Key Takeaways
Common cryptocurrency scams include blackmail, fake exchanges, fake giveaways, phishing, copy-and-paste malware, Ponzi schemes, and ransomware.
Scammers often use urgency, promises of free crypto, and impersonation to pressure victims into sending funds or revealing sensitive information.
A legitimate giveaway will never ask you to send crypto first. If it sounds too good to be true, it almost always is.
Using two-factor authentication, keeping software updated, and verifying URLs before clicking are among the most effective defenses.
Introduction
Bitcoin gives scammers an interesting opportunity. It is a borderless digital currency with no central authority to reverse transactions or freeze accounts. As a result, once a Bitcoin transaction is confirmed, it is almost impossible to undo.
Bitcoin's decentralized nature means you are in full control of your funds. But it also means you are entirely responsible for protecting them. If scammers trick you into sending BTC to the wrong address, there is very little anyone can do to help.
Knowing how these scams work is your best defense. This article covers eight common Bitcoin scams and explains how to spot and avoid each one.
Common Bitcoin Scams and How to Avoid Them
Blackmail
Blackmail scammers claim to have compromising information about you, such as private photos or browsing history, and threaten to release it unless you pay them in Bitcoin. In many cases, the information is either fabricated or obtained from old data breaches.
The best way to protect yourself is to use strong, unique passwords for each account and enable two-factor authentication (2FA) wherever possible. If you receive a blackmail message and you know the claims are false, you are likely safe to ignore it. Do not pay, as paying often encourages more demands.
Fake exchanges
Fake exchanges are fraudulent copies of legitimate crypto platforms. They may appear as mobile apps, websites, or desktop software that look nearly identical to the real thing. Their goal is to steal your login credentials, funds, or personal information.
These fake platforms often attract users with offers of zero fees, generous deposit bonuses, or unusually favorable exchange rates. Once you deposit funds, withdrawals are blocked or the platform disappears entirely.
To protect yourself, bookmark the official exchange URL and always check it carefully before logging in. For mobile apps, verify the developer name, number of downloads, and user reviews. See common scams on mobile devices for more guidance.
Fake giveaways
Fake giveaway scams promise to send you more crypto in return for a small deposit first. For example, a scammer may claim that sending 0.1 BTC will result in receiving 0.5 BTC back. You will never see your funds again. Related airdrop scams follow the same pattern but use the promise of free token distributions as the hook.
Since 2023, scammers have increasingly used AI-generated deepfake videos of well-known public figures to make fake giveaways appear more credible. These videos are distributed through video platforms and social media, often linked to real news events or product launches to appear timely.
The rule is simple: a legitimate giveaway will never ask you to send funds first. If any giveaway requires an upfront payment, it is a scam.
Social media phishing
Social media phishing involves scammers impersonating trusted figures such as executives, celebrities, or well-known crypto personalities. They post fake giveaways or send direct messages offering investment opportunities.
On platforms like X (formerly Twitter), verification badges were historically a reliable indicator of legitimacy. However, since 2022, paid verification has made it easier for impersonators to display a badge. Always cross-check by visiting a public figure's official website or other verified channels before trusting any social media offer.
Copy-and-paste malware
Copy-and-paste malware silently monitors your clipboard. When you copy a Bitcoin address to send a payment, the malware replaces it with the scammer's address. If you do not verify the address before confirming the transaction, your funds go to the attacker.
A related attack called address poisoning has grown in use since 2023. In this method, scammers send tiny dust transactions from a wallet address that closely resembles one in your transaction history. If you copy an address from your transaction history without checking it carefully, you may unknowingly send funds to the lookalike address.
Always verify the full wallet address, character by character, before sending any transaction. Consider using hardware wallet confirmation screens to catch any discrepancy.
Phishing emails
Crypto phishing emails impersonate exchanges, wallets, or other services you use. They typically ask you to take urgent action, such as verifying your account or resetting your password. The goal is to capture your login credentials or direct you to a fake website that installs malware.
Check that emails come from the exact domain you expect. Hover over any links without clicking to preview the destination URL. Look for misspellings or unusual characters in both the sender address and link URLs. When in doubt, navigate to the service directly by typing the URL in your browser rather than clicking any email link.
Ponzi and pyramid schemes
Ponzi and pyramid schemes have existed long before crypto, but the market's rapid growth in 2020-2022 created fertile ground for new versions. In a Ponzi scheme, returns to earlier investors are paid using funds from newer investors, not from genuine returns. The scheme collapses when it can no longer attract enough new capital. Several high-profile crypto Ponzi schemes collapsed during 2022-2023, resulting in significant losses for participants.
A pyramid scheme pays participants primarily for recruiting new members rather than for any genuine product or service. Both types promise unusually high returns with little or no risk.
Research any project thoroughly before contributing funds. If the returns appear disproportionate to any underlying activity, or if the primary value proposition is recruiting others, treat it as a red flag.
Ransomware
Ransomware is malware that locks your device or encrypts your files, then demands payment (usually in Bitcoin) to restore access. Attackers may also threaten to publish stolen data if payment is not made.
To reduce your exposure, keep your operating system and applications updated, avoid clicking links or attachments in unexpected emails, and back up important files regularly to an offline location. Free recovery tools and prevention advice are available at NoMoreRansom.org.
FAQ
What are the most common Bitcoin scams?
The most common Bitcoin scams include fake giveaways, phishing emails, fake exchanges, copy-and-paste malware, blackmail, social media impersonation, Ponzi schemes, and ransomware. Most rely on creating a sense of urgency or offering returns that seem too good to be true.
How can I tell if a crypto exchange is fake?
Compare the URL carefully against the official exchange website. Check the app developer name, download count, and user reviews before installing anything. Legitimate exchanges will never promise unrealistic bonuses or require an upfront deposit to unlock withdrawals.
What is address poisoning in crypto?
Address poisoning is an attack where a scammer sends a tiny transaction to your wallet from an address that looks nearly identical to one in your transaction history. If you copy an address from your history without carefully checking each character, you may send funds to the attacker's address instead of your intended recipient.
How do I protect my Bitcoin from scammers?
Use strong unique passwords and enable 2FA on every account. Verify wallet addresses character by character before sending transactions. Be skeptical of any offer that requires you to send crypto upfront. Install reputable antivirus software and keep your devices and apps updated.
What should I do if I fall victim to a Bitcoin scam?
Report the incident to your local law enforcement and, if an exchange was involved, to that exchange's support team. Note that blockchain transactions are generally irreversible, so fund recovery is often not possible. You can also explore resources from organizations that track crypto fraud. For DeFi scams specifically, revoke any suspicious smart contract approvals immediately using a tool like revoke.cash.
Closing Thoughts
Bitcoin scams come in many forms, but they share common tactics: urgency, impersonation, and promises that seem too good to be true. Knowing how each scam works puts you in a much stronger position to recognize and avoid them. Staying informed, verifying information independently, and keeping your security practices current are the most reliable ways to protect your holdings.
Further Reading
Disclaimer: This content is presented to you on an "as is" basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal, or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Where the content is contributed by a third-party contributor, please note that those views expressed belong to the third-party contributor, and do not necessarily reflect those of Binance Academy. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance Academy is not liable for any losses you may incur. For more information, see our Terms of Use, Risk Warning and Binance Academy Terms.