A No-Nonsense Guide to Spotting Crypto Scams

The FBI recorded $11.4 billion in crypto fraud losses in the US alone in 2025, a 22% increase year-on-year. Chainalysis puts the global figure at $17 billion. And those are only the losses that get reported.

None of this happened because the blockchain was broken. It happened because people clicked the wrong link, trusted the wrong account, or believed an offer that deserved a second look.

Crypto's design makes the damage permanent. Transactions are final. There's no customer service line, no fraud department, no chargeback. If funds reach a scammer's wallet, they're gone. That's not a bug. It's how the protocol works. It also means scam prevention is entirely on you.

This guide doesn't treat you like you've never heard of Bitcoin. It assumes you've got some skin in the game and want a clear-eyed breakdown of how these attacks actually work: the mechanics, the red flags, and what doing your own research actually looks like in practice.

What You'll Learn

• The scam categories causing the most losses in 2025-2026 and why they're effective

• How AI has changed things with deepfakes, voice cloning, and automated pig butchering

• Rug pulls vs. exit scams and why the distinction matters

• The psychological triggers scammers exploit including urgency, authority, and social proof

• On-chain red flags to check before you interact with a contract or send funds

• How to verify a project, wallet address, or team with practical steps, not generic advice

• What to do if you've already been hit and what you can't realistically expect

The Main Scam Categories

Phishing

Phishing is the workhorse of crypto fraud. The attacker impersonates a legitimate platform (your exchange, a wallet provider, a DeFi protocol) and tricks you into handing over your credentials or seed phrase.

It shows up as fake emails with near-identical sender domains, cloned websites where the URL is off by one character, and DMs from "support" accounts on Discord or Telegram that look official. Some use Google Ads to place their fake site above the real one in search results. In 2026, AI-generated messages can perfectly replicate the tone and branding of legitimate platforms in seconds, making visual checks less reliable than they used to be.

Phishing-as-a-service tools are pre-built kits that anyone can deploy. They contributed to impersonation scams growing by more than 1,400% in 2025 according to Chainalysis.

The tell is always the same: they need something from you that a legitimate service would never ask for. Your seed phrase. Your private key. Your 2FA code over a link. If someone asks for any of those things, the conversation is over. Doesn't matter how professional it looks.

Rug Pulls

A rug pull is when a project's developers abandon it after extracting liquidity, leaving token holders with worthless assets. This is overwhelmingly a DeFi and memecoin phenomenon with new tokens, new protocols, and often anonymous teams.

The pattern: project launches with slick marketing and aggressive tokenomics, liquidity builds up in a pool, developers drain the pool and disappear. Sometimes it takes weeks. Sometimes 48 hours.

Watch for unlocked liquidity (meaning developers can withdraw at any time), anonymous teams with no verifiable history, no audited contract, and a token allocation that gives insiders a disproportionate share. Tools like Token Sniffer, DEXTools, and Honeypot.is can flag some of these mechanics before you ape in.

Exit Scams vs. Rug Pulls

These get conflated but they're different.

A rug pull happens at the smart contract level. The mechanism for theft is baked into the code. An exit scam is a deliberate, planned deception at the business level. The project operates long enough to look legitimate, builds trust, collects investment or pre-sale funds, then the team vanishes.

Bitconnect is the textbook example. It ran for over a year, had conferences, influencer partnerships, and a functioning (if fraudulent) product facade before collapsing. The difference matters because exit scams are harder to catch with smart contract tools. You're evaluating the team, the roadmap delivery, the financials. None of which shows up on a block explorer.

Pig Butchering

One of the more insidious scam types because it involves sustained relationship-building before the fraud. The attacker, often operating from a forced labor compound in Cambodia, Myanmar, or the Philippines, approaches a target on social media or dating apps and cultivates a relationship over days or weeks.

Eventually they introduce a "trading opportunity." They show fabricated profits. They encourage the target to invest more. The platform is fraudulent from the start. When the target tries to withdraw, there are "taxes" or "fees" required. It ends when the scammer extracts as much as possible and cuts contact.

In 2025, AI-assisted pig butchering was responsible for an estimated $9.9 billion globally. LLMs now allow one operator to run dozens of simultaneous "relationships," adapting tone and personality to each target. The emotional intelligence of these interactions has increased significantly. Victims report conversations that felt genuinely human over weeks of contact.

The key pattern remains: unsolicited financial advice from someone you've met online, regardless of how genuine the relationship feels.

Impersonation Scams and Deepfakes

Celebrity endorsements, fake team accounts, verified-looking social media profiles. The format isn't new. The execution is.

In 2025, deepfake crypto scams caused over $200 million in losses. A single deepfake Musk livestream collected at least $5 million between March 2024 and January 2025. Real-time voice cloning now requires only a few seconds of audio to replicate someone convincingly.

The $1.5 billion Bybit hack, the largest single crypto theft in history, involved social engineering that targeted a Safe{Wallet} developer's machine. Not a protocol exploit. The verification checkmark means very little. Accounts get hacked, fake accounts buy verification, display names get spoofed.

No one is giving away free crypto. No legitimate project runs a "send X to get 2X" scheme. If an account is asking you to send anything first, it's a scam.

AI-Powered Scams: What's Changed

AI hasn't invented new scam categories. It's removed the operational limits of the old ones.

Generating a convincing phishing email used to require effort. Now it takes seconds, localized to any language, tailored to the recipient's profile scraped from public data. Fake exchange dashboards with server-controlled "trading data" can be spun up to show whatever returns the scammer needs. The Chainalysis 2026 Crime Report found AI-enabled scams are 4.5 times more profitable than traditional fraud. The FBI logged over 22,000 AI-linked fraud complaints in 2025, with adjusted losses exceeding $893 million.

One newer attack surface worth knowing about: prompt injection against agentic browsers and AI copilots. Malicious content on a webpage can hijack an AI assistant connected to your wallet or accounts. If you're using AI tools with wallet permissions, this is a live threat in 2026.

The practical implication is that trust is harder to extend based on presentation alone. Video verification of a project team is no longer sufficient. Voice on a call is no longer sufficient. Everything needs to be cross-referenced through independent channels.

Fake Exchanges and Wallets

Cloned platforms. Fake apps in the App Store or Google Play. Wallet browser extensions that look identical to MetaMask or Phantom.

The goal is to capture your seed phrase on setup or intercept your credentials on login. Always download wallets directly from the official website. Verify the URL. Check reviews and download counts on app stores, and even then, if you're setting up a significant amount, cross-reference against the project's official social channels.

It's also worth understanding the difference between wallet types and what each one exposes you to. A hot wallet is connected to the internet and convenient for active use, but that connection is exactly what attackers target. Hardware wallets reduce this attack surface significantly. If the funds matter to you, a hardware wallet isn't optional.

Malware and Address Poisoning

Two distinct but related attacks.

Malware embedded in pirated software, fake trading bots, cracked tools, or even PDF files can log keystrokes to capture passwords and seed phrases, or replace wallet addresses on your clipboard. Verify the full wallet address character by character before confirming any transaction. Not the first four, not the last four. The whole string.

Address poisoning is a growing variant. Scammers send near-zero-value transactions from a wallet address designed to look almost identical to one you've transacted with before, same first and last characters, different middle. If you copy your "recent" address from your wallet history, you might be sending to the attacker's wallet instead.

A Carnegie Mellon study published in January 2026 identified over 270 million address poisoning attempts targeting 17 million wallets. In December 2025, a single trader lost $50 million in USDT this way. Over 100 million zero-value transfer attempts were recorded on Binance Smart Chain alone.

The Psychological Layer

Scammers don't win because they're technically superior. They win because they're good at triggering predictable human responses.

Urgency. "This whitelist closes in 2 hours." "Limited spots remaining." Urgency collapses your due diligence window. Any offer that demands immediate action deserves immediate skepticism.

Authority. Verified accounts, official-looking communications, endorsements from recognizable names. Now reinforced by deepfake video and voice. Cross-reference everything through independent channels, not through links provided by the source.

Social proof. "100,000 people already joined." Fake Telegram member counts, fake Twitter engagement, fake review screenshots. In 2026, AI-generated synthetic social accounts can sustain believable interaction histories. Volume doesn't validate anything.

FOMO. You've watched a project 10x while you were waiting. Now there's another one. FOMO is a scammer's best tool in a bull market. Projects worth entering will still be worth entering tomorrow.

Reciprocity. Pig butchering works partly because humans feel obligated to reciprocate genuine-seeming care. Weeks of relationship-building create a perceived debt. Scammers using LLMs can now run this at scale without it degrading in quality.

Knowing the trigger doesn't make you immune. But it gives you half a second of pause. That's often enough.

On-Chain Red Flags: What to Check Before You Interact

Generic advice tells you to "do your research." Here's what that actually means in practice.

Check the contract on a block explorer. Etherscan, BscScan, Solscan, depending on the chain. Look at how long the contract has been deployed, the number of transactions, whether the code is verified (source code visible), and whether the contract has renounced ownership or uses a multisig for admin functions.

Liquidity lock status. Tools like Unicrypt or Team Finance show whether liquidity is locked and for how long. Unlocked liquidity means the team can drain the pool at any time. Non-negotiable to check for any new DeFi token.

Token distribution. On a DEX screener you can see how concentrated the token supply is. If one or two wallets hold 30-50% of the supply, that's an exit risk regardless of how legitimate the project appears.

Honeypot check. A honeypot contract lets you buy but blocks selling. Honeypot.is and Token Sniffer flag most of these automatically. Run every new token before touching it.

Audit status. Audits aren't perfect and some auditing firms are rubber stamps, but the absence of an audit on a protocol managing significant liquidity is a meaningful red flag. Look for audits from CertiK, Quantstamp, Trail of Bits, or Hacken.

If you're unsure how to approach any of this methodically, the DYOR guide on LearningCrypto covers the full research process in detail, including how to read tokenomics and assess team credibility.

Verifying a Project or Team

Anonymous teams aren't automatically scams. Many legitimate projects operate without doxxed founders. But the risk profile is different and you should weight it accordingly.

For doxxed teams, look for LinkedIn profiles that predate the project, verifiable prior work, conference appearances, and GitHub contribution history. In 2026, be skeptical of video "verification" alone. Deepfake technology means this is no longer reliable as a standalone check.

For anonymous teams, the project's code history on GitHub matters more. Audit reports matter more. Delivery against a public roadmap matters more.

Check the project's socials independently. Don't click links provided by the project. Go to Telegram or Discord and read actual community conversations, not just the announcement channel. Genuine communities have questions and criticism alongside enthusiasm. Heavy-handed moderation that removes skeptical posts is a signal worth noting.

How Scams Get Amplified: Influencers and Pump-and-Dump

Paid promotion without disclosure is endemic in crypto. Influencer posts that look like genuine enthusiasm are frequently paid promotion or affiliate deals. This isn't a new problem, but AI has industrialized it. Synthetic social media accounts and deepfakes of known opinion leaders are now used to coordinate pump-and-dump schemes at scale. Chainalysis found that 3.59% of all tokens launched in 2024 showed pump-and-dump patterns.

When evaluating any project an influencer recommends, check whether they disclose the relationship, look at their track record on previous calls, and assess whether they're explaining the project mechanics or just generating excitement. Enthusiasm without explanation is a flag.

What To Do If You've Already Been Scammed

Stop first. Don't send any more funds, regardless of what you're told. "Recovery fees," "tax payments," "unlocking fees" are all continuation tactics. Anyone offering to recover your stolen crypto for an upfront fee is running a secondary scam.

Document everything: screenshots, wallet addresses, transaction hashes, communications. You'll need this to report it.

Where to report:

• IC3 (ic3.gov) — FBI's Internet Crime Complaint Center, US

• Action Fraud (actionfraud.police.uk) — UK

• FTC (reportfraud.ftc.gov) — US consumers

• Your national cybercrime unit otherwise

Report the scam wallet address on Etherscan or the relevant block explorer. It doesn't freeze the funds, but it flags the address for other users and contributes to on-chain tracking databases.

Be realistic about recovery. Law enforcement has limited tools unless funds pass through a regulated exchange that can be compelled to act. Crypto analytics firms like Chainalysis and TRM Labs have improved their tracing capabilities, but recovery is a long process and not guaranteed.

Avoid recovery scammers. Entire operations target crypto fraud victims with fake recovery services. If you've been scammed once, you're likely on lists. Do not pay anyone upfront.

Protecting Yourself: The Baseline

These aren't recommendations. If you're holding anything worth protecting, these are minimum baseline practices.

Hardware wallet. Ledger, Trezor, Coldcard. Your seed phrase goes on paper, stored offline. Never digital, never photographed, never in cloud storage.

Separate wallets. One for holding assets, one for interacting with dApps and DeFi. Understanding the difference between cold and hot wallets is the starting point here. If a contract drains your hot wallet, your cold storage stays untouched.

For higher-value holdings or shared treasury situations, a multisig wallet is worth considering. It requires multiple signatures to authorize a transaction, which means a single compromised key can't drain the wallet.

2FA. Not SMS. Use an authenticator app or hardware key (YubiKey). SIM-swapping is a straightforward attack. SMS 2FA is inadequate for any account with significant assets.

Bookmark everything. Your exchange, your wallet interface, your DeFi protocols. Never google and click. Never follow a link from a DM.

Email hygiene. Dedicated email address for crypto accounts. Check haveibeenpwned.com. If your main email is in breach databases, anything linked to it is at elevated risk.

AI tool permissions. If you're using any AI assistants or browser agents, be cautious about wallet-level permissions. Prompt injection is a live attack vector in 2026.

For a deeper look at the technical side, the crypto security best practices guide covers wallet storage, private key management, and exchange security in detail. And if you're newer to how wallets actually work, Bitcoin security fundamentals is worth your time before interacting with more complex protocols.

The Real Work: Staying Skeptical

$17 billion lost globally in 2025. The tools being used against you are improving faster than most people realize. That doesn't make crypto unsafe. It makes vigilance non-optional.

The single most useful posture is consistent skepticism toward anything that involves urgency, unsolicited contact, or a promise of returns. Legitimate projects don't cold DM you. Legitimate exchanges don't ask for your seed phrase. Legitimate giveaways don't require you to send first.

In 2026, verify everything. Trust the code, not the pitch. Check addresses. Run contracts through scanners. Slow down when you feel rushed. The on-chain truth is always available. You just have to look.

Know What You're Getting Into

LearningCrypto gives you the tools to do exactly that: live on-chain analytics, an AI copilot that pulls verifiable data, and a community of independent learners who care about fundamentals over hype. Join the Classroom on Discord. Track smart money. Build knowledge that holds up when markets move.

Get Started Today

Frequently Asked Questions

What's the most common type of crypto scam right now?

 Phishing remains the highest-volume attack, but pig butchering scams generate the largest individual losses. Impersonation scams saw the most explosive growth in 2025, over 1,400% year-on-year according to Chainalysis, driven largely by AI tools that allow fraudsters to impersonate trusted entities at scale. All three categories are accelerating heading into 2026.

How do I know if a token or DeFi project is a rug pull?

 Check whether liquidity is locked, whether the contract has been audited, and how the token supply is distributed. Tools like Token Sniffer, DEXTools, and Honeypot.is automate most of this. No locked liquidity and no audit on a brand-new token is a hard pass for most experienced DeFi participants.

How are AI deepfakes being used in crypto scams?

 Deepfake video and real-time voice cloning are used to impersonate project founders, exchange executives, and celebrities in fake endorsements and livestreams. They're also used in pig butchering to build trust during video calls. CertiK reported over $200 million in deepfake-related crypto losses in 2025. Video verification of identity is no longer reliable as a standalone check.

What is address poisoning and how do I avoid it?

 Address poisoning is when a scammer sends a near-zero transaction from a wallet address with the same first and last characters as one you've transacted with before. If you copy from your wallet history, you may send funds to the attacker. Always verify the full wallet address character-by-character before confirming any transaction, and use a saved address book for repeat sends rather than copying from transaction history.

Resources and Further Reading

1. FBI Internet Crime Complaint Center (IC3) 2025 Annual Report — primary source for the $11.4 billion US crypto fraud figure and complaint volume data

2. Chainalysis 2026 Crypto Crime Report: Scams — global $17 billion estimate, impersonation scam growth figures, AI profitability analysis

3. TRM Labs: How AI Is Changing the Scale and Speed of Crypto Fraud — AI-enabled fraud mechanics and estimated $30 billion scam volume

4. CertiK: AI Deepfakes and Phishing Will Drive Biggest Crypto Hacks in 2026 — deepfake loss figures and agentic AI attack surface

5. CoinLaw: Crypto Security Statistics 2026 — compiled stats including Bybit hack, North Korean actor data, address poisoning attempts