changehero Blog

How to Avoid Crypto Scams? A Beginner’s Guide
Author: Catherine
icon of calendar

It seems not a day goes by without news of a new type of crypto scam. They can be nontrivial like the hack of Beeple’s Twitter account a couple of weeks ago, but the oldest tricks in the book also seem to be widely used. Take this guide with practical advice to be equipped against falling for a crypto scam!

The Most Common Types of Scam in Crypto


The aforementioned hack of renowned NFT artist Beeple happened on May 23. Attackers placed a link that masqueraded as a website dedicated to a recently unveiled collaboration between the artist and fashion brand Louis Vuitton.

In fact, this is probably the most common type of crypto scam there is. Users who click the links are taken to a website that either has a form to input data (such as private keys) or gain access to one’s wallet automatically.

How to recognize phishing?

Social Engineering Attacks

pedestrian walking road sign with a sticker saying trust plastered over the figure
Photo by Bernard Hermant on Unsplash

Another common vector of attack not only in crypto but tech as a whole is users themselves. Phishing is an adjacent form of such scams, and you will see why.

Very often, it is not even necessary to set up a fake website, construct a protocol, or come up with an elaborate scheme. Sometimes, scammers get to your money by getting you to trust them (and sometimes by extortion).

Let’s have a look at a couple of examples: take the Twitter hack of 2020. A hundred-something verified accounts, from Apple to Barack Obama, tweeted out a message: send some Bitcoin to a specified address and get double back. You wouldn’t trust any random bot account but when it comes from CZ or Coinbase, at least someone is inclined to think they truly are “giving back to community” this way.

Of course, there are more inventive ways to part people with their money by playing with their feelings and emotions — sometimes, more literally than figuratively. Cointelegraph reported that Silicon Valley has been overtaken by a wave of ‘pig-slaughtering’ or butchering scams.

In this type of scam, users match with scammers or their accomplices in dating apps, who then spend weeks winning a victim’s trust and getting them to send crypto to scammers through a dodgy website or address. Given the Silicon Valley demographics, the victims of these scams may be more tech-savvy than an average Joe — but they are not immune to such predatory practices.

How to recognize a social engineering attack?

How to not fall for a social engineering attack?

NFT Scams

To no one’s surprise, the NFT market has also brought an array of “new and exciting” ways of scamming people. In the NFT scene, it is arguably even worse than in crypto at large.

Of course, you have phishing and social engineering attacks here as well, and the advice above applies here as well. However, you should also watch out for counterfeit tokens.

This could mean NFTs minted from a stolen artwork, or NFTs which will drain your wallet lest you so much as transfer them yourself. With the first, you could end up with a token with a link leading to a DMCA takedown notice instead of the artwork, and there is not much you can do about the second one, either.

How to recognize scams in the NFT market?

How to not fall for an NFT scam?

Pump-and-dump & Rug Pull

Both of these refer to a trading scheme as old as the stock market but made even more popular in the crypto space. In these events, the price of a token is inflated with insider trading, who then sell it on top and drive the price back to the ground.

One of the better-known recent examples of a rug pull was the SQUID token. The meme coin rallied 45,000% up before coming down to (almost) zero.

The red flags were there but somehow the team managed to escape with $3 million in liquidity. You wouldn’t want such things to happen at your expense, would you?

How to recognize a pump-and-dump?

How to not fall for a pump-and-dump?

How to Avoid Being Scammed?

In addition to the advice above, we have also asked our CMO Alex to give some insights into crypto security. Take a look at his advice to keep your investment safe and sound!

General advice:

  1. Double- and triple-check the URLs. This is the measure to follow at all times. Before you click a link or interact with the website, for example, by connecting your wallet, have a good look at the URL and make sure it is legitimate. Otherwise, you could be on a scammer’s website and not even realize it.
  2. Do not trust anyone in your Discord or Twitter DMs. With each passing day, social scams become more and more elaborate. Fraudsters will explore your socials and engineer a story for you specifically. For example, a scammer pretends to speak on behalf of a company looking for cross-promotion. When given a pass, they send out a file with a “contract”, which leads us to—
  3. Do not open files sent by strangers. A file can turn out to be a script that brute-forces a password or a seed phrase or even hijacks the computer to eventually provide a hacker with access. Even a .png file can contain a script — scammers would often rename the files to confuse you.
  4. No rush. Take a breath in and breathe out when sending a transaction. FOMO can push you to make crazy decisions: think buying an overheated coin at a top/bottom (hi, LUNA and GST). Stealth drops were pretty popular last year, like GoGos on Tezos, which launched without prior notice.
  5. Be cautious with verified accounts on Twitter. Hacking those seems to be getting more common. Scammers get access to stolen verified accounts to feign affiliation to reputable projects, such as BAYC or Moonbirds.
  6. Use a cold crypto wallet. If you take your crypto holdings seriously, cold storage in a hardware wallet is a must. Trezor and Ledger are popular options.

Specific advice:

  1. View the entire history of a coin’s price, not the past month only. Day traders and crypto maxis only look at the current trend in the asset, without noticing that there may be artificial pumps at the time of listing.
  2. Review the fundamentals of a coin. Studying social media, and asking the community can be vital prerequisites for mid- and long-term purchases. Too often buyers are blinded by marketing (STEPN) or the appeal to authority (Dogecoin), and the next thing you know, they are losing millions.
  3. Read the whitepapers. If a coin offers 20% or more for a bounty or a ridiculous APY, while the community pool distribution is a mystery, it’s better to walk away from it.
  4. Run a background check on the team. Scams are quite often perpetrated by the same people who were complicit in dubious or outright fraudulent schemes. Googling or checking the LinkedIn of the developers and founders would never hurt.


If you get scammed out of your money — ultimately, it is not your fault. However, it is in your power to prevent it from happening. Following these pieces of advice can help you to navigate the crypto space safely and worry-free.

Did you know? We have even more useful guides in our blog! If you want updates daily, why not sign up on our X, Facebook, and Telegram?