Top 19 Crypto Scams in 2024: How to Avoid Them (Updated)

Cryptocurrency has revolutionized the way we perceive and interact with money, but with great innovation comes great responsibility. The digital landscape is riddled with scams and fraudsters eager to prey on unsuspecting investors. Protecting your hard-earned digital assets requires vigilance, research, and secure practices. In this post, we will explore the various types of crypto scams, offer essential tips on how to avoid crypto scams and provide guidance on reporting and recovering from scams.

Key takeaways:

• Crypto scams are becoming more rampant due to their lucrative value, with the biggest cryptocurrency heist to date in 2022 — the Ronin Network hack.

• Some of the most common crypto scams include phony crypto exchanges, app frauds, phishing, pump-and-dump, Ponzi schemes, business opportunity scams, and the latest scams like crypto job listing scams.

• One of the easiest ways to spot and avoid cryptocurrency scams is by identifying the project background.

Recognizing Common Crypto Scams

Crypto scams come in various forms, each meticulously designed to part you from your digital assets. The tactics employed by crypto scammers are as diverse as they are dangerous. It’s important to stay vigilant and educate yourself about these scams to protect your assets.

Understanding how these scams operate and learning to recognize red flags are key steps toward safeguarding your assets.

Fraudulent Cryptocurrencies

One easily identifiable scam is fake cryptocurrency projects. These projects usually identify themselves as alternative options to more significant cryptocurrencies. For example, a cryptocurrency may claim to be an upcoming fork of an established cryptocurrency, such as Ethereum (ETH), or simply a new cryptocurrency from the parent company of Ethereum. They lure you into getting interested in it since crypto, such as Ethereum is booming, but at the same time, it might be a little late to invest in ETH for large profits. 

Many people are not aware of how cryptocurrencies even work. But they’re willing to invest due to “fear of missing out” (FOMO). Once the people behind this bogus cryptocurrency feel they have taken enough money, they can transfer all the crypto investments into their bank accounts and quickly shut down the fraudulent project, leaving the “investors” without their assets.

A relevant example was My Big Coin, a fake cryptocurrency that saw $6 million stolen from investors who believed it was real.

Phony Exchanges

Another common crypto scam is bogus exchanges. These fake exchanges build a reputation among cryptocurrency communities by claiming they’re legit, as well as offering seemingly lucrative staking yields and airdrops than legitimate exchanges. Shortly after investors buy in, they can never get a hold of these coins. Instead, these fake exchanges often went missing and remained uncontactable.

For example, BitKRX convinced many people that they were one of the biggest cryptocurrency exchanges of the decade, resulting in the large-scale theft of people’s money. The scammer of the exchange was then reprimanded by the local government authorities in South Korea in 2017.

Pump-and-Dump Schemes

Pump-and-Dump schemes originate in the stock market. The main idea behind a pump-and-dump is that an asset is predicted to have a future increase in its price so that people will invest at a lower price. This automatically drives the product's price to increase as demand starts exceeding supply. Once the individual/group behind the pump-and-dump scheme makes enough money, they “dump” the project. 

Inspired by significant cryptocurrencies such as Bitcoin (BTC), investors attempt to hype up and promote fake plans about a cryptocurrency to more buy-in from the public. As a result, people begin investing in that cryptocurrency, believing that its prices will surge based on seemingly strong fundamentals. However, once they realize the “innovative” plans were a hoax, the cryptocurrency is dumped, resulting in substantial financial losses for everyone involved — except the con artist behind the scheme.

Visual representation of pump-and-dump. Source: The Wall Street Journal

P2P Trading Scams

When trading crypto on exchanges that offer peer-to-peer (P2P) trading services, be aware that P2P scams can occur if the seller attempts to skirt the exchange’s escrow system by making an external transaction with the buyer. After the seller receives the buyer’s payment, the scammer pretends the transaction didn’t go through and refuses to keep their end of the bargain.

Learn more: How to Avoid P2P Trading Scams 

Fake Apps

App fraud involves malicious apps that steal funds or personal information from unsuspecting users. Scammers may create fake crypto trading apps or exploit popular platforms to deceive victims. Fake apps are often swiftly detected and removed from official app stores; however, thousands may have already fallen prey to their schemes.

These apps are usually based on existing apps, and only a letter may differ in the name so that people get tricked into thinking they’re genuine. Once these apps are downloaded, they can introduce malware to your device or steal your data once you enter your private information. Exercising caution when downloading apps, assessing reviews, and verifying the legitimacy of the app’s developer can help prevent you from falling victim to these scams.

Ponzi Schemes

The idea behind a Ponzi scheme is that a fundraiser finds two investors and lures them into giving him money so that they can “double” their investment. To do so, the con artist finds another four investors who, in turn, provide the same amount of money, allowing the scammer to “make good” on his promise to the first two investors. And to return the money to all four investors, the con artist scams another eight people, then another sixteen, and so on. 

The implication is that the person behind the Ponzi scheme does not actually invest the money he collected from investors but rather steals it using the money of subsequent investors to pay back each round of investors. For example, BitClub Network was one of the biggest Ponzi schemes in the crypto world, in which three people managed to run a scheme worth more than $700 million. Thankfully, the men involved were caught and arrested by government officials. However, the investors involved never got their investments.

Exit Scams

Most cryptocurrencies raise their funds for developing their projects through an initial coin offering (ICO). ICOs can be private or public, depending on the team behind the project. With ICOs, the price of tokens or coins is lower than anticipated once it is released into the crypto market. Hence, investors use this opportunity to buy a lot of coins through the ICO while the funds for the project are raised. 

However, once these ICOs have been held, the people behind the project can shut down and keep the money for themselves. This is known as an exit scam. Since the main idea of cryptocurrencies is anonymity, it can be hard to trace the scammers behind the ICO. This makes exit scams one of the most dangerous online.

DeFi Scams

Decentralized Finance (DeFi) highly relies on smart contracts to make these services possible. Everyday use of DeFi is yield farming. Like staking, yield farming enables you to lend some of the coins you own to earn more coins through interest rates. 

However, since anyone can launch their own DeFi project, DeFi scams can also be created. These projects seem to offer you higher interest rates if you lend out your money — but the person behind the project never returns your coins. Another classic scam in the DeFi space is rug pull involving a project creator to suddenly withdraws all the funds invested by users.

All of these scams are carried out through the manipulation of the smart contract code or through the hidden mechanisms that allow them to drain liquidity. This leaves investors with worthless tokens or completely empty wallets.

Phishing Scams

Phishing means sending fraudulent emails to people to induce them to give out personal information such as telephone numbers, social security numbers, and crypto account numbers.

For instance, scammers would claim to be from the legitimate company that manufactures Ledger wallets and send you an email claiming that there are some issues with your assets, and the only way to resolve these issues is by telling these folks your Seed Phrase and password. While most people might not fall for these scams, some still do, resulting in significant financial losses for them.

Authorized Push Payment Scams

Authorized Push Payment (APP) scams occur when a fraudster tricks a victim into initiating a cryptocurrency transaction to an account controlled by the fraudster. This type of fraud is particularly prevalent in the cryptocurrency space due to the anonymity and irreversibility of cryptocurrency transactions. 

For example, scammers could promise to offer investment opportunities that are too good to be true with a well-prepared proposal to trick users into a partnership. It is usually carried out when scammers offer subscription-based services or trading signal services with proven insider information for a crypto price movement or price prediction for the next bull runs. They then manipulate the trading charts by placing their own trades to fabricate the results, creating an illusion of a success prediction.

Fake Crypto Job Listing Scams

One of the most common crypto scams in 2023 involves fake crypto job listings, even on legitimate websites like LinkedIn. Scammers target individuals seeking employment in the crypto industry by taking advantage of job seekers' desire to work in this rapidly growing field. They sell their personal data, deceiving them into paying agent fees and such by delivering empty promises.

Claim Free Crypto Scams

Many fraudsters exploit the trust of unsuspecting individuals by distributing private keys to wallets supposedly containing valuable digital assets. These keys are often disseminated to various recipients through various channels.

The scammers lure victims with the promise of free cryptocurrency. Upon accessing the wallet with the provided key, individuals may observe a substantial balance. This entices them to attempt to transfer the funds to their wallets. However, the malicious wallets lack the necessary "gas" – a fee to process transactions on the blockchain network. 

Many fraudsters exploit the trust of unsuspecting individuals by distributing private keys to wallets supposedly containing valuable digital assets. These keys are often disseminated to various recipients through various channels.

The Duplication Scam

The duplication scams are famous among gamers who prey on users who desire quick and easy returns. The scheme operates on a straightforward premise: fraudsters promise to double your cryptocurrency holdings if you send them an agreed amount. 

They might entice you with an offer like "send 1 ETH and get 2 ETHs back!"  While the allure of doubling your investment can be strong, this is a classic case of deception. 

Once you send your cryptocurrency to the scammer's address, you'll never see it again. It's a simple yet effective scheme that thrives on the victim's hope of easy gains, leaving them with no recourse to recover their lost funds.

Free Airdrop Scams

Malicious actors may attempt to exploit users with unsolicited airdrops of seemingly valuable tokens. These tokens are distributed to random wallet addresses to entice recipients to engage further.

Be cautious if you receive an unexpected airdrop. Scammers may employ malicious code within the token's smart contract or the decentralized exchange (DEX) used for trading. This code could grant them unauthorized access to your wallet and steal your cryptocurrency holdings if you attempt to swap the airdropped tokens.

It's crucial to exercise vigilance with airdrops. Only interact with tokens from reputable sources within the cryptocurrency ecosystem and verify any claims before proceeding.

Here’s an example of the scam:

It is always wise to avoid interacting with suspicious traders or wallet addresses. Treat unexpected airdrops skeptically, especially if you’ve never heard of the tokens. Always conduct thorough research to determine the legitimacy of the project and the value of the tokens. Using a reputable cryptocurrency aggregator like CoinGecko can help to verify the token’s market valuation. 

Fake Celebrity Endorsements

A recent example involved the creation of a fake Elon Musk account used to promote a malicious cryptocurrency project. Beyond creating false personas, scammers may also target genuine influencer accounts. Incidents like the September 2023 hack of Vitalik Buterin's Twitter account, a prominent figure in the cryptocurrency community, highlight this tactic. By compromising legitimate profiles, scammers can disseminate malicious links and further perpetuate their deception.

The scammers lure victims with the promise of free cryptocurrency. Upon accessing the wallet with the provided key, individuals may observe a substantial balance. This entices them to attempt to transfer the funds to their wallets. However, the malicious wallets lack the necessary "gas" – a fee to process transactions on the blockchain network. 

One way to avoid falling into these traps is to resist succumbing to the fear of missing out (FOMO) on purported investment opportunities. Avoid making impulsive decisions based on celebrity endorsements or social media hype, and instead prioritize rational decision-making grounded in thorough research and due diligence.

Crypto Romance Scams

The sophisticated twist on traditional romance scams is a concerning development that has emerged in cryptocurrency. Perpetrators establish seemingly genuine emotional connections with victims, exploiting their trust and affection. Once rapport is built, the scammer maneuvers the victim into transferring cryptocurrency under false pretenses. These fabricated scenarios may involve claims of urgent family needs or lucrative, albeit fictitious, investment opportunities.

Furthermore, fraudsters have infiltrated online communities like Discord servers and Telegram groups, employing a tactic known as the "crypto bromance scam." Here, scammers position themselves as knowledgeable crypto enthusiasts, cultivating trust with victims by offering seemingly helpful advice. When the victim feels comfortable, the scammer exploits this trust to either elicit their private keys or manipulate them into actions that ultimately drain their cryptocurrency wallets.

Crypto Mining Scams

Perpetrators of cryptocurrency mining scams frequently impersonate representatives of well-regarded entities within the industry, such as MetaMask (MEW) or Enkrypt.  

Alternatively, they may initiate contact by feigning a friendly and trusting rapport, and these individuals then entice unsuspecting victims with the promise of significant wealth generation through purportedly lucrative cryptocurrency mining programs. To make these opportunities appear especially attractive, they offer unrealistically high Annual Percentage Rates (APR) as returns on investment. Once victims deposit funds into the designated website, the funds disappear entirely, leaving them with no recourse.

Unfortunately, the exploitation often doesn't end there. Scammers may employ a variety of tactics to extract even more money from their targets. A common ploy involves claiming that deposited funds are now locked within the platform and require an additional security deposit to be fully accessible. Once victims comply with this initial "unlock fee," scammers may fabricate excuses, such as overpayment or underpayment discrepancies. These fabricated issues are then used to justify demands for further deposits to rectify the supposed errors. This cycle can continue indefinitely, with scammers inventing increasingly elaborate pretexts to withhold the promised returns.  

All the while, they are surreptitiously siphoning cryptocurrency directly into their own wallets. Because these transactions typically occur within self-custodial wallets, victims often do not realize the deception until it is too late.  This delay allows scammers to abscond with the stolen funds and evade detection due to the decentralized nature of cryptocurrency transactions.

If you ever find that your funds are unexpectedly locked in a protocol and subsequent deposits are requested to be released, refrain from making further investments. This is a red flag signaling potential scam activity, and additional deposits are likely to exacerbate losses rather than yield returns.

Address Poisoning

Address poisoning exploits a common user behavior in cryptocurrency transactions: copying and pasting wallet addresses. This tactic leverages software to generate addresses that closely resemble legitimate ones, targeting victims who rely on their wallet's recent activity for quick reference.

Scammers frequently identify used addresses in a user's transaction history. They then employ software to create a spoofed address with a high degree of similarity to the legitimate one, often differing by only a few characters at the beginning or end (areas prominently displayed in most wallets). To further the deception, a negligible amount of cryptocurrency might be sent to this fraudulent address, causing it to appear alongside the intended recipient in the recent activity list.

So when a user copies and pastes an address from their recent activity without carefully verifying the entire string, they risk unknowingly sending funds to the scammer's address. Due to the immutable nature of blockchain transactions, these lost funds are irretrievable.

Account Impersonation

A concerning trend within cryptocurrency communities on platforms like Telegram and Discord involves deceptive impersonation tactics. Malicious actors create usernames that closely mirror those of legitimate administrators or users. This similarity can make it difficult to discern authentic accounts from fraudulent ones.

These impersonators often initiate contact with unsuspecting individuals under the pretense of offering assistance or guidance, particularly in response to publicly expressed inquiries. However, their true objective is either to gain unauthorized access to user accounts or to lure them away from the secure platform environment. Once lured away, these individuals become vulnerable to phishing attacks or other fraudulent schemes.

However, here are some ways you can protect yourself: 

1. Check the username and info: Scammers may use the real username in the "info" section of their profile to mislead users, while usernames are unique, as shown in the picture above. Pay close attention to this information and cross-reference it with other details to verify the account's authenticity.

2. Check for spelling mistakes: Search the account name for any misspellings or subtle letter swaps, particularly in admin names. Be wary if the username and screen name do not match, as this could indicate an attempt to mimic a legitimate account.

3. Beware of direct messages: Exercise caution if an admin or user contacts you via direct message instead of posting publicly in the group. Scammers prefer direct messages as they make it more challenging to verify the sender's identity.

4. Use Bybit’s verification tool: For example, Bybit community ambassadors and admins will never initiate contact with clients. If someone claiming to represent Bybit initiates contact, exercise caution and verify their identity before engaging further. You can always verify Authentic Bybit employee identity withBybit Verification tool.

Twitter (X) Crypto Scam Tactics

Scammers often exploit social media platforms like Twitter (X) to target users through deceptive tactics. One common scheme involves scammer comments on posts made by popular Key Opinion Leaders (KOLs) or influencers. These comments typically promise lucrative airdrops or claim to offer automated trading bots that generate risk-free profits. Additionally, scammers frequently disable comments on their posts or replies, preventing legitimate users from warning others about the scam and further isolating potential victims. In reality, these are scams aimed at tricking users into visiting malicious websites or connecting their wallets, ultimately leading to the loss of their funds.

How to Spot Crypto Scams

Let’s look at some red flags that indicate a crypto scam is taking place.

Too Good to Be True?

If something sounds too good to be true, then it probably is. This is usually the case with pump-and-dump scams, but not limited to these. DeFi projects can offer you yield farming rates much higher than usual ones. High rates are usually red flags — because the project can be a scam, and the person behind the project is simply looking to convince you to invest more money.

Another red flag is a word like “guaranteed” since nothing is guaranteed regarding investments, especially volatile investments such as cryptocurrencies. 

Project Legitimacy

There are a lot of aspects that lend a project legitimacy. The first one is its founders. If the founders are known, the project is less likely to be bogus. Of course, Bitcoin’s Satoshi Nakamoto is an exception (in name only), but most cryptocurrencies have a known founder or parent company.

The second thing to remember is whether the project has a legit, secure website and social media platform. If the answer is yes, you should check how they engage with their community and look for suspicious, unusual responses.

Lastly, it would be best if you looked for the main goal of the project. Usually, new blockchain-based projects seek to add new or better services for people. If the project has a real, authentic goal that is achievable (i.e., not too good to be true), it’s less likely the project is a scam.

White Paper

A white paper is one of the most important aspects of a cryptocurrency. A white paper suggests that the project is legitimate and also allows people to understand firsthand how the project works. When checking on the legitimacy of the white paper, also look at the project's main features — such as the estimated total supply, consensus mechanisms, algorithms, or other components, to see if the project can function as proposed.

Note that a white paper does not necessarily prove that a cryptocurrency is legit. Scammers can construct a simple, professional-looking, completely bogus white paper simply to take your money.

Are They Asking You to Send Money?

It should go without saying that asking a person for money is one of the biggest red flags that suggest a scam is at play. Legit crypto-based projects never ask anyone for money directly. Scammers, on the other hand, are skilled at finding ways to intimidate you into giving them money or access to your crypto wallet.

Is the Name Correctly Written?

When it comes to fake apps or exchanges that pretend to be other, more prominent apps, you should always check how the website (URL) is written. For instance, “ledger.com” with a lowercase “L” can look the same as “Iedger.com” with an upper-case “i” to many people, or the letter “O” can be typed where a “0” should be.

Always carefully check if the app or website is secured — the URL will begin with “https://” — and if the name is the same as the original website in order not to become a victim of scams. Furthermore, check their social media accounts. If there are no accounts or only brand-new accounts on social media networks, there’s a good chance that the project will be a scam.

In addition, while you should never click on ads or links from unknown sources or download their attachments, simply clicking on “reply” to a suspicious-looking email will allow you to see their email address, which is often readily recognizable as a fake one. Delete the email immediately.

Can I Report Crypto Scams?

Reporting scams is an important step in combating fraudulent activities in the cryptocurrency space. There are plenty of organizations focused on combating fraud and scams in the crypto industry. For example, the Internet Crime Complaint Center (IC3) is a great outlet for you to report any matters related to cyber scams.

However, the victims of these crypto scams usually can't get their money back. For example, once you accidentally send another person your crypto, it could be considered forever lost because it's down to the person's willingness to return the crypto. Hence, it's vital to identify these red flags before it's too late.

How Does Bybit Protect User’s Funds?

Triple Layer Asset Protection & Platform Security

• User funds are stored securely offline in cold wallets.

• We protect them from unauthorized online access through a combination of advanced multi-signature, Trusted Execution Environment (TEE) and Threshold Signature Schemes (TSS).

• We conduct regular Proof of Reserves audits and publish them to the public with transparency.

Privacy Protection

• We integrate a privacy-first philosophy into all our products and services.

• We're upfront about the data we collect from you, including how we use it and share it.

Advanced-Data Protection

• Data is encrypted both in storage and in transit using desensitized query interfaces.

• All access is subject to strict authorization controls to ensure that only you can access your personal and private information.

Real-Time Monitoring

• Bybit’s risk controls monitor and analyze user behavior in real-time.

• As soon as suspicious activity is identified, withdrawals will be subject to strengthened authentication measures.

Security by Design

• Our system is security-first, designed with a secure development life cycle, rigorous security testing, and ongoing bug bounty programs.

The Bottom Line

The cryptocurrency world is fraught with both opportunities and risks. While cryptocurrency scams and fraudsters may lurk around every corner, with vigilance, research, and secure practices, you can navigate this landscape safely and protect your digital currency assets. Remember, your crypto account, private keys, and insider access to a project can all be jeopardized if you fall victim to a scam.

By staying informed and taking the necessary precautions, you can minimize your risk and enjoy the many benefits that cryptocurrency has to offer.

#Bybit #TheCryptoArk