Scam Tricks in Crypto You Need to Know - Guide to Recognize and Protect Your Assets

What Is a Scam?

A scam, or fraud, is an act of infiltrating assets or stealing sensitive information from victims through sophisticated tricks and psychological manipulation. In the cryptocurrency field, bad actors are increasingly developing diverse and hard-to-prevent methods of deception.

According to data from Chainalysis, although losses from crypto scams in 2023 decreased by 65% compared to 2022, they still reached billions of USD. This indicates that although the crypto community is becoming more cautious, the scale of damage remains enormous.

What Is Crypto Scam and Why Is It Dangerous?

Crypto scam refers to activities involving fraud directly related to cryptocurrencies and blockchain. Scammers use methods such as exit scams, rug pulls, or cryptojacking to seize investors’ assets. The dangerous aspect of crypto scams is their peer-to-peer (peer-to-peer) nature and difficulty in tracing on the blockchain, making asset recovery nearly impossible.

Most Common Types of Scams Today

Phishing Scam - Impersonation from Reputable Platforms

Attackers send fake emails or messages impersonating well-known exchanges or wallets to lure victims into clicking malicious links. Users are directed to a website that looks exactly like the official one, but in reality, it’s a trap set by bad actors. When entering login credentials or private keys, all information is immediately stolen.

Pump and Dump - Price Manipulation for Profit

Developers or interest groups create a token project, promote it heavily, and make users fear missing out (FOMO). After the price skyrockets due to mass buying, they suddenly sell all tokens, causing the price to crash and unwise investors to be “burned.”

OTC and P2P Scam - High-Risk Direct Transactions

In OTC (over-the-counter) or P2P (peer-to-peer) transactions, scammers ask you to transfer money first, then disappear or fake transaction completion. Many cases involve transferring the correct amount but not receiving promised assets. This can happen with both fiat and cryptocurrencies.

Impersonating Famous Names or Communities

Scammers create fake Twitter, Telegram, Discord accounts impersonating projects or famous figures in crypto, calling for investments into “phantom” projects. Victims trust because the accounts look very similar to real ones, but when they transfer money, they lose everything.

Creating Fake Apps, Wallets, or Exchanges

Websites or apps designed to look exactly like legitimate platforms to confuse users. A famous example is a fake Ledger Live app uploaded to Microsoft Store, causing thousands to lose assets upon installation.

Hacking and Impersonation on Social Media

Hackers attack official accounts of projects or celebrities on X/Discord, then spread scam links to attract users. Because these accounts are highly trusted, victims are easily lured.

Impersonating Admins or Project Staff

Bad actors contact you pretending to be support staff of a project, requesting account verification or security updates, then obtain personal information or seed phrases.

Creating Token Replicas to Deceive

In DeFi space, scammers create tokens with names similar to famous tokens (for example, replacing “o” with “0”), causing users to buy mistakenly and lose money.

Fake Emails from Exchanges

Impostor emails designed to look exactly like official emails from exchanges, requesting users to verify accounts or update payment info, but in fact aim to steal data.

More Advanced Scam Types

Ponzi Scheme - Fake Financial Pyramid

Scammers promise high returns from crypto investments, but profits for early investors come from new investors’ money. When new investments dry up, the system collapses and everyone loses money.

Fake ICO/IEO

Scam projects set up fake websites or social profiles to promote ICO/IEO, attracting naive investors’ funds then disappearing.

Rug Pull - Liquidity Pullout

Development teams suddenly withdraw all liquidity from a project, leaving investors with worthless tokens. This is one of the most common scams in DeFi.

Network System Attacks

Crypto exchanges and wallets are prime targets for hackers. Cybercriminals use attack techniques to breach security and drain funds, especially through zero-day vulnerabilities.

How to Recognize a Potential Scam Project

Promises Excessive Profits

Any project advertising “huge” profits without a solid basis is suspicious. The crypto market is inherently risky; guaranteed profits are a red flag.

Lack of Detailed Information

Projects that do not disclose economic models, team members, or investor history are clear warning signs.

Overhyped Marketing Without a Product

If a project is all marketing hype without any proof (product, specific features), be cautious.

No Security Audit (Audit)

Scam projects often avoid publishing audit results for fear of exposing security flaws.

Negative Community Feedback

Search for project info on Reddit, Twitter, Discord. Multiple warnings or complaints from others are red flags.

Using Similar Domain Names and Logos of Major Projects

Scammers often copy domain names or logos of reputable projects, changing a few characters to mislead users.

No Real Product or Clear Roadmap

Legitimate projects always have detailed development plans and a real product (or at least a testnet). Scams usually lack these.

Complex or Restricted Withdrawal Processes

If a project imposes many steps to withdraw funds or has difficult restrictions, it’s a tactic to prolong the process and hide the truth.

Psychological Manipulation Tactics

Scam projects often create a sense of urgency (offer expires in a few hours), demanding quick decisions without proper consideration.

Practical Tips to Check and Avoid Scams

Verify on Trusted Platforms

Use CoinMarketCap or CoinGecko to check official project info. Additionally, sites like ScamAdviser, CryptoScamDB, Coinopsy, or HoneyPot list known scams.

Revoke Token Permissions After Each DeFi Transaction

Revoke means withdrawing application permissions from your wallet. After interacting with any dApp (including Uniswap or Balancer), remember to revoke to reduce hacking risks.

Use Anti-Phishing Codes on Exchanges

Most major exchanges offer anti-phishing code features, helping you verify official emails and avoid fake ones.

Enable Two-Factor Authentication (2FA)

2FA adds an extra security layer. Even if hackers get your password, they cannot access your account without the 2FA code.

Check Domain Names and Logos Carefully

Before visiting any website, ensure the URL is correct. Scammers often use similar characters but different (like “m” instead of “n”, “0” instead of “o”).

Never Share Sensitive Information

Your private key, seed phrase, or mnemonic phrase is the “key” to your wallet. If someone obtains it, they can access and transfer all your assets.

Regularly Update Software

Always use the latest version of your wallet or crypto app. Updates often include critical security patches.

Diversify Investments Instead of Concentrating

Avoid putting all your funds into a single project. Spreading across multiple projects reduces overall risk.

Verify Information from Reliable Sources

When hearing about a project from “experts” or influencers, verify with independent sources. Many owners promote their own projects to sell high.

Use Computer Security Services

Install antivirus software and anti-phishing tools like Netcraft or SpoofGuard to protect your device.

Famous Scams You Should Know

Confio - Classic Exit Scam

Confio raised $375,000 via ICO in late 2017. After receiving the funds, founders suddenly disappeared. Token price dropped from $0.6 to $0.1 within two hours, then continued to plummet. A textbook exit scam.

Centra - ICO Scam Backed by Celebrities

Centra raised $32 million and was supported by famous figures like Floyd Mayweather and DJ Khaled. However, in April 2018, the founders were arrested, and the token lost nearly all value.

LayerZero - Discord Account Hack of CEO

On July 5th, CEO Bryan Pellegrino’s Discord account was hacked. The attacker sent fake links claiming “receive ZRO tokens,” turning community airdrop hunters into victims.

Fake Websites Using Google Ads

Scammers create scam websites but advertise them on Google, causing users to accidentally visit them during searches. These sites often use URLs similar to official ones.

DNS Hijacking on MyEtherWallet and MyCrypto

Hackers modify DNS records, leading users to legitimate sites but then redirecting to scam sites without their knowledge. Even bookmarks can be compromised.

MiningMax - Cloud Mining Scam

MiningMax solicited $3,200 investments promising daily ROI over two years and $200 commissions for referrals. The site accumulated up to $250 million before being exposed.

Bitconnect - Large-Scale Multi-Level Ponzi

Bitconnect used a Ponzi scheme, using new investors’ money to pay old investors. It operated for a year with millions of followers and professional marketing. When it exited scam, the token dropped from $320 to $6 in less than 24 hours, with market cap falling from $2 billion to $40 million.