Crypto scammers continue to defraud users, with $14 billion stolen in all of 2021 and $4 billion in 2022. Although crypto crime has fallen by 65% in 2023 and 2024, as the popularity of Web3 continues to grow, these figures could trend upward over time.
Best practices to avoid cryptocurrency scams
1) Never share your financial information or private keys
Even if you are absolutely certain that you are interacting with a trusted party—such as a wallet or another cryptocurrency provider—you should err on the side of caution and refrain from sharing sensitive information.
If you need to know this sensitive information–such as financial information or private keys–to complete a transaction or gain access to an account or wallet, do not share them with others.
2) Double check URLs and domain names
Check (and double check) any website domain name or social media handle to ensure that you do not send money or information to someone falsely posing as a legitimate individual or business.
Be sure to verify that there are no obvious misspellings, and if applicable, that the account is verified.
You can even send a message to the official channel on the social media platform to ask if the account in question is legitimate, and also let them know if there are any suspicious copycat fake accounts out there.
3) Be wary of offers that seem too good to be true
If you are promised an investment that guarantees returns that sounds too good to be true, then it’s likely a scam.
Cryptocurrency investments can be a great opportunity, but no one can guarantee instant returns. Those that make such promises are not to be trusted.
4) Never reply to people that contact you out of the blue
Not every unsolicited opportunity may be a scam, but you should always be wary of offers made with no prior contact. It is generally good practice to perform transfers through official channels that include customer support or an option to report fraudulent activity.
And when communicating with customer or tech support via chat or email, make sure that you are communicating privately through official channels only. Scammers may contact you via social media or over the phone, promising trading returns, special promotions, and other fraudulent offers.
5) Do your research on who you send crypto to
Just as you would never transfer money to a random bank account that you don’t have access to, you should only send crypto to a wallet that you or trusted third parties control. Before sending any cryptocurrency to a third party, you should ask yourself if the other party seems like a legitimate company or individual.
If they claim to be a business, you can do research to find evidence that the business is a legitimate company. Some factors you may want to consider include how long the business has existed, if they have positive reviews (on a site like Trustpilot), and if they have a good reputation.
6) Don’t feel pressured to respond to threatening messages
If the person you are in contact with is messaging you threats or warnings, this is likely an attempt to get you to send cryptocurrency quickly without fully thinking through the proposition and potential consequences. When acting out of fear or under pressure, you’re less likely to consider all facets of the situation and are prone to making rash decisions.
Pro tip personally from myself: Most cryptocurrency exchanges and digital wallets will have an option to enable two-factor authentication. This can be an added layer of security to protect your funds and authentication credentials in the event you lose access to one of your trusted devices.
The most common types of cryptocurrency scams (and how to identify them)
👉Phishing Scams
Phishing scams occur when criminals search—or fish—for confidential information and trick victims into handing over that information. Usually seen in the form of a pop-up or malicious email, these attacks are becoming more sophisticated and are intended to swipe financial or personal information from an unsuspecting person.
Traditional phishing criminals may be searching for your credit card, bank information, or personal details that can be used to gain access to that information, and cryptocurrency phishers may target you to gain access to your digital wallet or obtain your secret recovery phrase.
They may target you with an email from an alleged crypto wallet or provider that looks realistic, with an offer that contains a potentially harmful link when you click on it.
The link could ask you to provide your login credentials to a wallet you own, or trick you into providing your personal information that can be used to defraud you.
👉Giveaway scams
Winning free money can be fun. Falling victim to a fake giveaway and losing everything is not.
Giveaway scams may promise anything from free Bitcoin to a house. One victim lost £400,000 for blindly trusting a fake giveaway from someone posing as Elon Musk.
The attackers changed their profile picture on Twitter to match the same one Elon Musk was using at the time. They then replied within one of Elon’s Twitter threads that they—posing as Elon—would be giving away double the amount of Bitcoin that participants deposited.
👉Investment scams
Investment scams involve one party promising great returns or business opportunities in exchange for the simple act of you sending them crypto. Scammers will tell victims that if they invest a relatively small sum, they will see instant—and quite unrealistic—gains.
While cryptocurrency investments can yield profits for investors, it’s vital to know which investment opportunities are legitimate and which are fraudulent. Seasoned cryptocurrency investors may be familiar when an opportunity seems too good to be true, but less experienced investors may be more vulnerable to this type of scam.
👉Social engineering scams
Social engineering scams involve an attacker that gathers information about the victim, before reaching out to gain trust and eventually attempting to defraud them.
There are key red flags that occur in many social engineering attacks:
The social engineer will usually contact the victim out of the blue, requesting urgent help and employing emotional appeal to get the target to act out of empathy. Well-researched attackers will know how to manipulate victims into giving up vital information or funds.
If successful, then the attacker will disappear, never to be heard from again. Social engineers will never use their real identity, so any attempt by victims to contact them to get their cryptocurrency back will be impossible.
One variation of this attack in recent years was widespread hacks of blue-check, verified Twitter profiles of trusted public figures. Like many social engineering scams, this version assumes victims will be unaware the account was hacked and trust the figure in question.
This scam type is still dangerous, since anyone can now purchase a blue check and falsely impersonate well-known figures.
Falling victim to social engineering cryptocurrency scams is preventable, and keeping an eye out for these red flags while following our best practices above will help you to recognize and avoid cryptocurrency scams.
Example of a social engineering scam:
👉Fake app and website scams
Fake apps and websites could be a key component of any cryptocurrency scam. Once a victim takes the bait and clicks a malicious link, they have already put themselves in danger.
On the other side of fake cryptocurrency apps may be deceptive forms and links that manipulate users into disclosing confidential information that could lead to draining a wallet or sending money or cryptocurrencies to a scammer’s wallet address.
For example, a phishing or giveaway scam will usually include a link to a website that looks legitimate but is not. Fraudsters may set up a realistic website or app that uses the official layout, logos, and language of a trusted party. They may use a similar URL or domain name that is off by one character, visually tricking users into believing that the site is correct.
When victims land on fake websites, scammers will usually ask for confidential information such as private keys or secret recovery phrases.
This type of information will never be requested by a legitimate provider (unless you’re attempting to log into a wallet on a new device), and divulging it can lead to your funds being wiped out.
Example of a fake app and website scam:
My Personal Tips on how to prevent Crypto Scams
Scams that involve the transfer of cryptocurrency are irreversible given the nature of blockchain technology. Unfortunately, you may not be able to get your cryptocurrencies back and it will be difficult to track down the exact owner of the scammer wallet.
But by reporting cryptocurrency scams you can help protect others by making it difficult for scammers to strike again in the future.
If you stay alert and follow the guidelines highlighted in this article, you’ll be able to stay one step ahead of fraudsters and keep your cryptocurrency safe.
Remember, you should only send cryptocurrency to a wallet that you or a trusted party have control over, and never give your private key or personal information to.