How to avoid crypto scams

The majority of the crypto scams boil down to one of two scenarios:

• People being tricked into interacting with fake protocols
• People being tricked into interacting with fake people (crypto scammers)

I fell victim to the first category. 

Here’s how it happened…

I was farming an airdrop from a random protocol on Celestia called “Milky Way” (no, not because we’re called “Milk” Road – that was just a coincidence).

I was in their official Telegram group waiting for the airdrop to drop.

A few weeks passed, I got bored, I headed onto something else. 

But one day, I was scrolling through Telegram and saw the airdrop was live. I lit up.

I quickly went onto the airdrop site, connected my crypto wallet and then, that’s when I realized: this site is looking quite shady. 

If I was paying attention, it was quite obvious that this was a fake site. 

If I was paying more attention, I would have realized that it was a fake Telegram group which I had been added to. It looked the exact same as the official telegram group. It had the same admin names but a completely different telegram group.

But I didn’t, I just wanted my airdrop. And just like that, I lost all funds from that crypto wallet. 

So, I’m here to save you from making the same dumb mistake I did. 

Stick with me, and I’ll walk you through how to avoid crypto scams (and hopefully, how not to end up like me).

How do crypto scams work

Crypto scams come in all shapes and sizes, but they all follow the same playbook: trick the victim into handing over their private keys, sensitive info, or clicking on a sketchy link.

From fake giveaways to dodgy websites, crypto scammers will pull out all the stops to get your crypto or personal details.

The rule of thumb? Always double-check who you’re dealing with, and never share your private keys or passwords—no matter how legit the offer looks.

Common cryptocurrency scams

There are endless types of cryptocurrency scams, and honestly, no blog can cover them all.

So, let’s focus on the most common scams you’ll find in the space:

Fake web app links (Phishing scams)

This is probably the most common cryptocurrency scam out there. 

Scammers have gotten so slick that they create fake websites for the biggest protocols in the space. 

Here’s their play:

• Build a website that looks almost identical to the real one.
• People connect their crypto wallet on the fake website
• Wallets will be drained immediately

They also drop these phishing links everywhere (X, Discord, Telegram and even on your email).

So, the next time a protocol sends you a “marketing email”, it might just be a phishing scam. Always be alert.

X Impersonators

Setting up an account on X (formerly Twitter) is now easier than ever.

Which means, it’s way too easy for scammers to impersonate fake accounts.

Hell, even Mr. Bossman (our very own, Kyle Reidhead) has multiple fake accounts floating around. 👇

It’s a lot like address poisoning (check below) — everything looks identical (profile pic, cover photo, bio), but the username is just a tiny bit off.

Here are the steps to check whether you’re following the legit person:

• Check if they’re verified on X (if not, it’s most likely a scam account)
• Check the number of followers (if it’s in the 100s, it’s probably a fake account)
• Check the username (if there’s a glaring typo, you should probably look for the actual account)

Discord Scams

Just like X impersonators, we have the same issue on Discord. 

These scammers often pretend to be representatives of trusted companies, moderators, or even friends to gain your trust. 

Stay alert and cautious to protect yourself.

Common Tactics Scammers Use

• Impersonation: Scammers pose as legitimate companies, influencers, or community members.
• Fake Offers: They may claim to sell exclusive products, offer giveaways, or promote fake investment opportunities.
• Phishing Links: Fraudsters send malicious links designed to steal your login credentials or personal data.

Receiving free money

Sometimes, you might log into your wallet and see some crypto coins you’ve never bought before.

You might think it’s an airdrop but it’s most probably a fraudulent crypto coin (especially if it’s a random coin you haven’t heard before).

If you happen to sell this coin for a stablecoin (or any other cryptocurrency for that matter), there’s a strong chance your wallet will get drained.

Free money = not always a good thing

“Evil Twin” Attacks

An Evil Twin Attack is when a scammer sets up a fake WiFi network that looks identical to a legitimate one.

They usually set them up at popular public hotspots like coffee shops, airports, or hotels.

If you connect to one of these evil twin networks, the scammer can intercept your login details, emails, banking information, and crypto wallet credentials.

Address Poisoning

Scammers will create a wallet address that looks very similar to your own, for example:

Your address:
0x068839Ba9dABb108C1b1017C4204B7622B919Db9 

Their fake address:
0x068847d4E6244560404D37c80c42eF2F70959Db9 

(They start and end with the same numbers/letters, but they are different).

So, when you think you’re sending crypto coins to your own address, you’re actually sending them to the scammer.

Lowkey genius, right? But definitely not the kind of genius you want to deal with.

How to protect yourself from crypto scams

Now, there are plenty of different ways to spot cryptocurrency scams (we’ll get into a few in just a bit) but the easiest thing to do: be smart, be mindful. 

• Always double check token addresses
• Always bookmark the correct site
• Always follow the real X accounts of the protocol/personality

If you can do that, you will navigate 90% of all the crypto scams out there. 

The rest 10%? Just get into the habit into of doing the things below and you’ll be fine:

Always get links to dApps from DeFiLlama Directory

Here’s the best way to find the real protocol: 

• Head to DeFiLlama Directory
• Search for the protocol you need
• You will be redirected to the legit website

DeFiLlama is a serious and committed team so this method is the safest.

Install the DeFiLlama Chrome extension

The cute llama icon on your extension toolbar turns green when you’re on a trusted website.

But if it’s a blacklisted website, the llama will turn red. 

• Green llama = You’re safe
• Red llama = GET OUT ASAP!

Sometimes, the llama will be confused and pop up like this: 

This means that the website has not been vetted by the DeFiLlama team and you should proceed at your own risk.

Our take? Only proceed if the llama is green.

Download Rabby Wallet 

If you’re someone who interacts with a bunch of DeFi protocols, you should be using Rabby Wallet. 

Why?  Because it’s packed with one of the best security features for a wallet:

• Pre-transaction risk scanning
• Wallet whitelist
• Wallet Preview

Pre-transaction risk scanning

Every time you make a transaction, Rabby Wallet runs a thorough security check to make sure you’re not walking into a trap.

It looks at things like:

• Whether you’ve interacted with this address before
• If the token you’re transacting is legit or fake
• How long ago the address was deployed

Once it’s done its analysis, it’ll give you a risk score to see if it’s safe to go ahead with the transaction. This feature is awesome because you’ll always know exactly how much risk you’re taking before executing a transaction.

Wallet Whitelist

Just like you save your favorite contacts on your phone, you can do the same with crypto addresses.

Since crypto addresses are just a random string of numbers and letters, it’s easy to mix them up.

With Rabby Wallet, you only need to verify an address once. After that, you can whitelist it, making it easy to access every time you need it.

Wallet Preview

Just like with pre-transaction risk scanning, Rabby also checks the wallet you’re sending crypto coins to.

It provides key details like:

• The address balance
• If you’ve transacted with it before
• If it’s on your whitelist

This way, you can double-check that you’re sending the crypto assets to the right address.

Install (and use) VPN Software

A VPN, or “Virtual Private Network” like NordVPN is software that can be used to automatically encrypt your data so a scammer can’t read it even if it is intercepted.

When possible:

• Avoid using public Wi-Fi networks especially for sensitive transactions
• Turn off automatic WiFi connections on your phone and laptop.
• Verify the name of the official network with a staff member onsite.

And always use a VPN when connecting to public WiFi.

Get yourself a hardware wallet

This is our last (and probably most advanced) strategy for avoiding crypto scams.

If you’re in crypto for the long haul, keeping your funds in MetaMask or Rabby isn’t the safest move.

Interacting with DApps means your wallet’s at risk, and you could lose everything.

So, it’s a good idea to invest in a hardware wallet.

Hardware wallets are physical devices that store your private keys offline, making it way harder for hackers to steal your funds.

The best hardware wallet out there? Ledger. 

You can securely connect your Ledger hardware wallet to a trusted software wallet, such as Phantom or Rabby. 

This setup allows you to transact safely while keeping your private keys protected on the Ledger device.

• Follow this step by step guide how to connect Rabby for EVM blockchains: Link 
• Follow this step by step guide how to connect Phantom for Solana, Ethereum or Base blockchain: Link

Frequently Asked Questions