Open the app

Scams & Risk FAQ

Crypto's openness makes it a magnet for fraud, and every transaction is final. These answers explain the most common scams, the red flags, and how to protect yourself. Each answer stands on its own.

44 questions · Last updated: July 17, 2026.

What is a rug pull?

A rug pull is a scam where a project's creators attract investment then abandon it, draining liquidity or dumping their tokens so buyers can't sell. It leaves holders with worthless assets, and common warning signs include anonymous teams, no audit, and unlocked developer holdings.

What is phishing in crypto?

Phishing is when scammers impersonate a trusted site, app, or person to trick you into revealing your seed phrase or approving a malicious transaction. It is the leading cause of crypto theft, so verifying links and never entering your seed phrase online are essential defenses.

What is a Ponzi scheme in crypto?

A crypto Ponzi scheme pays earlier investors with money from newer ones while claiming to generate real returns, until inflows dry up and it collapses. Guaranteed high returns and pressure to recruit others are classic signs, and losses are usually unrecoverable when it falls apart.

What is a pig butchering scam?

A pig butchering scam builds a fake romantic or friendly relationship over weeks, then lures the victim into a bogus crypto investment that seems to grow before the scammer vanishes with the funds. It targets trust and patience, making it especially damaging.

What is a fake giveaway scam?

A fake giveaway scam promises to multiply any crypto you send, often impersonating a celebrity or brand on social media. No legitimate giveaway asks you to send coins first, so any 'send one, get two back' offer is a scam designed to steal what you send.

What is a honeypot token?

A honeypot is a token you can buy but not sell, coded so only the creator can offload it. The price may look like it's soaring, but buyers are trapped, which is why checking whether a token can actually be sold is a key safety step.

What is an exit scam?

An exit scam is when a project or platform that has operated normally suddenly shuts down and disappears with users' funds. It can hit exchanges, wallets, or investment schemes, and it is why holding funds only on trusted platforms — or in self-custody — matters.

What are the warning signs of a crypto scam?

Common red flags include guaranteed or unusually high returns, pressure to act fast, anonymous teams, requests for your seed phrase, unsolicited offers, and 'send crypto to receive more' schemes. Any one of these warrants stopping and verifying before doing anything.

What is a wallet drainer?

A wallet drainer is malicious code on a scam site that, once you connect and sign, transfers out your tokens and NFTs. They hide behind fake airdrops, mints, or support pages, so avoiding unknown sites and scrutinizing every signature request is the main defense.

What is address poisoning?

Address poisoning is when a scammer sends a tiny transaction from an address resembling one you use, hoping you later copy it from your history and send funds to them. Always verify the full address, not just its first and last characters, before sending.

What is a fake support scam?

A fake support scam involves someone posing as customer service — often after you post a problem publicly — who then asks for your seed phrase or directs you to a phishing site. Real support never needs your seed phrase, so any such request is fraud.

What is a SIM swap attack?

A SIM swap is when an attacker moves your phone number to their SIM, often by tricking your carrier, to intercept calls and SMS codes. This lets them bypass SMS 2FA and reset accounts, which is why app-based or hardware 2FA is far safer.

What is a fake exchange or app?

A fake exchange or wallet app imitates a real one to steal deposits or seed phrases. They spread through search ads, app stores, and phishing links, so downloading only from official sources and verifying URLs protects you from handing funds to a clone.

What is a pump and dump?

A pump and dump is coordinated hype that inflates a coin's price so insiders can sell into the frenzy, after which it collapses onto late buyers. It thrives on low-liquidity coins and social-media hype, and it is illegal in regulated markets.

How can I verify a project is legitimate?

Check whether the team is public and credible, the code is audited, the token supply and unlocks are transparent, liquidity is locked, and the community is genuine rather than bot-driven. No single check is proof, but multiple red flags are a reason to walk away.

What is a smart-contract exploit?

A smart-contract exploit abuses a bug in a protocol's code to steal funds, sometimes draining millions in one transaction. Audits reduce but don't eliminate the risk, so even audited protocols can be hit, and stolen funds are usually unrecoverable.

What is a malicious approval?

A malicious approval is when you unknowingly grant a scam contract permission to move your tokens, letting it drain them later. Reviewing what you approve and periodically revoking unused approvals limits how much a bad contract can take.

What is a fake airdrop?

A fake airdrop lures you with 'free' tokens that require connecting your wallet to a malicious site or signing a harmful transaction, which then drains your funds. Legitimate airdrops don't require you to sign risky approvals, so unexpected claim offers deserve suspicion.

What is social engineering in crypto?

Social engineering is manipulating people into giving up secrets or approving transactions by exploiting trust, urgency, or fear rather than hacking code. Because most crypto theft targets human error, awareness and skepticism are stronger protection than any software.

What is a cloud mining scam?

A cloud mining scam sells contracts for mining power that either doesn't exist or never pays out as promised, sometimes running as a Ponzi. Given how few are legitimate and profitable, unverifiable cloud mining offers warrant heavy caution.

What is a recovery scam?

A recovery scam targets people who already lost crypto, promising to retrieve it for an upfront fee, then taking that too. Since blockchain transactions are irreversible, no one can genuinely guarantee recovery, so these offers are a second layer of fraud on victims.

Why is 'guaranteed returns' a red flag?

Guaranteed returns are a red flag because no legitimate investment can promise them, especially in volatile crypto. The phrase is a hallmark of Ponzi schemes and fraud, which rely on the promise of safe, high, certain profit to attract victims.

What is a clipboard hijacker?

A clipboard hijacker is malware that swaps a crypto address you copy for the attacker's, so you send funds to them without noticing. Verifying the pasted address before confirming any transaction is the reliable way to catch this.

What is a fake token listing?

A fake token listing uses a name or ticker identical to a real project to trick buyers into purchasing a worthless imposter. Always confirm the exact contract address from official sources, since names and symbols can be freely duplicated.

What is a Discord or Telegram scam?

Scammers infiltrate crypto community chats to post fake mint links, impersonate admins, or send phishing DMs. Admins rarely DM first, official links come only from verified channels, and treating unsolicited messages as hostile keeps you safer in these spaces.

What is an investment group scam?

An investment or signals group scam charges for 'expert' trade calls or promises managed returns, often funneling members into pump-and-dumps or Ponzi schemes. Skepticism toward anyone guaranteeing profits or urging deposits into their control is warranted.

What is a fake celebrity endorsement?

Scammers fake endorsements using deepfakes, edited videos, or hacked accounts to make it look like a celebrity backs a coin or giveaway. A famous face is not verification, so claims should be checked against the person's genuine, official channels.

Can I get scammed by connecting my wallet?

Yes. Connecting your wallet to a malicious site and then signing a request can authorize it to drain your assets. Connection alone is lower risk, but the signature that follows can be dangerous, so only interact with sites you trust and read what you sign.

What is a liquidity lock and why does it matter?

A liquidity lock places a project's trading liquidity in a time-locked contract so the team can't suddenly withdraw it and rug. Verifiable, meaningful locks reduce rug-pull risk, while unlocked or briefly locked liquidity is a warning sign for a new token.

What is a dusting attack?

A dusting attack sends tiny amounts of crypto to many wallets to try to trace and de-anonymize their owners by analyzing how the dust moves. It doesn't steal funds directly, but it can be a precursor to targeted phishing, so it's best not to interact with unexpected dust.

What makes crypto attractive to scammers?

Crypto's irreversible transactions, pseudonymity, global reach, and lack of a central authority to reverse fraud make it ideal for scammers. Once funds are sent, they usually can't be recovered, which raises the stakes on avoiding fraud in the first place.

How do I protect myself from scams?

Protect yourself by never sharing your seed phrase, verifying links and contracts through official sources, ignoring unsolicited offers and guaranteed returns, using hardware wallets, and pausing whenever there's urgency. Skepticism and slowing down defeat most scams.

What is a fake KYC or verification scam?

A fake KYC scam poses as an exchange demanding urgent 'verification' via a phishing link that harvests your login or seed phrase. Legitimate verification happens inside the official app, never through emailed links pressuring you to act immediately.

What is a Telegram trading bot scam?

Some trading bots promoted in chats are designed to steal the funds or keys users connect to them, or to execute hidden trades. Granting a bot control over your wallet is inherently risky, so unverified bots promising easy profits should be avoided.

What is impersonation on social media?

Impersonation is when scammers copy a real project's or person's name, logo, and posts to push fake links or giveaways. Checking for verified accounts, follower history, and official cross-references helps distinguish the genuine account from a convincing fake.

What is a malicious browser extension?

A malicious browser extension can read what you do online, alter pages, or steal wallet data. Installing only trusted extensions, reviewing their permissions, and removing ones you don't use reduces the chance one compromises your crypto activity.

What is a fraudulent presale?

A fraudulent presale collects money for a token that never launches or launches worthless, with the team disappearing. Because presales are unregulated and often anonymous, they carry very high risk, and the promise of early access is easily used as bait.

What is the risk of unaudited contracts?

Unaudited contracts may contain bugs or intentional backdoors that let funds be stolen or trap buyers. An audit isn't a guarantee, but the complete absence of one, especially on a new or hyped token, sharply raises the risk of interacting with it.

How do I check a token contract for red flags?

Use blockchain explorers and token-scanner tools to check whether the token can be sold, who holds the supply, whether liquidity is locked, and whether the contract has risky functions. Concentrated holdings or a non-sellable token are strong reasons to avoid it.

What is a fake yield or staking platform?

A fake yield platform advertises high, steady returns to attract deposits it never truly invests, operating as a Ponzi until it collapses. Unusually high guaranteed yields and pressure to deposit more or refer others are the telltale signs.

What should I do if I've been scammed?

If scammed, stop sending funds immediately, move any remaining assets to a new secure wallet, revoke malicious approvals, document everything, and report to relevant authorities and platforms. Recovery is unlikely, so beware follow-up recovery scams that prey on victims.

Are crypto losses recoverable?

Crypto losses from scams are usually not recoverable, because transactions are irreversible and there's no central authority to reverse them. This finality is exactly why prevention matters so much, and why anyone promising guaranteed recovery is themselves a scammer.

Why does urgency signal a scam?

Urgency — limited-time offers, countdowns, or threats — is a manipulation tactic that pressures you to act before you can think or verify. Legitimate opportunities don't collapse if you take time to check, so pressure to rush is one of the clearest scam signals.

What is the safest mindset for avoiding scams?

The safest mindset is default skepticism: assume unsolicited offers are hostile, verify independently, never share your seed phrase, and accept that if something sounds too good to be true, it is. Slowing down and confirming beats nearly every crypto scam.

See the market live on BubbleLayer Do your own research the visual way — check a coin's real market cap, volume, and where it trades before you ever touch it.
Open the bubble map →

This page is for general information only, not financial or investment advice. Cryptocurrency is volatile and carries real risk of loss. Always do your own research and consult a qualified professional before making financial decisions.