How to identify common crypto scams and protect yourself

For that reason, one of the most effective forms of protection is understanding the common forms that crypto scams tend to take, what warning signs they exhibit, and what practical steps can be taken to avoid becoming a victim.

Pig Butchering Scams

Although pig butchering is perhaps one of the most common crypto scam models, the underlying behaviour is not new or specific to the crypto world. It is essentially a confidence-based fraud where trust is built over time. For that reason pig butchering can take many forms, from fake investment platforms, to romance scams.

A seemingly credible opportunity is introduced, and a victim is gradually persuaded to part with increasing sums. Often trust is built by allowing the victim the opportunity to withdraw supposed gains from the investment, which is then promptly followed by identification of another attractive investment opportunity which the victim will be persuaded to invest in.

The contact may begin through social media, forum boards, messaging apps, a dating platform, or even a “wrong number” text. The fraudster will often appear professional, patient, friendly, and financially knowledgeable and successful.

They will often spend weeks or months building rapport and creating trust with the victim. Eventually, they will introduce the victim to a trading platform, account manager or specific trading strategy that generates strong returns.

It is often easy, and perhaps more comforting, to think of these scams being perpetuated by one-man bands. The reality is usually a lot more disturbing. There are whole organised scam factories operating like organised businesses, and teams of individuals working together to perpetuate these scams. 

They will usually have a very polished and professional looking façade, including their website, the fake investment platform itself, and the individuals the victim may have day to day contact with. They will often present official looking qualifications and accreditations, and everything about their image and communications with the victim is carefully curated and designed to build trust with victims.

In reality, the platform, website, names, qualifications, and demonstrated returns is fake. The profits displayed or claimed are fictional. Victims may even be allowed to withdraw a small amount at an early stage to reinforce the illusion that the investment is genuine.

Once larger sums have been transferred, there will usually be more requests for deposits, often using time pressure tactics and citing a change in the market which requires additional funds to be deposited. Should the victim communicate they want to withdraw their investments, they will be requested to make additional payments for gas fees, unlock fees, compliance fees or even taxes.

Warning Signs:

• An online contact becomes unusually friendly, attentive, and persuasive, and will perhaps try to steer conversations so as to get an idea of your financial means.
• The contact may request to move communications to a more private platform, such as Telegram, Signal or Session.
• The contact may begin to discuss investment performance with the victim, and ask direct questions about their investment experience and present themselves as a person with a lot of financial and investment knowledge.
• The victim may be introduced to a platform or app under the guise that it is an investment platform. The victim will often be tempted with promises of high returns and guarantees.
• The victim may be told to act quickly and keep the opportunity private. They may be introduced to a particular account manager or point of contact.

How to reduce risk:

• Be cautious with online contacts, particularly where conversations lead to investment discussions, opportunities, or general finances.
• Independently verify any platform you are thinking of depositing funds to or sending cryptoassets to. Verifying means more than just looking at its website or app. As a minimum, it is worth checking the FCA’s register to see whether the firm is authorised and has permission for the services in question, as well as reviewing the FCA’s warning list and doing a thorough search online.
• Treat any pressure to move quickly, keep the opportunity private, or pay more money to unlock funds as a serious red flag.

Romance Scams

Romance scams overlap closely with pig butchering, but the emotional element is often more pronounced and so can be an even more manipulative and insidious form of scam.

In these cases, the scammer presents as a genuine romantic partner. They may claim to be overseas, travelling for work, or facing some urgent difficulty so that they cannot meet in person.

Sometimes the request for funds or cryptoassets is framed directly once enough of a bond and trust has been established, in other cases, the victim is guided towards sending money or crypto on the premise of medical emergencies, unexpected circumstances, or as a supposed route to a shared future.

The emotional dynamic can make these scams very difficult to identify from within. Victims are not simply responding to an investment pitch, but rather they feel they are acting within a relationship they feel to be genuine.

Warning Signs:

• The person avoids meeting in person or always has a reason as to why they cannot meet in person.
• The person may have a lack of an online presence, and may ask for secrecy or discourage you from speaking to friends and family about them.
• Their photographs and life story may feel very polished, but difficult to verify.
• They encourage exclusivity or emotional dependence, often showing very intense and flattering attention to the victim.
• They may steer conversations towards money, investments or financial difficulties, and may try and guide the conversation so that the victim offers help.

How to reduce risk:

• Be cautious where someone you have only met online asks for money or suggests investments.
• Reverse-search profile images where possible, but be aware that AI can now be used to generate photo realistic images based on a prompt, and these will typically not show in reverse image searches.
• Speak to a trusted friend of family member.
• Ask yourself is the person you are in contact with behaving as a normal person would.

Fake investment platforms

Again, there is significant overlap with pig butchering, but not every crypto investment scam involves prolonged trust building or personal manipulation which is required for pig butchering scams.

In many cases, the deception centres instead on the platform itself. The victim may come across what appears to be a legitimate investment website or app through an advertisement, social media, promotion, search result, or online introduction, without any extended relationship with the fraudsters in the background.

These platforms are designed to project legitimacy. They usually appear sophisticated, with professional branding, account dashboards, live tickers, apparent trading activity and customer support functions. However, in reality, the platform is entirely fictitious and will typically be displaying fictional balances and fictional profits in order to induce further deposits.

Essentially, the victim is persuaded to believe that they are using a genuine trading or investment serviced, when in fact, they are simply transferring value to the scammers. Victims will usually be encouraged to transfer crypto to wallet addresses associated with the platform, after which fictional balances and gains are displayed on screen. The scam often only becomes clear when the victim tries to withdraw significant sums and is told more payments are required.

Warning Signs:

• The platform or site is not one you have heard of before, and difficult to verify externally.
• The website makes claims of guaranteed returns and performance, which will often sound too good to be true.
• Withdrawals may be blocked pending further payments for unlock fees, gas fees, or taxes.
• The customer support team becomes evasive or aggressive when questions are asked.

How to reduce risk:

• Check whether the platform is regulated and where regulation is said to exist.
• Search for the platform independently rather than relying on links on the site.
• Treat any requirement to pay money in order to receive your own funds as a serious red flag.
• Be cautious of any platform promoted through informal messaging channels, forums or social media posts.

Recovery Scams

Recovery scams target those who have already lost money or crypto. This makes them particularly cruel and devious, as they tend to exploit the feelings of vulnerability scam victims often feel in the immediate weeks and days after realising they have been targeted. 

The approach may come from someone claiming to be a recovery specialist, regulator, investigator, exchange representative, or a lawyer. They will often claim that they have identified assets that they believe belong to you, and that they have frozen these assets in a wallet or account pending your confirmation that they are yours, and of course, upon payment of an upfront fee.

In most cases, the recovery does not exist at all. In some instances, the recovery scam may be linked to the same individuals behind the original fraud.

It is important, however, not to confuse recovery scams with legitimate professional assistance. Genuine lawyers and specialist advisors, such as tracing experts, may well require payment of a fee in order to begin work. However, a legitimate lawyer will be identifiable, capable of independent verification, engaged on clear terms, and will be instructed to carry out legal or investigative work under a defined scope of work to assess the facts, advise on the available options, and where appropriate, take steps to pursue recovery of assets. 

On the other hand, a recovery scammer will typically promise a result first and demand payment as the price of obtaining it.

Warning Signs:

• You are contacted unexpectedly by someone claiming to have found your missing crypto.
• You are told recovery is guaranteed.
• You are asked to pay upfront in order to release funds supposedly already identified and frozen.
• The person invokes regulators, law enforcement or legal terminology in a vague or theatrical way.
• The pressure to engage them increases when you hesitate and they may cite vague or unclear time pressures.

How to reduce risk:

• Treat unsolicited recovery approaches with extreme caution.
• Independently verify the identity and credentials of any person or firm offering assistance. For example, qualified lawyers and regulated firms can be verified by checking the SRA’s solicitor register.
• Be wary of guarantees, especially in a field where outcomes can be very fact-specific.
• Do not make further payments simply because someone says your assets have already been frozen or found.

Address Poisoning

Address poisoning is slightly different from many of the other fraud mechanisms considered in this article. It is less of an orchestrated scam in the conventional sense and more of an attack vector used to misdirect transfers of cryptoassets.

Because address activity is visible on the public blockchain, a bad actor can review the transaction history and identify which addresses that user has interacted with before, including addresses used repeatedly. For example, it may be possible to identify likely centralised exchange deposit addresses used by a user, or other addresses operated by the user to hold or trade assets.

The bad actor will then seek to generate a new address designed to closely resemble that address, usually by matching opening and closing characters, such that it will appear familiar at a glance. They will then typically send a small transaction from the lookalike address to the victim’s wallet so that it appears in the victims transaction history.

The risk arises when the victim later looks to make a transaction, and given the similarity in the addresses, copies the lookalike address and sends cryptoassets to the wrong destination.

Unlike many crypto scams, address poisoning does not usually depend on an inducement, or exploitation of a perceived relationship. This scam relies on user habits and misjudgement, particularly given that many users only verify the first and last few characters of a familiar address before sending a transaction.

Warning Signs:

• A small, unsolicited transfer appears in your wallet history.
• An address in your history looks familiar at a glance but is not identical to a known address you have verified and interacted with before.

How to reduce risk:

• Do not rely on transaction history alone when selecting a destination address.
• Always verify the full address not just the first and last few characters.
• Use whitelisted functions where available.
• When making substantial transfers of cryptoassets, it is always good practice to send a small test transaction first.

Approval Phishing and Malicious Wallet Connections

Some scams operate by tricking the victim into granting permissions from their wallet to a malicious smart contract or fraudulent decentralised application (dApp). Once those permissions have been granted, control of the victims wallet is essentially surrendered to the scammers and they will be able to execute transfers without involvement from the victim.

These scams often arise through fake airdrops, NFT mint pages, cloned DeFi interfaces, and spoofed support links. 

Warning Signs:

• You are asked to connect your wallet to a site that has been sent to you.
• The site urges immediate action to claim rewards, mint an NFT, fix a wallet issue, or participate in a limited time opportunity.
• You are prompted to sign a transaction or approval you do not fully understand.
• The branding resembles well known DeFi protocols and platforms, but the URL is slightly different.

How to reduce risk:

• Always check and double check before you connect your wallet to a site. Never connect a wallet simply because a link was sent to you.
• Check all URL’s carefully.
• Never sign a transaction, permission or approval for anything you do not fully understand.
• Revoke unnecessary approvals periodically.

Impersonation and Social Media Scams

Another growing method deployed by scammers harnesses AI and the ability to generate convincing deepfake videos and images of well known, trusted personalities.

A scammer will typically pretend to be a celebrity, influencer, or project founder and will make claims that if you send a certain amount of crypto to a certain wallet address, you will receive more back. Variants also include fake support desks from reputable exchanges, and cloned social media profiles.

These scams rely on urgency, borrowed credibility, and the speed at which some users will act on social media content without verification.

Warning Signs:

• A public figure or major brand appears to be offering a limited time crypto giveaway.
• You are told to send funds in order to receive a larger amount back.
• Social media posts may have replies disabled, or it seems comments are heavily managed with overwhelming amount of positive and confirmatory comments.

How to reduce risk:

• Remember legitimate businesses and public figures will not ask users to send crypto in order to receive more back.
• Be cautious of social media urgency and hype.
• Verify any promotional posts from public figures through official website and verified channels.

Malware based scams

Malware based attacks are typically aimed at compromising the environment and interfering with the systems in which a user deals with and manages their cryptoassets, such as their phone or laptop.

Malware can take many shapes and forms, for example keyloggers, trojans, and spyware.

One particular form of malware utilised in crypto theft cases is clipboard hijacking malware. Given that wallet addresses are long hexadecimal codes, they do not lend themselves to being memorised easily or typed in on the go. As such, it is common for users to use copy paste function to select relevant addresses when making a transaction.

Clipboard hijacking malware essentially interferes with the users clipboard and if it detects a crypto address, it will replace it with their own, in the hope that the user will paste the address and execute a transaction, sending crypto to the scammers.

Warning Signs:

• Your copied address appears to change after pasting.
• Your device behaves unusually, runs slowly, or shows unexplained and unprompted windows and command prompts.
• Security settings change inexplicably.
• Unrecognised applications appear on your device.

How to reduce risk:

• Keep devices and software updated, and do not download or interact with unfamiliar files or applications.
• Maintain and keep updated anti-virus and anti-malware security tools, and run frequent checks.
• Before making any transactions, check and double check the intended recipient address.
• Be cautious about browser extensions.

Final Thoughts

Although the mechanics of crypto scams differ, they usually share common warning signs such as an urgency to act, discouragement from consulting others, demands for payment to unlock transfers, and reluctance to allow independent verification.

No set of precautions can eliminate risk entirely, but the points provided above can help and should be adopted as a matter of good practice.

If something has already gone wrong and funds have already been sent, early action can be important. Victims should not assume that all is lost is if a scam has succeeded. Crypto assets leave a permanent digital trail, which often lead to a trail in the real world.

Crypto can be traced and meaningful recovery can be made with the right action, strategy and legal advice. The key is to act promptly, preserve evidence, and seek specialist advice.