10 Crypto Scams You Should Be Aware of in 2024

Despite its downturn and high volatility, the popularity of crypto keeps growing—including among criminals. According to the US Federal Trade Commission, 46,000 people reported losing $1+ billion in crypto to scams between January, 2021 and June, 2022 alone. “This is about one out of every four dollars reported lost, more than any other payment method.” (Source)

In September 2023, the co-founder of crypto pyramid scheme, OneCoin, was sentenced to 20 years in a US jail for scamming more than $4bn from investors. Meanwhile, $20 bn in Bitcoin have been lost to blackmail scams since 2018.

The scale of these crypto scams has raised concerns about the safety and security of the decentralized financial landscape. This is why it’s more important than ever to make crypto users aware of the biggest risks and red flags. 

So, let’s look into the most frequent crypto scams to be aware of next year, and the security tips everyone should follow.

Why is crypto attractive to fraudsters?

The basic characteristics of cryptocurrencies attract honest users and criminals alike: 

• Anonymity. Cryptocurrencies offer a certain degree of anonymity because blockchain transactions don’t require personal information. This makes it harder for regulators and law enforcement to trace individuals involved in fraudulent activities.
• Irreversible transactions. Many cryptocurrency transactions are irreversible, meaning once the funds are sent, they can’t be easily retrieved. This makes it difficult for victims to recover stolen money.
• Lack of regulation. In many jurisdictions, cryptocurrencies are not as tightly regulated as traditional financial systems—or not regulated at all! This makes it easier for bad actors to get away with scams. 
• Borderless transactions. Cryptocurrencies operate on a global scale and are not tied to any specific country or jurisdiction. This can make it more challenging for law enforcement to coordinate efforts to combat cryptocurrency scams.
• Ease of access. Cryptocurrencies can be accessed by anyone with an internet connection, making it easy for hackers to reach victims in any part of the world.

10 crypto scams to know about in 2024

The popularity of certain types of crypto scams evolve over time. Let’s observe what you should be aware of in the upcoming year.

1. Ransomware 

Crypto ransomware scams occur when hackers take over a victim’s device or account using malicious software, encrypt it, and then demand payment in cryptocurrency for the decryption key. According to Security Intelligence, ransomware attacks cost companies over $456 million in 2022.

Ransomware scams are dangerous, resulting in data loss or leaks that wreak havoc on users and companies. That’s why it’s important to: 

• develop a robust cybersecurity strategy which requires a complex approach, including conducting risk assessment, reviewing security policies, etc.
• use updated software and VPNs
• never forget about backups of corporate data 

Unfortunately, scammers have the power to decrypt encrypted accounts/data, including backups. In this case, report the attack to authorities and immediately consult with cybersecurity experts.

To get security tips for using blockchain, click here.

2. Blackmail 

Blackmail scams have been on the rise since 2018. This can be when scammers contact the victim claiming to have embarrassing personal information, including private photos or videos, which they will make public if their terms aren’t met.

Usually these scammers promise to keep this information private if the victim sends a crypto transfer straight away. Scammers use threats and other manipulation techniques to make victims pay.

As the US Trade Commission advises, blackmail scammers can lie about the compromising information or content in their possession. So never reply to these emails or messages—or send any crypto transfers. Report these scams to the FBI or other relevant authorities.

3. Crypto phishing

Phishing is a classic scam that’s now widespread in the crypto world. It’s used to compromise login credentials, such as crypto wallet keys. Usually scammers send an official-looking email that asks the victim to log in to their account—which is actually a trap. Use link checker tools and check community reviews of unknown websites, if you’re not sure about the sender.

4. “Investment opportunities” 

This is when an unknown “investment manager” contacts you promising a great return on investment and asks you to send crypto to their wallet. 

These scammers usually have legitimate-looking websites or well-designed apps, using fancy investing jargon to seem real. 

This is why it’s important to be vigilant. Here are some due diligence best practices to keep you safe from these scams:

• Research the investor
• Check the credentials of the “investment manager”
• Request documentation on the terms and conditions of the investment
• Beware of pressure techniques. The “manager” may rush you into making a decision. Don’t go for it.

5. Fake ICOs

Scammers may create and promote fake ICOs, convincing investors to buy tokens for a non-existent or entirely fraudulent project, and then disappear with the funds. 

6. Impersonation 

Crypto scammers can pretend to be a famous person (like Elon Musk giving away bitcoin on Twitter), a government agency, or law enforcement in order to steal people’s crypto. For example, they can impersonate the IRS to convince the victim that their accounts are frozen as part of an investigation—and then request payment in crypto to resolve the issue. They can also say they represent a large company like Amazon or FedEx and demand payment for a “fee”. 

7. Giveaways

A crypto giveaway scam is when fraudsters pose as legit cryptocurrency exchanges, businesses, or notable individuals to deceive victims into sending them cryptocurrency. They typically promise to return double or triple the amount sent by the victim—only to vanish with the funds once received.

These scams are frequently promoted on social media platforms like Twitter and YouTube, and often involve fake websites resembling legitimate exchanges or companies. In some instances, they may impersonate well-known figures in the cryptocurrency community, such as Vitalik Buterin.

Watch out for the following red flags to identify a crypto giveaway scam:

• The giveaway is promoted on social media or dubious websites
• It promises to return more cryptocurrency than you send
• It requires you to send cryptocurrency to a specified address
• It creates a sense of urgency or scarcity by claiming limited time or participant availability

If you encounter a crypto giveaway, be skeptical and do research to verify its legitimacy before sending any cryptocurrency. To avoid falling victim to such scams, consider these tips:

• Only participate in giveaways offered by reputable cryptocurrency exchanges or companies
• Avoid sending cryptocurrency to a specific address to participate in a giveaway
• Be cautious of giveaways promising excessive returns on your investment
• Exercise caution with giveaways that impose a sense of urgency or scarcity.

Stanford Cardoz

AML Director at BitOasis in UAE

8. Romance scams

Scammers use social engineering techniques to cultivate romantic relationships with their victims online, often using dating apps such as Tinder. The scammer may spend months to gain the victim’s trust, with the aim of gaining their trust and ultimately requesting payment in crypto—only to disappear in the end. 

Suggested read: Detecting Romance Scams: A Guide for Dating Platforms and Their Users

9. Flash loans

Flash loans are a type of cryptocurrency loan that allows users to “borrow” funds without providing collateral, but there’s a catch—the borrowed funds must be repaid within the same transaction. These loans are typically facilitated through decentralized finance (DeFi) platforms.

Here’s how a typical flash loan scam works:

1. The scammer borrows a significant amount of cryptocurrency through a flash loan from a DeFi platform, often without providing collateral.
2. With the borrowed funds, the scammer engages in activities like market manipulation, arbitrage trading, or exploiting vulnerabilities in DeFi smart contracts.
3. The goal is to generate a substantial profit by taking advantage of these activities within a single transaction.
4. Flash loans require the borrowed funds to be repaid within the same transaction. If the scammer succeeds in making a profit, they repay the loan with a fee, which leaves them with the profit.
5. The scammer then exits the transaction, sometimes leaving the affected DeFi platform or token holders with losses.

10. Pump-and-dumps

This is when the value of a crypto asset is artificially inflated by creating “high demand”. Usually, fraudsters use social media to build hype around an NFT or cryptocurrency. This drives up the price, making it difficult for investors to ignore. Once the price is high enough, the scammers immediately sell—or “dump”—the asset, causing a collapse in its price. 

Check this article to learn more about blockchain scams.

How to detect crypto scams

Crypto scams can take various forms. Fraudsters use various psychological tricks and can be extremely convincing. It’s essential to keep your customers informed, remind them to conduct thorough research, and exercise caution when considering any crypto-related investment or a business opportunity.

Here are some red flags customers of crypto exchanges should watch out for when evaluating a potential crypto opportunity:

• Promises of guaranteed returns. Remember that the crypto market is highly volatile, and all investments come with risks. If an investment opportunity guarantees high or consistent returns with no risk, it’s 99% a scam.
• Lack of documentation and transparency. Scammers often avoid providing clear and transparent information about the investment, their team, or the technology behind it. Ask for detailed documentation and information about the project, project’s founders and team.
• Pressure to make a decision quickly. Scammers often pressure victims to make an immediate decision or claim that the opportunity is time-sensitive. They try to get their victims to make an emotional decision without conducting proper due diligence.
• Cold calls and messages. Be cautious of unsolicited offers through cold calls, emails, or messages on social media. Legitimate investment opportunities are typically not presented in this manner.
• Fake websites and unverifiable information. Check the information presented by the “investment manager”. Look for inconsistencies, misspellings, or a lack of information about the project or its team. Scammers may use fake news articles, testimonials, or endorsements to appear legitimate, they also often create fake websites and social media profiles to impersonate legitimate projects or individuals.
• Requests for personal information. Never share your private keys, passwords, ID or Social Security numbers. Legitimate investment projects should not require this level of personal detail.

How crypto users can avoid scams 

Here are several steps to help prevent crypto scams:

• Learn about blockchain. Gain a solid understanding of cryptocurrencies, blockchain technology, and how they work. The more you know, the better equipped you’ll be to recognize scams. Scammers are always coming up with new ways to deceive. By joining crypto forums, reading news, and following industry leaders on social media, you can stay one step ahead. 
• Use established exchanges. Stick to well-known and reputable exchanges. It’s always tempting to jump on an offer that sounds too good to be true from a lesser-known platform, but that’s exactly how many scams start.
• Be skeptical about promises of guaranteed returns and “risk-free” investments. Investments always come with risks.
• Check cryptocurrency scammer lists. You can always consult public crypto scam lists or trackers.
• Verify information and conduct due diligence. Always check the legitimacy of a crypto project by conducting thorough research on documentation, the teams behind it, and community reviews.
• Enable Multi-Factor Authentication (MFA). Enable MFA on your crypto accounts and wallets. This provides an additional layer of security and helps protect your funds from unauthorized access.
• Use a secure VPN.
• Keep your software updated.
• Double-check URLs. Many scammers create fake websites that look identical to genuine platforms. Always ensure the website’s URL is correct— and look for “https” instead of just “http”.  Don’t click on links or download attachments from unknown or suspicious sources. Phishing emails and websites can mimic legitimate ones to steal your information.
• Keep private keys secure. Keep your credentials (mnemonic phrase and private key) secret. If your mnemonic phrase and private key are lost, you will never be able to restore your account. Make sure you have a secure, offline method for storing your cryptocurrencies, like hardware wallets.
• Check for regulatory compliance. Make sure that any investment opportunity complies with relevant financial regulations in your jurisdiction. Check with your local regulatory authority if in doubt.
• Seek professional advice. Consult with a known and trusted cryptocurrency expert if you’re new to the crypto world or are considering a significant investment.
• Use ICOs with caution. Be cautious when participating in Initial Coin Offerings (ICOs) and token sales. Research the project first and evaluate its legitimacy.
• Avoid pump-and-dump schemes. These are strategies where the price of a cryptocurrency is artificially inflated (pumped) to attract unsuspecting investors and then sold off (dumped) by the scammers for a profit.

How crypto companies can avoid scams

• Employ layered security protocols. Implement multiple layers of security, including firewalls, DDoS protection, and intrusion detection systems.
• Implement strict KYC/AML policies. Implementing Know Your Customer (KYC) and Anti-Money Laundering (AML) processes reduces the risk of fraudulent activity on your platform.
• Continuous monitoring and updates. Regularly monitor user activity and update your systems to patch vulnerabilities. Consider periodic security audits to ensure your platform’s safety.
• Educate your users. Offer informational resources on security best practices. The more educated your users are, the less likely they’ll fall for scams.
• Backup and encrypt data. Regularly backup all data and ensure it’s encrypted both at rest and in transit.
• Communicate transparently. Maintain open channels with your user base, especially if there’s a security concern. A well-informed community can act as an additional layer of defense.
• Regularly test for vulnerabilities. Conduct penetration testing, vulnerability assessments, and ethical hacking to find and fix potential security loopholes.
• Conduct employee training. Ensure that all employees—not just the tech team—are aware of the latest security threats and best practices. Often times, human error can be the weakest link.
• Collaborate with other exchanges. By exchanging information about  potential threats and bad actors, companies can collectively improve their defenses.

How to report crypto scams

If you’ve encountered a crypto scam, it’s crucial to immediately report it to:

• Law enforcement. They can investigate and take action against scams that operate within your jurisdiction.
• Federal authorities, such as the Federal Trade Commission (FTC) and the Federal Bureau of Investigation (FBI) in the United States.
• Financial regulators. In many countries, financial regulatory authorities oversee and investigate fraudulent financial activities, including crypto scams. 
• Social media platforms, if you come across crypto scams on Facebook, Twitter, etc.

When reporting, provide as much information as possible, including details about the scam, the individuals, firms or apps involved, and any communication you’ve had with them (emails, messages, screenshots, transaction records, etc.).

Reporting scams is a crucial step in combating cryptocurrency fraud, protecting others, and potentially recovering lost funds. Besides, educating others about the risks can help with crypto fraud prevention.

FAQ

• How do crypto scams work?

  Crypto scams work by deceiving individuals through various tactics, such as phishing, fraudulent investment schemes, impersonation, and more. The goal is to trick victims into sending crypto to the scammers,  who then disappear without delivering the promised “return on investment”.

• How can you spot a cryptocurrency scammer?

  You can spot a cryptocurrency scammer by recognizing red flags and warning signs, such as unsolicited offers, lack of transparency, and pressure tactics to make quick decisions, while also conducting thorough research and due diligence before engaging in any cryptocurrency transaction or investment.

• What are the red flags for crypto scams?

  Red flags for crypto scams include: 

  • unsolicited offers

  • promises of guaranteed high returns with no risk

  • lack of transparency

  • pressure tactics

  • requests for personal information.

• How can we prevent cryptocurrency scams?

  Crypto fraud prevention includes:

  • Staying informed about scam trends

  • Learning as much as you can about the crypto world

  • Being skeptical

  • Backing up data

  • Avoiding pump-and-dump schemes

  • Using secure VPN and keeping your software updated

  • Conducting thorough research and due diligence

  • Prioritizing security measures (adding extra layers of security, e.g.firewalls, DDoS protection)

• What is the penalty for cryptocurrency fraud?

  The penalties for crypto fraud vary depending on the jurisdiction. They may include fines, imprisonment, asset forfeiture, and civil penalties, or a combination.