Common Crypto Scams: How to Identify and Avoid Them
The cryptocurrency space attracts scammers because transactions are irreversible and largely anonymous. Understanding common scam patterns is your best defense. Here are the most prevalent crypto scams and how to avoid them.
1. Rug Pulls
A rug pull happens when a token creator removes all liquidity from a decentralized exchange, making the token worthless and untradeable. The scammer creates a token, adds liquidity to create a trading pair, promotes the token to attract buyers, then withdraws all the liquidity once the price has risen.
How to avoid: Check if liquidity is locked using a token scanner. Look for tokens where liquidity is locked for at least several months. Be especially cautious with brand-new tokens that have unlocked liquidity.
2. Honeypots
Honeypot tokens let you buy but prevent you from selling. The smart contract contains code that blocks sell transactions for everyone except the creator. Read our detailed guide on honeypot tokens for more information.
How to avoid: Always scan the token contract before buying. If the scanner detects honeypot behavior, stay away.
3. Pump and Dump Schemes
A group of insiders buy large amounts of a low-cap token, then coordinate promotion through social media, Telegram groups, and paid influencers to drive up the price. Once enough retail buyers have pushed the price high enough, the insiders sell their holdings, crashing the price.
How to avoid: Be skeptical of tokens being aggressively promoted on social media with promises of guaranteed returns. Check holder concentration — if a few wallets hold most of the supply, they can dump at any time.
4. Fake Token Copies
Scammers create tokens with names identical to popular projects but with different contract addresses. For example, a fake "Pepe" token that looks like the real one but is actually a honeypot or rug pull.
How to avoid: Always verify the contract address from the official project website or CoinGecko/CoinMarketCap. Never trust contract addresses shared in Telegram groups or social media comments.
5. Phishing Attacks
Fake websites that look identical to legitimate DeFi platforms (Uniswap, MetaMask, etc.) trick you into entering your seed phrase or approving malicious transactions.
How to avoid: Bookmark the real URLs of DeFi platforms you use. Never enter your seed phrase on any website. Double-check the URL before connecting your wallet. Use hardware wallets for large holdings.
6. Approval Exploits
When you interact with a DeFi contract, you often need to "approve" it to spend your tokens. Some malicious contracts request unlimited approval, which lets them drain your wallet at any time in the future.
How to avoid: Use tools like Revoke.cash to review and revoke unnecessary token approvals. Only approve the exact amount needed for each transaction when possible.
7. Social Engineering
Scammers impersonate project founders, support staff, or influential figures on social media and Telegram. They may offer "help" with wallet issues, "exclusive" investment opportunities, or "airdrops" that require you to connect your wallet to a malicious site.
How to avoid: No legitimate project will ever DM you first asking for funds or wallet access. Never share your seed phrase with anyone. Be skeptical of unsolicited messages.
Stay Safe
The common thread across all these scams: verify before you trust. Use tools like CryptoSage's token scanner to check contracts, verify URLs, and never invest more than you can afford to lose.
Scan Any Token for Free
Check if a token is safe before investing. Instant results, no signup required.
Open Token Scanner