Social Engineering & Impersonation Scams
Overview
Social engineering exploits human trust rather than technical vulnerabilities, making it one of the most dangerous attack vectors in crypto. Impersonation of support staff, influencers, and protocol teams is rampant across Discord, Telegram, and Twitter. Attackers use deepfake videos, fake giveaway campaigns, and SIM-swap exploits to bypass even strong security setups and steal funds. Protecting yourself starts with enabling strong two-factor authentication and learning to verify official channels directly from a project's website. The phishing protection guide and trading psychology resources will help you recognise manipulation tactics before you fall victim.
Key Takeaways
- No legitimate project, exchange, or support agent will ever DM you first.
- Fake 'customer support' accounts on Twitter/Discord trick users into revealing credentials.
- Deepfake videos of Elon Musk and other figures are used to promote scam giveaway sites.
- SIM-swap attacks allow hackers to take over phone numbers for 2FA bypass.
Practical Tips
- Set Discord DMs to 'Friends Only' and ignore all unsolicited messages.
- Verify official support channels from the project's actual website, not from search results.
- Use an authenticator app (not SMS) for all 2FA — and never share 2FA codes with anyone.
More Scam Types Guides
Pump-and-Dump Schemes
Pump-and-dump groups coordinate artificial price inflation of low-liquidity assets before selling into unsuspecting buyers. These schemes are prevalent across the crypto market, where thin order books and 24/7 trading make manipulation easier than in traditional finance. Participants typically promote a low-cap token through Telegram or Discord, generating enough hype to spike the price before the organisers dump their holdings. By the time retail traders see the alert, they become the exit liquidity and are left holding a worthless asset. Understanding trading psychology and using TradingView to analyse volume patterns can help you spot these scams before committing funds.
Phishing Attacks on Crypto Users
Phishing is the number-one attack vector against crypto users, responsible for hundreds of millions in stolen funds each year. Fake websites, malicious links, and social-engineering messages trick users into revealing seed phrases or signing fraudulent transactions. Common targets include clones of popular wallets like MetaMask, major exchanges, and NFT marketplaces that are replicated pixel-for-pixel. Protecting yourself starts with understanding how phishing works and layering defences such as two-factor authentication and browser-based transaction pre-viewers. Read the dedicated protecting against phishing scams guide for a step-by-step action plan.
Ponzi Schemes & Yield Scams
Crypto Ponzi schemes promise impossibly high fixed returns funded by new investor deposits rather than genuine revenue. From OneCoin to Celsius, these schemes always collapse once withdrawals exceed new inflows — often overnight. They are especially common in DeFi, where complex smart-contract mechanics can obscure the underlying Ponzi structure. Learning to distinguish legitimate yield from fraudulent promises is critical for anyone farming or staking within the crypto market. Review the glossary for definitions of yield-related terminology and explore the cold storage guide to keep your funds safe from compromised platforms.
Rug Pulls — How to Spot & Avoid Them
A rug pull occurs when developers abandon a project and drain liquidity or dump tokens on unsuspecting investors. They are the most common scam within DeFi and memecoin markets, costing the crypto market billions of dollars every year. Rug pulls can be 'hard' — involving malicious smart-contract code that lets the deployer steal funds — or 'soft,' where founding teams quietly sell their token allocation after generating hype. Learning to spot the warning signs, such as unaudited contracts, anonymous teams, and unlocked liquidity, is essential for protecting your portfolio. The phishing protection guide covers related social-engineering tactics that often accompany rug-pull schemes.