Scam TypesBeginner

Phishing Attacks on Crypto Users

Overview

Phishing is the number-one attack vector against crypto users, responsible for hundreds of millions in stolen funds each year. Fake websites, malicious links, and social-engineering messages trick users into revealing seed phrases or signing fraudulent transactions. Common targets include clones of popular wallets like MetaMask, major exchanges, and NFT marketplaces that are replicated pixel-for-pixel. Protecting yourself starts with understanding how phishing works and layering defences such as two-factor authentication and browser-based transaction pre-viewers. Read the dedicated protecting against phishing scams guide for a step-by-step action plan.

Key Takeaways

Phishing sites mimic real platforms (MetaMask, exchanges, NFT marketplaces) pixel-for-pixel.
Seed phrase phishing asks you to enter your 12/24-word recovery phrase — no legitimate service ever asks for this.
Approval phishing tricks you into signing a transaction that grants unlimited token allowance to the attacker.
Search engine phishing places fake DApp links as promoted results on Google.

Practical Tips

Bookmark every DApp and exchange you use — never click links from emails or DMs.
Install a browser extension like Pocket Universe or Wallet Guard to preview transactions before signing.
NEVER type or paste your seed phrase into any website — it belongs only on the physical backup.

More Scam Types Guides

Social Engineering & Impersonation Scams

Social engineering exploits human trust rather than technical vulnerabilities, making it one of the most dangerous attack vectors in crypto. Impersonation of support staff, influencers, and protocol teams is rampant across Discord, Telegram, and Twitter. Attackers use deepfake videos, fake giveaway campaigns, and SIM-swap exploits to bypass even strong security setups and steal funds. Protecting yourself starts with enabling strong two-factor authentication and learning to verify official channels directly from a project's website. The phishing protection guide and trading psychology resources will help you recognise manipulation tactics before you fall victim.

Ponzi Schemes & Yield Scams

Crypto Ponzi schemes promise impossibly high fixed returns funded by new investor deposits rather than genuine revenue. From OneCoin to Celsius, these schemes always collapse once withdrawals exceed new inflows — often overnight. They are especially common in DeFi, where complex smart-contract mechanics can obscure the underlying Ponzi structure. Learning to distinguish legitimate yield from fraudulent promises is critical for anyone farming or staking within the crypto market. Review the glossary for definitions of yield-related terminology and explore the cold storage guide to keep your funds safe from compromised platforms.

Pump-and-Dump Schemes

Pump-and-dump groups coordinate artificial price inflation of low-liquidity assets before selling into unsuspecting buyers. These schemes are prevalent across the crypto market, where thin order books and 24/7 trading make manipulation easier than in traditional finance. Participants typically promote a low-cap token through Telegram or Discord, generating enough hype to spike the price before the organisers dump their holdings. By the time retail traders see the alert, they become the exit liquidity and are left holding a worthless asset. Understanding trading psychology and using TradingView to analyse volume patterns can help you spot these scams before committing funds.

Rug Pulls — How to Spot & Avoid Them

A rug pull occurs when developers abandon a project and drain liquidity or dump tokens on unsuspecting investors. They are the most common scam within DeFi and memecoin markets, costing the crypto market billions of dollars every year. Rug pulls can be 'hard' — involving malicious smart-contract code that lets the deployer steal funds — or 'soft,' where founding teams quietly sell their token allocation after generating hype. Learning to spot the warning signs, such as unaudited contracts, anonymous teams, and unlocked liquidity, is essential for protecting your portfolio. The phishing protection guide covers related social-engineering tactics that often accompany rug-pull schemes.