Table of Contents
    Home / Crypto / Learn / 10 Crypto Scams in 2024
    Learn 12 min read
    3 scam symbols, one with a burst padlock, one with a gaming headset and devil horns, one with a loveheart
    10 Crypto scams in 2024 and how to avoid them

    Approximately 562 million people globally are thought to own crypto. And the ecosystem is growing – but so are crypto scams.

    For opportunists, this burgeoning industry is a honeypot waiting to be exploited. The amount of crypto stolen each year through crypto scams and hacks is on the rise, seeing a 53% year-over-year increase in 2023. The alarming trend underscores why you must be aware of crypto scammers, and understand the dynamics of how crypto scams work.

    In this article, we document the most common crypto scams in 2024 so you know what to look for and how to protect your crypto assets.

    Top 10 crypto scams 2024

    1. Fake crypto exhchanges and wallet apps
    2. Paypal Bitcoin invoice scam
    3. Crypto customer support scam
    4. Crypto romance scams
    5. Crypto pump and dump schemes
    6. Celebrity crypto shilling
    7. Fake giveawways
    8. Malicious smart contracts and token approvals
    9. Man in the middle (MITM) attacks
    10. Protocol hacks and exploits

     

    Fake crypto exchange and wallet apps

    Crypto ccammers target users using fake crypto exchanges, fake websites and sometimes fake crypto wallet apps. This is a type of phishing that relies on a legitimate-looking website or download button to con users into parting with their crypto

    For example, scammers might set up a fake crypto exchange, promising unrealistic returns or bonuses in exchange for a “sign-up fee.” Of course, there is no bonus, and the sign-up fee goes directly to the scammers who set up the site.

    Similarly, you may encounter a fake wallet app. The bogus interface requests your seed phrase or prompts you to send your crypto to your “new wallet”, which is just the scammer’s wallet. A great example is the fake Trezor wallet app, which appeared in the Apple App Store and pretends to be a popular crypto wallet. The scammers requested users to enter their credentials, including their seed phrase, which could give scammers access to user accounts.

    How to avoid the scam

    Maintain skepticism towards too-good-to-be-true offers and verify the legitimacy of exchanges before you dive in. Check URLs and user reviews to verify that the platform is genuine. You should never be asked for any money to download a wallet or join an exchange. And remember: never share your Secret Recovery Phrase. Ever.

    PayPal Bitcoin scam

    Cryptocurrency scams tend to use existing brand names or relationships to establish a degree of trust with the victim and the Paypal Bticoin scam is a great example.

    It involves a third party sending fake invoices to your Paypal interface for Bitcoin you never purchased. They lure you into calling a number and then request remote access to your account to “resolve the issue.”

    Let’s use an example scenario. A PayPal user received an email with the platform’s logo claiming a Bitcoin purchase of $548.15 from Coinbase, a service they never used. The email, designed to create panic, offered a phone number to open a dispute, a classic tactic for getting victims to hand over critical account data. This set the stage for the malicious actor behind the scam to empty the victim’s account.

    How to avoid the scam

    Anyone can send an invoice on PayPal. The only way to verify your transactions is to log in to your account and check directly. If unsure, contact your account provider directly rather than using numbers from suspicious emails. Never give remote access or personal details over the phone.

    Fake customer support scam

    Fake customer support is a very convincing way to begin phishing scams. Here, scammers impersonate crypto customer support agents from NFT marketplaces or wallet providers. They might contact you through social media to discuss fake account issues. Behind the trusted guise of “customer service,” the scammers then deceive you into providing your recovery phrase or account credentials.

    For instance, a user received a link that appeared to be KuCoin’s customer service on Telegram, but it was a scam designed to steal information.

    Avoiding crypto customer support scams

    Always verify the legitimacy of customer support requests through official channels of your NFT or crypto marketplaces and never share private keys or click on suspicious links.

    Crypto romance scams

    Also known as pig butchering, crypto romance scams involve fraudsters creating fake identities on dating apps. From there, they select a target and build trust to exploit victims financially down the line. This often manifests as convincing them to invest in fraudulent cryptocurrency ventures.

    The FTC recently warned of crypto romance scams, citing it as one of the most common and lucrative approaches for scammers.

    Avoid getting scammed

    Be cautious of romantic interests asking for financial help or investments. Anyone can create a false persona online. Contact authorities if you suspect you’re being targeted.

    Crypto pump and dump schemes

    Pump-and-dump scams are a subcategory of investment scams. Fraudsters with an established position in a project make false or vastly exaggerated claims about it to drive up the price. At the peak of the market, they sell out, crashing the price of the project—leaving victims with a worthless asset.

    The rise of Web3, where anyone can develop a project and market its tokens, has given bad actors new opportunities to deploy this scam. Crypto scammers create fake projects and buy large positions in their native tokens. They then create fake excitement around the project online to inflate its price. This might include making false claims about its utility or the project’s roadmap and sowing a sense of urgency to pressure victims into buying.

    Unsuspecting investors buy in at the inflated price, but then the scammers quickly sell their holdings, crashing the price. The Squid Game pump-and-dump scam saw its creators lock in investors and disappear with over $12 million after selling their tokens.

    Steps to avoid crypto pump and dump scams

    • Always verify token distribution to assess risk. You can do this on Etherscan or similar blockchain explorers.
    • Investigate the project leaders’ history for red flags.
    • Check out the project white paper to assess whether it has genuine utility.
    • Look out for disabled comments and disproportionate engagement metrics.

    Celebrity crypto shilling

    Shilling is another subset of crypto investment scams. As the name suggests, crypto shilling involves celebrities promoting crypto projects with false promises, creating hype to inflate prices. They often fail to disclose payment for endorsements or personal holdings.

    For example, the SEC recently charged Lindsay Lohan, Jake Paul and a handful of other celebrities for shilling crypto projects without disclosing they were being paid.

    And crypto shilling is often even less obvious than this. For example, where an individual holds a huge stake in a given asset, and also has a huge audience, they can hype up the asset to their followers. By creating buzz and demand, the shill increases the value of their existing holdings, all thanks to a few Tweets. Some speculate that crypto whales like Elon Musk engage in this type of shilling.

    Avoid crypto shilling scams

    • Verify token legitimacy beyond celebrity endorsements.
    • Look for clear disclosures of celebrity involvement.
    • Treat extravagant profit promises with caution.
    • Investigate whether the individual has a position in the asset they’re endorsing.

    Crypto giveaway scams

    The credibility of a trusted brand makes it a great tool for persuasion, and this is the crux of fake crypto giveaway scams. Here, scammers impersonate celebrities or companies, promising to double any crypto sent to their addresses. They use fake accounts and bots to create an illusion of legitimacy, exploiting your trust and the fear of missing out.

    In 2020, Scammers took control of celebrity accounts like Elon Musk and Joe Biden on Twitter to promote fake crypto giveaways. The source made them believable, luring many victims in the process.

    Avoiding crypto giveaway scams

    • Treat all crypto giveaways as potential scams.
      • Never send crypto to anyone you don’t know.
      • Never share your wallet login or recovery phrase.

    FAST FACT

    The Internet Crime Report revealed crypto fraud losses reached $3.96 billion in 2023!

    Malicious smart contracts and token approvals

    Web3 is built on smart contracts, and more or less, every interaction involves signing one. But clever scammers can use legitimate-looking smart contracts as a Trojan Horse to deploy malicious code, and gain access to your wallet. This means you’re only one small mistake away from a cryptocurrency scam whenever you sign a transaction.

    In February 2022, a phishing scam tricked users into signing a malicious smart contract, transferring all their NFTs to a hacker’s address. The Opensea Malicious Smart Contract scam resulted in a loss of $1.7 million.

    Avoiding malicious smart contacts

    • Learn to read and understand different types of smart contract.
    • Use tools to check and revoke permissions for suspicious smart contracts.
    • Move tokens to a new account if you feel your current one is compromised.
    • Regularly monitor your allowances and revoke them for any dubious contracts.

    Man in the middle attacks

    A Man-in-the-Middle (MITM) attack in cryptocurrency involves an attacker intercepting and altering the communication between two parties. For instance, crypto fraudsters could infiltrate your network and tamper with address displayed during a crypto transaction. The aim of this type of attack is to direct your funds to their wallet instead.

    Andrew Schober, heavily invested in Bitcoin, downloaded a fake wallet app, Electrum Atom, through a malicious link. This malware launched a man-in-the-middle attack, stealing nearly $200,000 in Bitcoin by swapping copied addresses with the attacker’s during a transfer.

    How to avoid crypto man in the middle attacks

    • Use a hardware wallet with a tamper proof screen, which enables you to verify true transaction details even if a hacker has infiltrated your network.
    • Use encrypted connections and two-factor authentication.
    • Employ VPN services for secure browsing.

    Hacks and protocol exploits

    Protocol exploits occur when attackers find and exploit a protocol’s code vulnerabilities, leading to unauthorized access to funds locked in the protocol. This is particularly prevalent with blockchain bridges, which are protocols that lock-up huge amounts of crypto in a pool to create synthetic counterparts (wrapped crypto).

    The most famous (and severe) example of this is the Solana Wormhole Hack. Here, hackers stole $321 million in crypto by targeting a flaw in Wormhole’s bridge on the Solana blockchain – the biggest crypto hack of all time.

    This same risk also applies to software wallets. The 2023 Trust Wallet hack saw users lose a total of $170,000 over six months thanks to a vulnerabillity in the wallet’s open source code. All of this to say that your wallet or crypto tool is only as safe as its underlying code.

    How to avoid hacks and exploits

    • Only use crypto wallets with a legacy of security.
    • Research protocols such as liqudity pools and blockchain bridges before investing or interacting.
    • Stay up to date on crypto hacks so you understand the risks.

    Avoid crypto scams in 2024

    Educating yourself about cryptocurrency scams is crucial in 2024. Scammers are constantly devising new tricks to steal your hard-earned cash. The good news? A little education can be your shield.

    This guide will equip you with the knowledge to navigate the crypto world confidently and avoid falling victim to scams.

    Verify sites and apps are genuine

    Verify the legitimacy of websites and wallet apps. Here’s how:

    • Scrutinize URLs: Double-check the website address for any misspellings, especially of the official company name.
    • App Store Check: Download apps only from official app stores like Google Play or the App Store. Verify the app developer and any reviews before installing.

    Official Sources: Visit the official cryptocurrency or project website to see if they recommend specific wallet apps.

    Never share your private keys or recovery phrase

    Your private keys and recovery phrase are like the master password to your crypto. Never share them with anyone. Customer support or anyone claiming to be from the platform must use official communication sources. Legitimate companies will never ask for your account information.

    Question private messages and requests

    Phishing scams nearly always begin with a message. If you receive a private message, especially from someone you don’t know, take a step back and question its legitimacy.

    Crypto projects and platforms typically communicate through official channels like email or announcements on their platforms. So, if a stranger slides into your DMs offering investment advice or claiming a problem with your account, it’s a major red flag.

    Learn to read smart contracts and token approvals

    Cryptocurrency wallets often ask you to approve transactions before interacting with a project. But as you know, signing just one malicious transaction or approval can empty the crypto assets from your wallet. Take time to learn about:

    • Smart Contracts: These are the self-executing programs that power many crypto projects. While understanding the full code might be complex, basic knowledge can help you grasp what a project does and the potential risks.
    • Token Approvals: When you interact with a project, you might permit it to access your crypto tokens. Learning how to review these approvals for yourself is the best defence against contract based crypto scams.

    Use a hardware wallet

    Keeping your digital assets safe goes beyond online vigilance. Consider using a hardware wallet – a physical device that stores your private keys offline. Hardware crypto wallets are not connected to the internet, making them much less vulnerable to hacking attempts.

    Do your own research

    If it sounds too good to be true, it probably is. Cryptocurrency scams often rely on hype and urgency, but don’t let this cloud your judgment. Instead, do your own research! Use tools like Etherscan to check a project’s fundamentals, token contract and trading activity. You can also dig into the project’s whitepaper to understand what you’re investing in.

    Closing thoughts

    Vigilance and knowledge are your best defence against crypto scams. Scammers may be cunning, but by arming yourself with information, you’ll be well-equipped to participate in the crypto market. Remember, crypto moves fast, so stay informed and never stop learning.

    With a healthy dose of skepticism and the right knowledge, you can transform yourself into a savvy crypto investor and protect yoour digital assets.