ProtonBlog(new window)

Cryptocurrency scams and how to avoid them

Share this page

Cryptocurrency scams have cost people over a billion dollars — and they’re only becoming more prevalent. Learn what to look out for to avoid being scammed yourself. 

The Washington Post recently reported that over $1 billion was lost to cryptocurrency scams(new window) in the United States alone during the preceding year. This is likely just the tip of the iceberg, as most crypto scams go unreported(new window)

Key reasons why the FTC considers cryptocurrencies particularly vulnerable to criminal activity include:

  • Cryptocurrencies have no overseeing bank or other centralized authority, meaning there is no one to check whether transactions might be suspicious or to stop them.
  • Cryptocurrency transactions cannot be reversed. Once your money is gone, it’s gone.
  • Most people are unfamiliar with how cryptocurrencies work, making them open to scams they might otherwise spot when performing more traditional transactions. 

This article explains what cryptocurrency is, some of the most common ways it is used to scam people, and how you can protect yourself. 

What is cryptocurrency?

A cryptocurrency (“crypto”) is a digital currency that can be used as a medium of exchange. Unlike more traditional (“fiat”) currencies, they are not usually issued by a central authority such as a government or national bank.

Transactions are secured and verified using cryptography(new window), and most cryptocurrencies are built on the blockchain(new window) — a distributed digital ledge(new window)r that records all transactions in a way that cannot be altered or tampered with. 

Bitcoin(new window), first released in 2009, was the first and is still the most famous cryptocurrency, but there are now a bewildering number of alternatives. These include Etherum, Ripple (XRP), Litecoin, and many others. Non-fungable tokens(new window) (NFTs) are often considered a subset of cryptocurrencies.

The most common cryptocurrency scams

“Cryptocurrency scams” is an umbrella term that covers many types of scams, each of which targets you in a different way. You can avoid falling victim to these scams by understanding the most common methods scammers use to fool you.

Investment scams

New cryptocurrencies are minted all the time, and the creators of these cryptocurrencies often use an initial coin offering (ICO) to raise funds. This allows investors to buy into the new cryptocurrency at a low price in the hope that it will increase in value after launch.

A highly speculative form of investment at best, many ICOs are fraudulent. The wallet you are asked (often under considerable pressure) to pay into will then disappear into thin air. 

More elaborate is the pump and dump scam, where a scammer (often the group behind the ICO in the first place) buys up a large amount of the cryptocurrency to artificially inflate its price and convince other buyers that it is taking off. Once more people buy in and drive the price up even further, the scammer sells all their coins at the inflated price. Once they do this, the price of the coin plummets, leaving investors holding cryptocurrency that is essentially worthless.

The FTC lists investment scams as the most common form of crypto scam by far, resulting in $575 million of losses since 2021. 

Romance scams

Romance scammers create fake profiles on dating apps (typically using fake profile pictures taken from the internet) to lure victims into what they think is a genuine romantic relationship. The scammers then abuse the trust they have built with the victim to convince them to hand over funds in hard-to-trace cryptocurrency.

They may ask for money to deal with a fictitious financial crisis or pose as experts in cryptocurrency investment, pushing victims to give them money to (supposedly) invest in crypto or guiding them toward bogus crypto schemes (see the investment scams above). This last type of crypto scam is sometimes known as a pig butchering scam(new window)

These scams prey not only on most people’s natural desire for love and romance but also on their ignorance about cryptocurrencies. Although “a distant second” to investment scams, the FTC says romance scams have still racked up $185 million in cryptocurrency losses since 2021.

Imposter scams

In a typical imposter scam, a scammer will send the victim a text or phone call claiming to be from a government agency, telling them that an arrest warrant has been issued in their name because they owe money to the government. They are then invited to settle the matter by immediately paying money into a cryptocurrency wallet.

This kind of scam is often called a social security scam after its most common variant. Business imposter scams work similarly — for example, the victim is contacted by phone, text message, or WhatsApp, claiming to be from a cryptocurrency exchange the victim uses. The imposter warns the victim that their account is under attack and the only way to protect their crypto assets is to move them to a different wallet (which, of course, the scammer controls).

What ties all imposter scams together is that they use fear tactics to pressure victims to make decisions they normally wouldn’t. FTC figures show that government and business scams have cost victims $133 million in cryptocurrency losses since 2021.

Cryptojacking

A cryptojacking attack uses the victim’s device to mine cryptocurrency on behalf of the attacker. The cost to the victim is in the processing power of their system, whose resources are diverted to benefit the attacker.

Learn more about cryptojacking(new window)

Giveaway and digital asset scams

This kind of scam is most often associated with digital games and collectibles. The victim is tricked into believing they have won a digital asset, such as a custom skin for a game or a rare upgrade. But to claim their bogus prize, they must first make a payment or purchase. 

Even less subtle (although closely related) are scams where the victim is simply persuaded to buy a digital asset that doesn’t exist or is in reality worthless. The recent explosion of interest in non-fungible tokens (NFTs) has provided fertile ground for this scam. 

Phishing scams

Phishing attacks involve criminals sending you an email with a false link to a website or that encourages you to download an attachment that is, in reality, malware. 

Phishing attacks are one of the most common ways to be hacked in general, and phishers have taken an interest in cryptocurrencies. Common scams include sending you an email with a link to a fake wallet, tricking you into giving them your username and password, or having you download an attachment that is actually a keylogger that provides the scammer with access to that information.

Learn more about phishing attacks(new window)

Cloud mining scams

As its name suggests, cloud mining allows you to rent hardware resources to mine cryptocurrencies “in the cloud”. The first thing to consider here is that, even if legitimate, the cloud mining provider expects to make more money renting out its hardware than it would mining cryptocurrency itself.

Most cloud mining sites (and apps), however, are not legitimate. At best, they pocket your subscription fees for services that do not exist. They also often solicit additional fees for equally fictitious premium features from their “customers” or encourage them to deposit money in the developers’ crypto wallets.

In more elaborate versions of this scam, the supposed cloud miners provide victims with fake balances that suggest they are making money, encouraging them to invest more in the scheme. 

Extortion scams

Blackmail is probably as old as civilization itself (if not older), but the advent of hard-to-trace cryptocurrency has led to an explosion of extortion attempts.

Extortion scams typically threaten to expose revealing photos, evidence of wrongdoing, or anything else people are willing to pay to hide (whether or not the evidence actually exists). The price of keeping these allegedly embarrassing facts secret is adding funds to an “anonymous” crypto wallet.

How to avoid cryptocurrency scams

Most cryptocurrency scams are unsophisticated affairs that rely on a combination of scaring the victim into dropping their usual caution when it comes to money (or appealing to their desire to make easy money) and exploiting their ignorance about technology and cryptocurrency.

But these scams don’t need to be sophisticated to work. If enough people are targeted, there will always be some that are lured in.

The best way to avoid cryptocurrency scams, therefore, is simply to be aware of the dangers. The following are some red flags to watch out for:

Crypto-only payments

While an increasing number of legitimate traders accept payment in cryptocurrencies, nearly all legitimate traders will also accept payments via more conventional means, such as credit cards or PayPal. Because of the irreversible nature of crypto transactions, you should only use cryptocurrencies with vendors or organizations you know to be trustworthy.

Promises that are too good to be true

Basic common sense is the best defense against any scam, including cryptocurrency scams. No investment is risk free, so promises of guaranteed returns should be a big red flag.

Spelling mistakes and bad grammar in communications and social media posts

Legitimate companies hire professionals to handle their writing and communications and do not make sloppy spelling and grammar mistakes. Poor language skills also suggests the writer is not a native speaker of the language. In itself this is not a concern, but it can serve as a warning that something’s not right. 

Contracts that prevent you from selling cryptocurrency you hold

A good first rule when investing is to read the small print. This is especially true with cryptocurrencies.

A particular red flag to watch out for is contracts that prevent you from transferring the cryptocurrency you hold. If you have paid for cryptocurrency, you should be able to spend it or sell it as you please. 

Lack of clarity over where your money is going

As with any financial transaction, you should understand who you are paying and what you’ll get in return. Unclear wording and a lack of transparency about any aspect of the transaction should set alarm bells ringing. 

Someone who contacts you directly with a crypto scheme

Legitimate companies do not make unsolicited (“cold call”) personal contact. In most cases, unless you’ve already done business with a company or organization, they should not have your contact information.

An online date who pushes cryptocurrencies

No matter how much they say they’re into you, don’t even think about entering into any financial arrangement with an individual you know only over the internet. 

Poor quality whitepaper

When legitimate organizations release cryptocurrencies as an ICO, they commonly release a whitepaper that explains the math behind how their coin works, the coin’s market opportunity, and everything else that you, as an investor, should know. 

Read this document carefully. If a whitepaper isn’t rigorous in its math, is vague, or has holes in its logic, it is, at best, a poor investment. But more likely, it’s a scam.

Team insists on working in anonymity

One of the big appeals of cryptocurrency is that it can provide a level of anonymity when making purchases (although this anonymity is often overstated(new window)).

Sometimes developers of cryptocurrencies prefer to remain anonymous themselves. The usual excuse is that this helps make the cryptocurrency more anonymous, but this is a bad faith argument. This is known as security through obscurity(new window), a tactic that security experts give short shrift.

A well-designed privacy tool, such as a privacy-focused cryptocurrency, should instead offer security by design(new window). In other words, it should be built from the ground up to be secure rather than rely on people not noticing its flaws.

Cryptocurrency teams who insist on anonymity almost certainly have something to hide. 

Other advice on how to identify cryptocurrency scams

Check URLs and otherwise be on the lookout for phishing scams

Phishing scams are a plague on the internet. However, all phishing attempts, including cryptocurrency versions, can be avoided by following the usual advice(new window) — carefully check that the URLs you click on are genuine. If you have doubts, go directly to the website in question by typing the URL into your browser instead of using the link that’s been sent to you.

Using the NetShield Ad-blocker(new window) feature, which is available in all Proton VPN apps, is also helpful, as it blocks known phishing sites.  

Understand how wallets work

If you invest in crypto, you need to understand how cryptocurrency wallets work. In particular, you need to understand the difference between online (“hot”) wallets and offline (“cold”) wallets. 

Online wallets

Online wallets are hosted by a third-party service (such as a cryptocurrency exchange). Readily accessible from anywhere, they can be convenient. But as with most things online, they can be hacked.

An additional danger is the service hosting your online wallet. If it suddenly goes out of business, your wallet may disappear. Most online wallet providers can also access the encryption keys used to secure your wallet, meaning there is always a danger that the provider itself may abscond with your funds.

The convenience of online wallets makes them great for storing, exchanging, and spending small amounts of crypto, but because they are less secure than offline wallets, they are not recommended for storing large amounts of crypto. It is also strongly recommended you secure your online wallets with two-factor authentication.

Offline wallets

Offline wallets are usually stored locally on your own hardware (although physical wallets(new window) also exist). Because they have no direct connection to the internet, they are inherently more secure against being hacked. That said, assuming your machine is connected to the internet, being hacked remains a danger. 

One of the biggest dangers of using offline wallets is forgetting your password. There is no password recovery option for offline wallets (as there often is for online wallets), so forgetting your password can be a disaster. 

Another big problem is that the physical hardware the wallet is stored on can be easily lost or stolen. That’s why it is always a good idea to backup your offline wallets to different devices and store their passwords somewhere secure. A good password manager(new window) is great for this, although writing them down and storing them somewhere safe is a good backup plan. 

You should also be careful to choose a legitimate cryptocurrency wallet, as scammers also often create malware wallets(new window) designed to steal your funds. Do your research and only download apps or buy hardware from trusted sources.

Do your research

Before investing in or using a cryptocurrency for a transaction, take the time to make sure the organization you’re dealing with is legitimate. Don’t rush into anything, and only invest in things you understand.

Use common sense

If a plan seems too good to be true, it likely is. Crypto criminals leverage emotions, such as loneliness, fear, or greed, to make people do things they would never normally do. So always take the time to step back and assess the situation rationally.

How to report crypto scams

Crypto scams are so prevalent because cryptocurrency can be hard to trace, making it easy for criminals with fake online identities to disappear, taking your funds with them. The hard truth is that you’re unlikely to see your funds again if you’ve been scammed.

However, there are things you can do to minimize any further damage and to help prevent others from also becoming victims.

Report the incident to the authorities

Many police forces have a cybercrime unit, and reporting your incident helps them track down criminals and understand the wider crypto scam landscape, allowing them to take more effective action to protect people in the future.

Of course, if you are a victim of an extortion attempt or otherwise feel threatened in any way, contact the authorities for assistance immediately.

Contact your bank immediately

Depending on what happened, your bank may be able to help. If you report an incident quickly enough, it may even be able to stop the transfer of funds. Even if not, it might be able to help trace where your funds went.

Depending on your bank and payment method, you may be able to claim compensation for your losses. Many credit cards, for example, provide fraud insurance schemes. 

Final thoughts

Cryptocurrencies can be a great investment opportunity, and the privacy some of them offer is invaluable to many legitimate users. But unregulated and hard to trace, they are also a magnet for criminals.

Unless you have a specific need to pay for something using cryptocurrency (for example, paying for a Proton service anonymously using Bitcoin(new window)), you should strongly favor paying in more traditional ways and be suspicious if that option is not available.

If you invest in cryptocurrencies, keep your wallet safe, use established reputable cryptocurrency exchanges, and research what you’re investing in carefully.

Protect your privacy with Proton
Create a free account

Share this page

Douglas Crawford(new window)

Starting with ProPrivacy and now Proton, Douglas has worked for many years as a technology writer. During this time, he has established himself as a thought leader specializing in online privacy. He has been quoted by the BBC News, national newspapers such as The Independent, The Telegraph, and The Daily Mail, and by international technology publications such as Ars Technica, CNET, and LinuxInsider. Douglas was invited by the EFF to help host a livestream session in support of net neutrality. At Proton, Douglas continues to explore his passion for privacy and all things VPN.

Related articles

Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail