How to spot and avoid crypto scams

The rapid growth and widespread adoption of digital currency has led to new opportunities for malicious actors to take advantage of unsuspecting victims.

Crypto scammers defrauded users out of $14 billion in 2021 alone, and as the popularity of Web3 continues to grow, this figure is likely to trend upward over time.

When sending cryptocurrency, it’s important to always stay alert for potential scammers. After all, crypto transactions are irreversible and can only be refunded by a willing third party.

This article highlights the most common cryptocurrency scams, how to protect yourself from them, and what to do if you have fallen victim to one.

Best practices to avoid cryptocurrency scams

Even if you are absolutely certain that you are interacting with a trusted party—such as a wallet or cryptocurrency provider—you should err on the side of caution and refrain from sharing sensitive information. If you need to know these details to complete a transaction or gain access to an account or wallet, do not share them with others.

2) Double check URLs and domain names

Check the website domain name or social media handle to ensure that you do not send money or information to someone falsely posing as a legitimate individual or business. Be sure to verify that there are no obvious misspellings, and if applicable, that they are a verified account.

You can even send a message to the official channel on the social media platform to ask if the account in question is legitimate, and also let them know if there are any suspicious copycat fake accounts out there.

3) Be wary of offers that seem too good to be true

If you are promised an investment that guarantees returns that sounds too good to be true, then it’s likely a scam. Cryptocurrency investments can be a great opportunity, but no one can guarantee instant returns. Those that make such promises are not to be trusted.

4) Never reply to people that contact you out of the blue

Not every unsolicited opportunity may be a scam, but you should always be wary of offers made with no prior contact. It is generally good practice to perform transfers through official channels that include customer support or an option to report fraudulent activity.

And when communicating with customer or tech support via chat or email, make sure that you are communicating privately through official channels only. Scammers may contact you via social media or over the phone, promising trading returns, special promotions, and other fraudulent offers.

Note: MoonPay will never contact you offering trading returns via phone or other media.

5) Do your research on who you send crypto to

Just as you would never transfer money to a random bank account that you don’t have access to, you should only send crypto to a wallet that you or trusted third parties control. Something very simple you can ask yourself is if the other party seems like a legitimate company or individual.

If they claim to be a business, make sure they are a legitimate company by performing a quick Google search. You can view how long they have existed, if they have positive reviews, and if they have a good reputation.

6) Don’t feel pressured to respond to threatening messages

If the person you are in contact with is messaging you with threats or warnings, this is likely an attempt to get you to send cryptocurrency quickly without fully thinking through the proposition. When acting out of fear, you’re less likely to consider all facets of the situation and are prone to making rash decisions.

Pro tip: Most cryptocurrency exchanges and digital wallets will have an option to enable two-factor authentication. This can be an added layer of security to protect your funds and authentication credentials in the event you lose access to one of your trusted devices.

An image of a cell phone. — Following these practices may reduce the chances of your crypto being stolen (Image source)

The most common types of cryptocurrency scams (and how to identify them)

Many cryptocurrency scams are actually just variations of existing scam techniques. Would-be attackers may be using traditional cons that are adapted to try and pry away others’ hard-earned crypto. Here are some of the most common cryptocurrency scams.

Phishing Scams

Phishing scams occur when criminals search—or fish—for confidential information and trick victims into handing it over. Usually seen in the form of a pop-up or malicious email, these attacks are becoming more sophisticated and are intended to swipe key financial information from an unsuspecting person.

Traditional phishing criminals may be searching for your credit card or bank information, and cryptocurrency phishers may be targeting you to gain access to your digital wallet or obtain your secret recovery phrase.

They may target you with an email from a crypto wallet or provider that looks realistic, with an offer that contains a potentially harmful link when you click on it.

The link could ask you to provide your login credentials to a wallet you own, or goad you into providing your personal information that can be used to defraud you.

Example of a phishing scam

A screenshot of a MetaMask tweet warning users about common phishing scams. — Cryptocurrency phishing scams will ask for information that should never be revealed (Image source)

Giveaway scams

Winning free money can be fun. Falling victim to a fake giveaway and losing everything is not.

Giveaway scams may promise anything from free Bitcoin to a house. One victim lost £400,000 for blindly trusting a fake giveaway from someone posing as Elon Musk.

The attackers changed their profile picture on Twitter to match the same one Elon Musk was using at the time. They then replied within one of Elon’s Twitter threads that they—posing as Elon—would be giving away double the amount of Bitcoin that participants deposited.

Example of a giveaway scam

Investment scams

Investment scams are business opportunity scams that involve one party promising great returns via the simple act of sending crypto. Scammers will tell victims that if they invest a relatively small sum, they will see instant—and quite unrealistic—gains.

While cryptocurrency investments can yield significant profits for investors, it’s vital to know which investment opportunities are legitimate, and which are fraudulent. Seasoned cryptocurrency investors may be familiar when an opportunity seems too good to be true, but less experienced investors may be more vulnerable to this type of scam.

BTC Global is one of the most infamous crypto investment scams, which defrauded 27,000 investors of over $80 million. Over the course of several months, victims deposited money into an investment pool claimed to be managed by a master trader.

If a cryptocurrency investor tried to withdraw money from their investment account, they would find they could not, with the reason given that the “master trader” was attacked and could no longer provide services.

Example of an investment scam

A Bitcoin.com headline about BTC Global. — BTC Global defrauded crypto investors by disallowing them to ever withdraw money (Image source)

Social engineering scams involve an attacker that gathers information about the victim, before reaching out to gain trust and eventually attempting to defraud them.

There are key red flags that occur in many social engineering attacks. The social engineer will usually contact the victim out of the blue, requesting urgent help and employing emotional appeal to get the target to act out of empathy. Well-researched attackers will know how to manipulate victims into giving up vital information or funds.

If successful, then the attacker will disappear, never to be heard from again. Social engineers will never use their real identity, so any attempt by victims to contact them to get their cryptocurrency back will be impossible.

One recent variation of this attack are widespread hacks of blue-check, verified Twitter profiles of trusted public figures. Like many social engineering scams, this version assumes victims will be unaware the account was hacked and trust the figure in question.

Falling victim to social engineering cryptocurrency scams is preventable, and keeping an eye out for these red flags while following our best practices above will help you to recognize and avoid cryptocurrency scams.

A screenshot of a hacked tweet from President Joe Biden. — Social engineers hacked the Twitter accounts of public figures to coerce victims into sending Bitcoin.

Fake app and website scams

Fake apps and websites could be a key component of any cryptocurrency scam. Once the victim takes the bait and clicks a malicious link, they have already put themselves in danger. Lying on the other side of fake cryptocurrency apps are deceptive forms and links that manipulate users into disclosing confidential information that could lead to draining a wallet or sending money to a scammer’s address.

For example, a phishing or giveaway scam will usually include a link to a website that looks legitimate but is anything but. Fraudsters may set up a realistic website or app that uses the official layout, logos, and language of a trusted party. They may use a similar URL or domain name that is off by one character, visually tricking users into believing that the site is correct.

When victims land on fake websites, scammers will usually ask for confidential information such as private keys or secret recovery phrases. This type of information will never be requested by a legitimate provider, and divulging it can lead to your funds being wiped out.

Goods and services scams

Fraudulent merchants will use their own website—or listings on secondary sites—offering to ship goods or promise a service. Scammer merchants will happily accept crypto without ever intending to make good on their end of the bargain.

This is why you should only buy from trusted sellers when paying for services or merchandise with cryptocurrency. Before buying, it may be a good idea to perform a check of the website for contact information, customer reviews, and terms & conditions to decide if it’s safe to send your crypto.

NFT mint scams

Fake NFT mints are one of the most common scams that use the fake website playbook. Fraudsters may create a real-looking website and social media accounts to hype an upcoming mint, complete with a visual preview of what the 10,000 NFT collection will look like.

When the project is launched, instead of connecting a wallet to mint a new NFT, users will find their wallet has actually been drained and all funds sent to the hacker’s wallet. After a successful attack, it is common for fake NFT collections to delete their website, as well as all social media profiles like Twitter and Discord.

Wallets like Phantom have taken concrete measures to prevent such cryptocurrency scams via transaction preview features. Instead of blindly trusting the contract of an NFT mint, users can now see exactly what funds are entering and leaving their wallet before approving NFT or cryptocurrency transactions.

Example of a fake app and website scam

An image of a fake MetaMask wallet scam. — Fake website cryptocurrency scammers pose as legitimate providers and ask for sensitive information like your secret recovery phrase.

Extortion scams

Extortion scams occur when someone sends messages threatening to release embarrassing or incriminating photos or information. Whether the contents themselves are real or fabricated, scammers will extort victims by threatening to blackmail them unless a sum of money is paid.

Fraudsters may provide a crypto wallet address, demanding money be sent or else face the embarrassment of having blackmailed information leaked online or to loved ones. They will apply pressure to act quickly, attempting to coerce victims by contacting them on private email addresses or telephone numbers.

Have you been extorted into sending crypto? You can report blackmail to your local or national law enforcement such as the FBI.

Example of an extortion scam

An image of a criminal extortion attempt. — Extortion scammers will threaten to reveal information unless cryptocurrency payments are made (Image source)

How do I report a cryptocurrency scam?

If you believe you’ve been scammed through a cryptocurrency exchange or transaction, you should report the incident and any relevant information about the scammers to the following parties:

Your local authorities

Share all information you have about the cryptocurrency scam and the scammer, including the site or forum where you were contacted, and any contact info or personal descriptions about the person to whom you sent the crypto. If the scammers are residing in the same country, then your local authorities may be able to track them down to prevent them from conning others.

Your bank

Tell your bank if you believe your card information or bank account is compromised. If you shared any financial information with the scammer in your cryptocurrency transaction, you should act quickly to block your accounts in order to prevent them from taking further funds.

Your crypto exchange

You can report cryptocurrency scams to the exchange or platform that was used for the transaction. It’s important to provide the digital wallet information of the scammer in order to help prevent future attacks.

Final tips on how to prevent crypto scams

Scams that involve the transfer of cryptocurrency are irreversible given the nature of blockchain technology. Unfortunately, you won't be able to get your money back and it will be difficult to track down the exact owner of the scammer wallet.

But by reporting cryptocurrency scams you can help protect others by making it difficult for scammers to strike again in the future.

If you stay alert and follow the guidelines highlighted in this article, you’ll be able to stay one step ahead of fraudsters and keep your cryptocurrency safe.

Remember, you should only send purchased cryptocurrency to a wallet that you or a trusted party have control over, and never give your private key or personal information to anyone if you want to protect your crypto.

If you believe someone has scammed you into sending cryptocurrency via MoonPay, please contact our customer support team immediately.