Content type: How-To Guide
Crypto scams cost victims over $5.6 billion in 2023 alone according to the FBI’s Internet Crime Report, and losses have continued rising into 2025 and 2026. The good news: virtually every common scam follows a recognizable pattern. Learning those patterns is the most effective protection. This guide covers the seven most prevalent scam types and the exact signals that reveal each one.
- Key Highlight: Pig butchering scams are now the highest-grossing fraud category in crypto, generating billions annually via long-term relationship manipulation.
- Key Highlight: Phishing sites targeting MetaMask, Ledger, and major exchanges are often indistinguishable from the real thing. Always check the URL.
- Key Highlight: No legitimate project, exchange, or influencer will ever ask for your seed phrase. Ever.
- Key Highlight: Rug pulls occur when a project’s founders drain the liquidity pool and disappear. Anonymous teams with no audited contracts are a major red flag.
- Key Highlight: Romance scams and investment fraud increasingly use AI-generated personas that are difficult to distinguish from real people.
Rug Pulls: When the Project Disappears Overnight
A rug pull occurs when a crypto project’s founders create a token, attract investor liquidity, and then drain the funds and abandon the project. The token price crashes to near zero within minutes. On-chain analytics firm Chainalysis identified rug pulls as one of the top sources of crypto fraud losses in its 2025 Crypto Crime Report.
Warning signs: anonymous founding team, no smart contract audit from a reputable firm (CertiK, Trail of Bits, OpenZeppelin), unlocked liquidity (meaning the team can withdraw at any time), and high-pressure social media campaigns pushing urgency. If a project’s roadmap consists mostly of price targets and “moon” messaging with no technical substance, treat it as a red flag.
Phishing Attacks: Fake Sites and Wallet Drainers
Phishing is the most common attack vector in crypto. Attackers create near-identical copies of exchange login pages or wallet interfaces, then drive traffic via Google ads, fake social media accounts, or email campaigns. You enter your credentials or connect your wallet, and the attacker gains access.
Wallet drainers are a more sophisticated variant: a fake dApp asks you to sign a transaction that approves the contract to transfer all tokens from your wallet. The approval looks routine but grants unlimited access to your assets.
Defense: bookmark the official URLs of every platform you use. Never click exchange or wallet links in emails or DMs. Use a browser extension like Pocket Universe or Fire (for Ethereum) that simulates transactions before you sign them.
Pig Butchering: The Long Con
Pig butchering (known in Mandarin as “sha zhu pan”) is an investment fraud that begins with a casual social media connection or dating app match. The scammer spends days or weeks building trust and eventually introduces a “trading opportunity” on a platform they control.
The fake platform shows impressive fake returns. Victims add more funds over weeks. When they try to withdraw, the platform demands taxes or fees. Eventually it disappears. The FBI reports average individual losses in pig butchering cases exceeding $300,000. If someone you met online is steering you toward a specific trading platform you have never heard of, stop immediately.
Fake Exchanges and Wallets
Fraudulent exchanges mimic real platforms with professional interfaces and fabricated trading data. Some operate for months, building a user base before executing an exit. Fake wallet apps appear in app stores with high review counts (purchased or farmed) and steal seed phrases on setup.
Only download wallets from official websites (metamask.io, ledger.com, trezor.io). Verify the developer name in the app store matches the official organization. For exchanges, cross-reference CoinGecko or CoinMarketCap which list verified exchange URLs.
Impersonation Scams: Fake Support and Celebrity Endorsements
Impersonation scams involve attackers posing as exchange support staff, project founders, or celebrities (Elon Musk and Vitalik Buterin impersonations have been persistent in crypto). They offer to “help” resolve an account issue or promise to match any crypto you send to a specific address.
No legitimate support team will ask you to send crypto or share your seed phrase. No one will double your crypto by sending it to them first. Official support channels are always in-app or via the platform’s verified website. Unsolicited DMs from any support account should be treated as attempted fraud.
Pump and Dump Schemes
Coordinated groups (often operating through Telegram or Discord) accumulate a low-cap token, generate hype through social media, and sell into the retail buying pressure they create. The token price rises sharply then collapses. Individual participants who buy during the pump often hold a near-worthless asset after the dump.
Warning signs: a token with low liquidity being aggressively promoted in multiple chats simultaneously, rapid price movements with no fundamental news, and promoters who claim the token will “100x soon.” These are the mechanical features of a coordinated pump.
Smart Contract Exploits and Malicious Approvals
When using DeFi protocols, you grant token approvals that allow contracts to move your assets. A malicious contract can request an unlimited approval, then drain your wallet in a subsequent transaction. Attackers embed these approval requests in fake airdrop claims, NFT mints, and “free token” promotions.
Use Revoke.cash or Etherscan’s Token Approvals tool regularly to audit and revoke unnecessary approvals on your Ethereum address. Limit token approvals to the exact amount needed when protocols offer that option.
The TCB View
Crypto scams in 2026 are more sophisticated, more patient, and better funded than at any point in the industry’s history. Pig butchering operations are now run by organized criminal enterprises in Southeast Asia with professional scripts and AI-generated personas. Phishing kits are sold as services on dark web marketplaces.
The defense is not technical complexity but behavioral discipline: slow down, verify URLs, never share seed phrases, and be deeply skeptical of any unsolicited investment opportunity. The single most protective habit is learning to recognize urgency as a manipulation tactic. When someone or something is pushing you to act fast, that is precisely when you should stop and verify everything.
Follow The Central Bulletin on X at @tcbnews365 to stay updated on crypto security threats.
The Daily Brief by TCB
Crypto, AI & finance intelligence in 5 minutes. Every weekday morning. Free.
