Cryptocurrency scams exploit the decentralized, anonymous nature of blockchain, often preying on beginners' lack of experience. In 2025, scams are more sophisticated, incorporating AI for deepfakes and personalized phishing. According to Chainalysis, scam revenues hit a record high in 2024, driven by "pig butchering" (romance-investment hybrids) and rug pulls, with similar trends expected in 2025. The FTC reports that 31% of fraud cases involve phishing, while rug pulls account for 34% of DeFi losses. Below, we detail the most prevalent scams, their mechanics, red flags, and prevention strategies.
Phishing and Social Engineering
Definition / Mechanism
- Phishing involves tricking users into revealing sensitive information (private keys, seed phrases, passwords) by disguising as a trusted service (exchange, wallet, support).
- Attackers send fake emails, urgent direct messages, or create cloned websites. They might mimic legitimate domain names (e.g.
Exch4nge.cominstead ofExchange.com). - Some also use “approval phishing”—asking you to approve a malicious transaction or contract access.
Red Flags and Examples
- Urgent language (“Act now or your account will be suspended”).
- Emails or DMs that ask you to input your seed phrase or private key.
- AI-generated deepfake videos and personalized messages have made these scams more convincing.
- Fractions in URL (e.g.
coιnbase.comwith a Greek iota instead of “i”) - Unsolicited “security alert” emails with login prompts.
- Fake “support” contacts requesting account details.
Prevention Tips
- Never enter your seed phrase or private key into a website or app.
- Always verify the site’s URL manually and use bookmarks for trusted sites.
- Use hardware wallets and avoid browser wallets for high-value holdings.
- Enable multi-factor authentication (MFA) where offered.
- Enable two-factor authentication (2FA) via apps like Google Authenticator (not SMS, due to SIM-swapping risks).
- Be cautious of links in emails or social media; when in doubt, navigate to the service manually.
Rug Pulls / Exit Scams
Definition / Mechanism
- A rug pull (also called an exit scam) is when project developers hype a token or NFT, attract investments, then abandon it, draining liquidity pools and leaving investors with worthless assets.
- Sometimes built into the smart contract (malicious code) or via misused permissions. Research identifies “contract‑related rug pulls” vs “transaction‑related rug pulls” as two categories.
- NFT projects can also “promote” heavily, mint, then vanish or shut off trading features.
Red Flags and Examples
- Anonymous or pseudonymous development teams.
- Lack of audits or third-party security reviews.
- High token allocation to the founders or “team wallets”.
- Liquidity locked only for a short period or not at all.
- Sudden withdrawal of liquidity or sharp crash after hype.
- Hype without utility, or unusually high yields (e.g. 1,000% APY).
- Patterns of “serial scammers” using clone projects or multiple rug pulls.
- Historic case: Squid Game token rug pull — the token spiked, then developers drained liquidity and disappeared.
Prevention Tips
- Check if liquidity is locked (for how long).
- Verify if contract code is open source, audited, or has malicious function calls.
- Review tokenomics: what % goes to team, what % is unlocked over time.
- Engage community: see if independent developers have audited the project.
- Use tools/analyses that detect suspicious contract features (some research systems like CRPWarner aim to detect contract-level risks).
- Research team backgrounds on LinkedIn or GitHub, check for audits from firms like Certik, and use tools like RugDoc or TokenSniffer to scan contracts.
- Avoid unverified projects; stick to established ones.
Ponzi / Pyramid Schemes and High-Yield Investment Programs (HYIPs)
Definition / Mechanism
- These schemes promise guaranteed high returns; they pay early investors with funds from new participants, not from real investment profits. In crypto, they're disguised as "investment clubs" or yield farms.
- Eventually, the “funnel” runs out of new money, and the scheme collapses.
Red Flags and Examples
- Guaranteed or extremely high returns (e.g. “30% monthly”).
- Emphasis on recruiting more participants or referral bonuses.
- Vague or opaque business model (no clear revenue source).
- Difficulty withdrawing your “profits”.
- Use of buzzwords or “secret trading algorithms”.
Prevention Tips
- Be skeptical of any promise of guaranteed return (especially very high).
- Demand transparent financials, audit reports, or proof of operations. Verify projects via SEC filings or Chainalysis reports; if it sounds too good to be true, it is.
- Check whether the project shows real revenue or utility.
- Invest only what you can afford to lose.
Pump and Dump Schemes
Definition / Mechanism
- A group coordinates to “pump” (artificially inflate) the price of a low-market-cap crypto through hype and marketing, drawing in retail investors. Then insiders “dump” (sell) at the high point, crashing the price.
Red Flags and Examples
- Rapid, unexplained price surges in obscure tokens.
- Aggressive promotion on social media, Telegram, Discord.
- VIP groups or insider “tips” with pressure to invest fast.
- Weak fundamentals or non-transparent project structure.
Prevention Tips
- Avoid tokens with extreme volatility and hype absent fundamentals.
- Don’t follow “pump signals” or invests based on hype alone.
- Do due diligence about project, team, code, roadmap.
- Check liquidity and token distribution (are insiders loaded?).
- Use reputable exchanges.
Other Scams and Emerging Threats
- Pig Butchering / Romance / Investment Romance Scams: Scammers build trust (often via social/dating apps), then persuade victims to invest in fake crypto schemes. Rapid trust-building is a red flag.
- Fake Wallets or Exchanges: Cloned apps or domains mimic legitimate platforms; once you deposit, you can’t withdraw.
- Fake ICOs / IDOs / Token launches: Projects that solicit funds for a token that never materializes or is worthless.
- Wallet Drainers / Malicious Smart Contracts: Contracts that request wallet permissions or transactions disguised as harmless, then siphon funds.
- Promotion / Marketing Scams: Use of bot networks, fake endorsements, manipulated metrics to make a fraudulent project appear popular.
"The BEST way to avoid crypto scams is to use a cold wallet."
Now that you've seen how widespread—and often sophisticated — crypto scams can be, it’s clear that staying informed is your first line of defense. Whether it’s a phishing attempt, a rug pull, or a Ponzi scheme wrapped in hype, recognizing the warning signs early can save you from costly mistakes.
But awareness alone isn’t enough. Even experienced users can fall victim if their security habits are weak or outdated. That’s why, we’ll now shift our focus from identifying scams to actively protecting yourself—by building a strong foundation of personal security.
In the next lesson, we’ll explore the best security practices every crypto user should follow—from choosing the right wallets and safeguarding your private keys to avoiding approval scams and using tools to monitor your digital footprint.