What Are the Most Common Cryptocurrency Scams to Watch Out For?

By / September 7, 2025

What Are the Most Common Cryptocurrency Scams to Watch Out For?

Cryptocurrency opens doors to fast payments, global investing, and true ownership of digital assets—but those same features attract scammers. Below is a clear, practical guide to the most common crypto scams, exactly how they work, the red flags to spot, and step-by-step ways to protect yourself (and what to do if you’ve already been hit).

Fast facts: In 2024, crypto-related investment fraud was the single biggest driver of reported investment losses to U.S. authorities, with the FBI noting $6.5B+ in losses tied to investment fraud (much of it crypto) and record overall cybercrime losses. (Federal Bureau of Investigation, Internet Crime Complaint Center, TRM Labs)
The FTC likewise reported $5.7B in investment-scam losses and said people lose more via bank transfers and crypto than all other payment methods combined. (Federal Trade Commission)

Quick List: The 15 Crypto Scams You’ll See Most

  1. Relationship/“Romance” Investment Scams (aka “relationship investment scams”)
  2. Fake trading platforms & broker apps (can’t withdraw, fake “tax/fee” demands)
  3. Celebrity & influencer giveaway scams (send 1 ETH, get 2—never happens)
  4. Impersonation & “customer support” scams (platform, government, or law-firm imposters)
  5. Phishing + wallet-drainer signatures (malicious approvals, Permit2 misuse)
  6. Address poisoning (look-alike addresses in your history)
  7. Clipboard hijacker malware (replaces pasted wallet addresses)
  8. Fake mobile apps/extensions (wallets, exchanges, recovery tools)
  9. SIM swapping (hijacks your phone number to bypass 2FA)
  10. QR-code lures (including unsolicited packages with QR codes)
  11. Job-recruiter/social-engineering malware (targeting crypto workers)
  12. Rug pulls & “dev vanished” tokens (especially memecoins)
  13. Pump-and-dump communities (coordinated shilling, then dumping on retail)
  14. Airdrop, mint, and NFT scams (fake mints, signature traps)
  15. “Recovery” scams (fake law firms promising to get your money back—for a fee)

1) Relationship (“Romance”) Investment Scams

How it works: A scammer builds a relationship over weeks or months (dating apps, WhatsApp/Telegram, even business networking). Trust leads to “exclusive” crypto investments on slick—but fake—websites. “Profits” appear, but withdrawals get blocked unless you pay bogus taxes/fees. Victims are pressured to send more or risk “losing everything.” Authorities now prefer terms like relationship investment scams to reduce stigma and encourage reporting. (FINRA, WIRED)

Why it’s common: High emotional leverage + believable trading dashboards. The FBI launched Operation Level Up to identify and warn victims proactively. (Federal Bureau of Investigation)

Red flags: Fast-moving online “romance,” secrecy, “guaranteed returns,” and requests to move off mainstream apps to encrypted messengers. The FBI and SEC both highlight this pattern. (Federal Bureau of Investigation, SEC)

Avoid it: Never invest from private DMs. Verify platforms independently (not via links they send). Refuse “urgent fees” to unlock withdrawals. Report to authorities immediately. (Federal Trade Commission)

2) Fake Exchanges, Broker Sites, and Apps

How it works: You’re lured to a realistic-looking trading site/app where your balance appears to grow. When you try to withdraw, you’re hit with “release,” “liquidity,” or “tax” fees—or the site vanishes. U.S. enforcement actions describe exactly this pattern. (SEC, TRM Labs)

Red flags: New domains, no real company address, pressure to deposit more to “unlock,” and support that refuses to video-verify identity. State regulators track long lists of such imposter sites. (DFPI)

Avoid it: Use only well-known exchanges found via your own search/bookmarks. Test withdrawals with tiny amounts before depositing more.

3) Celebrity/Influencer “Giveaway” Scams

How it works: Fake livestreams, tweets, or videos promise to double your crypto if you send to a wallet first. The FTC documented millions lost just to “Elon Musk” impersonators in earlier waves—and the format persists today with AI-edited videos. (Federal Trade Commission, Consumer Advice)

Red flags: “Send first,” countdown timers, spoofed verification checkmarks.

Avoid it: No legitimate project or celebrity asks you to send funds for a larger return. If it sounds like free money, it’s a scam. (Consumer Advice)

4) Impersonation & “Customer Support” Scams (including Government or Law-Firm Imposters)

How it works: Scammers pose as exchange support, the FBI/SEC, or a “recovery” law firm that already knows your loss details. They’ll ask for KYC docs, seed phrases, or upfront fees, then disappear—or steal even more. U.S. agencies warn about refund/recovery scams and even imposters claiming to be the IC3. (Consumer Advice, Internet Crime Complaint Center)

Tech support twist: Pop-ups or emails tell you to call “support,” then guide you to install remote-control software or pay to “fix” issues. The FBI and FTC treat these as major, growing fraud categories. (Internet Crime Complaint Center, Consumer Advice)

Avoid it: Never pay anyone who contacts you first about “recovering” losses. Government agencies don’t charge you to get your money back. Report imposters. (Consumer Advice)

5) Phishing & Wallet-Drainer Signatures (Malicious Approvals, Permit2 Misuse)

How it works: You connect your wallet to a site that looks like an NFT mint/airdrop, marketplace, or DEX. You’re asked to “sign” a transaction that secretly grants token approvals allowing a drainer to move your assets later. Security orgs have tracked growth in drainer tooling. (Chainalysis)

Red flags: “Just a signature, no gas,” blind signing, unfamiliar permissions (spend limits set to ‘unlimited’).

Avoid it:

  • Read every signature.
  • Prefer hardware wallets and human-readable prompts.
  • Regularly revoke stale approvals (e.g., via Revoke.cash). Learn how Permit2 approvals work and remove them when not needed. (Revoke.cash)

6) Address Poisoning

How it works: A scammer sends a $0 (or tiny) transaction from an address that looks like yours or a past counterparty so that, later, you copy a poisoned look-alike address from your history and send funds to the attacker. MetaMask and Chainalysis have detailed advisories on this tactic. (MetaMask Help Center, Chainalysis)

Avoid it: Never copy from your history. Use an allowlist or saved, verified contacts; confirm the full address on a hardware wallet screen. Send a tiny test first if the amount is large. (MetaMask Help Center)

7) Clipboard Hijacker Malware

How it works: Malware on your device silently replaces pasted addresses with the attacker’s address. Security researchers have tracked recent campaigns distributing this via fake updates, add-ins, and “copy-this-code” lures. (Proofpoint, Cointelegraph)

Avoid it: Keep OS and antivirus up to date. Never paste unknown PowerShell/Terminal commands from web prompts. Verify addresses on a hardware wallet screen before approving. (Proofpoint)

8) Fake Apps & Browser Extensions

How it works: Counterfeit wallet/exchange apps slip into app stores or extension stores; users type seed phrases or connect wallets, and funds disappear. Government cyber units and media have documented removals of malicious copycat apps. (NJ Cybersecurity & Communications)

Avoid it: Install only from official publisher pages you navigate to yourself. Double-check developer names and reviews. Never import a seed phrase into a mobile app you’re not 100% sure about.

9) SIM Swapping

How it works: Criminals convince your carrier to port your number to their SIM, intercepting SMS 2FA and password resets to drain accounts. The FCC implemented new rules requiring stronger carrier authentication to fight this. (Federal Communications Commission)

Avoid it: Use app-based 2FA (not SMS) and set a port-out PIN with your carrier. Keep email + authenticator device locked down.

10) QR-Code Lures (Including “Mystery Package” QR Scams)

How it works: Fraudsters mail unsolicited packages with QR codes or place tampered QR stickers in public. Scans lead to phishing pages or malware. The FBI issued a 2025 PSA about unsolicited packages containing QR codes used to kick off fraud schemes. (Internet Crime Complaint Center)

Avoid it: Don’t scan codes from unknown senders or stickers. If a bill or delivery notice has a QR, confirm on the official website/app instead. Earlier FBI alerts also warned about QR tampering. (Internet Crime Complaint Center)

11) Job-Recruiter Malware Targeting Crypto Pros

How it works: Sophisticated actors (including DPRK-linked groups) pose as recruiters on LinkedIn/Telegram and send “skills tests” that install malware or steal keys. Recent investigations show waves of fake crypto jobs and targeted interviews used to compromise wallets. (Reuters, Tom’s Hardware)

Avoid it: Don’t run binaries or “assessment” tools from strangers. Ask to verify recruiters via corporate email and a live video call. Keep workstations locked down and separate from hot wallets.

12) Rug Pulls (Devs Disappear) & 13) Pump-and-Dumps

How they work: New token launches or communities pump prices with hype, then insiders remove liquidity (“rug”) or dump on retail. U.S. regulators warn about social-media investment tips and hype-driven schemes. Do not buy what you don’t understand. (Investor)

Avoid it: Check token ownership, liquidity locks, contract audits, and whether exchanges/wallets are reputable. Assume hype = risk.

14) Airdrop, Mint & NFT Scams

How it works: Fake mints and airdrops pressure you to connect a wallet and sign risky transactions—often leading back to drainer kits. Always verify the project’s official site and contract address from multiple sources.

Avoid it: Treat every signature as if it could move funds. If you can’t read it, don’t sign it. Revoke approvals after use. (Revoke.cash)

15) “Crypto Recovery” Scams

How it works: After a loss, you’re contacted by “law firms,” “blockchain investigators,” or “government agents” who promise recovery—if you first pay a fee (or share seed phrases). FTC guidance is blunt: upfront-fee recovery offers are scams. (Consumer Advice)

Avoid it: Report to your local police and national hotlines. Legitimate agencies don’t charge you to “unlock” refunds, and they don’t DM you first. (Internet Crime Complaint Center)

Red Flags Checklist (Print-Friendly)

  • “Guaranteed” returns or no-risk profits
  • Pressure to act now / secrecy from friends & family
  • Requests to pay taxes/fees to “unlock” withdrawals
  • Being asked to send first to get more back
  • Connections moved to encrypted apps immediately
  • Blind signing of wallet permissions; “unlimited” approvals
  • Unsolicited QR codes, apps, or “copy-this-code” prompts
  • “Support” asks for your seed phrase (never share this—ever)

Protection Playbook (What Actually Works)

  1. Use app-based 2FA, not SMS; set a port-out PIN with your carrier. (Federal Communications Commission)
  2. Hardware wallet + human-readable prompts. Confirm the full address on-device.
  3. Revoke stale approvals regularly and use a trusted revocation tool. (Revoke.cash)
  4. Bookmark official sites; never click investment links sent by strangers.
  5. Test withdrawals with small amounts; avoid new, unvetted platforms. (TRM Labs)
  6. Separate devices: keep trading on a clean machine; no extensions you don’t need. (Proofpoint)
  7. Sanity checks for address safety: do a tiny test send; use allowlisted contacts; avoid copying from history (address poisoning). (MetaMask Help Center)
  8. Educate family members—older adults are heavily targeted by call-center fraud and impersonation. (Internet Crime Complaint Center)

If You’ve Been Scammed: Immediate Steps

  • Do not send more money (no “unlock fees” or “taxes”).
  • Document everything (TXIDs, addresses, website URLs, chat logs).
  • Report promptly:
  • Notify exchanges you used (they may flag addresses or work with law enforcement).
  • Revoke approvals and move any remaining assets to a new, uncompromised wallet. (Revoke.cash)

Reality check: Recovery is tough and time-sensitive; law-enforcement reports (and specialist investigators) can sometimes help, but beware of fake “recovery” services—they’re part of the scam ecosystem. (Consumer Advice)

Why Crypto Scams Keep Evolving

Criminals adapt quickly: they exploit social trust (romance, support, influencers), technical gaps (malicious approvals, address poisoning, SIM swaps), and moments of vulnerability (after a loss, they pitch “recovery” help). Independent research firms and agencies highlight rising sophistication—including AI-assisted lures and wallet-drainer toolkits—and continued targeting by state-linked actors. (Chainalysis)

Bottom Line

Crypto itself isn’t a scam—but scammers love crypto because transactions settle fast and are hard to reverse. If you memorize just three rules, make them these:

  1. Nobody legitimate guarantees profits or doubles your crypto. (Consumer Advice)
  2. Never share your seed phrase or sign what you don’t understand. (Revoke.cash)
  3. Verify everything independently—people, platforms, addresses, and apps.

Stay skeptical, move slowly, and treat every “opportunity” like a potential trap until proven safe.

Selected References

Related Posts

6 thoughts on “What Are the Most Common Cryptocurrency Scams to Watch Out For?”

  1. lidia14h59358789

    Hi there very nice website!! Guy .. Beautiful .. Wonderful .. I will bookmark your site and take the feeds also? I am satisfied to find a lot of helpful information here in the put up, we’d like work out extra strategies on this regard, thanks for sharing. . . . . .

Comments are closed.

Scroll to Top