What is a scam? A comprehensive guide to recognizing and avoiding crypto scams

The cryptocurrency market is growing at a rapid pace, but along with it comes a significant increase in scams. According to data from Chainalysis, although losses from crypto scams in 2023 have decreased by 65% compared to the previous year, the total still amounts to billions of USD. This proves that understanding what scams are and how to recognize them is not only useful knowledge but also a mandatory requirement for anyone wanting to participate in this market.

What is a scam? From basic to detailed definitions

A scam is an intentional fraudulent act aimed at stealing assets or personal information from victims. Perpetrators often use sophisticated tricks, psychological manipulation, and exploit users’ lack of knowledge or vulnerabilities to achieve their goals.

In the context of cryptocurrencies, crypto scams are especially dangerous due to the immutable nature of blockchain. Once funds are transferred, recovery is nearly impossible. Scammers can operate from anywhere in the world, making legal prosecution extremely difficult.

Crypto Scam - Forms of deception in the digital currency world

Crypto scam refers to fraudulent activities related to cryptocurrencies, occurring in various forms. Each type of scam has its own modus operandi but all aim to steal investors’ assets.

The main difference between crypto scams and traditional fraud is the high-tech nature, anonymity, and difficulty in tracing. While traditional scams can often be detected through financial institutions, crypto scams usually operate directly from one wallet to another without intermediaries.

Phishing Scam: When impersonation becomes a tool for deception

Phishing is the most common scam in the crypto industry. Attackers impersonate emails, websites, or messages from reputable services to steal personal information and user accounts.

Phishing attacks often start with professional-looking emails requesting users to verify login details or update passwords. Once obtained, scammers can access victims’ wallets and drain all funds.

More sophisticated phishing cases include impersonating official exchange websites or wallet apps. For example, fake Ledger apps appearing on Microsoft Store have led thousands to download malicious versions and lose money.

Pump and Dump: Price manipulation for illicit profit

Pump and Dump scams involve market manipulation where developers or large token holders intentionally create FOMO (fear of missing out) waves to drive the token price up sharply. When the price peaks, they sell all their holdings, leaving other investors with worthless tokens.

This scam is particularly dangerous because it occurs on official exchanges and is hard to detect immediately. Investors only realize they’ve been duped when the token price crashes.

OTC Scam and P2P Scam: Deception in direct transactions

OTC (over-the-counter) or P2P (peer-to-peer) scam occurs when scammers demand payment upfront but then disappear or use deception tactics like sending the wrong amount.

The lesson here is to always use trusted intermediaries or conduct transactions on platforms with strong consumer protection mechanisms.

Exit Scam and Rug Pull: When a project suddenly “disappears”

An exit scam preys on user trust. After gaining community confidence, individuals or groups behind a project suddenly withdraw all liquidity and abandon the project. Users are left with tokens or assets of no value and no way to recover.

A rug pull is a variant of an exit scam, where developers design smart contracts so only they can withdraw liquidity, then pull out all funds to “cut the cord” beneath investors’ feet.

Other scam types to watch out for

Besides the common forms above, there are many other notable scams:

Impersonating celebrities or community groups: Scammers use images of KOLs or fake social media accounts to solicit investments in non-existent projects.

Fake apps and wallets: Fake websites or apps are created to trick users into downloading malicious versions, stealing private keys or seed phrases.

Ponzi schemes in crypto: Scammers promise high returns from investments but actually use new investors’ money to pay old investors, creating an endless cycle until the system collapses.

DNS attacks: Web access is redirected from official sites to scam sites via DNS record manipulation. Users visit the correct URL but are unknowingly led to fake sites.

Social media account hacks: Project accounts on X/Discord are hacked and used to spread scam links or fake airdrops.

Five signs indicating a project is highly likely to be a scam

1. Promising unrealistic profits

Projects advertising huge returns (30%, 50% per month) without factual basis are clear warning signs. Crypto profits are inherently risky and not guaranteed.

2. Lack of clear project information

If a project lacks details about its model, team, or investors, be cautious. Legitimate projects usually disclose comprehensive information.

3. Excessive advertising without a real product

When a project spends heavily on marketing but has no tangible product or features, it’s often a red flag.

4. No third-party security audits

Scam projects tend to avoid audits by reputable security firms, as audits can reveal intentional vulnerabilities.

5. Using identical domain names and logos of major projects

Scammers try to deceive users by copying domain names (e.g., replacing “n” with “m” in URLs) or logos of trusted platforms.

Practical strategies to avoid scams

Thorough research before investing

Never invest in a project without understanding it. Read whitepapers, study the business model, research the development team, and understand how the platform works.

Check project info on trusted platforms

Use CoinMarketCap, CoinGecko for official info. Also, consult ScamAdviser, CryptoScamDB, or Coinopsy to see if the project is flagged as a scam.

Protect personal information

Never share private keys or seed phrases with anyone, including project admins or staff. This is a golden rule with no exceptions.

Use reputable and secure wallets

Choose well-known, security-verified wallets like Ledger or Trezor instead of unknown or unverified wallets.

Enable two-factor authentication and anti-phishing codes

On reputable exchanges, activate 2FA and anti-phishing features. These add layers of protection against phishing and unauthorized access.

Verify security audits

Before investing in a token or dApp, check if the smart contract has been audited by reputable firms (SlowMist, CertiK, Trail of Bits).

Revoke token allowances after each transaction

After interacting with dApps (Uniswap, Balancer, etc.), revoke token allowances to prevent exploits from security loopholes.

Be cautious with unknown links

Avoid clicking on links from suspicious sources or social media accounts. Always type URLs directly into your browser or use bookmarks.

Don’t let emotions drive decisions

FOMO (fear of missing out) is what scammers want to trigger. Don’t invest under time pressure or because friends are doing it.

Notable scams and lessons learned

Confio - 2017 Exit Scam

Confio raised $375,000 via ICO in late 2017. Soon after, the team disappeared. Token price plummeted from $0.6 to $0.1 in less than two hours. Early investors had no way out.

Centra - 2018 ICO Scam

Centra raised $32 million with backing from celebrities like Floyd Mayweather and DJ Khaled. In April 2018, founders were arrested. The token lost nearly all value after news broke. Celebrity endorsements are not always trustworthy.

MiningMax - Cloud Mining Scam

MiningMax promised investors a $3,200 investment with daily ROI over two years plus $200 referral bonuses. The site scammed up to $250 million before shutting down. A classic Ponzi wrapped in mining hype.

Bitconnect - Ponzi Pyramid Scheme

Bitconnect operated for a year with massive followings and aggressive marketing, but used multi-level schemes to pay old investors with new funds. Market cap hit $2 billion with a token price of around $320. Within 24 hours of collapse, the token dropped to $6.

LayerZero - Discord account hack

LayerZero CEO Bryan Pellegrino’s Discord account was hacked on July 5. The hacker posted a scam link titled “claim ZRO tokens,” leading many to believe an airdrop had started. A common scenario among airdrop hunters.

What if you get scammed?

Recovering funds is very difficult, but not impossible. If funds are being transferred to centralized exchanges, contact the exchange immediately to try to freeze the account.

In most countries, including Vietnam, crypto scams are illegal. You can report the incident to local authorities or consumer protection agencies.

Gather all evidence—blockchain transaction records, emails, messages, links—to support your case if you seek legal or official help.

Conclusion: What is a scam? How to protect yourself

Crypto scams are a reality every investor faces. However, by equipping yourself with essential knowledge and maintaining high vigilance, you can significantly reduce the risks.

Remember: Knowledge is the best defense against scams. Always research thoroughly, never share personal info, and don’t let emotions influence your decisions. When in doubt, seek support from the community or experts.

The crypto market offers opportunities but also dangers. Proper preparation is the key to long-term success.