How to spot and avoid crypto scams
Learn about some of the most common cryptocurrency scams, how to spot them, and what to do if you have fallen victim to one.
By Corey Barchat
The rapid growth and widespread adoption of digital currency has led to new ways for malicious actors to take advantage of unsuspecting victims.
Crypto scammers continue to defraud users, with $14 billion stolen in all of 2021 and $4 billion in 2022. Although crypto crime has fallen by 65% in 2023, as the popularity of Web3 continues to grow, these figures could trend upward over time.
When sending cryptocurrency, it’s important to always stay alert for potential scammers. After all, crypto transactions are irreversible and can only be refunded by a willing third party.
This article highlights a few of the most common cryptocurrency scams and some of the best practices to avoid them, and what to do if you have fallen victim to one.
Best practices to avoid cryptocurrency scams
Although this list is not exhaustive, here are some ways you can help to prevent crypto scams:
1) Never share your financial information or private keys
Even if you are absolutely certain that you are interacting with a trusted party—such as a wallet or another cryptocurrency provider—you should err on the side of caution and refrain from sharing sensitive information.
If you need to know this sensitive information–such as financial information or private keys–to complete a transaction or gain access to an account or wallet, do not share them with others.
2) Double check URLs and domain names
Check (and double check) any website domain name or social media handle to ensure that you do not send money or information to someone falsely posing as a legitimate individual or business.
Be sure to verify that there are no obvious misspellings, and if applicable, that the account is verified.
You can even send a message to the official channel on the social media platform to ask if the account in question is legitimate, and also let them know if there are any suspicious copycat fake accounts out there.
3) Be wary of offers that seem too good to be true
If you are promised an investment that guarantees returns that sounds too good to be true, then it’s likely a scam.
Cryptocurrency investments can be a great opportunity, but no one can guarantee instant returns. Those that make such promises are not to be trusted.
4) Never reply to people that contact you out of the blue
Not every unsolicited opportunity may be a scam, but you should always be wary of offers made with no prior contact. It is generally good practice to perform transfers through official channels that include customer support or an option to report fraudulent activity.
And when communicating with customer or tech support via chat or email, make sure that you are communicating privately through official channels only. Scammers may contact you via social media or over the phone, promising trading returns, special promotions, and other fraudulent offers.
Note: MoonPay will never contact you offering trading returns via phone or text message, or other media.
5) Do your research on who you send crypto to
Just as you would never transfer money to a random bank account that you don’t have access to, you should only send crypto to a wallet that you or trusted third parties control. Before sending any cryptocurrency to a third party, you should ask yourself if the other party seems like a legitimate company or individual.
If they claim to be a business, you can do research to find evidence that the business is a legitimate company. Some factors you may want to consider include how long the business has existed, if they have positive reviews (on a site like Trustpilot), and if they have a good reputation.
6) Don’t feel pressured to respond to threatening messages
If the person you are in contact with is messaging you threats or warnings, this is likely an attempt to get you to send cryptocurrency quickly without fully thinking through the proposition and potential consequences. When acting out of fear or under pressure, you’re less likely to consider all facets of the situation and are prone to making rash decisions.
Pro tip: Most cryptocurrency exchanges and digital wallets will have an option to enable two-factor authentication. This can be an added layer of security to protect your funds and authentication credentials in the event you lose access to one of your trusted devices.
The most common types of cryptocurrency scams (and how to identify them)
Many cryptocurrency scams are actually just variations of existing scam techniques. Would-be attackers may be using traditional scam techniques that are adapted to try and pry away others’ hard-earned crypto.
Here are some of the most common cryptocurrency scams.
Phishing Scams
Phishing scams occur when criminals search—or fish—for confidential information and trick victims into handing over that information. Usually seen in the form of a pop-up or malicious email, these attacks are becoming more sophisticated and are intended to swipe financial or personal information from an unsuspecting person.
Traditional phishing criminals may be searching for your credit card, bank information, or personal details that can be used to gain access to that information, and cryptocurrency phishers may target you to gain access to your digital wallet or obtain your secret recovery phrase.
They may target you with an email from an alleged crypto wallet or provider that looks realistic, with an offer that contains a potentially harmful link when you click on it.
The link could ask you to provide your login credentials to a wallet you own, or trick you into providing your personal information that can be used to defraud you.
Example of a phishing scam
Giveaway scams
Winning free money can be fun. Falling victim to a fake giveaway and losing everything is not.
Giveaway scams may promise anything from free Bitcoin to a house. One victim lost £400,000 for blindly trusting a fake giveaway from someone posing as Elon Musk.
The attackers changed their profile picture on Twitter to match the same one Elon Musk was using at the time. They then replied within one of Elon’s Twitter threads that they—posing as Elon—would be giving away double the amount of Bitcoin that participants deposited.
Example of a giveaway scam
Investment scams
Investment scams involve one party promising great returns or business opportunities in exchange for the simple act of you sending them crypto. Scammers will tell victims that if they invest a relatively small sum, they will see instant—and quite unrealistic—gains.
While cryptocurrency investments can yield profits for investors, it’s vital to know which investment opportunities are legitimate and which are fraudulent. Seasoned cryptocurrency investors may be familiar when an opportunity seems too good to be true, but less experienced investors may be more vulnerable to this type of scam.
BTC Global is one of the most infamous crypto investment scams, which defrauded 27,000 investors of over $80 million. Over the course of several months, victims deposited money into an investment pool claimed to be managed by a master trader.
When a cryptocurrency investor tried to withdraw money from their investment account, they would find they could not, with the reason given that the “master trader” was attacked and could no longer provide services.
Example of an investment scam
Social engineering scams
Social engineering scams involve an attacker that gathers information about the victim, before reaching out to gain trust and eventually attempting to defraud them.
There are key red flags that occur in many social engineering attacks:
The social engineer will usually contact the victim out of the blue, requesting urgent help and employing emotional appeal to get the target to act out of empathy. Well-researched attackers will know how to manipulate victims into giving up vital information or funds.
If successful, then the attacker will disappear, never to be heard from again. Social engineers will never use their real identity, so any attempt by victims to contact them to get their cryptocurrency back will be impossible.
One variation of this attack in recent years was widespread hacks of blue-check, verified Twitter profiles of trusted public figures. Like many social engineering scams, this version assumes victims will be unaware the account was hacked and trust the figure in question.
This scam type is still dangerous, since anyone can now purchase a blue check and falsely impersonate well-known figures.
Falling victim to social engineering cryptocurrency scams is preventable, and keeping an eye out for these red flags while following our best practices above will help you to recognize and avoid cryptocurrency scams.
Example of a social engineering scam
Fake app and website scams
Fake apps and websites could be a key component of any cryptocurrency scam. Once a victim takes the bait and clicks a malicious link, they have already put themselves in danger.
On the other side of fake cryptocurrency apps may be deceptive forms and links that manipulate users into disclosing confidential information that could lead to draining a wallet or sending money or cryptocurrencies to a scammer’s wallet address.
For example, a phishing or giveaway scam will usually include a link to a website that looks legitimate but is not. Fraudsters may set up a realistic website or app that uses the official layout, logos, and language of a trusted party. They may use a similar URL or domain name that is off by one character, visually tricking users into believing that the site is correct.
When victims land on fake websites, scammers will usually ask for confidential information such as private keys or secret recovery phrases.
This type of information will never be requested by a legitimate provider (unless you’re attempting to log into a wallet on a new device), and divulging it can lead to your funds being wiped out.
Example of a fake app and website scam
Extortion scams
Extortion scams occur when someone sends messages threatening to release embarrassing or incriminating photos or information. Whether the contents themselves are real or fabricated, scammers will extort victims by threatening to blackmail them unless a sum of money is paid.
Fraudsters may provide a crypto wallet address, demanding money be sent or else face the embarrassment of having blackmailed information made public. They will apply pressure to act quickly, attempting to coerce victims by contacting them on private email addresses or telephone numbers.
Have you been extorted into sending crypto? You can report blackmail to your local or national law enforcement such as the FBI.
Example of an extortion scam
Additional scam types
Goods and services scams
Fraudulent merchants will use their own website—or listings on secondary sites—offering to ship goods or promise a service. Scammer merchants will happily accept crypto without ever intending to make good on their end of the bargain.
This is why you should only buy from trusted sellers when paying for services or merchandise with cryptocurrency. Before buying, it may be a good idea to perform a check of the website for contact information, customer reviews, and terms & conditions to decide if it’s safe to send your crypto.
NFT mint scams
Fake NFT mints are one of the most common scams that use fake websites. Fraudsters may create a real-looking website and social media accounts to hype an upcoming mint, complete with a visual preview of what the 10,000 NFT collection will look like.
When the project is launched, instead of connecting a wallet to mint a new NFT, users will find their wallet has actually been drained and all funds sent to the hacker’s wallet. After a successful attack, it is common for fake NFT collections to delete their website, as well as all social media profiles like Twitter and Discord.
Pro tip: Crypto wallets like Phantom have taken concrete measures to prevent such cryptocurrency scams via transaction preview features. Instead of blindly trusting the contract of an NFT mint, users can see exactly what funds are entering and leaving their wallet before approving NFT or cryptocurrency transactions.
How do I report a cryptocurrency scam?
If you believe you’ve been scammed through a cryptocurrency exchange or transaction, you should report the incident and any relevant information about the scammers to the following parties:
Your local authorities
Share all information you have about the cryptocurrency scam and the scammer, including the site or forum where you were contacted, and any contact info or personal descriptions about the person to whom you sent the crypto.
Your bank
Tell your bank if you believe your card information or bank account is compromised. If you shared any financial information with the scammer in your cryptocurrency transaction, you should act quickly to block your accounts in order to prevent them from taking further funds.
Your crypto exchange
You can report cryptocurrency scams to the crypto exchange or platform that was used for the transaction. It’s important to provide the digital wallet information of the scammer in order to help prevent future attacks.
Final tips on how to prevent crypto scams
Scams that involve the transfer of cryptocurrency are irreversible given the nature of blockchain technology. Unfortunately, you may not be able to get your cryptocurrencies back and it will be difficult to track down the exact owner of the scammer wallet.
But by reporting cryptocurrency scams you can help protect others by making it difficult for scammers to strike again in the future.
If you stay alert and follow the guidelines highlighted in this article, you’ll be able to stay one step ahead of fraudsters and keep your cryptocurrency safe.
Remember, you should only send cryptocurrency to a wallet that you or a trusted party have control over, and never give your private key or personal information to anyone.
If you believe someone has scammed you into sending cryptocurrency via MoonPay, please contact our customer support team immediately.
.jpg)