How can I tell if a Telegram message is from real support?

Real support never DMs first. Always check support via the platform's own help section (binance.com/support, coinbase.com/help). Block and report any 'support' that DMs you unsolicited.

What's the most common crypto scam?

Approval drainers — fake DApps that get you to sign a transaction granting them permission to drain specific tokens. Accounts for 40%+ of all crypto theft losses according to Chainalysis.

Are there any legit crypto giveaways?

Real airdrops are claimed via your wallet on the project's official site (often connected to social actions). They never require you to send crypto first. Any 'giveaway' requiring upfront payment is a scam.

Can I get my money back if I'm scammed?

Rarely. Crypto transactions are irreversible. If the funds went to a centralized exchange, that exchange might freeze if they receive a law enforcement request — slim chance but worth filing IC3.gov reports. Decentralized destinations are essentially unrecoverable.

How do I know if a token is a rug pull risk?

Run it through GoPlus (gopluslabs.io). Check liquidity lock on Unicrypt/Team Finance. Check top 10 holders concentration on the block explorer. Walk away if any check fails.

What's a pig butchering scam?

Long-game romance + investment scam. Scammer befriends you over weeks/months on dating apps, builds trust, then introduces an 'amazing investment opportunity'. By the time you realize, $50k-500k has flowed to them. Never invest based on advice from someone you met online.

Are crypto influencers trustworthy?

Most are paid promoters. They get $10k-100k+ to shill specific tokens. Treat every 'recommendation' as a paid ad until proven otherwise. The few legitimate ones disclose paid partnerships explicitly.

I clicked a phishing link but didn't sign anything — am I safe?

Probably. Clicking a link alone doesn't drain a wallet. You must sign a transaction or enter your seed phrase. If you didn't do either, you're safe. Run a malware scan if the click was on a suspicious site.

How To Avoid Crypto Scams 2026

Rule #1: Never share your seed phrase. Anyone asking is scamming you.

Your seed phrase is the master key to your wallet. There is exactly zero legitimate reason for anyone — your wallet provider, exchange support, a tax advisor, or a friend — to need your seed phrase. If someone asks, they are scamming you. This includes 'MetaMask support', 'Phantom helper', 'Coinbase verification team', and any DM offering to 'fix your wallet'.

Real wallet providers don't have access to your seed phrase. They can't help with seed-phrase-related issues because the math doesn't allow it. Exchange support never needs it. Tax tools don't need it. Take this rule to extreme: if even your closest family member asks, refuse.

Rule #2: Read every transaction before signing — the Ledger screen is your last defense

Wallet drainer scams work by getting you to sign a transaction that looks legitimate but actually grants the attacker permission to drain a specific token. 'Free NFT mint' → you sign → your USDT is gone. 'Claim airdrop' → you sign → your ETH is gone.

Defense: read every transaction's actual asset movement before signing. Use Rabby instead of MetaMask — it simulates the transaction and shows 'You will lose 1,000 USDC' instead of raw hex data. If using a hardware wallet, read the device screen too. The Ledger/Trezor screen can't be faked by the website.

Rule #3: Bookmark every DApp you use. Never click links from DMs, ads, or unverified posts

Fake Uniswap, fake OpenSea, fake MetaMask, fake Etherscan — there's a phishing copy of every major site. They rank in Google ads, appear in Telegram links, and are pinned in 'official' Discord channels by impersonator admins.

Defense: once you confirm a site is real, bookmark it. Always navigate via bookmark, never via search or link. For mobile, save sites to home screen. The 10 seconds of inconvenience prevents the most common attack vector.

The 7 main scam categories — patterns and defenses

Phishing sites: fake DApp copy steals seed phrase or gets you to sign a drainer transaction. Defense: bookmark official sites, never click search ads, verify URL spelling carefully.
Wallet drainers: malicious 'free mint' or 'claim' transactions that grant token spending permission. Defense: read transactions in Rabby, revoke old approvals quarterly.
Fake support: DM from 'MetaMask support' or 'Coinbase team' asking for seed phrase or 2FA code. Defense: real support never DMs first. Block and report.
Rug pulls: project creators drain liquidity. Defense: check liquidity lock + GoPlus contract scan before buying any new token.
Airdrop scams: token appears in your wallet with name like 'Visit-website-to-claim'. Visiting the site triggers a drainer. Defense: never interact with unfamiliar airdropped tokens. Just ignore them.
Romance / pig butchering: long-game scam where someone befriends you on dating apps then convinces you to invest in their 'opportunity'. Most losses are $50k-500k. Defense: never invest based on advice from someone you met online and never met in person.
Fake giveaways: 'Elon Musk is giving away Bitcoin — send 0.1 BTC, get 1 BTC back'. Defense: no legitimate giveaway requires you to send first. Period.

Clipboard hijacking — a sneaky variant

Malware can detect when you copy a crypto address and silently replace it with the attacker's address. You paste, send, and the funds go to the wrong place. Defense: always verify the FIRST 5 and LAST 5 characters of any pasted address against the source before confirming the transaction. Hardware wallets show the destination on the device screen — read it.

Rule #4: If returns sound impossible, they are

'Guaranteed 10% per day' — pure Ponzi.

'Mirror this whale wallet, automatic 50% per month' — fake copy trade.

'Bitcoin doubling event from [celebrity]' — fake giveaway.

Real crypto returns: Bitcoin's long-term average is roughly 60% annualized — extraordinary by traditional standards. Anyone offering more reliable returns is selling a fantasy.

Recovery scams — when you're already a victim

After getting scammed, victims often get contacted by 'recovery experts' or 'blockchain forensics services' promising to retrieve funds for an upfront fee. These are second-stage scams. Real blockchain forensics (Chainalysis, Elliptic, TRM Labs) work with law enforcement, not retail victims directly. Pay nothing upfront — that's the giveaway.

What to do if you've been scammed

Stop sending more. Most victims double down trying to 'recover' losses — making it worse.
Document everything: transaction hashes, addresses, screenshots, dates.
Report to the platform: if via Coinbase/Binance/etc, file a support ticket. They sometimes freeze recipient accounts.
Report to law enforcement: in the US, IC3.gov; in UK, Action Fraud; in EU, Europol's EC3.
Report the scammer's address publicly on Twitter, Etherscan label, and to wallet providers.
Don't pay 'recovery services' — they're follow-on scams.
Move remaining funds: if your wallet was compromised at any level, move all remaining assets to a fresh wallet with a fresh seed phrase. Don't reuse.

How To Avoid Crypto Scams 2026 — Complete Anti-Scam Master Guide