Cryptocurrency offers life-changing opportunities, but it also attracts sophisticated criminals. In 2025 alone, over $12 billion was lost to crypto scams globally, according to Chainalysis — and 2026 is on track to exceed that. The most heartbreaking part? Most victims could have avoided the loss with basic knowledge of how these scams operate. This guide breaks down the 10 most common crypto scams in 2026, complete with real-world red flags, psychological manipulation tactics, and step‑by‑step prevention measures. Whether you're a beginner or a seasoned holder, reading this could save your entire portfolio.
Essential Security Reading
- Pig Butchering (Romance + Investment Scam)
- Approval Phishing / Wallet Drainer Attacks
- Rug Pulls (Malicious Token Launches)
- Fake Exchanges & Impersonation Websites
- Honeypot Tokens (You Can Buy But Not Sell)
- Yield Farming Ponzis & Fake DeFi Protocols
- Fake Hardware Wallets & Supply Chain Attacks
- Telegram Pump & Dump Groups
- Celebrity Endorsement & Giveaway Scams
- SIM Swap Attacks (Phone Number Takeover)
🐷 1. Pig Butchering (Romance + Investment Scam)
How it works: Scammers build a fake romantic relationship with you over weeks or months (via dating apps, Instagram, WhatsApp). Once trust is established, they casually mention a "great crypto investment opportunity" they're using. They direct you to a fake trading platform that looks real. Your first small withdrawal works to build confidence. When you invest large amounts, the platform shows huge "profits" but any withdrawal request is met with endless fees or the site disappears entirely.
Red flags: The person refuses video calls, has a vague or inconsistent backstory, and pushes you to invest quickly. The "exchange" URL is odd (e.g., "binance-ai-trade.com") and not the real domain.
Real-world case (2025)
A California woman lost $1.2 million over 4 months to a "crypto trader" she met on Tinder. The fake platform showed her balance growing to $4.5 million, but when she tried to withdraw, she was told to pay $200k in "taxes" first — which she did, then the site vanished.
How to avoid: Never send crypto to someone you haven't met in person. Verify any trading platform independently (search for "
🪤 2. Approval Phishing (Wallet Drainer Attacks)
How it works: You receive a tempting offer: a free NFT mint, a fake airdrop, or a "wallet validation" link. You connect your wallet (MetaMask, Trust Wallet) and sign a transaction that looks harmless but actually grants the scammer unlimited spending approval on your tokens. Within minutes, your entire wallet is drained. These attacks use wallet drainer malware-as-a-service sold on Telegram for as little as $1,000.
Red flags: Unsolicited NFT mints, "claim your rewards" pop-ups on Discord, and any site that asks you to "verify" your wallet by signing a transaction.
Learn to use Revoke.cash and other tools to audit and revoke malicious token approvals before it's too late.
How to avoid: Never sign a transaction from an untrusted site. Use a dedicated "burner wallet" for NFT mints and low‑trust interactions. Regularly check and revoke token approvals at Revoke.cash. Hardware wallets can't protect you if you sign a malicious approval — the transaction is authorised.
🧨 3. Rug Pulls (Malicious Token Launches)
How it works: Scammers create a new token, hype it on social media (often with paid influencers), and build a DEX liquidity pool. After enough victims buy, the developer removes all liquidity (or mints unlimited tokens and sells them), crashing the price to zero. The total value locked (TVL) disappears overnight.
Red flags: The token contract hasn't been audited, liquidity isn't locked, the team is anonymous, and the marketing screams "1000x" with no clear utility.
📊 Rug Pull Red Flags Quick Checklist
| Red Flag | What to check |
|---|---|
| Liquidity not locked | Use DEXTools or RugDoc to verify LP lock |
| Mint function not renounced | Check contract code for "mint" or "owner" functions |
| High sell tax (e.g., >10%) | Simulate a sell with a small amount first |
| Team tokens unlocked | Look for vesting schedule on tokenomics page |
How to avoid: Only buy tokens that have a public, reputable audit (by CertiK, Hacken, or similar). Verify that liquidity is locked for at least 6‑12 months on a service like Unicrypt. For a complete guide, see our smart contract rug pull red flags guide.
🏦 4. Fake Exchanges & Impersonation Websites
How it works: Scammers create perfect copies of Binance, Coinbase, or Bybit — often using a slightly misspelled domain like "binance-verify[.]com". They promote these sites via Google ads (buying keywords like "Binance login") or phishing emails. When you enter your credentials, they steal your login and API keys. Some even ask you to deposit funds and then block withdrawals.
Red flags: The URL doesn't match the official domain (always double‑check). The site has poor English, no 2FA support, or asks for your seed phrase (legitimate exchanges never ask for seed phrases).
How to avoid: Bookmark the real exchange URLs. Never click on links from emails or Google ads — type the address manually. Enable 2FA using an authenticator app (Google Authenticator, Authy), never SMS. Use a password manager to auto‑fill, as it won't work on fake domains.
🍯 5. Honeypot Tokens (You Can Buy But Not Sell)
How it works: A token's smart contract includes a hidden function that blocks all sell orders except for the scammer's wallet. Victims see the price rising, but when they try to sell, the transaction fails. The scammer gradually sells into the fake liquidity, pocketing all the money.
Red flags: The token has a very low number of holders but high trading volume. You can check on DEXtools or Honeypot.is: if the "can sell" test returns false, it's a honeypot.
How to avoid: Always test with a tiny buy and sell before investing more. Use Honeypot.is or Token Sniffer to analyse the contract. Avoid tokens that have been deployed less than 24 hours without a verified audit.
🌾 6. Yield Farming Ponzis & Fake DeFi Protocols
How it works: A new DeFi protocol offers impossibly high APY (e.g., 5% per day). Early investors are paid with the deposits of new investors — a classic Ponzi. When new deposits slow down, the creator disappears with the remaining funds. Some even use flashloan attacks to manipulate the price and drain the pools.
Red flags: Unverified contracts, anonymous team, no audit, and APY that's significantly higher than established protocols (Aave, Compound, Morpho).
How to avoid: Stick to well‑known DeFi protocols with years of track record. Check the protocol's TVL (total value locked) on DeFiLlama — if it's under $10 million and launched last week, be extremely cautious. Read our guide on crypto rug pulls and ponzi red flags for more detail.
🔌 7. Fake Hardware Wallets & Supply Chain Attacks
How it works: Scammers sell counterfeit Ledger, Trezor, or SafePal wallets on Amazon, eBay, or third‑party marketplaces. These devices either come with a pre‑configured seed phrase (that the scammer knows) or have modified firmware that sends your private keys to the attacker when you set it up.
Red flags: The packaging looks off, the device has no tamper‑evident seal, or it comes with a pre‑printed seed phrase card (a legitimate device never includes a pre‑generated seed).
How to verify a hardware wallet
Always buy directly from the manufacturer (Ledger.com, Trezor.io). When you receive it, check the tamper‑evident seal. During setup, let the device generate a fresh seed phrase — never use a pre‑provided one. After setup, test with a small amount before transferring large funds. For a full walkthrough, see our hardware wallet setup guide (Ledger vs Trezor vs Coldcard).
📱 8. Telegram Pump & Dump Groups
How it works: You join a Telegram channel promising "insider signals" that will make you rich. The group admins announce a specific coin to buy at an exact time. Hundreds of members buy simultaneously, briefly pumping the price. But the admins and their inner circle sold before the group — they dump on you. The coin crashes, and you're left holding worthless bags.
Red flags: Groups that require a subscription fee, use countdown timers, or claim "guaranteed 10x". Legitimate trading groups don't need to pump low‑liquidity microcaps.
How to avoid: Understand that if a coin is being pumped on Telegram, you are the exit liquidity. Avoid any "signal" that asks you to buy at a specific second. For more on this, read our piece on crypto market manipulation detection.
🌟 9. Celebrity Endorsement & Giveaway Scams
How it works: Scammers hack verified X (Twitter), YouTube, or Instagram accounts of famous people (Elon Musk, Vitalik Buterin, MrBeast). They post: "I'm giving back to the community — send 1 ETH to this address and I'll send back 2 ETH!" The fake promise of doubling your money exploits greed and urgency. Hundreds of victims send crypto, and the scammer never sends anything back.
Red flags: Any "send X, receive 2X" offer. No legitimate celebrity or company runs a crypto giveaway like that. Also, look for slightly misspelled account handles.
How to avoid: If it sounds too good to be true, it is. Never send crypto to an address you see in a YouTube comment or Twitter reply. Legitimate airdrops never ask you to send funds first. Bookmark official project announcements.
📲 10. SIM Swap Attacks (Phone Number Takeover)
How it works: A scammer calls your mobile carrier, impersonates you, and convinces them to transfer your phone number to a SIM card they control. Once they have your number, they reset passwords on your exchange accounts, bypass SMS 2FA, and drain your funds. This is especially dangerous if you use SMS for authentication.
Red flags: Sudden loss of cell service ("No Service") without explanation — this often means your SIM has been swapped. Also, unexpected password reset emails.
Learn how to add a porting lock, use authenticator apps, and protect your mobile account.
How to avoid: Never use SMS as your primary 2FA — use Google Authenticator, Authy, or a hardware key (YubiKey). Contact your mobile carrier and ask for a "port‑out PIN" or "number lock" feature. Keep a separate email for crypto exchanges that isn't linked to your phone number.
🛡️ Universal Crypto Protection Checklist (2026)
Regardless of the scam type, these seven habits will dramatically reduce your risk:
- Use a hardware wallet for any crypto over $1,000. Never store large amounts on exchanges or hot wallets.
- Never share your seed phrase with anyone — not even "support". No legitimate service will ever ask for it.
- Revoke token approvals regularly using Revoke.cash or Rabby Wallet's approval manager.
- Bookmark official URLs for exchanges, DeFi protocols, and block explorers. Double‑check before connecting your wallet.
- Use a dedicated "burner" wallet for NFT mints, testnet airdrops, and new DeFi protocols you don't fully trust.
- Enable 2FA with an authenticator app — never SMS. Use a YubiKey for the most critical accounts.
- Slow down. Scammers create urgency. If someone pressures you to "act now", it's almost certainly a scam.
For deeper dives into specific threats, explore our comprehensive security guides: Wallet Drainer Attacks, Rug Pull Red Flags, and Multisig Wallets for Advanced Security.