Common Crypto Scams 2026: 6 Patterns and How to Avoid Them

Why scams thrive in crypto#

Three properties of crypto make it the perfect medium for scams:

1. Transactions are irreversible. Once funds leave your wallet, there's no chargeback, no fraud department, no calling your bank.
2. It's pseudonymous. Catching the person behind the address is hard. Recovering the funds even when they're caught is harder.
3. The space is technical and intimidating. Beginners often feel they should already know things, so they don't ask before signing.

Scammers know all of this. Their tactics are designed to bypass exactly the moments where you'd normally pause and verify.

Below: the 6 patterns that account for most beginner losses in 2026, with a "how to spot it" and "how to avoid it" for each.

---

1. Fake exchange websites (typosquatting)#

The most common entry point for losses. You search Google for "Binance" or "Coinbase," click the top result, and end up on binance-exchange.io or coinbase-secure.com — sites identical to the real ones except they harvest your login + 2FA, then drain your account.

How to spot it#

• The URL is slightly off: extra word, hyphen, wrong TLD (.io, .app, .net instead of .com).
• The site is the top paid ad, not the first organic result. Google ads are a major scam delivery channel.
• The site asks for your seed phrase as part of "login" or "verification." No real exchange does this.
• Subtle visual differences: slightly off logo, missing language selector, fewer footer links than the real site.

How to avoid it#

• Bookmark the real URLs of any exchange you use. Always access them from the bookmark, never from a search.
• Install uBlock Origin — it blocks most malicious ads at the source.
• Look at the URL bar carefully before entering credentials. Letter-perfect, top-level domain correct.
• If anything feels off, close the tab and start over from your bookmark.

---

2. Wallet drainer pop-ups#

You connect your wallet to what looks like a legitimate DeFi app or NFT site. A pop-up asks you to "sign to enter," "claim your airdrop," or "verify your wallet." You sign. Within seconds, every valuable token in your wallet is gone.

The signature wasn't a login — it was a permission that authorized a thief to move your tokens.

How to spot it#

• A pop-up appears immediately when you connect your wallet, before you've done anything.
• The signature request says things like "approve unlimited spending" of a token, or "setApprovalForAll" for an NFT contract.
• The site URL doesn't match what you typed (you searched "Uniswap," ended up on uniswap-pro.app).
• A site that's normally free is asking you to sign something just to use it.

How to avoid it#

• Read every signature prompt. Modern wallets like MetaMask and Rabby show what you're authorizing. If you don't fully understand what you're signing, reject it.
• Use Rabby (or a similar transaction-preview wallet) when interacting with DeFi — it shows the simulated effect of a transaction before you sign.
• Bookmark the real DeFi app URLs (app.uniswap.org, app.aave.com, etc.) and use bookmarks only.
• Periodically clean up old approvals with Revoke.cash — granted permissions persist indefinitely until you revoke them.
• For larger holdings: keep them in a hardware wallet you don't connect to web3 apps. Use a separate, low-balance hot wallet for DeFi experiments.

---

3. Romance / "pig butchering" scams#

The most financially devastating category by far. A stranger messages you on a dating app, LinkedIn, or Instagram. The conversation moves to WhatsApp, develops into months of warmth and trust. Eventually, they mention a "crypto opportunity" — a platform they trade on with great returns.

You make a small deposit. The platform shows your balance growing. You make a larger one. When you try to withdraw, the platform asks for "tax fees," "verification fees," "minimum balance fees." You pay. The withdrawal never comes. The person disappears.

The name "pig butchering" (literal translation from Chinese: shā zhū pán) refers to the slow process of "fattening up" the victim before the slaughter — the financial extraction.

How to spot it#

• Sudden, unsolicited contact from an attractive stranger that quickly becomes intense.
• Move to off-platform messaging (WhatsApp, Telegram) early in the conversation.
• Reluctance to video chat or visible inconsistencies between what they say and what's verifiable about them.
• Steers conversation toward investing — they share screenshots of their trading profits, mention a "platform my uncle introduced me to."
• The recommended platform is not a known exchange — usually a slick-looking site you've never heard of, often with a downloadable app outside the App Store.
• "You can't withdraw until you pay X" — the giveaway. Real exchanges don't gate withdrawals on additional fees.

How to avoid it#

• Treat any investment advice from someone you met online as hostile until proven otherwise. Real friends don't pitch you on trading platforms.
• Stick to major regulated exchanges (Binance, Coinbase, Kraken). If you've never heard of the platform, that's a serious red flag.
• If you're already deep in one of these conversations and you suspect you're being scammed: stop sending money immediately, save all evidence, and report. The relationship was the scam.
• Tell someone in your life what's going on. Pig butchering survives on isolation; a second opinion breaks it.

---

4. Fake "support" DMs#

You post a question in a public crypto Discord, Telegram, or Twitter about a wallet issue. Within minutes, "MetaMask Support" or "Trust Wallet Help" DMs you, offering to fix the problem. They send a link to a "validation tool" that asks for your seed phrase. Or they walk you through "syncing your wallet" to a malicious site.

How to spot it#

• They DM you first. Real support — for any wallet, ever — does not initiate contact via DM.
• The username is almost right: MetaMask_Support_Official, TrustWallet.Help, Phantom_Team_Help. Real support comes from the wallet's verified app or website ticket system only.
• They ask for your seed phrase, private key, or to "sync" by entering credentials on a site.
• Urgency: "your funds are at risk if you don't act in the next 10 minutes."

How to avoid it#

• No legitimate wallet, exchange, or crypto company sends unsolicited DMs. Block on sight.
• For real support, go to the wallet's official site → Support / Help → submit a ticket.
• Never share your seed phrase or private key with anyone, including "support." Anyone asking is a scammer, with zero exceptions.

---

5. Rug pull tokens#

You see a token (often a memecoin) blowing up on Twitter and Telegram. The chart is straight up. Hype is everywhere. You buy in. Within hours or days, the team removes liquidity, the chart goes to zero, the project's Twitter and website disappear.

Most rug pulls are launched on a DEX like Uniswap or Raydium where anyone can list a token in minutes with no review.

How to spot it#

• Anonymous team with no track record, no LinkedIn presence, no verifiable identity.
• Hype-heavy, substance-light marketing. The Twitter says "1000x," "next gem," "early call" — no clear product or use.
• Liquidity is not locked, or is locked for an extremely short period (you can check on services like DexScreener or Birdeye).
• A small number of wallets hold a huge percentage of the token supply (visible on Etherscan / Solscan).
• Token is suddenly featured in many Telegram / Discord groups simultaneously — coordinated promotion, often paid.

How to avoid it#

• For a vast majority of beginners: just don't trade memecoins or low-cap tokens. The math is brutally bad on average. See memecoins for beginners 2026 for the honest picture.
• If you do, treat it like a casino: only put in what you'd happily lose, and don't chase your losses.
• Check liquidity lock + holder distribution before any new token purchase.
• Be skeptical of anything labeled "the next [popular coin]."

---

6. Giveaway scams (impersonating founders)#

A tweet (or YouTube live stream) appears from "Elon Musk" / "Vitalik Buterin" / "CZ Binance" / "Coinbase": "I'm giving back to the community! Send 1 ETH to this address and I'll send 2 ETH back. First 100 people only!"

The video is often a stitched-together livestream of a real public talk by the person, captioned to look like a real giveaway. The "verified" account has a blue check (which now costs $8/month, so means nothing). People send. Nothing comes back.

How to spot it#

• "Send to receive" — this format alone is enough. Real giveaways never require you to send funds first.
• The account is a recent impersonator (created last month, few real followers).
• The livestream chat is bots only — repeating the same "I just received 2 ETH!" claims.
• The countdown / "100 spots only" urgency.

How to avoid it#

• No real founder of a major crypto project runs a "send to receive" giveaway. None. Ever.
• Treat anything in this format as 100% scam, instantly, without engaging.
• If you want to verify whether a real promotion is happening, check the project's official website — never the Twitter post or YouTube stream itself.

---

What to do if you've been scammed#

Speed matters, but expectations matter more — most stolen crypto isn't recovered.

1. Stop the bleeding. Move any remaining funds to a brand-new wallet (new seed phrase, new device). Revoke all token approvals via Revoke.cash.
2. Document everything. Screenshots, transaction hashes, the scammer's address, the URL of the fake site, all message history.
3. Report:
   • The exchange the scammer sent funds to (they may freeze the address).
   • Chainabuse — a community scam database.
   • Your country's authority (FTC, Action Fraud, AFP-IC3, etc.).
4. Tell your bank if you sent fiat through a bank transfer en route to crypto.
5. Beware "recovery scammers" — once you've been scammed, a wave of new scammers will DM offering "crypto recovery services." They're all scams too. Real law enforcement does not DM you.

Bottom line#

Almost every beginner crypto loss falls into one of these 6 patterns. Internalize the patterns and most attacks lose their bite. The unifying defense is one habit: slow down. Scammers create urgency because urgency bypasses verification. Take the extra 30 seconds, check the URL, read the prompt, ask "would I expect this to be real?"

If you're not sure, the answer is no.

What to read next#

• How to keep crypto safe for beginners — the 5 habits that prevent 90% of losses.
• What is a crypto wallet — the foundation of self-custody.
• Hot wallet vs cold wallet explained — the upgrade path for larger holdings.
• Memecoins for beginners 2026 — the honest picture on the highest-rug-pull-risk category.