You spot a crypto scam by the pattern, not the story. The story is always different, a romance, a hot tip, a "support agent," a free giveaway. The pattern underneath is nearly always the same: someone promises a return that sounds too good, contacts you out of the blue or rushes you to act, asks for crypto or for your account access, and then puts up a wall the moment you try to take your money out. Learn the handful of signals that show up across almost every con, and you can spot most of them before you lose a cent, no matter how new the wrapper looks.

This guide is built for that. It walks through the main types of crypto scams so you recognize the shape of each one, then the red flags they all share, then the checks you can run yourself, and finally what to do if money has already left your account. You do not need to be technical. You need to know what a scam feels like from the inside, because that feeling is the most reliable alarm you have.

  • Scams share a pattern, not a script. A guaranteed return, a stranger making first contact, artificial urgency, a crypto-only payment demand, or any request for your seed phrase is a red flag on its own. Two or more together is a stop sign.
  • No legitimate exchange, wallet, project, or "support agent" will ever ask for your seed phrase or recovery phrase. Anyone who does is trying to rob you. There are no exceptions.
  • If a platform lets you deposit but blocks your withdrawal behind a surprise "fee," "tax," or "verification payment," it is a scam. Paying it does not free your money; it adds to your loss.
  • Pig-butchering scams build trust over weeks before the ask. The warmth is the tactic. A real friend or partner does not need you in a specific investment app.
  • Crypto payments are usually final, and stolen funds are rarely recovered. The strongest protection is refusing to start. If you are targeted afterward by a "recovery service," that is almost always a second scam.

Two notes before the types, because they shape everything that follows. First, none of this is financial advice; this guide is about spotting fraud, not about what to buy or hold. Second, falling for one of these is not a sign you are foolish. These operations are run by organized crews who rehearse the script on thousands of people and refine what works. When authorities break up a pig-butchering operation, the playbook they describe is the same one laid out below, run at industrial scale. Smart, careful people get caught. Knowing the pattern is what tips the odds back toward you.

What are the main types of crypto scams?

Most crypto fraud falls into a dozen or so recognizable types. They overlap, and a single operation often blends several. The point of knowing the categories is not to memorize them; it is so that when one arrives in your inbox, you place it instantly.

Pig-butchering (romance plus investment). The most lucrative scam aimed at individuals right now. A stranger connects with you on a dating app, a social platform, or even a "wrong number" text that turns friendly. Over days or weeks they build a real-feeling relationship, romantic or just warmly attentive, and never rush. Then they mention how well they are doing with a crypto investment and offer to show you. They guide you onto a platform (often a polished fake) where your balance climbs nicely on the screen. The early small withdrawal that works is bait. When you try to take out a meaningful amount, the fees and "taxes" begin, and the money never comes back. The name comes from the grim metaphor of fattening an animal before slaughter. The warmth is not a side effect; it is the weapon.

Fake investment platforms and fake exchanges. A website or app that looks like a real trading platform, sometimes cloning a legitimate brand down to the logo. You deposit, you see profits tick up on a dashboard, and the numbers are fiction. The site exists to take deposits and block withdrawals. These often arrive through an ad, a messaging-app group, or the pig-butchering route above. In one live case reported by The Star, a 63-year-old IT consultant in George Town lost nearly RM1.5 million to a crypto investment scheme before reporting it to commercial crime police; the pattern was the familiar one of an online "opportunity" that paid out on paper and not in practice.

Phishing and wallet-drainer attacks. Here the goal is your keys or your approval, not a deposit. A fake email, text, or pop-up sends you to a site dressed up as your wallet or exchange, and asks you to "verify," "reconnect," or "validate" by entering your seed phrase or signing a transaction. A wallet drainer is a malicious site or token approval that, once you sign it, lets the attacker sweep your funds, sometimes from a single signature that looks routine. The danger is that signing a transaction does not always feel like sending money; a drainer can dress the request up as a harmless login or a free claim, and the approval you grant is what does the damage. The tell is almost always a link you did not go looking for and a sense of urgency ("your account will be locked," "claim before it expires"). When a prompt to connect your wallet or sign something arrives unbidden, the safe move is to close it and go to the real site yourself.

Rug pulls. A team launches a token, hypes it, draws in buyers, then pulls the liquidity or dumps their own holdings, and the price collapses to nothing. Common in new, low-information tokens where the team is anonymous and the project is mostly promotion. When a token's whole story is its own price going up, you are looking at the setup for one.

Ponzi and pyramid schemes. Old fraud, new rails. Returns paid to early participants come from later participants' deposits, not from any real trading or activity, so the whole thing is a bucket with a hole that only stays full while new money pours in faster than old money leaves. They survive on recruitment and "guaranteed" daily or weekly yields, and they collapse the moment that inflow slows. The classic shape is a "passive income" crypto program that pays a smooth fixed percentage no real market delivers and rewards you for bringing in friends. The recruitment bonus is the tell: legitimate returns do not depend on you finding the next depositor.

Fake giveaways, celebrity impersonation, and deepfakes. "Send 0.1 ETH to this address and get 0.5 back." A famous name or a hijacked verified account fronts it, often on a livestream that loops old footage to look real. No one doubles your money for free; the giveaway address only ever receives. The newer version uses AI to fake a video or voice of a public figure endorsing a platform, sometimes convincingly enough to pass a glance. Treat a celebrity endorsement of a specific crypto offer as a red flag in itself, because the genuine version of that almost never happens, and a face or voice on a screen proves nothing about who is actually behind the link.

Pump-and-dump. A group coordinates to buy a thin token, hypes it to outsiders ("buy now, it is about to explode"), and sells into the buying they created. Whoever arrives on the hype is the exit liquidity. The signal is a sudden, orchestrated push to buy a specific small coin on a deadline.

Fake airdrops and NFT scams. A "free token" or "claim your NFT" prompt that, to claim, asks you to connect your wallet and sign something, or sends you to a fake mint site. Tokens you never bought sometimes appear in your wallet on their own, and interacting with them can trigger a drainer. The word "free" is doing the work a lock pick usually does.

SIM-swap and account takeover. An attacker convinces your mobile carrier to move your phone number to a SIM card they control, usually by impersonating you with details gathered from a data breach or your own public posts. Once your number lands on their device, every text-message code follows it: the codes that reset passwords, the codes that pass two-factor checks, the "confirm this withdrawal" prompts. With your number in hand, they walk into any account that leans on SMS codes, often while you sit there with a phone that has quietly lost service. This is why a phone-based code is the weakest second factor for anything holding money, and why moving to an authenticator app or a hardware key matters more than any other single setting.

Fake customer-support impersonation. Someone posing as support from your exchange or wallet reaches you, often after you posted a problem publicly, and offers to "help." Real help never needs your seed phrase, your password, remote control of your screen, or for you to move funds to a "safe" wallet. Those four asks are the whole scam.

Recovery scams. The cruelest one, because it targets people who were just robbed. After a loss, someone contacts you claiming they can recover your stolen crypto, for an upfront fee or for access to your accounts. They take that and vanish. Law-enforcement bodies have flagged this directly: treat any unsolicited offer to recover funds as a fresh scam.

A single operation can stack these. A pig-butchering crew runs a fake platform, uses phishing-style "verification" steps, and circles back as a recovery scam after you have lost money. That is why the red flags below matter more than the labels: the wrapper changes, the signals do not.

What are the universal red flags of a crypto scam?

If you remember nothing else, remember these. They cut across every type above. One of them on its own should slow you down. Two or more together, treat as a stop sign and walk away.

  • A guaranteed or "no-risk" return. No real investment guarantees a profit, and the more certain and specific the promise ("12% a week, guaranteed"), the more certain the fraud. Genuine returns vary and can be negative. Certainty is the seller's tell, not the asset's.
  • Unsolicited contact. The opportunity found you, through a dating app, a social-media DM, a group chat, a "wrong number" text, or a cold call. Money you go looking for is different from money that comes knocking.
  • Pressure and artificial urgency. A countdown, a "limited slot," a price about to jump, a deadline to act tonight. Urgency exists to stop you checking. Real opportunities survive a night's sleep and a second opinion.
  • A demand to pay in crypto, and only crypto. Crypto payments are hard to reverse and hard to trace, which is exactly why scammers insist on them. A legitimate seller or service gives you normal options.
  • Anyone asking for your seed phrase or private keys. This is the brightest line in all of crypto. Your recovery phrase is the master key to your wallet. No exchange, wallet maker, project, or support agent ever needs it. A request for it is proof of a scam, every time.
  • Withdrawals blocked behind a surprise "fee" or "tax." You could deposit and watch profits grow, but taking real money out suddenly requires an upfront payment to "release" or "unlock" it. That payment is a second theft, not a step toward your money. Walk away.
  • No verifiable team, registration, or legal entity. Anonymous founders, no company you can look up, no license with any regulator, no real address. If you cannot find out who you are dealing with, assume that is on purpose.
  • A broken or borrowed identity. Sloppy grammar, a domain registered last month, a site that clones a real brand with a slightly-off web address, support that only works over a messaging app. None of these is proof alone, but together they describe a front, not a business.
  • Moving the conversation off-platform. A match who hurries you off the dating app to a private messenger, "support" that pulls you into a direct chat, a deal that has to happen somewhere with no record. Scammers prefer the dark where moderation and history cannot reach.
  • A stranger holding or "managing" your keys or funds. Anyone who needs custody of your crypto to "trade for you," "keep it safe," or "verify" it is positioning to take it. You keep your keys; a real service never needs them.

Two of these deserve their own warning, because they are where the largest single losses happen and where the rule is absolute.

Never give anyone your seed phrase or recovery phrase, and never type it into a website or app because something prompted you to. Not to unlock a feature, not to "verify" your wallet, not to fix an error, not to claim a reward, not for support. The phrase restores full control of your wallet to whoever holds it. Anyone asking, no matter how official the message looks, is trying to empty it. Write the phrase on paper, keep it offline, and treat any request for it as a confirmed scam.

If a platform makes you pay a "fee," "tax," or "deposit" before it will let you withdraw your own balance, stop. The money is already lost, and paying more will not bring it back. This is the core mechanism of fake investment platforms and pig-butchering scams. Legitimate withdrawals can carry a normal network fee deducted from the amount, but no real platform demands a separate upfront payment from you to "release" funds it is holding. Each payment makes the loss bigger, not smaller.

Why do smart people fall for crypto scams?

Because these scams attack feelings, not intelligence. Understanding the machinery removes the shame, and shame is what keeps victims silent and lets the fraud keep working.

Pig-butchering scripts are built on patience. The crew running them invests weeks before any ask, and that time does real psychological work: it builds a relationship your brain treats as genuine, because in every observable way it behaves like one. By the time money comes up, the request arrives from someone you trust, which is a completely different thing from a stranger asking for money. The trust is manufactured, but it does not feel manufactured, and that gap is the whole exploit.

The early "winning" withdrawal does the rest. When you put in a small amount, see it grow, and pull a little back out successfully, your caution drops and your confidence rises. That first payout is not a sign the platform is real. It is the cheapest marketing the scammer will ever buy, and it is designed to get you to commit far more. Add a manufactured deadline on top, and you are making a large decision while emotional and rushed, which is exactly the state these operations engineer.

The cruelest detail is that the qualities that get people caught are good ones: trust, optimism, the willingness to help someone you care about, the discipline to act on an opportunity before it passes. Scammers turn those strengths against you. If it has happened to you, or to someone you love, it is not a verdict on judgment. It is what a rehearsed con does to a normal human being. The useful response is not embarrassment; it is naming the pattern out loud so it loses its grip.

How do I verify a crypto project or platform myself?

You do not have to take anyone's word, and a few checks you can run yourself filter out most fraud. None of these requires deep technical skill. They do require the patience to look before you commit, which is the exact patience a scammer's urgency is trying to take from you.

Check a token's contract on a block explorer. For tokens on Ethereum and similar networks, a block explorer such as Etherscan lets anyone inspect the token for free. Paste the token's contract address into the explorer and look at three things. First, whether the source code is verified: a verified contract shows a green checkmark and lets you (or someone you trust) read what it actually does, while an unverified contract is a black box you are asked to take on faith. Second, the holder distribution, usually on a "Holders" tab. If one or two wallets hold most of the supply, those wallets can crash the price by selling at once, which is the mechanics of a rug pull. Third, the liquidity. Real projects lock the liquidity that lets people trade the token, so the team cannot simply withdraw it and walk away; a thin or unlocked pool means the floor can vanish in a single transaction. A token whose contract is unverified, whose supply sits in a couple of wallets, and whose liquidity is not locked is waving three flags at once.

Review and revoke token approvals. When you use a decentralized app, you grant its contract permission to move specific tokens in your wallet, and many apps ask for an unlimited allowance to save you approving each time. The convenience is also the risk: an approval you granted months ago, or one you signed on a site that turned out to be malicious, can sit dormant and then drain those tokens long after you have forgotten the app. Wallet tools and a "token approvals" feature on block explorers let you see every permission you have granted and revoke the ones you no longer use or do not recognize. Each revocation costs a small network fee, but treating it as a periodic cleanup closes the exact door that wallet-drainer scams climb through.

Check a link before you connect or sign. Before entering anything or connecting your wallet, look hard at the web address for a misspelling or an odd domain, and be suspicious of any link that arrived unsolicited. Reputable security tools and phishing-checkers can flag known malicious sites. When in doubt, navigate to the site yourself by typing the address you know, rather than following a link someone sent.

Look up the platform's registration with a regulator. A real exchange or money-services business is registered and licensed in the regions it serves, and you can usually confirm that on the relevant regulator's own website. If a platform claims to be regulated, check the claim at the source rather than trusting a badge on its homepage. No registration you can verify, in a space that requires it, is a serious warning.

Search the platform's name alongside the word "scam." It is the simplest check and the one people skip in their hurry. A few minutes reading what others say, on independent forums and complaint boards rather than the platform's own testimonials, surfaces patterns a polished homepage hides: a wave of users reporting blocked withdrawals, a domain that only appeared weeks ago, a "team" whose photos turn out to be stock images. The absence of any independent history is itself information. A real platform handling other people's money leaves a trail you can find; one built to disappear does not.

A live counter-fraud effort in India, reported as "Operation Octopus," traced victims who were lured by an "investment opportunity promising quick returns" seen on social media into a wider fraud network. The lesson behind cases like it is steady: the checks above would have flagged the platforms involved as unverifiable before any money moved. The tools are public. The discipline to use them before you commit is the part that protects you.

Step by step: how to protect yourself from crypto scams

Put together, the defense is a short routine you can run on any offer, any platform, any message. Work through it in order. The early steps catch most scams before the later ones ever matter.

Step 1: Know the types, so you recognize the shape. You have them above. When a "wrong number" text turns friendly, when a DM dangles a guaranteed yield, when a pop-up wants your seed phrase, name it for what it is. Recognition is most of the battle, because a scam you have already labeled has lost its surprise.

Step 2: Run every offer past the red-flag list. Before any money or access changes hands, check the offer against the universal red flags. Guaranteed return? Unsolicited contact? Pressure? Crypto-only payment? A request for your keys? A withdrawal wall? Each one alone earns a pause. Two earns a no.

Step 3: Slow down on purpose. Urgency is the scammer's main tool, so removing it is your main defense. Give any high-stakes crypto decision a night's sleep and a second opinion from someone not involved. A real opportunity is still there tomorrow. A pressured one usually is not, and that is the point.

Step 4: Guard the two bright lines. Never share your seed phrase or private keys with anyone, for any reason. Never pay an upfront "fee" or "tax" to unlock a withdrawal. These two rules, held without exception, defeat the scams that cause the largest losses.

Step 5: Verify before you trust. Use the checks in the section above. Inspect the token contract, confirm the platform's registration at the regulator's site, check the link, review your approvals. Do the looking yourself rather than relying on what the platform or the person tells you.

Step 6: Harden your accounts. Move off text-message two-factor codes and onto an authenticator app or, better, a physical security key, which a SIM swap cannot defeat. Set a SIM PIN with your mobile carrier. Use a long, unique password for every account through a password manager. For funds you are not actively trading, keeping less on any platform and more in your own custody removes the platform, and anyone impersonating it, from the equation. Our guide on moving crypto off an exchange walks that process step by step.

Step 7: Know what to do if it happens. Even careful people get caught. The next section is the plan, and reading it before you need it means you can act fast if you ever do.

What should I do if I have been scammed?

Act quickly and in order. Speed matters more than getting every step perfect, and so does being honest with yourself early that something is wrong rather than sending "one more" payment.

Cut off any access first. If a "support agent" had you install remote-access software or screen-sharing, disconnect from the internet and remove that software before anything else. While they can see or control your device, they can undo your next moves.

Lock down your accounts. Change the password on your exchange or wallet account from a separate, trusted device, then change the password on the email tied to it, because that email can reset everything else. Switch off SMS two-factor and turn on an authenticator app or hardware key. Freeze or pause the affected accounts through official channels, and alert your bank to flag fraud and stop any linked transfers.

Report it. File reports with your country's cybercrime or fraud authority. In the United States, that means the FBI's Internet Crime Complaint Center at ic3.gov and the Federal Trade Commission; elsewhere it is your national police cybercrime unit or fraud-reporting line. Then report the incident to the exchange or platform through its official website, never through a number or contact a "support agent" gave you. In the cases above, victims reported to national police and counter-fraud units, and those reports are what feed the investigations that eventually break these networks up. Your single report may also connect to others targeting the same operation, which is how a scattered set of losses becomes a case investigators can act on.

Write down everything while it is fresh. Save the messages, phone numbers, usernames, wallet addresses funds went to, transaction IDs, and timestamps. That record is what investigators and your bank will ask for.

Now the honest part, because a guide that pretends otherwise is not helping you. Crypto transactions are usually final, and there is no chargeback. Once funds have left to a scammer's wallet, recovery is rare. Reporting still matters, because it can occasionally help trace funds and it helps stop the operation reaching others, but you should not count on getting the money back. Knowing this in advance is itself a defense: it is exactly why refusing to start is the protection that works.

After a loss, expect a "recovery service" to contact you, and treat it as a second scam. Someone will reach out claiming they can get your stolen crypto back, for an upfront fee or for access to your accounts. Law-enforcement bodies have flagged this pattern directly. No legitimate service guarantees recovery, asks for payment in crypto to start, or needs control of your accounts. An unsolicited offer to recover your money is almost always the same crew, or another one, coming back for what is left.

How do I tell if a crypto platform is legitimate?

The same handful of questions works for any platform, the day you sign up and a year later. Get clear answers before you trust one with real money. A platform that cannot satisfy these is telling you something.

Is it registered and licensed? Look for registration as a money-services business and licenses in the regions it serves, and confirm the claim on the regulator's own site, not on the platform's marketing page. A faceless offshore site with no verifiable registration, in a space that requires one, is the warning.

Are there real support channels? A legitimate platform offers support through its official site and does not conduct security business through a stranger's direct messages. If the only "support" is a person who found you in a chat, that is not support.

Are the fees transparent and the withdrawals real? Costs should be published and predictable. The decisive test is whether you can actually withdraw. A platform that takes deposits smoothly but stalls, charges surprise fees, or blocks withdrawals has shown you what it is.

Can you find out who runs it? A real company has a name you can look up, a track record, and accountability. Anonymous operators behind a polished front are a risk you are choosing to take.

These checks do not protect you from everything, and pretending otherwise would not help you. They will not stop a price from falling, since legitimate assets lose value too and that is risk, not fraud. A transaction you authorized under pressure stays authorized, because crypto sends are final by design. Nor can a checklist read the mind of a stranger who has spent weeks being kind to you. What they do is filter out the platforms and offers built purely to take your money, which is most of what is aimed at newcomers. The rest is judgment, patience, and the willingness to walk away from anything that needs you to hurry. That willingness is the single habit that protects you most.