Scams in general, have been around ever since humanity existed; and around a decade ago, it looks like scammers have found another industry to make money off— the cryptocurrency space.

While bitcoin and cryptocurrencies sure have their advantages, unfortunately, just like with any other technology, there will also always be some downsides. The cryptocurrency space is infested with scams simply due to the pseudo-anonymous nature of bitcoin and cryptocurrencies, allowing scammers to get away with huge heists with potentially little to no trace if they know what they’re doing.

The best way to not get caught up by these scams is to simply educate yourself and be extremely cautious in everything you see online in general.

Listed and described below are most of the common scams that are currently being used in the cryptocurrency space.

Table of Contents:

  1. Phishing scams
  2. Giveaway and doubling scams
  3. Investment & Ponzi scams
  4. Pump & dump schemes
  5. Deposit scams
  6. Airdrop scams
  7. Fake mining hardware sites
  8. Fraudulent paper wallet generators
  9. Hardware wallet scams
  10. QR code generator scams
  11. Fraudulent forks
  12. Ransomware attacks
  13. Clipboard hijacking attacks
  14. Chargeback scams
  15. Testnet scams

Phishing Scams

One of the most effective scams until today; not only in the cryptocurrency space but on the world wide web in general.

A phishing scam is an attempt to steal account login information, credit/debit card information, your bitcoin or crypto wallet’s recovery phrase, or whatever valuable information that a bad actor can take advantage of, mostly through fake clone websites and software.

How the scam works

One simple way of scammers spreading phishing sites is through the Google ads platform. You do a simple Google search query, typing up “Binance”, and if you don’t use an ad blocker, there’s a decent chance that the top search result would be an advertisement.

It clearly says ““, on the link text, but when you actually click on the link and take look at your browser’s address bar, there’s a decent chance that the site you’ve just opened is going to be something like ““, ““, or something else that isn’t the legitimate ““.

Some of these methods are so tricky, as they use domains like “biṇaṇ“. You might not have noticed it immediately, but it’s actually an ‘, a Latin character.

Google ads is just one way of spreading phishing sites and software though. Other ways and methods of them spreading phishing sites and software include:

  • social media: scammers could create fake accounts Facebook, Twitter, Instagram, or other social media sites and communities in general, masquerading as certain companies(Ledger, Coinbase, Trezor, etc).
  • hacked YouTube accounts: scammers have been hacking YouTube accounts with a decent number of subscribers and change the YouTube channel name to a certain company. They would then say that they’re conducting a “crypto giveaway” or something similar while posting a video(live or not) with a link to a phishing site or to a download link of fraudulent software.
  • fake customer support: this is mostly happening on Reddit and Twitter, but it could happen on all social media sites. Scammers would target people who had made a post concerning issue(s) with certain services(Binance, Ledger Nano S/X hardware wallet, etc) by messaging them and sending them a link to a phishing site or to a download link of fraudulent software.

Always keep your eyes peeled. Some hackers and scammers are extremely smart, and they can create other more convincing ways to trick people into opening their phishing links. It’s heavily recommended for people to always check their browser’s address bar if they’re actually on the legitimate website.

Fraudulent mobile apps

Pretty much the same with phishing sites, but in the form of apps. Especially on the Google PlayStore for Android devices, there are A LOT of fraudulent mobile apps made to steal your funds.

Mostly faked apps include:

  • Coinbase
  • MyEtherWallet (MEW)
  • Ledger Live
  • Electrum
  • etc

How to protect yourself

  • always do a double or triple check on your browser’s address bar to confirm that you’re actually on the legitimate website.
  • install a well-known and reputable adblocker like uBlock Origin on your browser, or use the Brave browser instead.
  • Prevent from clicking on ads.
  • Make sure that you’re downloading the legitimate apps.

Twitter Giveaway and “doubling” Scams

Fortunately, Twitter giveaway scams have died down a bit, though they could still appear on Twitter once in a while.

Twitter giveaway scams are pretty straightforward. The scammer makes a fake Twitter account masquerading as a famous person(mostly people in the tech industry). The scammer would then reply to the legitimate person’s tweet, saying something along the lines of:

As you can see, Elon Musk’s legitimate Twitter handle is @elonmusk whereas the scammer is using the Twitter username @elonmusk___.

While this scam should be pretty obvious, but unfortunately, some people still fall for it.

NOTE: While such scams mostly take place on Twitter, it can take place in any other social media site or website in general.

How the scam works

  1. You see a famous(fake) persona posting on social media on how you can multiply or double your coins.
  2. You send the coins to the provided address.
  3. The scammer simply runs away with your coins.

How to protect yourself

  1. Don’t be delusional. If something’s too good to be true, it probably is.

Investment Scams & Ponzi Schemes

Investment scams have existed pretty much even before the birth of the internet and the world wide web.

Investment scams and Ponzi schemes mostly have well-designed websites that claim to give you a 10% profit daily from your initial deposit or something along those lines.

They ask you to deposit a certain amount of money(or crypto, in this case), and promise a certain amount in return daily, weekly, or monthly. Some investment scams allow you to withdraw your profit for a while, in the hopes of you depositing more money, then they simply lock up your account after a while. Losing your access to your funds.

Common types of Investment and ponzi schemes

Fraudulent Trading Bots

The victim is asked to “invest” in a trading bot, claiming that the trading bot can make the victim a certain amount of money in a certain time span. Usually something enticing but unrealistic like 50% in 3 days or something similar.

Cloud Mining Scams

Similar to fraudulent trading bots whereas the victim is asked to deposit a certain amount of money for “cloud mining”, again, mostly with unrealistic promises of profit.

Bitcoin & Cryptocurrency Investment Scams

Again similar to the previous two, whereas the scammer asks for a certain deposit, with unrealistic promises of profit. This scam is mostly used for people who have little to no idea and are totally clueless on what Bitcoin and cryptocurrencies are, and how they actually work.

How the scam works:

  1. You see an advertisement on Google and or social media about a trading bot, investment site, or cloud mining site, whereas the website claims that they can multiply your money in a short timespan.
  2. You create an account, and deposit some money.
  3. The scam website will then try to get more money off you by convincing you to deposit more money.
  4. The scammer runs away with your money.

How to protect yourself

  1. Don’t be delusional. If something’s too good to be true, it probably is.
  2. If you want to invest in bitcoin or other cryptocurrencies, simply buy them off reputable exchanges.
  3. If you want to mine bitcoin and cryptocurrencies, buy the mining hardware yourself.

Some famous crypto-related ponzi scams in the past

  • BitConnect
  • DavorCoin
  • HashOcean

Pump And Dump Schemes

How the chart of a pump & dump coin commonly looks like. source

Pump and dump schemes are pretty easy to spot, as pump and dump group leaders usually advertise them as “trading signal groups“, or sometimes even straight-off shamelessly advertise them as “pump groups”.

The scheme is pretty straightforward: The group leader asks his/her members to buy a certain coin/token that is quite low in market cap to make the price far easier to manipulate, claiming that it will rise or “pump” in price.

The thing is, before the group leader announces which coin/token to buy, the leader already bought a significant amount of that certain coin/token, so the leader can sell them at a significantly higher price. The price of that coin/token does then increase because of the group members buying loads of the specific coin/token, while the leader is selling at higher prices; earning the group leader significant amounts of profit, sometimes even as high as 10x.

How the scam works

  1. You see a “trading signals” group being advertised on social media or on some forums.
  2. You join the group, mostly being on Telegram.
  3. The group owner buys an amount of a certain cryptocurrency and tells the whole group to buy it. Claiming that it will rise in price.
  4. The price does increase due to the people on the group buying the coin.
  5. At some point, the group owner sells or “dumps” everything, making huge amounts of profit while immediately dropping the price.

How to protect yourself

  1. Don’t join pump and dump groups masquerading as “trading groups”.
  2. Do your own research.

Scam ICOs

Initial Coin Offerings or ICOs are quite similar to crowdfunding whereas the company/team accepts BTC/ETH from the people in exchange for a certain amount of their coins/tokens, depending on how much you sent them.

ICOs aren’t really scams as some are definitely legitimate, but a big percentage of ICOs are indeed either scams, or are bound to fail. Unfortunately, some well-made ICO scams are quite hard to detect as a scammer could create a legitimate well-thought project and simply just not deliver the product and run away with the money. Though some characteristics could be enough proof for you to stay away from certain ICOs.

For a more in-depth guide about ICO scams: Detecting Scam ICOs

How the scam works

  1. You see an advertisement for a cryptocurrency ICO on social media or on some forums.
  2. The cryptocurrency’s team makes some outrageous claims like “bitcoin killer”, “ethereum killer” or that the whole world will be using that certain cryptocurrency.
  3. You invest your money onto the ICO.
  4. The project team fails to accomplish their promises.
  5. The coin’s price slowly goes down in the long term, effectively losing your money, most of the time more than -95%.

How to protect yourself

  1. Do your own research.
  2. Be very wary of ICOs.

Gambling/Exchange Site Deposit Scams

This scam usually takes place by someone asking the victim to use a certain gambling site, and them saying that they gave the victim some free bitcoin to start playing/gambling with. If the victim attempts to withdraw the funds, the website then asks the victim to deposit a certain amount of bitcoin, claiming that deposit to be for the “withdrawal fees”; but in fact, the victim is sending the bitcoin to the hacker’s bitcoin wallet. After the victim made a deposit, the scammer then runs away with the deposited bitcoin.

This scam usually is being attempted via private messages on forums and some social media sites.

If someone on social media messages you that’s describing a similar scheme, take a few seconds and report the account to hopefully prevent other people from getting scammed.

How the scam works

  1. A scammer messages you on forums or on social media.
  2. The scammer says that he/she is giving you some money through this exchange site.
  3. The scammer asks you to register to the scam exchange.
  4. The scammer tells you that he/she has given you some coins on your account(mostly .5 BTC to sometimes up to 5 BTC to be more enticing).
  5. To be able to withdraw the funds, the scam exchange would then require you to deposit some bitcoin for the withdrawal fee, whereas the coins being demanded are mostly worth a decent amount of money (0.01+ BTC).
  6. After you deposit the BTC for the “withdrawal fee”, the scammer simply runs away with your money.

How to protect yourself

  1. Ignore such messages.

Airdrop Scams

A very common misunderstanding when taking part in cryptocurrency airdrops is that you have nothing to lose. Where in fact, most of the time, you actually do have something to lose.

Private keys

Some scam airdrops take advantage of some people’s ignorance on how wallets work, by telling them to hand over their wallet’s private keys, effectively giving access of their funds to the scammers.

Email Accounts

The most common thing that an airdrop(scam or not) asks for.

For the more unethical scams though, they collect their participants emails, and either send them spam, or sell the emails they collected to other companies.

Personal Documents

Some airdrops require the submission of personal identification documents like photos of your driver’s license, passport, birth certificate, etc.

While some legitimate airdrops require the submission of these documents for legitimate reasons like to prevent the abuse by claiming airdrops using multiple emails, most of the airdrops collect personal documents to either sell them or to commit identity theft.

How the scam works

  1. You see an advertisement on social media or some forums about a cryptocurrency airdrop.
  2. You sign up for the airdrop, and submit your personal documents.
  3. The website owner then sells all the personal information and documents they collected.
  4. Your identity could then already be used for criminal activities.

How to protect yourself

  1. Don’t submit personal details, documents, or your wallet’s private keys to airdrop websites.

Fake Mining Hardware Sites

Due to the hype of bitcoin and cryptocurrencies, bitcoin mining is also being a hot topic from time to time.

Scammers take advantage of this hype by scamming people online who are trying to buy Application-specific integrated circuit(ASIC) miners from manufacturers like Bitmain.

The scammer simply creates a fake website, lists some ASIC miners like Bitmain’s famous Antminer, and accepts bitcoin payments as bitcoin payments are non-reversible. The scammer simply takes the money and doesn’t ship anything to the buyer, effectively stealing the buyer’s money.

Scammers mostly spread their fake mining hardware websites through:

  • Google ads
  • Google search results
  • Social Media
  • etc

How the scam works

  1. You search for a website to buy mining hardware.
  2. You come across a shady website claiming to sell mining hardware.
  3. You order one or a few, and you pay using bitcoin.
  4. The website owner runs away with your coins.

How to protect yourself

  1. If you’re planning on buying ASIC miners, it’s heavily preferred to buy from the main source, Bitmain.

Fraudulent Paper Wallet Generators

A paper wallet is a type of bitcoin and cryptocurrency wallet that you generate through an open-source html page, and simply print out on a piece of paper.

The way scammers take advantage of this, is that they create they own version of a paper wallet generator, whereas they have access to every single paper wallet that you generate through their website.

They simply wait for a bitcoin deposit to the paper wallet’s address, and they either simply steal the money immediately, or sometimes they wait till the paper wallet holds a significant amount of bitcoin before they steal it.

Though we’re against using paper wallets in general due to the level of difficulty in creating an actual secure paper wallet, stick to the legitimate ones like

Hardware Wallet Scams

Fraudulent Ledger Live software. Source: u/Yobleed

A common misconception with hardware wallets is that when you’re using a hardware wallet, it’s going to be next to impossible for your funds to get stolen. But in fact, while reputable hardware wallets are secure, there are still some ways that scammers can steal your funds.

Fake Hardware Wallet Software

Hackers and scammers create almost exact duplicates of existing hardware wallet software like Ledger Live, and create their own methods in attempting to steal their victim’s funds.

The most common way being asking their victims to enter in their wallet’s 24 word mnemonic phrase, effectively gaining total access to their victim’s money.

Tampered Hardware Wallet Packages

A victim of a tempered Ledger wallet package

While there is currently no proof of someone managing to successfully tamper with a Ledger hardware wallet, hackers and scammers can take advantage of someone’s lack of knowledge in how wallets work.

In this case with this victim in the screenshot above, instead of the wallet buyer generating his own set of 24 word mnemonic phrase on the hardware wallet itself, he/she followed the fraudulent instructions of the scammer. Whereas the scammer included a pre-generated list of 24-words, a wallet that the scammer has access to.

QR Code Generator Scams, a fake QR Code generator

It’s safe to assume that some people prefer using QR Codes rather than wallet addresses simply due to the fact that it’s quicker to do a QR Code scan using a mobile phone.

Due to this, some people resort to using “QR Code Generators” or “converters” to convert a wallet address to a usable QR Code.

How the scam works

  1. The victim opens the fraudulent bitcoin address to QR code converter.
  2. The victim enters his/her wallet address.
  3. Instead of giving the victim the QR code of the wallet address he/she entered, the scammer instead displays a QR code of a different wallet address which the scammer owns
  4. The victim then unintentionally sends funds to the scammer thinking that he/she’s sending the funds to his/her own wallet.

How to protect yourself

  1. Always double-check if the service you’re using is actually giving you the correct and legitimate QR code.

Fraudulent Bitcoin Forks

To put it simply, Bitcoin forks are different versions of Bitcoin; the most famous being Bitcoin Cash(BCH). And while the original Bitcoin(BTC) is what really matters, people can sell their forked bitcoin to potentially increase their Bitcoin(BTC) holdings.

To be able to claim Bitcoin forks though, you’d need to enter your Bitcoin(BTC) wallet’s private keys to the Bitcoin fork’s wallet. And while there are legitimate Bitcoin fork wallets out there, there are also a lot of fraudulent ones.

How the scam works

  1. You’ve learned about a recent Bitcoin fork, and you’re planning on claiming the airdrop for you to be able to sell them.
  2. You download the Bitcoin fork’s software, and you enter in your recovery phrase.
  3. The fraudulent Bitcoin fork then gains access to your wallet and takes away your coins.

How to protect yourself

  1. Make sure the software your using is actually safe, or don’t collect bitcoin forks at all as it’s mostly not worth the risk.

Ransomware Attacks

Ransomware is a type of malware that once your device gets infected, the malware locks up your device’s operating system, rendering it unusable. The malware then demands a certain amount of bitcoin or other cryptocurrencies for your device to be usable again.

If your device has been infected with ransomware, all you need to do is to do a fresh install your operating system and you’ll be good to go. Unfortunately, losing all your files and data in the process.

How to protect yourself

  1. Always think twice when opening websites and downloading software

Clipboard hijacking attacks

A clipboard hijacking attack is when a hacker gains access to your device’s clipboard, allowing the hacker to replace your clipboard with whatever the hacker wants.

While this is more of a “hack” than a “scam”, a hacker could get the malware to be installed on your device through various methods that scammers use.

How the scam works

  1. You download and install the malware through a fraudulent website
  2. The malware then waits till you copy a bitcoin address to your clipboard
  3. Once you copy a bitcoin address to the clipboard, the malware then replaces the Bitcoin address that you copied with the hacker’s bitcoin address
  4. You then paste the supposed address that you copied(which is now the hacker’s address)
  5. You send the funds without double-checking the address
  6. The hacker now has your bitcoin

How to protect yourself

  • Always think twice when opening websites and downloading software
  • Always double-check the address your sending your coins to

Chargeback scams

A chargeback scam is a way for scammers to purchase bitcoin or cryptocurrencies(or other stuff online), pay for the purchase, and get their money back in the end.

This scam is mostly done using PayPal, as people can claim that a certain transaction wasn’t made by them, and there’s a good chance that PayPal will reverse that transaction.

How the scam works

  1. You plan on selling some bitcoin or cryptocurrencies to person X
  2. Person X sends you the money
  3. You receive the money, and you send over the coins
  4. Once person X receives the coins with ample transaction confirmations, person X then attempts a chargeback to get his/her money back

How to protect yourself

  1. Only trade with reputable people
  2. As much as possible, prevent from accepting PayPal for payments

Testnet scams

A “testnet”, regardless if it’s for Bitcoin or any other cryptocurrency, is an alternative blockchain, specifically to be used for testing purposes.

Since testnets use a different blockchain as the original blockchain of a specific cryptocurrency, coins from the original blockchain can’t be sent to the testnet version and vice versa. Hence, obviously, testnet coins can’t be used to pay for merchant payments, and such since testnet coins are pretty much worthless.

Mostly done using bitcoin testnet coins, unfortunately, scammers take advantage of people who don’t know what testnet coins are(regardless of how obvious it is due to the name “test-net”), and sell them these coins as if they’re actual “real” coins.

How the scam works

  1. Someone offers you to buy some bitcoin, sometimes for a discount
  2. You agree with the price and the amount
  3. The scammer then convinces you to download a testnet wallet
  4. The scammer sends you the coins, you then pay the money

Final Thoughts

While we covered a lot or probably most of the existing scams in this article, remember that hackers and scammers are very creative, and will invent more ways of tricking people in the future. A reminder to always make it a habit of being skeptical.


Thanks for reading!

CryptoSec was found solely to help people learn how to protect their bitcoin and cryptocurrencies from scammers and hackers. If you think some people you know are interested in Bitcoin or cryptocurrencies in general, feel free to share our articles to hopefully prevent catastrophic hacks and scams.

Protect your backups from EXTREME conditions

Don't miss out with the latest crypto security news.