What is a scam – From basics to comprehensive prevention strategies

The cryptocurrency market is growing at a rapid pace, but increasingly sophisticated risks follow behind. What is a scam? This is a question every investor needs to understand to protect their assets. In this article, we will delve into common scam methods, from basic tricks to the most advanced techniques used by bad actors.

Understanding crypto scams and their variants

A scam is a fraudulent act aimed at stealing assets or personal information from victims through sophisticated methods and psychological manipulation. In the crypto space, a crypto scam refers to activities directly related to tokens, blockchain projects, and related platforms.

According to data from Chainalysis — a leading blockchain analysis organization — although total losses from crypto scams decreased by 65% in 2023 compared to 2022, the amount still reaches billions of dollars. This indicates that while the number of scams has declined, the scale of damage remains huge and cannot be ignored.

Common scam types include exit scams (where developers suddenly abandon a project), rug pulls (withdrawing all liquidity), cryptojacking (hijacking devices to mine cryptocurrencies), and many other variants. Each has distinct features and operational methods.

Current scams threatening investors

Phishing Scam – Attacks via fake emails and websites

Phishing scams are among the oldest but still highly effective fraud methods. Attackers create fake emails, websites, or messages impersonating reputable services to steal login credentials, private keys, or seed phrases. Fake websites may use similar characters in URLs (e.g., replacing “m” with “rn”, “0” with “o”) to exploit user negligence.

A typical example is fake Ledger apps distributed through the Microsoft Store, causing thousands to believe they are official software and lose money.

Pump and Dump Scam – Price manipulation through herd psychology

Scammers create hype around a small token, causing its price to surge via FOMO (fear of missing out). When the price peaks, they sell all their tokens, causing the price to plummet and leaving thousands of investors with worthless tokens. To protect yourself, check trading history and large wallets (whale wallets) before investing.

OTC and P2P Scam – Fraud in private transactions

In OTC (Over-The-Counter) or P2P (Peer-to-Peer) trades, scammers ask for payment upfront then disappear, or use tricks like wrong transfer amounts, claiming they’ve sent funds when they haven’t. Always use a trusted third-party escrow to safeguard both parties.

Exit Scam – Draining funds and disappearing

This is an extremely malicious scam. After building trust within the community, developers suddenly withdraw all investment funds (often worth millions USD) and vanish, leaving investors with worthless tokens.

Rug Pull – Pulling the rug from under investors

A variant of exit scam, where developers withdraw all liquidity from DeFi pools, making tokens impossible to sell. Victims are left with locked tokens that cannot be converted into cash.

Impersonating celebrities or community groups

Scammers use images or names of celebrities to create credibility, encouraging people to invest in “phantom” projects. Many investors are lured by famous names only to realize too late that everything is fake.

Fake apps, wallets, and exchanges

Counterfeit applications downloaded millions of times, with interfaces identical to genuine ones, are actually tools to steal user assets. Always download apps from official stores (App Store, Google Play) and verify the publisher.

Fake social media accounts

When official project accounts are hacked (e.g., LayerZero CEO Bryan Pellegrino’s Discord hack in July 2023), bad actors spread scam links under the guise of “airdrops.” Thousands click and become victims.

Ponzi schemes – Unsustainable cycle

Scammers promise huge returns, but profits for early investors come from new investors’ money. When new investments dry up, the system collapses, and everyone loses.

Warning signs and how to spot scams

Red flags to watch out for:

Promises of unrealistically high returns (>100% per month) without solid basis are a major warning. Crypto markets are risky; no one can guarantee consistent profits.

Lack of transparency about the project, missing details on business models, team members, or governance structures. If a project refuses to disclose information, be especially cautious.

Overly aggressive marketing with no real product. Excessive focus on promotion rather than development indicates potential fraud.

Absence of independent security audits. Scam projects often avoid or fake audit reports.

Negative community feedback on forums like Reddit, Bitcointalk, or X (Twitter). Multiple warnings are a red flag.

Using domain names or logos that mimic major projects — a direct impersonation tactic to create confusion.

No actual product or application, just a whitepaper or a slick website.

Restricted withdrawal capabilities or overly complicated procedures — tactics to trap victims.

Psychological manipulation tactics like “limited opportunity,” “project closing soon,” or “few spots left” to pressure quick decisions.

Quick verification tools:

Before investing, check token info on CoinMarketCap or CoinGecko. Use ScamAdviser, CryptoScamDB, or Coinopsy to see if the project is listed as a scam. For websites, use Netcraft or SpoofGuard to detect fake sites.

Practical strategies to protect your assets

Thorough research before every decision

Never invest in a project you don’t understand. Read the whitepaper, analyze the economic model, review the team and their history. Contact the team through official channels to verify information.

Verify project legitimacy

Ensure the project has an official website, status page, and verified social media accounts. Cross-check links with official domains to avoid fake sites.

Protect personal information

Never share seed phrases, private keys, or passwords with anyone, even if they claim to be project staff. Legitimate projects will never ask for this info.

Use secure wallets

Choose reputable wallets like MetaMask, Trust Wallet, or hardware wallets such as Ledger or Trezor. Avoid unknown or suspicious wallet apps.

Check security audits

Verify if the project has been audited by independent security firms like SlowMist, CertiK, or others. Audits help ensure smart contracts are free of vulnerabilities.

Revoke permissions after transactions

After interacting with DApps, revoke their access to your wallet. Even popular DApps like Uniswap or Balancer can have security flaws; revoking access is a good precaution.

Enable additional security layers

On exchanges, activate anti-phishing codes and two-factor authentication (2FA). Anti-phishing codes help identify fake emails from malicious actors.

Keep software updated

Always use the latest versions of wallets, apps, and operating systems. Updates often include security patches against new vulnerabilities.

Diversify your portfolio

Instead of putting all funds into one project, spread investments across multiple assets. If one turns out to be a scam, your losses are limited.

Use dedicated antivirus tools

Install anti-phishing and antivirus software on your devices to detect and block threats.

Historical scams and lessons learned

Bitconnect – Collapse of a Ponzi scheme

Bitconnect operated as a Ponzi scheme disguised as a crypto lending platform. At its peak (~2017), its market cap hit $2 billion with a token price of around $320. It lasted about a year before collapsing. The token price plummeted from $320 to $6 in less than 24 hours, with market cap dropping to $40 million. Hundreds of thousands lost their money.

Confio – Simple but effective exit scam

Confio was heavily promoted in late 2017. They raised $375,000 via ICO. Soon after, the team disappeared. When news broke, the token price dropped from $0.6 to $0.1 within two hours and continued falling.

Centra – ICO scam supported by celebrities

Centra raised $32 million via ICO, claiming backing from figures like Floyd Mayweather and DJ Khaled. In April 2018, founders were arrested, and the token lost nearly all value. This shows that even with celebrity support, scams can deceive investors.

MiningMax – Cloud mining scam

MiningMax claimed to offer cloud mining services with an investment of $3,200 and promised daily ROI over two years, plus $200 referral bonuses. The site operated and scammed up to $250 million before shutting down.

LayerZero – Social media account hack

In July 2023, LayerZero CEO Bryan Pellegrino’s Discord account was hacked. The attacker spread scam links titled “claim ZRO tokens” (LayerZero’s token). Thousands of community members clicked, believing the project was distributing tokens, falling for the scam. This event highlights that even major projects can be hacked, and communities must stay vigilant.

Frequently Asked Questions

Are crypto scams illegal?

Yes, fraudulent activities in any field, including crypto, violate criminal laws in most countries, including Vietnam. Perpetrators can be prosecuted and imprisoned.

Can I recover stolen funds?

Recovery is very difficult because cryptocurrencies are irreversible. If funds are being transferred on centralized exchanges, contact the exchange immediately to freeze the account. Some cases are investigated and suspects arrested, but it’s complex and time-consuming.

How to tell if a project is trustworthy?

Check the whitepaper, review the team (search individual names on LinkedIn), verify independent audits, read community reviews, and examine the project’s history. Positive signs across these factors increase the likelihood of legitimacy.

Which exchanges are reliable?

Choose well-established exchanges with long operational histories. Research the platform, check if they require KYC, and read user reviews.

Summary

Scams are a real and persistent threat in the crypto market. Bad actors are becoming more sophisticated, from simple phishing to multi-million dollar exit scams.

However, you can protect yourself with basic precautions: thorough research, verifying information, safeguarding private keys, using secure wallets, checking audits, revoking permissions, enabling 2FA, updating software, diversifying investments, and staying alert to red flags.

Remember, if a project sounds too good to be true, it probably is. The crypto market offers great opportunities but also significant risks. Vigilance and knowledge are your best tools to avoid falling victim to scams.