How to Avoid Crypto Scams: Protect Your Portfolio in 2025
Crypto scammers stole over $14 billion in 2023. Learn to recognize rug pulls, phishing, fake airdrops, and other scams—before you become a victim.
- If it sounds too good to be true, it is. No legitimate project guarantees returns.
- Never share your seed phrase. No real support will ever ask for it.
- Use hardware wallets, verify URLs, revoke unused approvals, and separate wallets for risky activities.
Common Crypto Scams
Rug Pull
Developers create hype, pump the price, then abandon the project with investor funds.
Warning signs: Anonymous team, unlocked liquidity, concentrated ownership
Phishing
Fake websites, emails, or messages that steal your wallet credentials or trick you into signing malicious transactions.
Warning signs: Suspicious URLs, urgent requests, "verify" or "sync" wallet
Pump & Dump
Coordinated buying and social media hype to inflate price, then dump on retail buyers.
Warning signs: Sudden pumps with coordinated shilling, no real news
Fake Airdrop
Tokens appear in your wallet that require "claiming" through malicious contracts.
Warning signs: Unknown tokens, claims requiring wallet connection or approval
Universal Red Flags
These warning signs apply to almost every crypto scam:
How to Protect Yourself
Wallet Security
- Use a hardware wallet for significant amounts ($1,000+)
- Never share your seed phrase—not with "support," not with anyone
- Write down your seed phrase on paper, never digitally
- Use separate wallets—one for holding, one for risky DeFi/mints
- Revoke unused approvals regularly using tools like Revoke.cash
Account Security
- Enable 2FA on all exchange accounts (use authenticator app, not SMS)
- Use unique passwords for every crypto site
- Whitelist withdrawal addresses on exchanges
- Be suspicious of emails—always go directly to the official site
Transaction Security
- Double-check addresses before sending—compare first/last characters
- Start with small test transactions for new addresses
- Read what you're approving—unlimited approvals are risky
- Don't interact with unknown tokens that appear in your wallet
How to Verify Projects
Before investing in any new project, do your due diligence:
If You've Been Scammed
If you suspect you've been scammed:
- Stop immediately—don't send more money thinking you can recover losses
- Revoke approvals using Revoke.cash or similar tools
- Move remaining funds to a new wallet if you entered your seed phrase anywhere
- Document everything—transaction hashes, websites, communications
- Report the scam to the FTC, IC3.gov, and local authorities
- Warn others in communities about the scam
"Crypto recovery" services that promise to get your funds back are almost always scams themselves. They target people who've already been scammed. Do not pay anyone who claims they can recover your crypto.
Frequently Asked Questions
What are the most common crypto scams?
The most common crypto scams are: (1) Rug pulls—developers abandon a project after taking investor funds, (2) Phishing—fake websites/emails that steal your wallet credentials, (3) Pump and dumps—coordinated buying to inflate price before dumping on retail, (4) Fake airdrops—tokens that require "claiming" through malicious sites, (5) Romance scams—fake relationships leading to "investment opportunities."
How do I identify a rug pull?
Warning signs include: anonymous team with no verifiable track record, locked liquidity that unlocks soon, concentrated token ownership (few wallets hold most supply), unrealistic promises (100x guaranteed), aggressive social media marketing with no substance, no audit or fake audit, and pressure to buy quickly before it's "too late."
What should I do if I think I've been scammed?
Immediately: (1) Stop sending more money, (2) Revoke token approvals for suspicious contracts, (3) Move remaining funds to a new wallet if you shared credentials, (4) Report to relevant authorities (FTC, local police), (5) Report the scam to the platform where it happened, (6) Warn others in communities. Unfortunately, most crypto scam funds are not recoverable.
Are crypto recovery services legitimate?
Almost all "crypto recovery" services are scams themselves. They target people who've already been scammed, taking additional money with false promises of recovering lost funds. Legitimate law enforcement may help in some cases, but private recovery services are nearly always fraudulent.
How do I protect my crypto wallet?
Protection basics: (1) Use a hardware wallet for significant amounts, (2) Never share your seed phrase with anyone, (3) Enable 2FA on all accounts, (4) Use unique passwords per site, (5) Bookmark official sites instead of clicking links, (6) Verify addresses before sending, (7) Use a separate wallet for risky activities like new token mints.
Is it safe to connect my wallet to dApps?
It depends on the dApp. Legitimate, audited dApps are generally safe. Risks include: (1) Malicious contracts that drain your wallet, (2) Unlimited token approvals that can be exploited later. Protect yourself: use a separate "hot" wallet for dApps, review what you're approving, revoke unused approvals regularly.
How do I verify if a crypto project is legitimate?
Verify by: (1) Researching the team—are they doxxed with verifiable history? (2) Checking for audits from reputable firms, (3) Reviewing tokenomics—is distribution fair? (4) Looking at the community—organic or paid engagement? (5) Reading the whitepaper—does it make sense? (6) Checking liquidity and if it's locked, (7) Using tools like Token Sniffer or RugDoc.
What is a phishing attack in crypto?
A phishing attack tricks you into entering credentials on a fake website or signing malicious transactions. Examples: fake exchange emails asking you to "verify" your account, fake MetaMask popups, fake customer support asking for your seed phrase, typosquatted domains (e.g., "metamask" vs "rnetamask"). Always verify URLs and never share your seed phrase.