How Not to Get Scammed in Crypto
Crypto has no chargebacks, no fraud department and no second chances. A field guide to how the cons work — and how to keep your money.

The first thing to understand about crypto crime is that the technology is working exactly as designed. A blockchain is a machine for moving value without a middleman to ask permission or undo a mistake. That is the whole point of it—and it is also why, once money leaves your wallet, it is gone. There is no bank to call, no chargeback to file, no fraud department staffed by someone who might take pity on you. In ordinary finance, friction protects the careless. In crypto there is no friction, and so protection becomes a job you have to do yourself.
The numbers make the case plainly. In 2023 the FBI's Internet Crime Complaint Center logged $5.6bn of crypto-related fraud in America alone, up 45% on the year before—and that counts only the victims who came forward. The real figure is a large multiple of it. Crypto did not invent the confidence trick; it merely stripped out the safeguards, added anonymity and made the getaway instant. The result is the most efficient machine for parting people from their money yet built.
The consoling news is that the cons themselves are not clever. They are old frauds in new packaging, and once you can name them you can see them coming.
A tour of the cons
Most losses fall into a handful of buckets. The rug pull is the classic: a team launches a token, markets it relentlessly, waits for buyers to pile in and then drains the liquidity and disappears. The wallet that was full at breakfast is empty by lunch. Its close relative, the honeypot, lets you buy a token freely but quietly forbids you from ever selling it.
The drainer has become the industry's workhorse. You are lured to a polished website—a fake airdrop, a token "mint," a pixel-perfect copy of a real exchange—and invited to connect your wallet and approve a transaction. The transaction is never quite what it looks like: the signature hands a stranger standing permission to sweep your tokens whenever they choose. You have not been hacked. You have signed. Sites like these are routinely bought as advertisements at the very top of Google's search results, above the genuine article.
Then there are the fake platforms: an exchange or trading app that looks flawless, credits your deposit, even shows your balance ticking up in profit. Everything works—until you try to withdraw, at which point there is a "tax," a "fee," a "verification deposit," and then silence. The balance was always just a number on a screen the scammer controlled.
Impersonation oils all of it. The "support agent" who appears in your direct messages moments after you post about a problem works for no one. The founder offering to double any coins you send him is a photograph with a blue tick. The friend messaging about an opportunity you would be mad to miss has had his account stolen. One rule will save you more money than any other: nobody legitimate ever contacts you first.
The cruelest of the modern frauds is "pig butchering," a blunt translation of the Chinese sha zhu pan—the victim is fattened before slaughter. It begins not with a coin but with a person: a warm, unhurried stranger from a dating app, or a "wrong number" text that softens into weeks of friendship or romance. Only later come the investment tips, the plausible trading platform, the small withdrawal that succeeds to build trust, and at last the large deposit that vanishes. These are not lone opportunists but industrial operations, many run from compounds staffed by trafficked workers, and they have taken billions from people who were certain they were far too sharp to be fooled.
Why clever people still fall
It is tempting to file all this under stupidity and assume yourself immune. That assumption is precisely the vulnerability. Scams do not target intelligence; they target instinct—hope, trust, the fear of missing out, the reluctance to walk away from money already sunk. A good con does not feel like a con. It feels like luck, or love, or a tip from someone who likes you. The people who lose the most are frequently the confident ones, because confidence is what stops you asking the second question. Humility is a security feature.
The red flags
Fraud has a grammar, and it repeats. Treat the appearance of any one of these as a reason to stop and breathe:
- Urgency. "Only 100 spots," "ends in an hour," "act now." Haste is the scammer's favorite tool, because it is the enemy of thought.
- Guaranteed returns. They do not exist. Anyone promising fixed profits, doubled deposits or "risk-free" yield is describing a Ponzi, whether or not they know it.
- Unsolicited contact. The message you did not ask for, from support you did not call, about a prize you never entered.
- A request to "verify," "sync" or "validate" your wallet. In practice these words mean "sign a transaction I control."
- Anyone asking for your recovery phrase. This is the whole game, and it deserves its own rule.
How to keep your coins
Security in crypto is not a product you can buy; it is a set of habits. Four of them do most of the work.
Guard your recovery phrase with your life. The twelve or twenty-four words that back up a wallet are the wallet. Whoever holds them holds your money, permanently and irreversibly. No exchange, wallet, moderator or support desk will ever need them—not to help you, not to "verify" you, not for any reason that has existed in the history of the technology. Write them on paper, keep them offline, and type them into nothing.
Keep serious money in cold storage. A hardware wallet holds your keys on a device that never touches the internet, so even a thoroughly compromised computer cannot sign your funds away. Buy it from the manufacturer, never second-hand, and treat the hot wallet in your browser the way you treat the cash in your pocket—handy, and expendable.
Verify everything, then verify it again. Type exchange addresses by hand instead of following links. Read the URL character by character. Check a project's contract address against its official channels before you go near it. The extra thirty seconds is the cheapest insurance you will ever buy.
Prune your approvals. Every "connect wallet" can leave a standing permission behind, and a permission you granted last year to a site since abandoned is a door left unlocked. Use a revocation tool now and then to shut the ones you no longer use.
The scammer's entire business rests on one bet: that you will act before you think. Declining that bet, every single time, is most of the battle.
If it happens anyway
Move quickly, but do not freeze. Send any remaining funds to a fresh wallet the attacker has never touched. Revoke the malicious approval so it cannot take what is left. Write down everything—wallet addresses, transaction hashes, screenshots, links—because that record is what lets others trace the money and warn the next person in line.
And then brace for the second wave. Victims are quickly circled by "recovery" scammers—agents, "cyber-forensics firms," even fake officials—who promise to claw your funds back for an upfront fee. They are the same predators in a different coat, and they are betting on your desperation. Nobody can reverse a blockchain transaction. Anyone who says otherwise, for money, is scamming you twice.
The case for company
This is the reason a place like this exists. A scam posted to Scam Reports & Warnings becomes a warning that saves the next person; a project taken apart in Due Diligence & Research is one less rug for anyone to step on. The blockchain will not look after you, and the platforms have little reason to. People who have already paid the tuition, pooling what they learned, still can.
Crypto asks something unusual of its users: to be their own bank, their own security desk and their own last line of defense. It is a great deal to carry alone. The whole point of a forum is that you do not have to.