Scam 1: sophisticated phishing scams
Crypto wallets and exchange accounts are increasingly the focus of sophisticated phishing attempts that utilize cunning strategies to take advantage of user confidence in order to acquire private keys or login information.
Criminals fabricate phony websites that imitate trustworthy platforms in order to execute sophisticated phishing assaults. To fool people into disclosing private information, they employ social engineering techniques or send phony emails purporting to be reputable companies. Some create cloned interfaces or pose as support staff in order to obtain data.
Attackers may use advanced strategies for several types of phishing attacks:
Wallet drainers: Malicious applications or scripts used in phishing assaults are known as wallet drainers. Funds can be immediately transferred out of the wallet by the attacker after the victim links their wallet to a fake website, authorizes a malicious transaction, or provides token rights.
Quishing: Malicious QR codes used by scammers are placed in emails, texts, or on public surfaces. When scanned, these codes cause malicious downloads or reroute users to phishing websites, which steal passwords and financial or personal data.
Spear phishing: In contrast to broad phishing, this technique focuses on particular individuals or companies. Scammers create customized messages and frequently include terms like “Immediate Action Required” that convey urgency. Creating a panic attack and pressuring people into making hasty, expensive blunders is the aim.
In August 2025, core Ethereum engineer Zak Cole found his cryptocurrency wallet had been empty after his private key was stolen via a malicious Cursor extension. A $330 million Bitcoin theft occurred earlier that year, in May 2025, involving an elderly US individual. The attacker gained access to the victim’s wallet by employing sophisticated social engineering techniques.
Scam 2: Rug pulls
Scammers frequently use the excitement around non-fungible token (NFT) initiatives and decentralized finance (DeFi) systems to trick investors. The rug pull, in which developers abruptly remove liquidity and vanish with investors’ funds, is a popular strategy.
By offering exceptional profits or exclusive digital assets, these scams frequently mimic legitimate ventures while ultimately stealing money from unwary customers. Numerous initiatives are overhyped and only rely on social media buzz rather than providing genuine value. In order to fool consumers into depositing their funds, some platforms are clones of reliable DeFi or NFT websites.
The absence of open audits or publicly accessible code, irrational claims of large returns with little to no risk, and faceless teams reluctant to reveal their names or credentials are all warning indications of rug pulls.
Rug pulls have resulted in losses to the Web3 ecosystem of around $6 billion since the start of 2025. By contrast, rug pull losses during the same time period in early 2024 were just around $90 million.
One well-known example is the Solana network’s LIBRA token. The token’s market value skyrocketed to $4.56 billion after being referenced by Argentine President Javier Milei on X. Following the removal of the post, the token’s price plunged by more than 94%, prompting suspicions of a rug pull.
Scam 3: Impersonation
Impersonation is a major danger to the cryptocurrency ecosystem since it erodes trust and causes large losses. It frequently occurs on social media. On platforms such as X, scammers often pretend to be developers, support personnel, or trustworthy influencers.
Impersonation schemes include fraudsters infiltrating conversations or creating bogus profiles in order to target consumers looking for fast cash. They frequently promote fraudulent giveaways, promising double returns in exchange for small “verification” investments. Scammers may also use impersonation accounts that mimic celebrities or send direct messages acting as exchange help in order to get wallet access or initiate urgent money transfers.
Unverified profiles without verification badges, accounts with minor misspellings (like “@ElonMuusk”), and requests for direct cryptocurrency transfers are all red flags because trustworthy organizations never request them.
According to the Federal Trade Commission, impersonation contributed to a fourfold increase in the $9.9 billion that victims of cryptocurrency scams worldwide lost in 2024. Using a deepfake video and a phony X account, fraudsters in Hong Kong pretended to be Chief Executive John Lee in order to promote a digital currency purportedly endorsed by the government.
Did you know? Even as blockchain security advances, frauds continue to evolve. In 2024-25, fraudsters switched from exploiting smart contracts to manipulating human behavior. By 2025-26, their techniques had improved even more.
Scam #4: AI-powered deepfake frauds
AI-powered deepfake scams have emerged as a big concern, exploiting emerging technology to fool consumers and steal assets. Criminals are increasingly using artificial intelligence to generate incredibly lifelike films or voice clones of notable executives, influencers, and celebrities.
Artificial intelligence (AI)-powered deepfakes are incredibly realistic when trained on publicly accessible information, such as YouTube videos, podcasts, and interviews. Even cautious consumers might be readily duped into accepting false promises.
“The biggest scammer on the internet,” according to The New York Times, was a deepfake of Elon Musk in August 2024. The video convinced one victim, 82-year-old retiree Steve Beauchamp, to invest his entire $690,000 retirement savings over a few weeks. The funds disappeared without a trace, and several other people have been duped by similar schemes.
An alleged fraudulent online investment program called Quantum AI made exaggerated claims that it could employ AI and quantum computing to provide investors with large profits. The distinction between authentic and fraudulent communication is blurred by deepfakes. They abuse trust, urgency, and FOMO (fear of missing out), posing a major threat.
Did you know? Scams using cryptocurrency romances increased throughout the epidemic and persisted until 2025. On dating apps, scammers establish credibility before presenting fictitious “investment opportunities,” which eventually persuade victims to deposit their whole life savings.
The scammers reportedly altered their website to display phony trading results and promoted the scheme using deepfake videos.
Scam 5: Crypto support
The issue of fake cryptocurrency support scams is growing; these schemes target consumers by making false promises of help in order to steal money or private data. Fraudsters frequently impersonate customer service representatives from reputable wallet or exchange providers.
Scammers impersonating customer service representatives reach out to victims using phony websites that closely mimic legitimate domains or social networking networks like Telegram and X. They take advantage of customer confidence by providing assistance that appears sincere.
These con artists frequently distribute phishing URLs that seem like support portals, advertise “wallet recovery” services that ask for seed phrases or private keys, or provide fictitious refunds in an attempt to deplete accounts. These strategies target consumers who are already coping with technological problems or are looking for fast fixes.
Following the Coinbase data breach in May 2025, when it was reported that exposed personal information, including names, addresses, ID photos, and bank account details, was misused, a well-known cryptocurrency assistance fraud surfaced. Criminals contacting victims under the guise of Coinbase assistance asked them to transfer funds to phony wallets or divulge security codes or two-factor authentication (2FA) information.
