Crypto & Web3 Scams

Developers launch a token or NFT project, attract investor funds, then abandon it and vanish with the liquidity.

Malicious smart contracts trick you into signing a transaction that transfers all your tokens and NFTs to a scammer.

Fraudulent token distribution announcements that lead to phishing sites or wallet-draining approval requests.

Fraudulent NFT collections take mint payments and deliver nothing, or use fake mints to drain wallets.

Platforms promising unrealistically high staking or yield returns that are either exit scams or Ponzi schemes.

Scammers send tiny transactions from addresses that look identical to your regular contacts, hoping you will copy the wrong address for future transfers.

Scammers use fake support, fake wallets, or alarming prompts to trick you into revealing your wallet's recovery phrase.

Fake celebrity or exchange giveaways that promise to double your crypto if you send it first — and keep everything sent.

Imposters posing as exchange customer support trick you into revealing credentials, seed phrases, or approving withdrawals.

Fake DeFi protocols promise high yields for providing liquidity, then drain your wallet when you connect and approve.

Fraudulent token launches collect presale funds then abandon the project, leaving investors with worthless or non-existent tokens.

Coordinated groups artificially inflate a low-value token's price, then dump their holdings on retail buyers who bought in during the hype.

Counterfeit or tampered hardware wallets — or phishing via fake manufacturer sites — that steal seed phrases and drain funds.

Fraudulent tools that ask you to connect your wallets or enter your seed phrase under the guise of calculating your crypto tax liability.

Malware that silently replaces a cryptocurrency address you have copied with the attacker's address, redirecting your transfer.

Fraudulent job offers in the crypto industry that steal funds, harvest credentials, or install malware through the hiring process.

Fraudulent hardware sales or cloud mining contracts that collect payment for mining equipment or capacity that is never delivered or does not generate the promised returns.

Platforms claiming to let you automatically mirror the trades of expert crypto traders, where the 'expert' returns and the platform itself are entirely fabricated.

Fraudulent services targeting people who have already lost money in crypto scams, promising to trace and recover funds in exchange for upfront fees.

Phishing sites mimicking DeFi protocols or wallet interfaces that steal connected wallet funds through malicious contract approvals during 'flash loan' or yield interactions.

Fake yield farming platforms advertise impossibly high annual percentage yields to attract deposits, then prevent withdrawals until victims have deposited substantially more funds.

Fraudulent NFT projects that use a celebrity's name, image, or fabricated endorsement to attract buyers to a mint that either delivers worthless tokens or drains wallets.

Fraudulent accounts impersonating major cryptocurrency exchanges or wallets announce giveaways requiring users to send crypto first to receive double back — and keep everything sent.

Fraudulent cross-chain bridge sites mimic legitimate bridging protocols to drain wallets the moment a user approves a transaction.

Scammers build romantic or friendly relationships online before introducing a supposedly exclusive crypto mining pool that generates consistent returns until the victim tries to withdraw.

Fraudulent airdrop sites mimic real token distributions to trick users into approving wallet-draining transactions or submitting seed phrases to claim non-existent tokens.

Bots and bad actors exploit Ethereum's transaction ordering to front-run and back-run user trades, extracting value by sandwiching legitimate swaps and delivering worse prices than expected.

Attackers exploit weaknesses in DeFi price oracles to manipulate the prices that smart contracts rely on, enabling theft from lending protocols, synthetic assets, and prediction markets.

Attackers trick users into signing off-chain permission messages that authorise a malicious contract to spend or transfer their tokens — without any transaction gas or obvious on-chain action.

Attackers send tiny amounts of cryptocurrency to target wallets to link pseudonymous addresses to real identities, enabling targeted phishing, extortion, or further wallet attacks.

Attackers accumulate or flash-loan governance tokens to pass malicious proposals that drain a protocol's treasury, alter fee structures, or mint new tokens to an attacker-controlled wallet.