online, and conducting thorough research before investing.

Fake Apps and Sites

Fake apps and sites mimic legitimate cryptocurrency wallets, exchanges, or information services to steal funds or personal information. Scammers design these platforms to look as authentic as possible, enticing users to enter their credentials or make deposits.

The scam plays out by first attracting users through search engine optimization, ads, or phishing emails. Once a user interacts with the fake platform—such as downloading a fraudulent app or entering login information on a bogus website—the scammers can steal assets directly from the user's wallet or commit identity theft.

Watch out for the absence of HTTPS in the URL, misspellings or grammatical errors in the app or website content, and a lack of legitimate reviews or a verifiable track record. Users should always download apps from official app stores, verify website URLs carefully, and look for reviews or community feedback before interacting with a crypto service.

Giveaway Scams

Giveaway scams falsely promise to multiply cryptocurrency sent to a scammer's wallet address, often leveraging the names of well-known personalities or companies in the crypto space. Victims are lured with the prospect of receiving a larger return as part of a "giveaway" but end up losing their sent funds.

Scammers promote these schemes through social media, using accounts that appear legitimate or through hacked accounts with large followings. The operation is simple yet effective: promise a lucrative return on a small investment, and once the crypto is sent, cut all communication and disappear.

The key warning sign is the promise of free money, especially requiring an upfront investment. Genuine giveaways from reputable companies or individuals do not require sending crypto to participate. Always verify the authenticity of the giveaway through multiple official channels before participating.

Impersonation Scams

Impersonation scams involve fraudsters pretending to be legitimate entities, such as crypto exchanges, wallet services, celebrities, or influencers, to solicit funds or personal information. Scammers might reach out to individuals through emails, direct messages, or social media posts to ask for payments, donations, or sensitive information. Fake job offers or investment opportunities in the crypto space are also common fronts. This scam plays on trust and authority, with victims more likely to comply with requests from seemingly reputable sources.

Unsolicited requests for money or personal information, inconsistencies in the communication compared to the official source, and the use of urgency or high-pressure tactics often hint at something being amiss. Verifying any such requests directly with the entity through official and verified channels can help prevent falling for these scams.

For each type of scam, the overarching protective measures include thorough research, skepticism towards too-good-to-be-true offers, and verifying information through official channels. The crypto space's anonymity and lack of regulation make it ripe for scams, but awareness and caution can significantly reduce the risk of falling victim.

Blackmail or Extortion Scams

Blackmail or extortion scams in the cryptocurrency world involve threats to reveal sensitive, often personal, information unless a ransom is paid in cryptocurrency. This type of scam capitalizes on the anonymity and irreversibility of crypto transactions, making it a preferred method for scammers seeking to exploit victims under the guise of anonymity.

The modus operandi involves the scammer contacting the victim, usually via email, claiming to have compromising information. This could range from alleged access to personal files, browsing history, or more sensitive content. The scammer then demands payment in cryptocurrency, often Bitcoin, due to its pseudo-anonymous nature, to prevent the release of the information.

Warning signs include receiving unexpected emails that claim to have access to your personal information or devices, and which demand payment to avoid exposure or legal trouble. Often, these messages are marked by a sense of urgency and threats.

To safeguard against these scams, it's essential never to respond or send payments. Implementing strong, unique passwords, using two-factor authentication, and covering webcams when not in use can also help protect against potential threats.

Investment Scams

Investment scams in the cryptocurrency sphere often promise high returns with little to no risk, leveraging the speculative interest in crypto markets. They may take the form of Ponzi schemes, where returns are paid to earlier investors from the capital of new investors, or fake investment platforms offering non-existent opportunities.

Victims are persuaded to invest large sums of money, which the scammers then appropriate. The operations collapse once the flow of new investors dries up or when the scammers decide to disappear with the funds.

Look out for promises of guaranteed returns, pressure to invest quickly, and requests for investment in obscure or unknown cryptocurrencies. Checking for reviews, regulatory compliance, and the project's or platform's legitimacy can help avoid falling victim to such scams.

Fake ICOs

Fake Initial Coin Offerings (ICOs) involve scammers creating a fraudulent ICO to attract investors looking to get in early on a new cryptocurrency or token, promising high returns and revolutionary technology. These scams capitalize on the hype and speculative nature surrounding ICOs and the broader blockchain technology sector.

Scammers typically create a professional-looking website, a whitepaper with technical but vague details, and promotional material promising revolutionary technology and investment returns. Once they collect enough funds from investors, they disappear, leaving investors with worthless tokens or no tokens at all.

If you notice a lack of detailed information about the team behind the ICO, unrealistic promises about the investment's potential returns, and a whitepaper that lacks substance or is difficult to understand, these might indicate a potential scam. Verifying the credibility of the team, the project's technical feasibility, and the existence of an actual product or service can help in identifying fraudulent ICOs.

Social Media Ad Scams

Social media ad scams exploit the reach and influence of social media platforms to promote fraudulent cryptocurrency schemes. These ads might link to fake websites or investment platforms, phishing sites, or promote nonexistent or scam products. The scam relies on the perceived legitimacy of appearing on reputable social media platforms to lure victims.

The operation of these scams involves creating ads that promise high returns, free cryptocurrency, or exclusive investment opportunities. Once users click on these ads, they may be asked to enter personal information, make a payment, or download malicious software.

Scam ads often promise quick wealth or guaranteed returns, include requests for payment or personal information, and link to unfamiliar websites. Users should approach ads with skepticism, research offers before clicking, and use ad blockers or adjust privacy settings to limit exposure to potential scams.

Why Crypto Scams Are So Prevalent

• Irreversible transactions on public blockchains make recovery difficult once funds are transferred.

• Privacy tools such as mixers and anonymity-enhancing features hinder investigation and tracing.

• Global regulatory disparities allow scammers to operate across jurisdictions with impunity.

• During bull markets—such as after the 2024–25 Bitcoin halving—FOMO, greed, and elevated sentiment make individuals more susceptible to fraudulent investment schemes.

Best Practices to Avoid Scams

1. Research thoroughly:

   Before engaging with any cryptocurrency project or investment opportunity, conduct comprehensive research. Review the project's whitepaper, team members, and community discussions to assess its legitimacy.

2. Exercise skepticism:

   Be wary of offers that seem too good to be true, especially promises of guaranteed returns or high profits with little risk. If an opportunity appears overly enticing, it's likely a scam.

3. Verify information:

   Verify information through official channels whenever possible. Don't rely solely on promotional materials or unsolicited messages, and confirm details independently.

4. Stay informed:

   Stay informed about common scam tactics and emerging threats in the cryptocurrency space. Knowledge is your best defense against falling victim to fraudulent schemes.

5. Protect personal information:

   Avoid sharing sensitive information, such as private keys or wallet passwords, especially in response to suspicious messages.

6. Use secure platforms:

   Only use reputable cryptocurrency exchanges, wallets, and investment platforms. Check for reviews, regulatory compliance, and security features before using or trusting a platform with your assets.

7. Implement security measures:

   Utilize security measures like two-factor authentication (2FA) on all accounts and strong, unique passwords. Regularly monitor and update security settings to safeguard against potential threats.

8. Remain cautious online:

   Be cautious when interacting online, especially on social media platforms. Beware of unsolicited messages, phishing attempts, and suspicious advertisements promising quick wealth.

9. Verify individuals and entities:

   Verify the identities of individuals and entities claiming to offer investment opportunities or cryptocurrency services. Look for red flags such as anonymous or unverifiable profiles.

10. Trust your instincts:

    Trust your instincts and intuition. If something feels off or too risky, it's better to err on the side of caution to avoid becoming a victim of a scam.

Disclaimer: This material is for information purposes only and does not constitute financial advice. Flipster makes no recommendations or guarantees in respect of any digital asset, product, or service. Trading digital assets and digital asset derivatives comes with a significant risk of loss due to its high price volatility, and is not suitable for all investors. Please refer to our Terms.