Cryptocurrency scams: Know the risks and how to protect yourself

What is cryptocurrency?

Cryptocurrency (or crypto) is a type of digital or virtual currency. Unlike traditional currencies like the US dollar or euro that have coins and banknotes, cryptocurrencies only exist online. You can buy them on various online platforms called exchanges, using your smartphone or computer, or you can purchase them at a cryptocurrency ATM.

To buy, sell, or store your crypto on an exchange, you need to create an exchange account. However, to manage your cryptocurrency directly, you can create a crypto wallet account (or simply a crypto wallet), where you control your private keys and assets.

Bitcoin and Ether are among the most popular cryptocurrencies, but developers, crypto entrepreneurs, and open-source communities launch thousands of new ones each year.

Crypto uses cryptography for secure transactions and operates on decentralized networks called blockchains. A global community of computers maintains these networks, meaning there are no central authorities like banks or governments.

The appeal of cryptocurrency in recent years relies on several features, including:

• Decentralization. No single entity controls the currency or its transactions.
• Transparency. All transactions are recorded on a public ledger, ensuring accountability.
• Anonymity. Users can make transactions without revealing personal information.
• Irreversibility. Once a transaction is confirmed, it cannot be undone.

While these features are huge benefits, remember that they also create vulnerabilities, making cryptocurrency an attractive target for scammers.

Why are crypto scams so common?

Cryptocurrency is particularly vulnerable to scams due to its lack of regulation and the irreversibility of transactions. No central authority oversees cryptocurrency transactions, which means victims of fraud have no clear help or recourse. If you send funds to a scammer, the transaction cannot be reversed, even if you realize the mistake right away.

The lack of uniform regulation across countries creates a gray area where scammers can operate with little risk of consequence. Blockchain transactions, while transparent, are pseudonymous, which makes it difficult to trace stolen funds and identify criminals.

The rapid growth of the crypto market has attracted both genuine investors and opportunistic criminals. Sadly, the technical complexity of cryptocurrency means that many people don’t fully understand how crypto works, so they become easy targets for scammers. The excitement around the potential of making a quick profit can cloud people’s judgment, leading them to ignore warning signs and take unnecessary risks.

Common types of cryptocurrency scams

Cryptocurrency scams often disguise themselves as legitimate offers, making them easy to overlook. Check out the seven most common and recent types of crypto scams, along with specific examples, to learn what to watch out for.

1. Phishing scams

Phishing emains one of the most common tactics that scammers use in the crypto world. These attacks involve tricking users into revealing their private keys, wallet credentials, or other sensitive information.

How phishing scams work

Scammers send you emails, social media messages, or texts that are designed to look like they’re coming from legitimate wallet providers or exchanges. In these messages, you are encouraged to take action, typically to secure your account from supposed threats.

These phishing messages contain links to fake websites that mimic real platforms. If you unknowingly enter your credentials on these fake websites, you give scammers access to your crypto wallet.

Example of a phishing scam

Binance is one of the largest cryptocurrency exchanges, so scammers often target its users. They typically send SMS messages, impersonating Binance’s official communication.

These phishing messages often warn users of supposed withdrawal attempts or prompt them to verify their account by clicking a link. The link in the message redirects victims to a phishing website that mimics Binance’s login page.

How to avoid phishing scams

Avoiding phishing scams is a matter of staying mindful of suspicious messages, emails, and links, and being careful not to share personal information with untrusted sources.

Avoid clicking on links in suspicious emails or messages and always verify the URL of any website, including a crypto exchange, before entering your details. You should also enable two-factor authentication (2FA) on your crypto exchange accounts and wallets for added security.

2. Fake cryptocurrency exchanges

Scammers design fake cryptocurrency exchanges to look like legitimate platforms. They do so to steal your funds. These exchanges typically try to lure you with promises of low fees, high returns, or exclusive trading opportunities.

How fake cryptocurrency exchanges work

Scammers create fake cryptocurrency exchanges and trick you into believing it’s a legitimate one. Once you and other victims deposit your cryptocurrency into the fake exchange, scammers block withdrawals or shut down the site, taking all deposited funds.

Example of a fake cryptocurrency exchange

A recent scam featured a fake platform called Clockbits, which impersonated Cirkor, a legitimate exchange. The fraudulent platform mimicked Cirkor’s branding and functionality, tricking victims into believing they were using a reliable service.

How to avoid fake cryptocurrency exchanges

Avoiding fake cryptocurrency exchanges involves some research, knowledge, and attentiveness. First of all, research exchanges before using them. You can look for reviews and community discussions. Second, stick to well-known and regulated platforms like Coinbase, Binance, or Kraken. Be cautious of exchanges offering deals that seem too good to be true.

3. Rug pulls

Rug pulls are a type of scam in the decentralized finance (DeFi) and cryptocurrency token markets where developers suddenly abandon a project after raising significant funds. A cryptocurrency token is a type of digital asset or unit of value that exists on a blockchain, representing various conditions, such as ownership, access to a service, or even a stake in a project.

How rug pulls work

To pull off a rug pull (pun intended), scammers create a new token or DeFi project and promote it through social media and influencers. They attract money or assets by promising high returns or innovative features. Once the scammers have locked enough funds into the project, they withdraw all the money and assets, causing the token’s value to crash.

Example of a rug pull

One of the most notorious rug pulls in recent years was the Squid Game Token scam. The token exploited the popularity of the Netflix hit series Squid Game to generate hype and attract investors. Developers claimed that the token was part of a “play-to-earn” cryptocurrency game inspired by the show. The website, whitepaper, and social media campaigns appeared professional, and the token gained significant attention from mainstream and crypto audiences alike.

Soon, the price of the Squid Game Token skyrocketed by 75,000%, reaching over $2,800 per token at its peak. However, when investors tried to sell their tokens, they discovered that the developers had implemented a mechanism that restricted selling for most holders. Shortly after, the developers abruptly withdrew over $3.3 million worth of funds from the liquidity pool and disappeared, shutting down the project’s website and social media accounts.

The scam left thousands of investors with tokens that were essentially worthless and highlighted the risks of investing in unverified projects, especially those capitalizing on current trends.

The following graph shows the sharp rise in the Squid Game Token’s value, followed by a sudden crash after the liquidity was pulled.

How to avoid rug pulls

To avoid rug pulls, don’t invest in projects with anonymous teams. Check if the project’s liquidity is locked in a smart contract — locked liquidity ensures that developers can’t withdraw funds, reducing the risk of a rug pull.

You should also look for audit reports from reputable firms. Audits verify that the project’s code is secure and free from vulnerabilities, offering extra assurance of its legitimacy.

4. Fake initial coin offerings (ICOs)

Initial coin offerings (ICOs) allow new projects to raise funds by selling tokens to investors. While many legitimate projects use ICOs, scammers often create fake ones.

How fake ICOs work

For a fake ICO to work, scammers set up a professional-looking website and whitepaper for a fake project. They aggressively promote the ICO, promising groundbreaking technology or massive returns. After collecting funds, the scammers disappear.

Example of a fake ICO

One of the most infamous ICO scams was Centra Tech in 2017. The company raised $25 million by falsely claiming partnerships with Visa and Mastercard, alleging that its cryptocurrency debit card would allow users to convert cryptocurrencies into fiat currency seamlessly.

The founders of Centra Tech created a highly polished website, social media campaigns, and endorsements from celebrities to lure investors. However, the project turned out to be entirely fraudulent.

While the founders were later arrested and faced federal charges, most investors were unable to recover their funds. This scam highlighted the risks of unregulated ICOs and the ease with which scammers could fabricate legitimacy.

The fake Centra Cards handed out to investors couldn’t be used for actual transactions.

How to avoid fake ICOs

To avoid fake ICOs, research every project thoroughly. Look for real-world use cases and a transparent team.

Avoid ICOs that guarantee high returns with no risks. If it’s too good to be true, it’s most likely a scam. You should also verify the project’s token on blockchain explorers like Etherscan.

5. Malicious smart contracts

Smart contracts are self-executing programs that run on blockchains. Simply put, smart contracts are self-executing digital agreements where the terms of the contract are directly written into code. They run on blockchain networks like Ethereum, and once deployed, they automatically enforce and execute the contract’s terms when predefined conditions are met.

Because smart contracts run on decentralized networks, they don’t require intermediaries like banks or lawyers. While they power many legitimate applications, malicious smart contracts are a growing threat.

How malicious smart contracts work

In a malicious smart contract scam, fraudsters promote a fake DeFi project or NFT minting platform. When users interact with the smart contract, it triggers unauthorized transactions, draining their wallets.

Example of a malicious smart contract scam

In December 2021, Grim Finance, a DeFi platform, fell victim to a malicious smart contract attack. Users lost a little over $30 million in funds. Grim Finance, which operated on the Fantom Opera blockchain, offered a service where users could stake their tokens and earn rewards.

The attackers took advantage of a flaw in the platform’s smart contract, using the “reentrancy attack” technique. Essentially, they tricked the system into executing the same action multiple times, all within a single transaction. As a result, they were able to siphon funds from the platform’s vault multiple times.

After the attack, the Grim Finance team quickly informed users about the breach and advised them to withdraw their funds from the platform.

Unfortunately, by that point, the attackers had already stolen millions of dollars worth of assets, including stablecoins and other cryptocurrencies.

How to avoid fake smart contracts

You can avoid falling victim to a fake smart contract by only interacting with audited smart contracts from reputable projects. Review the contract address on blockchain explorers before approval and use tools like “revoke.cash” to manage and revoke permissions for smart contracts.

6. Fake airdrops

Airdrops are a legitimate way for projects to distribute free tokens, but scammers exploit this concept to steal funds.

How fake airdrops work

In fake airdrop scams, fraudsters send free tokens to random wallets, accompanied by a link to claim more tokens. If you click the link, you are prompted to connect your wallet to a malicious website. Once you do, the website steals funds or private keys.

Example of a fake airdrop scam

Scammers frequently use social media platforms like X (Twitter) to target cryptocurrency users with fake airdrop schemes. Attackers create fake accounts impersonating legitimate cryptocurrency projects, such as Ethereum, Binance, or Solana, and post announcements about “exclusive airdrops.”

These announcements include links to phishing websites, where victims are asked to enter their wallet information or connect their wallets. Many users who fall for these schemes report losing funds within minutes of interacting with these fraudulent sites Here’s an example of one of these announcements:

How to avoid fake airdrops

To avoid fake airdrops, don’t interact with unknown tokens in your wallet. Always verify the legitimacy of airdrops through official project announcements and disable automatic token approvals in your wallet settings.

7. Pig butchering scams

In pig butchering scams, fraudsters build a trusting relationship with you over time. They then convince you to invest in a fake or risky financial opportunity, often involving cryptocurrency. The scammer “fattens the pig” (gains your trust and money) before “slaughtering” it — stealing all the funds once you have invested a significant amount.

How pig butchering scams work

To pull off a pig butchering scam, fraudsters initiate contact with you via dating apps, social media, or messaging platforms such as WhatsApp or Telegram. They build a fake persona, often presenting themselves as wealthy professionals or successful cryptocurrency investors, to gain your trust.

Over weeks or months, scammers establish a relationship with you, engaging in friendly or romantic conversations to build emotional rapport. Once they’ve established your trust, they introduce the idea of cryptocurrency investments, claiming insider knowledge or access to an exclusive trading platform. They encourage you to start with small investments, which are shown to grow significantly on a fake platform that mimics legitimate trading interfaces.

As you invest more funds, scammers tighten their grip, urging you to deposit larger sums to “maximize gains.” If you try to withdraw your funds, scammers demand additional payments for fees or taxes. Once you make these payments, the scammers vanish along with your funds.

How to avoid pig butchering scams

Pig butchering scams rely on your trust, so be cautious when you communicate with people you don’t know well online. Be extra careful with unsolicited messages or contacts from strangers, especially those discussing investment opportunities.

Avoid sharing personal or financial information with people you have only met online and always research any cryptocurrency platform thoroughly, ensuring it is regulated and has verifiable reviews.

Refrain from sending funds or connecting your wallet to unknown or unverified platforms. Simply put, trust your instincts — if an opportunity sounds too good to be true, it likely is.

How to avoid cryptocurrency scams

If you’re not crypto savvy, the best way to avoid scams is to do your homework before getting involved with any platform or project. Take the time to research thoroughly, check reliable sources and browse community forums for feedback from real users. Whether you’re investing in a new coin or a crypto project, gather as much information as possible to make smarter, safer decisions.

Securing your crypto wallet is another key step in protecting yourself from scams. For long-term storage, using a hardware wallet. It’s one of the safest options because it keeps your crypto offline and out of reach from hackers. Be cautious of suspicious offers, like emails promising free crypto or guaranteed returns — these are common tactics that scammers use. And always double-check website URLs before entering any sensitive information. Lastly, if you’ve decided to step into the crypto world, make sure to stay updated on the latest scams by following trusted cryptocurrency news outlets.

How to report cryptocurrency scams

If you come across a cryptocurrency scam or become a victim, act quickly — your actions can help authorities prevent the scam from spreading and protect other crypto users.

• Notify local authorities. Report the scam to your local police or law enforcement agency as soon as possible.
• File a complaint with regulators. In the US, you can report the incident to the Federal Trade Commission, the Securities and Exchange Commission, or the Internet Crime Complaint Center. These agencies will investigate the scam, gather evidence, and take action to protect consumers and enforce relevant laws.
• Contact exchanges. If scammers stole your funds through a legitimate exchange, reach out to the exchange’s support team and report the theft.
• Spread awareness. Share your experience on forums and social media to warn others and help them avoid the same scam.

How NordVPN’s Threat Protection Pro™ helps you stay safe

Knowing what to look out for may not be enough to protect yourself from crypto scams — you should be proactive and use special tools designed to detect potential scams. NordVPN’s Threat Protection Pro™ is certified anti-phishing software that has your virtual back 24/7. But how does it help you avoid crypto scams?

How NordVPN’s Threat Protection™ works

• Phishing protection. Threat Protection Pro™ blocks access to known malicious websites, ensuring you don’t accidentally log in to a fake wallet or exchange site.
• Ad and tracker blocking. This software reduces exposure to fake ads and fraudulent pop-ups often used in crypto scams.
• Malware detection. Threat Protection ProTM prevents downloads of malicious files that can steal private keys or access your wallets.
• Secure connections. This tool encrypts your online traffic to protect sensitive data from interception on public Wi-Fi networks.

By integrating NordVPN’s Threat Protection ProTM into your cybersecurity toolkit, you can significantly reduce the risk of falling victim to cryptocurrency scams. Powered by cyber threat intelligence and machine learning, NordVPN’s cybersecurity feature helps you navigate the crypto world with more security and confidence.