Giveaway Scams
How They Work
Giveaway scams are one of the oldest tricks in the crypto playbook and remain devastatingly effective. The formula is simple: a fake account impersonating a celebrity (Elon Musk, Vitalik Buterin, Michael Saylor), a crypto exchange (Coinbase, Binance), or a blockchain project announces a “limited time giveaway” — send 0.5 ETH to this address and receive 1 ETH back, or send any amount to be multiplied.
Occasionally these scams use hacked accounts with hundreds of thousands of real followers, adding a veneer of credibility. YouTube livestreams showing fake interviews with Elon Musk have run for hours before platforms remove them, collecting millions of dollars from victims.
Why People Fall For It
The accounts look convincing. The promise plays on the fear of missing out. Other comments below (posted by fake accounts controlled by the scammer) claim to have already received their returns. When a scam looks credible and others appear to be profiting, rational judgment can fail.
The Rule
No legitimate entity — not Elon Musk, not any exchange, not any project — runs a giveaway where you send crypto first. Any “send X to receive 2X” mechanism is a scam. There are no exceptions.
Fake Exchange and Phishing Sites
How They Work
Phishing sites are fake websites designed to look identical to legitimate exchanges (Coinbase, Binance, Kraken) or wallet interfaces (MetaMask, Ledger Live). The scammer creates a domain with a subtle typo or alternate spelling — “coinb4se.com” instead of “coinbase.com”, “rnetamask.io” instead of “metamask.io” — and drives traffic to it via Google ads, fake links in emails, social media posts, or DMs.
Once you enter your login credentials or seed phrase on the fake site, the scammer has everything they need to drain your account or wallet.
How to Spot Phishing Sites
- Check the URL character by character, every single time. One switched letter or a different domain extension (.io vs .com) is all it takes.
- Bookmark the official sites you use regularly and only access them through your bookmarks.
- Never click links to exchanges or wallet interfaces in emails, text messages, or DMs — even if they appear to come from the platform.
- Legitimate exchanges will never email you a login link. If you receive one, it is almost certainly a phishing attempt.
- Use a browser that flags known phishing domains.
Romance Scams and Pig Butchering
The Biggest Growing Threat
Pig butchering (known as “sha zhu pan” in Mandarin, meaning “slaughter the pig”) is the fastest-growing and most financially devastating crypto scam category in the world. US victims lost over $3.5 billion to pig butchering schemes in 2023 alone, with individual losses frequently exceeding $100,000.
How It Works
The scam begins with unsolicited contact: a message on WhatsApp, Instagram, Tinder, LinkedIn, or dating apps claiming to have messaged you by accident, or simply opening with friendly conversation. The scammer — often working from a script in a criminal compound — builds a genuine-seeming relationship over days, weeks, or even months. They are attentive, emotionally supportive, and never seem to ask for anything.
Eventually, in a natural-seeming moment, they mention they have been doing well financially through a crypto investment platform. They share screenshots of returns. They offer to show you how it works, positioning it as helping a friend. The “platform” is completely fake — a professional-looking website controlled entirely by the scammers.
Your initial investments show remarkable returns on the fake dashboard. You are encouraged to invest more. When you eventually try to withdraw, you are told you must pay “taxes,” “withdrawal fees,” or “verification deposits” first. If you pay those, more obstacles appear. The platform eventually disappears, or the scammer ghosts you.
Warning Signs
- Someone contacts you out of nowhere and quickly steers conversation toward crypto investing
- They are unusually attractive and their life seems implausibly perfect
- The investment platform they recommend is not listed on any regulated exchange or verifiable database
- Returns are consistently high and seem guaranteed
- You can see your balance growing but cannot withdraw without paying fees first
- Any pressure to invest more before you can access existing funds
If you are in a conversation matching any of these patterns, the relationship is not real. The person you have been talking to is a professional scammer, possibly one of many using a shared script.
Rug Pulls
What Is a Rug Pull?
A rug pull occurs when the developers of a cryptocurrency project — typically a new DeFi protocol or token — abandon the project and run away with investor funds. The term comes from the image of pulling the rug from under investors’ feet.
How to Spot a Rug Pull Before It Happens
| Warning Sign | What It Means |
|---|---|
| Anonymous team with no verifiable identities | Developers can disappear without accountability |
| No smart contract audit from a reputable firm | Code may contain backdoors or theft mechanisms |
| Liquidity not locked | Developers can withdraw all liquidity instantly |
| Extremely high APY promises (1000%+) | Unsustainable and designed to attract quick money |
| Token launched with heavy celebrity/influencer promotion | Paid shills getting paid to pump before the dump |
| No whitepaper or technical documentation | No legitimate project vision exists |
| Social media channels created days or weeks ago | Brand new project with no track record |
Legitimate DeFi projects lock their liquidity for a defined period (check using DEXTools or Token Sniffer). They have public, verifiable teams or have undergone third-party security audits. Extraordinary yield promises are almost always either unsustainable tokenomics or outright fraud.
Fake Job Offers Involving Crypto
How This Scam Works
Job scam variations targeting crypto holders have multiplied sharply. Common formats include:
Fake crypto tester jobs: You are offered a position “testing” a crypto exchange platform. The job involves receiving crypto to your wallet and forwarding it to another address. This is money laundering, and you can face criminal charges regardless of whether you knew.
Work-from-home crypto jobs: An employer asks you to purchase crypto using your own funds and transfer it as part of your “duties.” They promise reimbursement that never comes.
Fake influencer/social media jobs: You are paid to promote fraudulent platforms, often without being told what you are promoting.
Any job that involves handling cryptocurrency, purchasing crypto, or accessing crypto platforms as part of the role should be scrutinised heavily. Verify the company through independent sources, not just information the recruiter provides.
Pump and Dump Schemes
How Pump and Dump Works
A coordinated group — often organised through Telegram or Discord — accumulates a large position in a low-cap, low-liquidity cryptocurrency. They then aggressively promote the coin through social media, fake news articles, and coordinated messaging, driving up the price. Once enough new buyers have pushed the price high, the original group sells their position (“dumps”), the price collapses, and late buyers are left holding worthless tokens.
This pattern repeats constantly with new coins. Signals that a coin is being pumped:
- Sudden massive price spike with no fundamental news
- Heavy promotion from anonymous social media accounts simultaneously
- Coordinated messaging in Telegram groups calling it the “next 100x”
- Very low market cap and thin trading volume before the spike
By the time a pump is obvious, the dump has usually already begun. Chasing pumps is how retail investors become exit liquidity for organised criminal groups.
Impersonation Scams
Fake Ledger and MetaMask Support
Ledger, MetaMask, and other hardware and software wallet providers have no outbound customer support that contacts users via DM. Despite this, scammers flood Twitter/X, Reddit, Discord, and Telegram posing as support agents for these companies.
The pattern is consistent: you post about a problem with your wallet, and within minutes you receive DMs from “support” accounts offering to help. The conversation eventually leads to a request for your seed phrase, private key, or a request to visit a website and connect your wallet.
Ledger will never DM you. MetaMask will never DM you. No wallet company will ever ask for your seed phrase. Engage only with official support channels linked from the project’s official website.
Government/Tax Authority Impersonation
Scammers pose as HMRC, the IRS, or crypto regulatory bodies claiming you owe taxes or have been flagged for investigation. They demand immediate payment in crypto to avoid arrest or account seizure. Government agencies do not contact taxpayers via social media DM and do not accept cryptocurrency as payment for tax debts.
Approval Phishing
The Most Technically Dangerous Scam
When you connect your wallet to a DApp and approve a token transaction, you may be granting that contract the right to spend tokens on your behalf — potentially without limit. Malicious DApps disguise these “approval” requests to look like routine interactions.
Once granted, an approval can be used at any time to drain your entire balance of a particular token. You do not need to take any further action — the approval sits dormant until the malicious contract sweeps your wallet.
Mitigation: Regularly audit all active approvals using revoke.cash. Before connecting your wallet to any DApp or approving any transaction, verify the site’s legitimacy through the project’s official channels. Use a separate “hot wallet” with minimal funds for interacting with new or unverified DApps.
Crypto Recovery Scams
If you have already been scammed, be aware of the secondary scam targeting victims. “Crypto recovery services” advertise — on social media, Google, and forums — that they can recover stolen funds using blockchain forensics, legal pressure, or “hacker” contacts.
These are nearly always scams. They charge upfront fees (sometimes thousands of dollars) and deliver nothing. Some will string victims along for months, extracting payment after payment.
The hard truth is that crypto transactions are irreversible by design. In most cases, stolen cryptocurrency cannot be recovered. Legitimate avenues — reporting to Action Fraud (UK), the FBI’s IC3 (US), or your country’s financial crime authority — are free and the only realistic routes to any possible action.
What to Do If You Have Been Scammed
Immediate Steps
Can You Get Your Crypto Back?
Almost never. Blockchain transactions are irreversible by design. If funds were sent to a scammer’s wallet, they cannot be reversed. If the scammer used a centralised exchange to receive funds and that exchange is willing to cooperate with law enforcement, there is a small chance of account freezing — but this is rare and slow.
Some victims have reported partial recovery through civil litigation in cases where the scammer’s identity was established, but this is expensive and uncertain. The most honest answer is: prevention is the only reliable protection.
FAQ
Q: Is every crypto investment promising high returns a scam?
A: Not every high-return claim is fraudulent, but any guaranteed returns are a red flag. Crypto markets are volatile, and no legitimate investment can guarantee consistent returns. Be especially suspicious of any platform promising steady daily or weekly percentages.
Q: Someone is asking me to pay fees to withdraw my funds — should I pay?
A: No. This is an almost universal feature of scam platforms. Legitimate exchanges never require upfront payment of “taxes” or “fees” before processing withdrawals — any such fees are deducted from your balance. Paying these demanded fees will not result in a withdrawal; it will result in more demands.
Q: I connected my wallet to a site that now seems suspicious. What should I do?
A: Visit revoke.cash immediately and revoke all token approvals granted to that site’s contract address. Then move your funds to a fresh wallet with a new seed phrase as a precaution.
Q: How do rug pull developers take the money?
A: Typically by withdrawing liquidity from the trading pool (if LP tokens were not locked), through a mint function in the smart contract that lets them create unlimited tokens and dump them, or simply by controlling a large allocation of tokens that they sell when the price is pumped.
Q: Can the police do anything about crypto scams?
A: Law enforcement has had some successes, particularly with large operations, but individual cases are difficult to pursue due to anonymity and cross-border jurisdiction. Reporting is still important — it contributes to pattern identification and occasional large takedowns — but do not expect swift individual resolution.
Related guides:
