Common cryptocurrency scams and how to avoid them

Cryptocurrency scams keep evolving, but most follow familiar tricks that prey on urgency, confusion, or excitement. Knowing what to watch for makes a big difference. This guide breaks down common cryptocurrency scams and how to avoid them without getting overwhelmed.

You’ll find the most common scams range from fake exchanges and investment traps to phishing, blackmail, and shady mining or mixing schemes. They even include so-called crypto recovery services, just in case getting scammed once wasn’t enough.

Below, we’ll cover how to spot these scams and identify fake coins. We’ll also share some smart habits to keep your crypto safe, and what to do if you get scammed, including how to report it. This way, you’ll know how to stay safe and take action if things go wrong.

What are the most common cryptocurrency scams?

Before we get into the details, here are the most common cryptocurrency scams at a glance:

• Fake crypto exchanges: Scammers create fake platforms that mimic real ones (or promote phony ones in Telegram groups), lure you to deposit funds, then vanish. Some real crypto exchanges also get hacked, leading to massive losses.
• Cryptocurrency investment scams: These include pump and dump schemes, rug pulls, fake celebrity endorsements, copycat tokens, dubious initial coin offerings (ICOs), and exit scams where founders vanish with the money.
• Crypto phishing scams: Fraudsters use fake cryptocurrency apps or phishing links to steal login info and private keys, tricking users into handing over access to their funds.
• Blackmail and extortion: Scammers may send emails threatening to expose fake or real personal info unless they get paid in crypto, often instilling a sense of fear and urgency for a quick payout.
• Cryptocurrency mining scams: Some scams involve malware that secretly uses your device for crypto mining, while others involve fake (or hacked) mining companies that never deliver.
• Crypto wallet scams: Cyber criminals promote fork scams by offering “free” coins after blockchain splits (e.g., Litecoin fork from Bitcoin, Monero from Bytecoin, etc.), then hijack your private keys when you try to claim your funds.
• Crypto mixing scams: Some cryptocurrency mixers claim to anonymize transactions, but instead steal funds or get shut down by authorities while holding user money.
• Cryptocurrency recovery scams: You’ll notice lots of replies (usually under social media crypto scam warnings) that advertise so-called “crypto recovery experts.” They target scam victims by promising fund recovery, for a price.

Fake crypto exchanges

Crypto exchanges let you buy Bitcoin and altcoins for real money or trade them for other cryptocurrencies. Top examples include Binance, Bybit, and Crypto.com—though there are over 250 in existence, and nearly twice as many have closed down.

According to Cryptowisser’s Exchange Graveyard, 488 crypto exchanges have shut down since 2014. Over half of these (51%) were outright scams or just disappeared with no reason given.

CryptoLegal also maintains a massive database of scam companies, including a list of fake crypto exchanges. Check it out before putting your money on the line with a lesser-known service.

That said, even legitimate services can get hacked, so don’t leave more funds on an exchange than you’re willing to lose. Storing large amounts of crypto on a personal wallet is usually safer.

Cryptocurrency investment scams

Common cryptocurrency scams come in many forms, each using different tricks to steal your money. From sudden price spikes in pump and dumps to fake projects that vanish in rug pulls or exit scams, knowing how these work can help you avoid them.

Pump and dump

In a pump and dump, scammers hype up a low-value coin to drive up its price, then quickly sell off their holdings once enough people buy in. The price crashes, and everyone else is left holding worthless tokens.

This usually spreads through group chats (e.g., on Telegram) or social media (Facebook, Twitter, Instagram), where scammers claim the coin is about to “take off.” Naturally, the only people who profit are the ones who planned the dump from the start.

Avoid buying into hype on social media, especially if it comes from random group chats or influencers with no track record. Always look into a coin’s history and trading volume before investing. Remember, pump-and-dump schemes benefit insiders, not regular investors.

Rug pulls

Rug pulls happen when a crypto project suddenly shuts down and its creators vanish with the funds. Victims can’t withdraw anything, and there’s usually no warning before it collapses.

These scams often involve flashy websites and big promises. Once enough money rolls in, the developers drain the liquidity pool or empty wallets linked to the project.

Scams can show signs of both pump and dump and rug pulls, as was the case with the $HAWK meme coin tied to the “Hawk Tuah Girl.” $HAWK spiked to nearly $500 million in market cap before crashing over 90% in 20 minutes, after insiders allegedly sold large portions of the supply right after launch.

To avoid such situations, you should thoroughly research a project beforehand instead of giving in to FOMO. Verify that the code is open-source and audited, that the team is publicly known, and that they have taken steps to protect the funds. Even if tokens are “locked” or “vested” (as the $HAWK team claimed), those terms don’t guarantee safety on their own.

Fake celebrity endorsements

In this case, scammers pretend that a celebrity supports a coin or giveaway, using fake screenshots or AI-generated videos to make it seem real. They usually promise the celebrity will double any cryptocurrency you send in.

These fake endorsements spread fast on social media, especially during big events or market booms. Of course, the actual celebrity has no idea it’s happening, and victims never get their money back.

If a post claims a celebrity will send you crypto in return, it’s fake—no matter how real it looks. Stick to official announcements and ignore “giveaways” that require you to send funds first. These are always scams.

Copycat tokens

Scammers take advantage of popular tokens by making fake copies that look almost the same.  These copycat tokens have similar names, icons, and symbols but use a different contract address to trick you into buying the wrong one.

Always check the token’s official contract address on trusted sites like the project’s page, CoinGecko, or the team’s verified social channels before you buy.

ICO scams

An ICO (Initial Coin Offering) allows a crypto project to raise funds by selling a new token before it is released to the market. It’s like crowdfunding, but with a key difference—people often expect the token’s value to rise over time, even though it starts with no real worth.

During the 2017 ICO boom, scammers launched fake tokens with convincing whitepapers and roadmaps. They collected millions in crypto, then vanished without ever building a product.

Some ICO scams still pop up, especially during “bull markets,” when stocks or cryptocurrencies rise in price over a certain period. They rely on FOMO to pressure people into buying early while omitting important details about the project.

Before investing in any ICO, carefully read the whitepaper and verify that the goals are realistic. Avoid projects pressuring you to buy quickly or claiming limited supply without evidence. Remember, a new token has no guaranteed value until it proves itself.

Exit scams

In an exit scam, a project may look legit for months or even years. It collects user funds, builds a reputation, and then one day shuts everything down and disappears.

There’s usually no clear warning. The team goes silent, the website goes offline, and wallets linked to the project are emptied. By the time users notice, it’s too late.

Be cautious with new projects promising big returns without a proven track record. Look for ongoing communication from the team and regular updates. If a project goes silent or the website disappears, withdraw funds if possible and avoid future investments in that project.

Crypto phishing scams

Some of the most common cryptocurrency scams involve tricking users into disclosing sensitive information, such as private keys or login credentials. Attackers often use fake websites, emails, or messages that mimic legitimate platforms to deceive victims. Once scammers gain access, they can drain your wallet or account quicker than you can notice.

Moreover, generative AI has made it easier than ever for fraudsters to set up convincing websites and email campaigns. In fact, they may even trick Google’s verification systems, as seen with the fake Coinbase email below.

As the Reddit user mentioned in their post, the email came from “info@info.coinbase.com.” While it’s convincingly close to the real thing, one look at the official list of Coinbase email addresses confirms it’s a scam.

Always double-check URLs and email senders before entering any credentials. Better yet, use bookmarks for important sites instead of email links. If the message turns out to be legit, you should get a notification about it after you log in.

Alternatively, install a reliable password manager, as the app will only input your logins on the real deal website. Finally, enable two-factor authentication (2FA) and never share your private keys or passwords.

Fake cryptocurrency apps

Similarly, fraudsters can create fake apps that look like popular wallets or exchanges, but are actually designed to steal your logins or install malware. Users who download these apps risk having their private keys compromised or their devices infected.

While these apps usually appear in unofficial app stores or through phishing links on social media, they can still sneak their way onto the App Store or Google Play Store. For example, “CryptoRom” trading apps passed the stores’ review process before the malicious developers updated them with malicious code once they went live.

It’s common for such cryptocurrency scams to use social engineering, building trust over time through fake personas, romantic connections, or friendly chats before eventually convincing victims to download the app and transfer their funds.

Download wallet and exchange apps only from official app stores or verified sources. And since bogus apps can still pop up, check their reviews and developer info carefully. Avoid clicking links to apps sent by strangers or on social media, even if they seem trustworthy.

Blackmail and extortion

Scammers send threats via email or social media, claiming they will expose embarrassing information or fake crimes unless paid in cryptocurrency. They often target random people, hoping fear will lead to quick payment.

Here’s an example of a crypto extortion scam email one Reddit user received.

These threats rarely have credible evidence and are designed to intimidate victims into paying without verifying the facts. Ignoring and reporting such messages to the authorities is usually the best response.

In some cases, scammers go further by infecting your device with ransomware, a type of malware that locks down and encrypts your hard drive until you pay a cryptocurrency ransom. Never cave in to such demands, as it’s unlikely the attacker will unlock your files.

Cryptocurrency mining scams

Cryptocurrency mining scams often target people who want to mine coins but don’t have the gear for it. Cloud mining services claim to let users rent mining power from remote data centers, offering a cheaper and hands-off way to earn cryptocurrency.

However, many of these setups are fake, with scammers promising high returns from crypto mining operations. Victims invest funds expecting profits, but the operations are often unsustainable (or outright don’t exist).

Some scams are simply Ponzi schemes, where early investors are paid with the money of new victims, rather than actual mining profits. Once the scam dries up, it disappears—along with everyone’s money.

Be skeptical of cloud mining offers promising big payouts with little effort. Always research the company thoroughly and check for genuine user reviews before making an investment. If an offer seems too good to be true, it probably is.

Even with legitimate cloud mining services, there’s still a chance of hacks or data breaches. To protect yourself, never store large amounts of cryptocurrency on platforms you don’t fully trust, and enable 2FA for good measure. Keeping your crypto in a personal wallet where you control the private keys is generally safer.

Crypto miner malware

This type of malware attack (also known as “cryptojacking” or “the Altruistics virus“) often spreads through malicious downloads or phishing links. After infecting your device, crypto miners run silently in the background and use system resources to mine coins for the scammer.

Not only does this slow down your device and increase electricity costs, but it also gradually damages your equipment as your GPU or CPU is hijacked to generate revenue for the scammers.

Prevention is the name of the game in this case. Avoid downloading files or clicking links from unknown sources, keep your software and operating system up-to-date, and use a trustworthy antivirus. If your device suddenly slows down, scan it for malware that might be mining crypto without your consent.

Crypto wallet scams

Wallet scams trick users into giving away private keys or seed phrases, whether it’s by installing malicious software posing as wallet upgrades, “free coin” offers, or even phony support calls and sketchy wallet apps. Once scammers gain access, they drain the wallet instantly.

One newer scheme to watch out for involves scammers asking for a “fresh” or empty wallet’s seed phrase, promising to pay you a small amount of crypto in return. It’s easy to create new accounts on some wallets (like Phantom or MetaMask)—but sharing the seed phrase gives scammers full access to your main wallet too.

It goes without saying, but never share your private keys or seed phrases with anyone. Also, beware of messages claiming to be wallet support asking for this info. Always download wallet updates from official sources, and consider using hardware wallets for extra security.

Fork scams

A crypto fork happens when a blockchain splits into two separate versions, usually due to changes in the rules or software. This creates a new chain with its own version of the coin, which holders of the original coin can sometimes claim for free on the new chain.

Scammers exploit this fact by promising extra free coins (“airdrops”) if you input your private key to claim them. Unsurprisingly, you’ll only end up losing access to your funds.

If you’re unsure, ask in trusted crypto communities or verify fork announcements from official project channels. For instance, Ripple warned users of fake XRP airdrop scams in May 2025, as scammers even impersonated the CEO to lure victims onto phishing sites.

Crypto mixers

Despite claims to the contrary, cryptocurrency transactions are not anonymous. While there may be no real names involved (unless your wallet is tied to an exchange), they still contain enough metadata to trace them back to the original owner.

Crypto mixers claim to hide transaction trails by mixing your coins with others, but some run scams where they keep your funds or shut down unexpectedly. Others are used by criminals to launder stolen coins, and get shut down by authorities instead.

While crypto mixing can help with privacy, choosing the wrong one could mean losing your coins completely. As a rule of thumb, never trust mixers that demand full control of your coins. Instead, look for non-custodial options, such as:

• Wasabi Wallet: Uses a technique called “CoinJoin” to mix your coins with others automatically inside the wallet.
• JoinMarket: Also operates on the CoinJoin model, allowing users to participate as either “makers” (providing liquidity) or “takers” (seeking privacy), with makers earning fees for their participation.

A quick heads-up, though—non-custodial tools are facing more legal scrutiny lately.

For instance, Samourai Wallet, which used a CoinJoin implementation called Whirlpool, was shut down in 2024 after its founders were arrested and charged with money laundering. This same arrest prompted the developer of Wasabi Wallet to block US citizens and residents.

Cryptocurrency recovery scams

Past victims are often targeted by cryptocurrency scams, particularly those promising to recover funds. These scams prey on desperation, often showing up in comment sections, forums, or social media replies. They pretend to offer professional help, claiming they can trace and recover stolen crypto.

Scammers usually pose as “blockchain forensics experts” or fake recovery firms. Some even use fake testimonials or bots to give the impression of legitimacy. They’ll flood threads with vague encouragement and drop contact handles, hoping someone vulnerable will reach out.

Here’s a screenshot showing what these replies usually look like.

Be extremely cautious if someone claims they can recover your crypto. Legit recovery services don’t ask for upfront payments or private keys. Don’t reply to these posts, either—you’ll just help the algorithm push them to more people.

How to identify fake cryptocurrency

Fake coins usually come with hype, flashy marketing, and vague promises. If you’re unsure whether a cryptocurrency is legit, here are some quick red flags to look out for:

• No real whitepaper: Or it’s just buzzwords with no clear use case
• Anonymous or shady team: You can’t verify who’s behind the project
• Fake partnerships: Claims of big-name partners that don’t check out
• No working product: Just a flashy website and a roadmap
• Unrealistic returns: Words like “guaranteed” or “risk-free” returns are red flags
• Heavy pressure tactics: Things like “limited time” offers or countdowns
• Spammy social media: Paid followers, fake comments, or bot engagement

How to avoid common cryptocurrency scams

The most common cryptocurrency scams follow familiar patterns, and you can easily avoid them if you know what to watch for. Here’s a quick rundown of the best ways to keep your coins safe:

• Stick to trusted platforms: Stick to well-known exchanges and verified wallet apps. Always verify URLs and avoid anything that looks off. You can also check CryptoLegal’s scam database before making a deposit.
• Adopt strong security habits: Enable 2FA, use a password manager, VPN, and antivirus, and never share your seed phrase or private keys.
• Move large funds off exchanges: For anything long-term, transfer your crypto to a secure personal wallet. Consider a hardware wallet for the best security.
• Avoid get-rich-quick schemes: Ignore giveaways, “double your crypto” offers, and random DMs or cold calls asking you to invest.
• Do your homework on new projects: Check if the team is public, read the whitepaper, and look for code audits.
• Watch for exit signals: If a project goes silent or deletes its online presence, withdraw your funds if possible.
• Think before you click: Don’t open suspicious links or download unknown files. Keep your device and antivirus updated.
• Be careful with promotions: Influencer marketing, fake endorsements, and viral hype often push worthless or scam tokens.
• Avoid sketchy “tools” and services: This includes shady mixers, cloud miners, and tools that ask for your private keys.
• Report and block scammers: If someone threatens you, asks for crypto, or pretends to be a support rep, cut them off immediately and contact local authorities.

What to do if you fall for a crypto scam

Considering fraudsters can now bypass even Google’s advanced algorithms, no one will blame you for getting tricked. Here’s what to do if you’ve fallen victim to a crypto scam:

1. Cut off contact: Stop talking to the scammer right away to avoid losing more money.
2. Save all evidence: Collect screenshots, wallet addresses, transaction IDs, emails, and any sketchy links you may have accessed.
3. Alert your bank: If you shared card or account details, contact your bank to block the account and challenge any charges.
4. Contact the platform: While crypto transactions can’t be reversed, the exchange, wallet, or other platform you used may block the scammer or freeze their funds.
5. Get outside help: A court-vetted crypto forensics company like Chainalysis may be able to follow the trail of crypto transactions to the scammer. However, this is not a guaranteed solution.
6. Report to authorities: File a complaint with local law enforcement or financial crime units (e.g., the FBI’s IC3 site and the FTC in the US).

Remember, this can happen to anyone, so don’t beat yourself up. What matters most is acting fast and following these steps to reduce your losses and help catch the scammers.

Common cryptocurrency scams FAQs

Read more: