Crypto scammers stole an estimated $3.9 billion from victims in 2023 according to Chainalysis, and sophisticated new attack vectors continue to emerge as the ecosystem grows. The decentralized, pseudonymous, and irreversible nature of blockchain transactions makes crypto a uniquely appealing target: there is no chargeback, no customer service hotline, and recovery is nearly impossible once funds leave your wallet. The best — and essentially only — defense is knowing what scams look like before you encounter them.

TL;DR

Crypto scams cost victims billions annually; the most dangerous ones build trust over weeks or months before striking
The top threats in 2026 are: rug pulls, honeypot tokens, address poisoning, pig butchering, fake exchanges, pump and dump, phishing, fake airdrops, impersonation, and Ponzi schemes
Most scams share common red flags: anonymous teams, unrealistic yields, urgency pressure, and unverifiable claims
The $71M WBTC address poisoning attack in 2024 and Terra/LUNA's $40B collapse are landmark case studies
Always verify wallet addresses character-by-character; use hardware wallets for large holdings; verify projects on-chain before investing
Legitimate projects never ask for your seed phrase — ever, under any circumstances

The Landscape of Crypto Scams in 2026

The scam ecosystem has matured alongside crypto itself. Early scams were relatively crude — fake websites, basic Ponzi schemes, outright theft. Today's attackers are sophisticated: pig butchering operations run as industrial enterprises with scripts, CRM tools, and teams of social engineers. Address poisoning attacks require custom software that watches mempool transactions in real time. Smart contract exploits are designed to look legitimate to casual inspection.

Understanding these threats requires looking at each category individually.

The Top 10 Crypto Scam Types

1. Rug Pulls

A rug pull occurs when the developers of a crypto project — typically a DeFi protocol or new token — abruptly drain the project's liquidity and disappear with user funds. The term comes from the image of a rug being pulled out from under investors.

Rug pulls typically follow a pattern:

A new token launches with a slick website, Telegram community, and promises of revolutionary technology
The team provides liquidity on a DEX, pushing the price up
Influencers (often paid) hype the project on Twitter and YouTube
The community grows rapidly; the token price pumps
At a predetermined moment — usually when enough liquidity has been deposited — the developers remove all liquidity and sell their pre-allocated tokens simultaneously

The resulting price drop is instant and total. Within minutes, the token is worthless.

Squid Game Token (SQUID) was a high-profile 2021 rug pull that exploited the popularity of the Netflix show. The token rose 75,000% in days, then the developers withdrew all liquidity. The price went from $2,861 to $0.0007926 in minutes. Investors lost approximately $3.3 million.

How to protect yourself: Check whether the developer wallets hold a large percentage of the token supply. Verify that liquidity is locked (use tools like Mudra or UniCrypt to check lock status). Look for audits from reputable firms. Be very skeptical of projects with no verifiable team.

2. Honeypot Tokens

A honeypot is a token that appears to be rising in price — and you can buy it — but hidden code in the smart contract prevents anyone except the deployer from selling. You watch your "investment" pump to 10x, try to sell, and the transaction fails. The developers dump their holdings and exit.

Honeypot contracts typically use custom transfer functions that whitelist only the deployer's address for selling. The code looks superficially normal to casual inspection.

How to protect yourself: Before buying any unknown token, run it through Token Sniffer (tokensniffer.com) or Honeypot.is (honeypot.is). These tools simulate a buy and sell transaction to check if selling is possible. Also check whether there are any actual sell transactions in the contract's history on Etherscan — if only buys appear, it is almost certainly a honeypot.

3. Address Poisoning

Address poisoning is a technically sophisticated attack that exploits one of crypto's most dangerous UX problems: people copy-paste wallet addresses without checking every character.

Here is how it works: you regularly receive transfers from a known address (e.g., your exchange wallet: 0x1234...ABCD). An attacker watches the blockchain and sends you a tiny amount of ETH or a worthless token from a vanity address they have generated to look similar: 0x1234...AB3D — identical start and end, different middle characters. This transaction now appears in your transaction history.

Next time you want to send to your exchange, you click "copy" from your transaction history — and grab the attacker's address instead of the real one. Your funds go to the scammer. There is no recovery.

In May 2024, a victim lost $71 million in WBTC this way — one of the largest address poisoning thefts on record. They had been lulled into copying from their history rather than verifying the full address. The incident made international headlines and forced several wallet providers to redesign their transaction history UX.

How to protect yourself: Never copy addresses from transaction history. Use your address book or contacts within your wallet. Always verify the first AND last 6 characters at minimum — ideally the full address. For large transactions, send a small test amount first and confirm receipt before sending the full sum.

4. Pig Butchering (Sha Zhu Pan)

Pig butchering is the most psychologically sophisticated and financially devastating type of crypto scam. The name refers to "fattening the pig before slaughter" — building a victim's trust and investment over months before taking everything.

The attack pattern:

You receive a WhatsApp message, LinkedIn DM, or dating app match from an attractive stranger who quickly becomes friendly
Over weeks or months, they build a genuine relationship — conversations, shared interests, emotional connection
Eventually, they mention they have been making great returns on a crypto trading platform a relative taught them about
They show you "screenshots" of their portfolio gains and offer to help you get started
You deposit a small amount on their recommended platform — a fake exchange — and watch it "grow"
They encourage you to deposit more; sometimes you can even "withdraw" small amounts early to build confidence
When you try to make a large withdrawal, you are told you need to pay "taxes" or "release fees" first
Once you refuse or run out of money to pay, they disappear and the platform vanishes

The FBI reported pig butchering losses exceeded $3.3 billion in the US alone in 2023. Victims range from retired teachers to Fortune 500 executives. The scammers themselves are often trafficking victims forced to run the operations from compounds in Southeast Asia — making this a crime with victims on both sides.

How to protect yourself: Any investment platform recommended by someone you have only met online is almost certainly fake. Verify platforms against known-good lists. Never invest through an interface you found from a personal recommendation rather than independent research. If an unsolicited stranger online seems unusually interested in your financial situation, disengage immediately.

5. Fake Exchanges and Wallets

Scammers build near-perfect replicas of legitimate exchanges (Coinbase, Binance, Kraken) and wallets (MetaMask, Phantom). These appear in search engine results as sponsored ads, in app stores as lookalike apps, and are shared through phishing emails.

You deposit funds into what looks like a real platform. You may even be able to "log in" and see your balance. But when you try to withdraw, the funds never arrive — because they were never in your wallet. They went directly to the scammers.

How to protect yourself: Always access exchanges directly by typing the URL or using a saved bookmark — never through search ads. Verify the URL certificate. For wallets, only download from the official project's website (linked directly from their GitHub or official docs). Check reviews, download counts, and developer credentials before installing any wallet app.

6. Pump and Dump

Coordinated groups — often operating through Telegram channels — accumulate a low-market-cap token and then aggressively promote it to retail investors, creating artificial demand. As the price pumps, newcomers pile in hoping to ride the wave. When the organizers have enough profit, they sell ("dump") simultaneously, crashing the price and leaving latecomers holding worthless tokens.

Pump and dumps are not new — they have existed in penny stock markets for decades — but crypto's 24/7 trading, anonymous participants, and limited enforcement (for non-securities tokens) makes them endemic in altcoin markets.

How to protect yourself: Sudden price spikes of 200-500% on obscure low-cap tokens with sudden "community" excitement are classic pump signals. If you cannot identify who is buying and why, you are likely the exit liquidity. Avoid acting on FOMO-driven tips from Telegram or Discord groups with no track record.

7. Phishing Attacks

Phishing attacks attempt to steal your wallet credentials or seed phrase by impersonating legitimate services. Common vectors include:

Emails appearing to be from MetaMask, Ledger, or your exchange asking you to "verify your wallet" or "recover your account"
Fake websites in search results triggered by keywords like "MetaMask login" or "Ledger recover wallet"
Discord DMs from accounts impersonating project admins offering "wallet verification" to solve a problem
Malicious browser extensions that harvest your seed phrase when you type it

Ledger suffered a major database breach in 2020, leaking customer email addresses. Phishing campaigns targeting those leaked emails ran for years afterward, with victims redirected to fake "Ledger Live" sites that stole their seed phrases.

How to protect yourself: Never enter your seed phrase anywhere online. No legitimate service will ever ask for your seed phrase. Use a hardware wallet — the seed phrase is generated and stays offline. Enable 2FA on exchange accounts with an authenticator app, not SMS (which is vulnerable to SIM-swap attacks).

8. Fake Airdrops and Token Drainers

Scammers announce fake token airdrops — "Connect your wallet to claim your free tokens!" The connected wallet then receives a transaction request with hidden permissions that drain your funds, or the website harvests your private key.

More sophisticated "drainer" attacks use approval phishing: you sign what looks like a standard token approval to claim your airdrop, but the approval grants the attacker unlimited spend permissions on your valuable tokens (USDC, ETH, NFTs). They then drain your wallet in a follow-up transaction.

Drainer-as-a-service toolkits are openly sold on dark web forums, lowering the technical barrier for this attack to near zero.

How to protect yourself: Never connect your main wallet to an airdrop site. Use a dedicated empty wallet for claiming uncertain airdrops. Regularly audit your token approvals using Revoke.cash (revoke.cash) and revoke permissions you no longer need. Never sign transactions you do not fully understand.

9. Celebrity Impersonation

Scammers create fake accounts impersonating Elon Musk, Vitalik Buterin, Michael Saylor, or other crypto figures, then post "send X ETH and I will send back 2X" giveaway scams. Variants include hacked verified accounts amplifying the message for credibility, and deepfake videos of celebrities promoting fake projects.

The FTC reported that between January 2021 and June 2022, more than 46,000 people reported losing $1 billion in crypto to social media scams. Deepfake technology has made this category significantly more dangerous since 2024 — videos of executives endorsing fake projects have fooled investors who would have rejected a simple text post.

How to protect yourself: No one is sending you double your crypto. Not Elon Musk, not Vitalik, not anyone. This is always a scam, without exception.

10. Ponzi Schemes

Crypto Ponzi schemes pay early investors using funds from later investors, creating the illusion of legitimate returns until the inflows stop and the scheme collapses. They can operate for years before falling apart.

BitConnect raised over $2.5 billion promising 1% daily returns through a "trading bot." It collapsed in January 2018, wiping out tens of thousands of investors.

Celsius Network offered 18%+ APY on deposited crypto, attracting $25 billion in assets. The unsustainable yields were partly subsidized by new deposits. When the market crashed in 2022 and withdrawals spiked, Celsius froze accounts and filed for bankruptcy. Customers lost over $4 billion.

Any yield that seems dramatically above market rates (currently: 3-8% for legitimate staking, 5-15% for established DeFi) warrants extreme skepticism. High yields require high risks — if the risk is hidden or unexplained, you are almost certainly dealing with fraud.

Red Flags Checklist

Run through this checklist before investing in any project or engaging with any platform:

Real Case Studies

Terra/LUNA — $40 Billion Collapse (May 2022)

Terra's UST stablecoin promised a 20% annual yield through the Anchor Protocol. At its peak, $18 billion in UST was staked on Anchor. The yield was not sustainably generated — it was subsidized by Luna Foundation Guard reserves, essentially robbing later users to pay earlier ones.

When large withdrawals began in early May 2022, the algorithmic peg mechanism failed. UST depegged from $1, triggering a death spiral: the mechanism to restore the peg minted more LUNA, collapsing LUNA's price, destroying confidence in UST further. Within a week, $40 billion in combined LUNA/UST market cap was gone. The losses were concentrated among retail investors who had trusted the 20% yield without understanding the mechanics.

The Terra collapse is the clearest modern example of why unsustainable yields are the most reliable indicator of a Ponzi structure.

$71 Million WBTC Address Poisoning (May 2024)

A sophisticated trader lost 1,155 WBTC — then worth approximately $71 million — to an address poisoning attack. The attacker had monitored the victim's transaction history, generated a vanity address matching the first and last characters of the victim's exchange address, and made a small transaction to seed their history.

When the victim prepared to move funds, they copied from their history and sent the full amount to the attacker's address instead. The attacker quickly dispersed the funds across multiple wallets and used mixers to obscure the trail. Partial recovery occurred through exchange cooperation, but the majority of funds were never retrieved.

How to Verify a Project Before Investing

On-chain verification: Read the smart contract on Etherscan or Solscan. Look for unusual transfer restrictions, minting permissions, or blacklisting functions. Use on-chain analysis tools to track developer wallet activity, token distribution, and historical trading patterns.

Smart contract audits: Check whether the project has been audited by CertiK, Trail of Bits, OpenZeppelin, Halborn, or Quantstamp. Find the audit report directly on the auditor's website — do not trust a project's claim that they have been audited without verifying independently. For a deeper understanding of what audits reveal and what they miss, see our smart contract security auditing guide.

Team verification: Search each named team member independently. Do they have a real professional history consistent with their claimed role? Have they worked on other verifiable projects? Anonymous teams are not automatically fraudulent — many legitimate projects have pseudonymous founders — but combined with other red flags, anonymity is a serious risk signal.

Liquidity analysis: For DeFi tokens, verify on Uniswap or DEX Screener that liquidity is meaningful relative to market cap and is locked for a defined period. A $10M market cap project with $50K unlocked liquidity can be drained instantly.

Community quality check: Real communities have critical discussion, bug reports, active development updates, and participants asking hard technical questions. Fake communities are typically full of identical positive messages, price-talk bots, and moderators who ban skeptical questions.

Security Tools Worth Bookmarking

Tool	Purpose	URL
Revoke.cash	Audit and revoke token approvals on all major chains	revoke.cash
Token Sniffer	Detect honeypots and risky token contracts	tokensniffer.com
Honeypot.is	Simulate buy/sell to check if selling is possible	honeypot.is
De.Fi Shield	Comprehensive wallet risk scanner	de.fi
ScamSniffer	Browser extension detecting phishing in real time	scamsniffer.io
Etherscan	Verify contracts, check approvals, trace transactions	etherscan.io
CertiK Leaderboard	Browse verified smart contract audits	certik.com

Sources

Chainalysis Crypto Crime Report 2024 — annual scam loss statistics (chainalysis.com)
FBI Internet Crime Complaint Center (IC3): "Cryptocurrency Investment Fraud" report, 2023 (ic3.gov)
Federal Trade Commission: "Reports show scammers cashing in on crypto craze" (consumer.ftc.gov)
Elliptic: "Pig Butchering: The $3.3B Scam" (2023) (elliptic.co)
ZachXBT on-chain analysis: $71M WBTC address poisoning (Twitter/X, May 2024)
CertiK Security Leaderboard — verified smart contract audits (certik.com)
Squid Game Token post-mortem: CoinMarketCap blog, November 2021
Celsius Network Bankruptcy Filing — US Bankruptcy Court, SDNY, July 2022
Do Kwon / Terra collapse — Chainalysis post-mortem, June 2022

Crypto Scams: How to Recognize and Avoid Them in 2026

Prerequisites