How to Spot a Crypto Scam: 5 Red Flags & The Checklist Guide

How to Spot a Crypto Scam: 5 Red Flags to Watch Out For

By Thomas Wright

Senior Financial Analyst | 12+ Years Wall Street Experience

Last Updated: December 9, 2025
Scam Database Reviewed: December 7, 2025
Reading Time: 18 minutes

I’ve lost money to scams. Three times. $3,400 total.

First time: 2017. “Revolutionary ICO” with a whitepaper full of buzzwords. Team disappeared with $4M. My $800 became $0.

Second time: 2021. DeFi yield farm promising 800% APY. I knew it was risky. Did it anyway. Rug pulled after two weeks. Lost $1,200.

Third time: 2022. Phishing email that looked identical to my exchange. Clicked the link, entered 2FA. They drained $1,400 before I could react.

Three different scams. Same lesson: I got greedy, lazy, or both.

After seven years on Wall Street analyzing corporate fraud and another seven years in crypto, I’ve developed a sixth sense for bullshit. I can spot a scam in 60 seconds now.

But in 2017? I was just as naive as everyone else.

Here’s what nobody tells you: Every single person in crypto has either been scammed, or will be scammed eventually. The only question is how much you lose when it happens.

This isn’t fear-mongering. According to the FBI, Americans lost $5.6 billion to crypto scams in 2023 alone. That’s $15 million stolen every single day.

This guide will save you from being part of that statistic.

I’m going to show you the exact red flags I wish I’d known in 2017. Not general advice like “do your research” – specific, actionable warning signs that tell you to run immediately.

Full disclosure: I’ve been scammed multiple times as detailed above. I hold cryptocurrency across multiple platforms. This article contains affiliate links to legitimate exchanges only – see our disclosure policy for details.

The Uncomfortable Truth About Crypto Scams

Before we dive into red flags, understand the ecosystem you’re operating in:

Crypto is the Wild West of finance.

No FDIC insurance
No chargebacks
No centralized authority to appeal to
Irreversible transactions
Pseudonymous scammers who can’t be traced
Jurisdiction arbitrage (scammers operate from countries with no extradition)

In traditional finance, if someone steals from your bank account, the bank investigates and often makes you whole. Your credit card offers fraud protection.

In crypto? You’re the bank. If you send money to a scammer, it’s gone. Forever. No one’s coming to save you.

The FBI can’t help. They have a crypto fraud division, but they’re overwhelmed. Unless your case involves millions, you won’t get resources dedicated to it.

Exchanges can’t help. Once you authorize a transaction from your wallet, it’s done. Coinbase can’t reverse it. Neither can Binance.

The blockchain is immutable. That’s a feature, not a bug. But it means mistakes are permanent.

This isn’t designed to scare you off crypto. It’s designed to make you paranoid – which is the correct mental state for operating in an unregulated financial system.

Red Flag №1: Guaranteed Returns or “Risk-Free” Promises

The promise:

“Guaranteed 20% monthly returns!”
“No risk! Protected by smart contracts!”
“Double your Bitcoin in 90 days!”
“We’ve never had a losing month!”

Why it’s a scam:

In finance, risk and return are correlated. High returns = high risk. Always.

If someone guarantees returns, they’re either:

Running a Ponzi scheme (paying old investors with new investor money)
Outright lying
About to rug pull

Real-world examples:

BitConnect (2018): Promised 1% daily returns through a “trading bot.” Reality: classic Ponzi. Collapsed, $2 billion lost.

PlusToken (2019): Promised 10-30% monthly returns. Reality: $2.9 billion Ponzi. Operators arrested in China, but most money never recovered.

USI Tech (2018): “Automated Bitcoin trading” with guaranteed returns. Reality: Ponzi. Founders indicted.

OneCoin (2017): Not even a real cryptocurrency. Just a straight-up pyramid scheme disguised as crypto. $4 billion stolen.

My rule:

If anyone uses the words “guaranteed,” “risk-free,” or “can’t lose” in relation to crypto, I close the tab immediately. No exceptions.

Legitimate investments use language like:

“Potential returns of…”
“Historical performance has been…”
“This involves substantial risk including…”

Even established protocols like these staking platforms clearly disclose risks – that’s how you know they’re legitimate.

How to Verify Claims

Step 1: Ask “How are returns generated?”

Legitimate answers:

“Transaction fees from traders” (exchanges)
“Interest from borrowers” (lending protocols)
“Staking rewards from network validation” (PoS blockchains)

Scam answers:

“Proprietary trading algorithm”
“AI-powered bot”
“Secret partnerships”
Vague corporate speak that says nothing

Step 2: Check if returns are sustainable

Do the math. If they’re paying 20% per month, that’s 791% annually. Where’s that money coming from?

If the answer is “from new investors,” that’s a Ponzi.

Step 3: Look for audits and proof of reserves

Legitimate platforms publish:

Smart contract audits from reputable firms (CertiK, Trail of Bits)
Proof of reserves (showing assets actually exist)
Team identities (real people with LinkedIn profiles)

Scams publish:

Nothing
Fake audits from made-up firms
Anonymous teams

Red Flag №2: Anonymous or Fake Teams

The warning sign:

No team listed on website
Team uses stock photos or AI-generated faces
LinkedIn profiles are empty or recently created
Team claims to be from reputable companies but can’t be verified
“Privacy-focused” team that refuses to show faces

Why it matters:

If the team is anonymous, they can disappear with your money and face zero consequences.

How to verify:

Reverse image search team photos:

Right-click team member photo
“Search image with Google”
If it appears on stock photo sites or belongs to someone else – it’s fake

Check LinkedIn profiles:

Real profiles have:
- 100+ connections
- Years of activity
- Endorsements from colleagues
- Prior employment history
Fake profiles have:
- < 50 connections
- Created in the last 3 months
- Generic descriptions
- No activity or posts

Google team members individually:

Real people have:

Conference appearances
GitHub repositories (for developers)
Previous projects
Social media presence

Fake people have:

Nothing beyond the project website
One or two profiles created recently
Copy-pasted biographies

Real-world example:

Squid Game Token (2021): Team was completely anonymous. Website copied content from other projects. Token pumped to $2,800, then developers rug-pulled. Investors couldn’t sell (built into code). $3.3 million stolen.

Red flags that were ignored:

Anonymous team
Couldn’t sell tokens (should’ve been tested immediately)
Riding hype of Netflix show (trademark infringement they didn’t care about)
No real utility

My rule:

If I can’t identify the team within 10 minutes of research, I don’t invest. Period.

Exception: Some privacy coins (Monero) have pseudonymous devs for legitimate reasons. But Monero was created in 2014 and has a 11-year track record. New projects don’t get this exception.

Red Flag №3: Pressure Tactics and Urgency

The pressure:

“Only 24 hours left!”
“Limited spots available!”
“Act now or miss out forever!”
“Your friend already made $10,000!”
“This will 100x but only if you invest TODAY!”

Why it’s a scam:

Legitimate investments don’t have expiration dates. If it’s a good opportunity today, it’ll be a good opportunity next week.

Scammers use urgency because they know the more time you have, the more likely you are to:

Research the project
Ask questions
Realize it’s bullshit

Common pressure tactics:

False scarcity:

“Only 1,000 tokens left!” (They’ll mint more)
“Presale ends tonight!” (There will be another presale)
“Whitelist spots filling fast!” (There’s unlimited spots)

FOMO manipulation:

“Everyone’s getting rich except you!”
Screenshots of huge gains (easily faked)
Telegram groups full of “investors” (actually bots)

Authority figures:

“Celebrity X endorsed this!” (Fake or paid)
“Partnered with Company Y!” (Lie)
“Featured on Forbes!” (Paid press release, not article)

Real-world examples:

SaveTheKids Token (2021): Influencers created urgency (“pumping soon!”), dumped on followers. FaZe Clan members implicated. They made millions, followers lost everything.

Celsius Network (2022): Not a sudden scam, but used urgency (“withdraw now and lose benefits!”) to prevent bank run. Eventually collapsed, $4.7 billion in customer funds frozen.

My rule:

Any time I feel rushed to make a decision, I force myself to wait 48 hours. No exceptions.

If the opportunity is still there in 2 days, great. If it’s gone, I dodged a scam.

Real projects don’t disappear overnight. Scams do.

Red Flag №4: Too-Good-To-Be-True Tokenomics

Warning signs in the tokenomics:

Massive supply: 1 quadrillion tokens (dilution guaranteed)
Whale allocations: Team owns 40%+ of supply
Vesting? Team tokens unlock immediately (they can dump anytime)
Liquidity locked? Either not locked, or locked for only 30 days
Buy/sell tax: Can’t sell without paying 20% tax (trap)
Reflection tokens: “Earn passive income just by holding!” (Ponzi mechanics)

How to check tokenomics:

Step 1: Find the token contract address

Usually on their website or social media. Looks like:

Step 2: Check on blockchain explorer

Ethereum: Etherscan.io
BSC: BscScan.com
Solana: Solscan.io

Step 3: Look for red flags:

Top holders own too much:

If top 10 wallets own 50%+ of supply, they can crash the price anytime
Check if “burn wallet” is included (exclude from calc)

Liquidity:

Is it locked? For how long?
Check lock services: Unicrypt, TeamFinance
If not locked, they can remove all liquidity and you can’t sell

Minting function:

Can the team mint unlimited new tokens?
Check contract functions or audit report

Trading restrictions:

Some scam tokens have code that prevents selling
Test with a tiny amount first

Real-world example:

AnubisDAO (2021): Launched, collected $60 million in 20 hours. Developer had the private keys. Drained everything. Investors couldn’t do anything.

Red flags ignored:

Brand new project, no track record
No vesting for team
Liquidity not locked
Anonymous developer with total control

My rule:

I spend 30 minutes analyzing tokenomics before investing a single dollar. If I can’t find:

Locked liquidity (6+ months minimum)
Reasonable token distribution (team < 20%)
Audited contract
Vesting schedule for team

I don’t invest.

Tools to check contracts:

Token Sniffer: Automated scam detection

RugDoc: Manual reviews and ratings

DexTools: Shows holder distribution and liquidity

Red Flag №5: Copycat Projects and Plagiarized Content

Warning signs:

Website looks identical to another project
Whitepaper is copy-pasted from elsewhere (with names swapped)
Roadmap has generic milestones (“Q1: Development, Q2: Marketing”)
Social media has fake followers (accounts with no posts)
GitHub repository has no real code or is forked with no modifications

How to detect:

Copy portions of their whitepaper:

Paste into Google search with quotes:

If it appears on other project sites, it’s plagiarized.

Reverse image search their graphics:

Same as team photos – see if logos/images are stolen from other projects.

Check GitHub activity:

Real projects have:
- Regular commits (code updates)
- Multiple contributors
- Detailed documentation
- Issues and pull requests
Fake projects have:
- Empty repository
- Only a “README” file
- No activity for months
- Forked code with no modifications

Check social media engagement:

Real followers:

Have profile pictures
Post content themselves
Join date spread over years

Fake followers:

No profile pictures (egg avatars)
Zero posts
All joined recently (bought bot followers)

Real-world examples:

Countless Safemoon clones (2021): After Safemoon pumped, hundreds of copycats launched: SafeMars, SafeMoon Inu, SafeEarth, etc.

All had:

Nearly identical tokenomics
Copy-pasted websites
Same “reflection” mechanics
99% of them rug-pulled within weeks

Squid Game (2021): Copied Netflix branding, created urgency around show hype, disappeared with millions.

My rule:

If a project can’t articulate what makes it unique in one sentence, it’s probably a clone trying to ride another project’s success.

Original projects have:

Novel technology or approach
Specific problem they’re solving
Team that can explain technical details
Demonstrable progress (not just promises)

Clones have:

“Like Bitcoin but better!”
“Community-driven” (meaningless phrase)
Copied marketing from successful projects
All style, no substance

Common Scam Types – Know The Patterns

Rug Pulls

What it is: Developers create token, pump price, then remove all liquidity or sell their holdings, crashing price to zero.

How to avoid:

Check liquidity is locked
Check team allocation and vesting
Never invest in projects less than 3 months old
Use only reputable ehttps://finexa.cloud/xchanges for trading

Estimated losses: $2.8 billion in 2021 alone

Ponzi/Pyramid Schemes

What it is: Paying returns to old investors with new investor money. Collapses when new money stops coming in.

Red flags:

Multi-level referral rewards
“Recruitment bonuses”
More focus on recruiting than product

Examples: BitConnect, PlusToken, OneCoin

Phishing Attacks

What it is: Fake websites/emails that steal your login credentials or wallet seed phrases.

How they work:

Email: “Your account needs verification” (link to fake site)
Twitter DM: “Claim your airdrop!” (link to malicious dapp)
Google ad: Fake exchange URL (coonbase.com vs coinbase.com)

How to avoid:

Bookmark real exchange URLs

Never click email links

Double-check URLs character by character

Use hardware wallets for large amounts – comparison here

Full wallet security guide

Pump and Dumps

What it is: Coordinated group buys a low-cap coin, hypes it, then sells when price spikes. Late buyers lose everything.

Red flags:

Telegram groups with “signals”
“Next 100x” messages flooding social media
Price charts showing insane vertical moves
Volume suddenly 50x normal

How to avoid:

Don’t join “pump signal” groups
Don’t FOMO into 100%+ daily gains
If you missed the first 50%, you’re the exit liquidity

Learn to read charts properly to spot pump and dump patterns

Fake Exchanges

What it is: Professional-looking websites that look like real exchanges. You deposit crypto, can’t withdraw.

How to avoid:

Only use established exchanges – here’s my comparison
Check domain age (scam sites are brand new)
Google “[exchange name] scam” before depositing
Start with small test deposit

Giveaway Scams

What it is: Fake Elon Musk/Vitalik accounts promise to “double your Bitcoin if you send 0.1 BTC first”

Red flag: No legitimate person will ever ask you to send crypto first. Ever.

How they do it:

Hack verified Twitter accounts
Create fake “Elon Musk” profiles
YouTube livestreams with deep fake videos
Website looks like official foundation

My rule: If someone promises to send you crypto for free, it’s a scam. No exceptions.

My Personal Scam Detection Checklist

Before I invest in ANY crypto project, I go through this:

5-Minute Initial Screen

If ANY of these are true, I stop immediately:

Anonymous team
Guaranteed returns promised
Can’t explain how returns are generated
Pressure to invest quickly
Celebrity endorsement as main selling point
“Get rich quick” language
Only available on unknown exchanges
Can’t find project mentioned anywhere outside their own marketing

30-Minute Deep Dive

If it passes the 5-minute screen, I check:

Team verifiable on LinkedIn (100+ connections each)
GitHub repository with real activity
Whitepaper is original (not plagiarized)
Smart contract audited by known firm
Liquidity locked for 6+ months
Team owns < 20% of supply
Team tokens have vesting (can’t dump immediately)
Project has been live for 3+ months without issues
Community discussions on Reddit/Twitter seem organic (not bot spam)
Website domain registered 6+ months ago

Deal Breakers

Even if everything else checks out, I walk away if:

Team refuses to dox (provide real identities)
Project promises unrealistic returns (>20% APY)
I can’t understand what the product actually does
Roadmap is vague (“Q3: Partnerships”)
Heavy focus on token price vs. product development
More marketing than development activity

If I have any doubt, I don’t invest. Missing a 10x is fine. Losing 100% of investment is not.

What To Do If You’ve Been Scammed

First 24 hours:

1. Stop the bleeding

Change passwords on all accounts immediately
Revoke smart contract approvals (use Revoke.cash)
Move remaining funds to new wallet with new seed phrase
Alert your exchange if applicable

2. Document everything

Screenshot all communications
Save transaction hashes
Archive website pages (use Archive.org)
Note wallet addresses involved

3. Report it

FBI IC3: https://ic3.gov (Internet Crime Complaint Center)
FTC: https://reportfraud.ftc.gov
State securities regulator
Exchange’s fraud team (if applicable)

Reality check: You probably won’t recover funds. But reporting creates a trail that might help others or lead to eventual prosecution.

4. Track the funds (optional)

Use blockchain explorers to see where your crypto went
Chainalysis and similar firms track stolen crypto
If funds hit a major exchange, there’s a tiny chance they get frozen

Learn from it:

Don’t beat yourself up. Every experienced crypto person has been scammed at least once. The difference is whether you learn from it or repeat the mistake.

I lost $3,400 total to scams. Expensive tuition, but I haven’t been scammed since 2022 because I learned the red flags.

How to Stay Safe – Practical Steps

Rule 1: Use Only Established Platforms

Stick to exchanges that:

Have been operating 3+ years
Have millions of users
Are properly regulated
Have verifiable reserves

Here’s my comparison of the safest exfinexa.cloudchanges

Rule 2: Never Share Your Seed Phrase

No legitimate person will ever ask for your seed phrase. Not exchange support. Not wallet developers. Nobody.

If someone asks for it, they’re trying to steal your funds.

Rule 3: Verify URLs Manually

Bookmark your actual exchange URLs. Don’t click links in emails.

Example of lookalike scams:

Real: coinbase.com
Fake: cοinbase.com (Greek ο instead of o)
Fake: coinbase-support.com

Type URLs manually or use bookmarks only.

Rule 4: Test With Small Amounts First

Sending to new address? Send $10 first. Wait for confirmation. Then send the rest.

The 2 minutes this takes has saved me from fat-finger errors multiple times.

Rule 5: Use Hardware Wallets for Large Amounts

Anything over $5,000 should be on a hardware wallet – Ledger vs Trezor comparison.

Software wallets and exchange accounts can be compromised. Hardware wallets can’t be remotely hacked.

Rule 6: Enable All Security Features

2FA (use Authy or Google Authenticator, not SMS)
Whitelist withdrawal addresses
Email confirmations for withdrawals
Anti-phishing codes

Every extra layer makes scamming you harder.

Rule 7: If It Sounds Too Good To Be True, It Is

20% monthly returns? Scam.

Risk-free 100x? Scam.

Double your Bitcoin? Scam.

Secret trading algorithm? Scam.

Real returns in crypto:

Staking: 4-8% APY
Lending: 3-6% APY
Trading: Most people lose money

Anything above 15% APY is either extremely high risk or a scam.

Case Studies: How Smart People Got Scammed

Case Study 1: The “Reputable” DeFi Protocol

Victim: Tech-savvy software engineer, 8 years crypto experience

Scam: Invested $50,000 in Meerkat Finance (BSC DeFi protocol)

What looked legit:

Audited smart contracts
Team appeared doxxed
Active Telegram community
Professional website

What happened:

$31 million rug pull within 24 hours of launch
“Team” was fake identities
Audit was real but didn’t cover the admin key backdoor
Liquidity drained overnight

Lesson: Even audited contracts can have backdoors. Check WHO controls admin keys.

Case Study 2: The Twitter Giveaway

Victim: Crypto investor, 3 years experience

Scam: Saw “Vitalik Buterin” Twitter account announcing ETH giveaway

What looked legit:

Blue check mark (hacked verified account)
50,000+ followers
Professional video announcement
Legitimate-looking website

What happened:

Sent 2 ETH (~$5,000) to “verification address”
Never received anything back
Account was hacked and impersonating Vitalik

Lesson: No one gives away free crypto. Ever. If it requires you to “send first,” it’s a scam.

Case Study 3: The Fake Exchange

Victim: New investor, 6 months crypto experience

Scam: Clicked Google ad for “Binance” that went to Binance-trade.com (fake domain)

What looked legit:

Top Google search result (paid ad)
Identical interface to real Binance
SSL certificate (https://)
Customer support chat

What happened:

Deposited $10,000 USDT
Could trade on the fake platform
Couldn’t withdraw
Support ignored withdrawal requests
Site disappeared after 3 weeks

Lesson: Always verify URLs character-by-character. Bookmark real exchanges.

The Psychological Warfare: Why You Fall For Scams

Understanding why scams work helps you resist them.

Greed:

Scammers know you want to get rich. They exploit this by promising unrealistic returns.

Counter: Force yourself to ask “How is this return generated?” If you can’t answer clearly, it’s a scam.

FOMO (Fear of Missing Out):

Seeing others “make money” triggers panic that you’re being left behind.

Counter: Remember that most “success stories” in scam Telegrams are fake accounts. Real people don’t post screenshots of gains – they stay quiet.

Authority Bias:

We trust celebrities, “experts,” and official-looking websites.

Counter: Celebrity endorsements in crypto are usually paid. Check if they actually use the product or just took money to promote it.

Urgency:

“Act now or miss out!” shuts down your logical brain and triggers emotional decision-making.

Counter: Any time you feel rushed, force yourself to wait 48 hours. Real opportunities don’t evaporate.

Confirmation Bias:

Once you want something to be true, you ignore red flags and only see information that confirms your beliefs.

Counter: Actively look for reasons NOT to invest. Play devil’s advocate with yourself.

Sunk Cost Fallacy:

“I already invested $1,000. I can’t walk away now!”

Yes you can. Losing $1,000 is better than losing $5,000.

Counter: Every decision is independent. Past losses don’t obligate future investments.

Tools and Resources to Protect Yourself

Scam Databases

CryptoScamDB

BadBitcoin

Reddit r/CryptoScams: Community reporting

Smart Contract Checking

Token Sniffer: Automated scam detection

RugDoc: Manual reviews

DexTools: Holder distribution

Phishing Protection

MetaMask Phishing Detector: Built into wallet

VirusTotal: Check suspicious links

Have I Been Pwned: Check if your email is compromised

Education

FBI IC3 Crypto Fraud Alerts: Stay updated on new scams

Chainalysis Reports: Annual crypto crime statistics

Reddit r/CryptoCurrency: Community warnings

FAQ: Your Questions Answered

Q: Are all new crypto projects scams?

No, but 95% are. The 5% that are legitimate still have high failure rates. Only invest what you can afford to lose completely.

Q: Can I recover stolen crypto?

Rarely. Blockchain transactions are irreversible. If scammers move funds to a major exchange and that exchange cooperates with law enforcement, there’s a tiny chance. Don’t count on it.

Q: Is it safer to keep crypto on exchanges or in wallets?

Both have risks. Exchanges can be hacked (but often reimburse users). Wallets are your responsibility (lose seed phrase = lose funds).

Best practice: Hardware wallet for large amounts, exchange for actively traded amounts.

Q: How do I know if an exchange is legitimate?

Check:

Age (3+ years operating)
Regulation status
User reviews across multiple sites
Proof of reserves
Trading volume

Here’s my comparison of legit exchanges

Q: What if the scam uses a smart contract that “can’t” rug pull?

Contracts can have hidden functions. Just because it’s “code” doesn’t mean it’s safe. Many rug pulls happen through legitimate-looking contract functions that were hidden in plain sight.

Always get contracts audited by reputable firms.

Q: Can hardware wallets protect me from all scams?

No. They protect your private keys, but if you approve a malicious smart contract transaction, you can still lose funds.

Hardware wallets stop remote hacking. They don’t stop you from clicking “approve” on a scam.

The Bottom Line

Every single person in crypto will encounter scams. The only question is whether you recognize them before sending money.

The five red flags that should make you run immediately:

Guaranteed returns – Legitimate investments don’t guarantee anything
Anonymous teams – Real people risk real reputation
Urgency and pressure – Scams evaporate quickly, real projects don’t
Suspicious tokenomics – Check liquidity locks and holder distribution
Copycat content – Original projects have original ideas

My final advice:

Start small. Make mistakes with $100, not $10,000. Learn the hard way on amounts that won’t ruin you.

Use established exchanges only. Avoid brand new platforms regardless of promises.

If your gut says something is off, listen. I’ve never regretted walking away from a “too good to be true” opportunity. I’ve always regretted ignoring red flags.

The crypto space is full of incredible opportunities. But it’s also full of predators waiting for naive investors.

Don’t be naive. Be paranoid. Check everything. Trust no one.

Your money will thank you.

Important Disclaimers

Affiliate Disclosure

This article contains affiliate links to cryptocurrency exchanges and security tools. We only recommend platforms we personally use and have vetted for legitimacy.

Read our full disclosure policy

Security Warning

This guide helps identify scams but cannot guarantee protection. New scam techniques emerge constantly. Always conduct your own research and never invest more than you can afford to lose completely.

This article is NOT:

A guarantee you won’t be scammed
Legal advice
Financial advice

You should:

Verify all information independently
Use only reputable platforms
Secure your accounts properly
Stay updated on new scam types

The author has been scammed multiple times as disclosed. All experiences shared are for educational purposes.