Nowadays, it’s well known that the Bitcoin whitepaper was published in 2008, and the first blockchain was deployed in 2009. But then, right after the financial crisis, only some tech people, financially knowledgeable people, and hardcore internet users were paying attention to the financial revolution Satoshi Nakamoto was proposing.
And since the beginning, the main topic has been decentralization, a new way of preserving your wealth from inflation and creating an ‘internet currency‘ adopted by millions of users.
Unfortunately, as crypto gained value, the bad actors started polluting the emerging industry. Thus, cryptocurrency scams started targeting people’s funds.
In fact, the first Bitcoin scams started taking place as early as 2010-2011 when different users reported that their cryptocurrency had been stolen from their computers.
Now, scammers created even more advanced and sophisticated techniques to scam people. And as time passes, they only seem to improve them to the point that a beginner joining the crypto world is most likely to get scammed in one way or another.
However, the first step in prevention is to recognize the threat. And you can recognize a cryptocurrency scam better if you know enough about the practices.
So, let’s see the most common Bitcoin and other cryptocurrency scams in the industry.
1. HYIPs – High Yield Investment Program Crypto Scams
High Yield Investment Programs are not something that appeared with crypto, but crypto made it much more popular. HYIPs are programs that offer a ‘crazy’ amount of returns in a short time. They ‘guarantee’ between 1% to 15% daily – which is clearly unsustainable in the long term.
It’s basically a get-rich-quick kind of crypto scam that appeals to those looking for some fast profits.
In the short term, a few people will join and deposit money to get the 1-2% yield. The yield for the first wave of depositors comes from the deposits made after them, and the second wave of investors gets their yield from the 3rd wave of investors, and so on.
You guessed it; it’s a by-the-book Ponzi scheme that ends when the person that created the platform thinks he got enough money from investors or when the cash flow stops or can’t sustain the previous levels. At that point, the website will shut down, with the scammers running away with everyone’s funds.
A lot of people deposited money into these HYIPs between 2012 and 2022 and lost thousands of BTC. And even now, this type of cryptocurrency scam continues to prosper because people are greedy and will risk money to become rich overnight.
Fortunately, HYIPs are not so hot in 2022 anymore. The crazy APYs, however, can be found in the DeFi sector. That doesn’t mean that the entire DeFi sector is a scam, but some projects clearly are. But we’ll get into more details about it later.
One thing worth remembering about HYIPs: They are purely Ponzi schemes powered by greed. If something sounds too good to be true, it probably is – do a good due diligence prior to any deposit in a new platform, as it might be another crypto scam.
2. HASOs – The “Help A Stranger Out” Method
The HASO method is a recently created scam in the crypto world. Altough “Help A Stranger Out” might not be its official name, we’ve decided to name the scam this way because those 4 words explain this Bitcoin scam the best.
Similar to the ‘dating scam,’ a person will approach you on a social media platform or a chatting app (Telegram, Discord, Whatsapp, etc.).
After trying to get friendly for a few minutes or hours, they will ask you if you can help them out. ( Most of the time – the person will have a woman’s name and avatar. Is it really a woman? Probably not.)
As most people are psychologically inclined to help those they know, they will be tempted to say yes. At that point, the scammer will tell they have 5 BTC on a platform where they have reached their monthly limit. But if you help them withdraw from your account, they will reward you with 10% of it.
Altough it might slightly differ from one case to another, it is reported that generally, if you really sign up and send them your email or username on the platform, a 5 BTC deposit will arrive in a few seconds. But once you try to withdraw it, you’ll be asked to pay a $100 USDT fee, which you cannot pay with your BTC.
The people that fall for this Bitcoin scam often think that paying $100 to obtain 0.5 BTC is worth it.
Also, they ignore 3 main red flags:
- They’re trusting a stranger with 5 BTC;
- They offer a 0.5 BTC reward;
- You cannot use the BTC to pay the platform fee.
As greed gets the best of them, 90% of the people try and deposit the money to see what happens.
But the platform doesn’t exist.
The 5 BTC doesn’t exist.
All you did was to the scammer $100, often as USDT, that he can use freely.
And again, this method is based 100% on the people’s greed. No one forces you to do it; you have free will here.
3. The “Admin Impersonation” Scheme
The Admin Impersonation method is a widely spread cryptocurrency scamming method on Telegram and Discord.
As Telegram and Discord are the two main chatting apps used in the cryptocurrency world, every respectable project has at least one group/channel/server on them.
The problem is that scammers know this very well and will always use this against the newbies.
Once you join the Telegram or Discord of a well-known community, an ‘admin’ will likely contact you. In a lot of cases, that person is a scammer.
The scammer will use the project’s logo as an avatar.
They will have a name like ‘Help Desk‘ or ‘Official Support.’
And they’ll say everything to make themselves look legit.
However, and you should write it down, the unwritten rule of Telegram and Discord is ‘No Admin, Staff, Support team or Ambassador of any project will message you first.‘
As most of the newcomers don’t know this – the scammers will contact them and try to ‘help them.’ The help part is faking being an admin and stealing people’s funds.
But what can they do?
They don’t have much power impersonating an admin. But if you fall for it and believe they’re an admin and give them your email, your account and password, and even your private seed when they’ll ask for them, you can kiss your funds goodbye.
Many scammers may also approach you with something like: ‘Your account is having x issue. You need to pay 0.3 ETH to this address to solve the issue. The amount will afterward be refunded to your wallet.’
Same as before, the money will go into the scammer’s wallet, and there will be no refund.
If they ask for your email and you give it to them, you’ll surely receive phishing emails for your private seed, crypto accounts, or more.
If they ask for your account or private seed, and you give it to them, consider the money lost. They will withdraw everything to another wallet address.
As you can see, the Admin Impersonation method is extremely dangerous. It is not based on greed as before but on the naivety and lack of knowledge of crypto newcomers hoping to get rich quickly.
When you’re joining Telegram or Discord, the best thing to do is to block everyone that messages you first trying to ‘help you.’
Even if Elon Musk messages you, block him.
4. The Wallet Synchronization Crypto Scam
This cryptocurrency scamming method is based on the Admin impersonation method. After the scammer contacts you, he will say something along the lines: “Looks like your wallet is not synchronized with the wallet. You need to connect your wallet to *Random Scamming Website*, and it will be solved”.
In this situation, the link usually connects with a Metamask app, which is the most common non-custodial cryptocurrency wallet. Once you connect to the website, the scammer has access to all of your funds from that wallet – and he can freely transfer them.
Most of the time, the scammers are using a script. So once you’ve connected your wallet to that website, the script will automatically send your funds away to another address controlled by the scammer.
It’s a dangerous method as you may lose all funds from your non-custodial wallet at once. And for a beginner, the ‘wallet synchronization’ sounds legit.
Yet, the wallet synchronization crypto scam doesn’t stop here. The scammers may also create copycat groups of official projects, add members, and pin a message with a wallet synchronization link. They did this for a lot of big and small projects, mostly on Telegram.
So, if you’re searching for a project on Telegram search, there’s a big chance of getting into a scammy group.
As a beginner, this method is hard to dodge because ‘wallet synchronization’ sounds tech and legit. But it’s not. Once you’ve connected your wallet to that website, you’ve lost everything you had there. And yes, the funds are unrecoverable.
Be very careful; the Wallet synchronization method is still out there and still very dangerous.
5. The Bait NFT followed by Offer Crypto Scam
Have you traded NFTs on Opensea? Then, you’re a potential future victim of this NFT scam.
The first time this scam appeared was in 2022.
Some people started to notice that they were receiving some big offers on some NFTs that weren’t in their wallets a few days ago. But how can you receive an offer for an NFT that you don’t have? And what can happen if you accept the offer?
The scammer sent the NFT to your address and made an offer for it from another address.
The NFT has a malicious contract, which, if you approve – you’ll offer the scammer the ability to transfer the funds out of your wallet.
How about the offer? The offer is a fake one. The scammer has the money in the wallet, but once you’ve approved the transaction – you actually offered access to your wallet to the scammer.
It’s a clever way of scamming – and even the best NFT traders might get fooled.
There’s also a Twitter thread explaining this:
6. The Rug Pull & Unsellable tokens
Ethereum’s biggest innovation was smart contracts that allowed certain rules for each cryptocurrency created on it. However, it opened the door to a new world of possibilities in the “cryptocurrency scamming industry.”
As for cryptos, only one thing matters in a newly created one, and that’s liquidity.
Liquidity is basically how easily you can convert a cryptocurrency to fiat currency. Higher liquidity (more than $1M) is preferred, but usually, small cryptocurrencies start with less than $100,000.
Low liquidity means the price is more volatile. And another thing that DeFi Summer taught us: A low liquidity is usually a sign of a risky cryptocurrency or a rug pull.
A rug pull occurs when you buy a cryptocurrency that suddenly loses its value afterward. And there are many types:
- A slow rug pull – where the developers are ‘working’ on the project, but the price keeps going down, and the team seems to be selling;
- A direct rug pull – you bought a token and can’t sell it afterward. That’s an unsellable token or a token with a rule written in the smart contract that allows only the owner to sell.
- A classic rug pull – you buy the token, and in a few hours or days, the liquidity plummets to 0, and you cannot sell your token. This happens when the developer removes the liquidity and runs away with the funds.
These are the most common ones, but the rug pull idea is simple, you get scammed for your money by an unknown developer that will be difficult to trace.
Most rug pulls presented themselves as memecoins such as ‘Shiba,’ ‘Doge,’ ‘Floki,’ and other dog/cat names.
The best way is to stay away from these shady emerging coins or do some sort of due diligence before that touches at least the following:
- What’s the token liquidity;
- How many members there are active in their communities;
- How many tokens do the developers own;
- What’s their market cap;
- If the token has any CEX listings.
7. The Unknown Token Airdrop Scam
Another very dangerous crypto scam is the ‘unknown token’ airdrop.
This is only happening on your decentralized wallets, so if you’re using Metamask, Crypto.com DeFi wallet, or other decentralized wallets, you might have noticed this already.
If you’re looking in your token list, you might see some tokens that we call “scam tokens.” You never bought these tokens, and they appeared on your wallet coming from an unknown address as an ‘airdrop.’
It’s not an airdrop. In fact, when you try to sell the token, you’ll need to accept a smart contract. The Smart contract will allow the attacker to transfer your cryptocurrencies to his wallet. It’s a scam that operates very similarly to the NFT scam.
The attacker is actually airdropping millions of coins to random active addresses. The coins have no actual value, but if someone tries to swap them and approves the contract, their tokens will be transferred from their wallet into the attacker’s wallet.
The best thing to do here is to ignore the ‘direct airdrops’ that are coming directly to your address. If you have a billion cryptocurrency coins in your wallet and haven’t bought them, it’s most likely a scam.
8. The Romantic Interest Scam
Same as in other places, the Romantic Interest Scam works perfectly in the cryptocurrency world.
Have you ever been approached by some women that were ‘just looking to become friends?’
Did she ever ask what you work, your expertise, and other sensitive information?
It’s most likely a typical Romance Scam.
Usually, the person behind this will work for a few days or weeks trying to build a relationship with you and to know you, to ask about your life, to find some details – all just to prepare to ask for money at a later stage.
And if they manage to win your trust, you’re most likely to send them $100, then another $200, and so on – until they probably scam you for 4 figures or more.
This is not something new, but cryptocurrency makes it impossible to have a chance to receive the funds back after sending them to the scammer. As Bitcoin and other cryptocurrencies are immutable, the funds are permanently lost if you send some money to the scammer.
This is a common Bitcoin scam, be very careful who you are talking with, and never trust someone you never met in real life with your money.
9. The Phishing Attack
Probably one of the biggest issues in the current world wide web is the Phishing attacks.
A phishing attack is a trick where a malicious party tries to trick someone into revealing sensitive data. Phishing attackers clone certain websites and send you a ‘phishing link’ with the clone website. If you introduce your email and password there, the attacker can now access them.
If they want to get your data from Binance.com – they can buy a domain with Binance in its name and clone the interface. Another way would be replacing the i from Binance with an l – making an URL link Blnance.com.
And a person without much knowledge about this will think it’s legit, will introduce their email and password, and will get scammed.
97% of phishing attacks arrive by email, according to Tessian. So, it would be a good tactic to be very careful with the emails you receive. Check for shady links, use a proper anti-virus, and don’t click on emails that have a warning or have something abnormal in them (like images not loading, emails coming from a Gmail/Protonmail account claiming to be a big business, etc.)
10. The Private Address Scam
This is a pretty sophisticated scam, which appeared in the DeFi summer when decentralized wallets became known.
Every crypto trader should know that a decentralized wallet’s value is in its private keys. If someone steals your private keys, your funds will be lost.
But what happens when someone posts the private keys of a wallet with $10,000 in it?
He’s most likely doing the private address scam.
So what’s it all about? Well, when a scammer posts a wallet’s private keys, he counts on the fact that many will try to see if it has something on it.
And when they discover some tokens, many people will try to get them out. But ETH, BNB, or something else will be needed for the gas fees.
So, those trying to get the funds out will send $10 or $20 to cover the gas fees.
However, the scammer that posted the address has a script where if any ETH, BNB, or other tokens are received, they will be automatically withdrawn to another address.
So if thousands of people will see the private keys, try to access them, and send $10 or 20, the attacker will make a small fortune.
I once saw $50,000 USDT in an address like this. The scammer received 15,000 transactions between $5 and $20 in one week. So, we can easily say that they made around $300,000 from people’s greed to withdraw those funds.
Similarly, crypto scammers would post different accounts on ghost exchanges (exchanges that don’t exist) where they have $50,000 to a few million. People accessing the accounts would need to deposit some money to cover the fees, but again, the funds aren’t real, and the “fees” are just the scammer’s winnings.
The attacker is only trying to lure people into depositing a few dollars there, hoping they can scam as many as possible and withdraw a fortune.
It is very similar to the HASO method, and it’s not so hard to protect against it. Just ignore any email, SMS, or message with a private key, a link to a shady website, or an offer that sounds too good to be true.
11. That Social Media Giveaway That You Won Without Participating
Have you ever won a giveaway on social media that you haven’t even participated in?
If not, you’re lucky. And you’re even luckier to read this before it happens.
A lot of Binance, Crypto.com, Kucoin, and other exchanges users get tagged by fake pages where they inform the users that they won a giveaway.
As the users didn’t participate in any giveaways, raising some questions is normal. But some of the so-called winners get blinded by their ‘luck’ and proceed to give the scammer behind the fake social media page their details or send them funds.
This happens on Facebook (mostly), Instagram, Twitter, and other social media platforms. The fake pages have few followers, but they have the company logo and other things to make them look legit.
As soon as the user replies, they will ask for his account and password – or a fee to ‘prove that they’re the account owner.’
If the user is naive enough to trust them without checking if the page is legit, the scammer will win.
In the past, I’ve heard people lose thousands of dollars hoping they could get those $500 they won in the giveaway.
It’s essential to do your due diligence and never give anyone sensitive info such as email, phone number, and never the password.
No respectable company would ask for your password. If they do ask for your email, it’s better to create a support ticket with a print screen asking if that’s real or a scam, as in some cases, they might ask for your email.
But never for your password.
12. Double Your Money Scam
Have you ever seen a video with Elon Musk, Vitalik Buterin, CZ, or someone else and a message claiming your money will be doubled if you send it to an address? If not, let us explain this cryptocurrency scam:
The scammer will create a fake website or a video where they will offer the audience to double their Bitcoin or Ethereum if they send it to their address. Any funds sent there are obviously lost.
That was one of the major scams of the 2018-2022 period. It is still very dangerous today, as many beginners think it’s legit. Some people sent huge amounts of money to scammers because they thought they had a shot.
The scammers go as far as hacking certain influencer profiles on Youtube, Twitter & Instagram and share the offer with their followers. So if you sometimes see your favorite influencer offering a ‘double your bitcoin’ offer, that means they’re hacked. Also, a while ago, you could even see video ads on youtube playing over legit crypto channels with this kind of scam.
Unfortunately, people will often believe this is true, as they believe that the people offering these ‘opportunities’ have money, and they can afford to do so. But the reality is that only scammers do this to gain some free cryptocurrency.
No one will ever double your cryptocurrency. Don’t trust anyone with this, especially with the latest deep fake technology. Refrain from sending anyone any dollar with the hope you will receive double. You’ll surely get scammed.
It doesn’t matter who posted it; it’s a scam. Accounts get hacked, and scammers will use the associated credibility to lure people into sending them cryptocurrency.
13. The Fake Telegram Groups
When you hear about a project, you might be tempted to search for it on Telegram to join their group. Don’t do it.
Scammers usually create fake Telegram channels with different types of scamming techniques. It might be a fake giveaway where you need to send $ xxx, The wallet synchronization scamming method, the fake admin contacting you, and so on.
If you want to find the official channels of a cryptocurrency, it’s better to go on Coingecko.com and search for that cryptocurrency to check their socials there.
The links found there are put there by the team, and it’s legit 99.99% of the time. The 0.01% remains for the event someone hacked their Coingecko page, but the odds are pretty low.
You can also search on Google for their website – ignore the ads part – and see if it appears in the search results.
A fake telegram group might even have 80,000 or more members on it. It might have people commenting there that they made a lot of money and even influencer names in the chat to inspire trust.
I once searched for a project’s official Telegram using Telegram’s search function and found 5 scam groups.
Consequently, I had to go to Coingecko and find the real account.
Don’t fall for it; check the pinned message and if something looks fishy, delete that group from your Telegram ASAP.
Users that are in those groups and are not bots usually get a lot of private messages from scammers looking to earn a quick buck.
14. Fake Apps Scams
One thing I hate the most in crypto is the fake apps.
In my opinion, these are the worst because they offer hackers and scammers many ways to trick a user:
- They can prepare an offer that it’s too good to be true, and people will believe it;
- Your email and password used there will be used by the scammers on other well-known exchanges;
- They might insert some sort of malware into your device.
A fake app might actually look legit. They might have 100-200+ reviews on Google Play/ App store (as those can be bought), a decent UI/UX, and a promo that you’ll find tempting – but you’re the one getting scammed in the end if you use it.
A fake app is very hard to detect. There haven’t been many of these lately, but it’s better to know the dangers before losing your funds.
One thing that helped me see whether a cryptocurrency app is legit was searching for the company that created it on Google and seeing who it actually is, then checking Trustpilot to see if the company has any reviews.
Another way would be searching for the app’s website and seeing if it’s actually the real one or a fake one designed to get your login info.
Thankfully, Google Play and Apple’s Store managed to get rid of most of these apps. The number of fake apps in the crypto world has been decreasing since 2017, as this method of scamming requires a lot of work and some verifications from Google/Apple – which are hard to pass nowadays.
15. The Cryptocurrency Seller
The most basic scam technique used by scammers is to trick crypto users into ‘buying’ cryptocurrency directly from them.
You might see someone in a group saying, “I need USDT for my BTC. I’m selling my BTC at a 20% discount” or similar. But of course, you’re expected to send the funds first.
So to put it more simply, that person you don’t know wants to sell his BTC at a 20% discount and wants you to send the USDT first, and then he will send you the BTC.
Sounds a bit shady, isn’t it? That’s because it is shady.
Of course, after you send the funds, you will not see a dime back.
Then, there’s the smarter scammer, which needs Ethereum or something similar. He will send the funds first and then ask you for yours.
After you send him your address, the scammer will then send you xxx USDTERC20. And then wait for you to send the ‘real cryptocurrency.’ I put a big emphasis on the ‘real cryptocurrency’ – as the funds that the scammer sent you are just an ERC20 fake token and not USDT.
Yes, it looks like USDT – but it’s not. So how can you verify that?
Go on Coingecko, search for USDT, check its contract address, then copy it.
Go on Etherscan.io – search for your address and add the following at the end: ?a=*USDT contract address*.
This will show you all of the USDT transfers from that address, and you can check whether the cryptocurrency you received is legit.
But the best thing is to ignore these sellers. Even if it’s not a scam, he might just launder money for someone.
Don’t trust anyone that it’s selling crypto to another person and doesn’t want to use an exchange, especially since there are hundreds of DEX that anyone can use.
16. BONUS: The Insolvent Crypto Business
If you’re not new to crypto and have been paying attention to the space in 2022, then you’ve witnessed history with the fall of :
- 3 Arrows Capital
These businesses were considered by most to be ‘safe’ and ‘too big to fail.’ But crypto proved to us that in this industry, anything could happen.
Luna failed due to a big short planned on LUNA and their stablecoin UST.
3 Arrows capital failed due to overleveraging their positions and the inability to pay back the loans.
FTX was secretly insolvent and had a hole of 8 billion dollars.
And the rest of them were just collateral victims that had money locked in the above companies or had employed other unsustainable business practices.
Mainly, they didn’t respect the main rule of investing: Don’t put all of your eggs into a single basket.
It’s hard to detect an insolvent crypto company. In the bull market, everyone seems to be doing well. But in the bear market, you might see some companies struggling.
Alameda Research failed because of a well-made and documented article. Others? The price dropped, causing panic in the market.
In all these, the key term is the bear market.
Therefore, here is a list of some best practices you can do in a bear market to avoid any Bitcoin and cryptocurrency scams and to keep your portfolio safe:
- Try to exit as much as you can in FIAT & Stablecoins. As the market tanks, the best is to keep at least 70% of your portfolio in FIAT & Stablecoins.
- Keep the coins in a non-custodial wallet. The remaining 30% of your portfolio should be stored on a non-custodial wallet or more. This is to avoid any exchange, lending services, or similar types of businesses going bankrupt and bankrupting you.
- Have at least 1-2 CEX accounts that you can use at any time – A CEX account might be necessary from time to time – so it’s best if you have at least 2 accounts under your name on different CEXs.
- Don’t use platforms that pay out yield. Celsius, Hodlnaut, and BlockFi hopefully made the industry understand that you shouldn’t keep your funds in places that offer a yield. At least not in a bear market.
- Research at least a few hours about that platform before depositing your funds there. This made me avoid FTX, Celsius, Luna, and many others. Before depositing money on a platform, search for anything you can about it on the web, from the founders to the company address and financials. Good research can make the difference between profit and loss.
- Keep your private keys safe – It’s mandatory to keep your private keys safe. Those are your money, so make sure you have them stored safely without anyone knowing about them.