Common crypto scams are deceptive attempts to make users reveal wallet secrets, approve unsafe token spending, sign misleading messages, install malicious tools, send assets to attackers, trust fake support, or interact with copied websites that look official. These scams appear across wallets, DEXs, bridges, airdrops, presales, NFT mints, staking pages, token migrations, cloud backup warnings, portfolio dashboards, browser extensions, social media replies, search ads, and direct messages. The safest starting point is not panic; it is verification. For a broader prevention framework, read How to Avoid Crypto Scams.

This topic matters because most crypto scams do not need to break a blockchain. They target the user’s decision point. A fake page asks for a seed phrase. A fake support account asks for wallet validation. A fake claim asks for unlimited approval. A fake DEX asks the user to sign a strange message. A fake token uses a copied logo. A fake bridge recovery page asks for private keys. A fake hardware wallet setup page asks for recovery words. The wallet may be technically secure, but one unsafe approval, signature, or secret phrase exposure can still create serious loss. To understand one of the most common permission risks, read What Is Token Approval? and How to Revoke Token Approval Safely.

This guide explains the most common crypto scam patterns in plain English: phishing links, fake support, fake airdrops, wallet drainers, token approval traps, seed phrase theft, private key theft, fake DEX pages, fake bridge recovery pages, fake presales, fake token migrations, fake browser extensions, cloud backup exposure, impersonation, romance and investment traps, pump groups, honeypot tokens, malicious signatures, and recovery service scams. It also explains what users should verify before connecting, signing, approving, claiming, swapping, bridging, or following support instructions. This is neutral education only, not legal, financial, investment, tax, cybersecurity incident response, or asset recovery advice.

Quick answer

Common crypto scams are social engineering and wallet interaction tricks that push users to reveal secret recovery information, approve a malicious spender, sign an unsafe message, install fake software, or send funds to an attacker. Before acting, users should check the official URL, source announcement, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature message, block explorer status, and private information boundary. A legitimate app, DEX, bridge, support team, claim page, explorer, or wallet provider should not ask for a seed phrase, private key, recovery phrase, wallet password, recovery code, two-factor backup code, cloud backup key, or remote device access.

Simple example: A user receives a direct message saying they are eligible for an urgent token claim. The link opens a page that copies a real project design. After connecting, the wallet asks for unlimited approval of a valuable token instead of a normal claim transaction. The user should reject the request, verify the official campaign source, inspect the exact domain, check the spender contract, and avoid signing until the wallet request matches the expected action. For a claim-specific workflow, read Claim Page Safety Checklist.

Why this matters

Crypto gives users direct control over assets, but direct control also means user decisions matter. In a traditional app, a support process may be able to reverse some mistakes. On public blockchains, many transactions are final once confirmed. A scammer does not always need to know complex cryptography. They only need a user to reveal a seed phrase, approve token spending, sign a dangerous message, or send funds to the wrong place.

A scam can also look normal at first. A wallet connection prompt may appear harmless. A token claim may look like a real reward. A support account may use official-looking logos. A fake website may copy layout, colors, and wording. A token may copy a real ticker. A transaction may be framed as verification. This is why the visual appearance of a page is not enough. The user must inspect the source, URL, wallet request, contract, spender, signature, recipient, and public on-chain result.

The most important safety boundary is the difference between public wallet data and secret wallet data. A wallet address, transaction hash, token contract, spender contract, block explorer link, approval event, and public on-chain transfer can usually be inspected publicly. A seed phrase, private key, recovery phrase, Secret Recovery Phrase, wallet password, two-factor backup code, recovery code, device unlock code, cloud backup key, optional passphrase, or remote device access should not be shared with websites, support accounts, direct messages, forms, bots, browser extensions, wallet repair tools, or recovery services.

Many scams use urgency. They say a wallet must be validated, a claim expires soon, a migration is closing, a transaction is stuck forever, an account will be locked, a bridge requires synchronization, a token must be activated, or a support agent can recover funds immediately. Urgency is designed to compress thinking. The safer habit is to slow down, verify, and reject unclear wallet requests.

Useful next step: If wallet permissions, seed phrases, approvals, suspicious links, and block explorers are still new concepts, read Wallet Address vs Private Key, What Is a Seed Phrase?, How to Check Official Links, and Browser Extension Wallet Safety first.

The basic idea

Most crypto scams fall into one of five practical categories. The first is secret theft: the scam asks for a seed phrase, private key, recovery phrase, cloud backup, or wallet password. The second is permission abuse: the scam asks for token approval, delegation, or a signature that gives the attacker power. The third is destination deception: the scam makes the user send funds to the wrong address or interact with the wrong contract. The fourth is fake identity: the scam impersonates a real app, project, token, exchange, wallet, support team, influencer, or community. The fifth is emotional manipulation: the scam uses urgency, greed, fear, romance, authority, or shame to make the user skip verification.

A good safety checklist does not require users to become auditors. It teaches users to ask direct questions: Where did this link come from? Is this the exact official domain? What is the wallet asking me to do? Is this a connection, approval, signature, transfer, mint, claim, bridge, swap, or contract call? Which token is involved? Which spender is being approved? Is the recipient expected? Is the selected network correct? Does any step ask for a seed phrase or private key? Can the result be checked on a block explorer?

1. Scams often target the recovery layer

A seed phrase or private key can restore wallet control. That makes recovery information a primary target. A website, support account, claim page, bridge tool, wallet repair bot, or browser extension that asks for recovery words should be treated as dangerous.

2. Scams often target token approvals

Token approvals can give a spender contract permission to move a token. A malicious page may ask for unlimited approval under the label of a claim, swap, migration, staking action, or verification. Users should check the token, spender, amount, network, and official source before approving.

3. Scams often target signatures

Some signatures simply prove wallet ownership. Others can authorize meaningful actions depending on the message and protocol. Users should avoid vague wallet validation, synchronization, repair, unlock, migration, or claim signatures from unverified pages.

4. Scams often target official-looking links

Fake domains can copy real layouts and logos. Sponsored search results, social replies, direct messages, QR codes, shortened links, and lookalike domains can lead users to copied pages. Check official links carefully before connecting.

5. Scams often target users after a problem

Users are more vulnerable after a pending transaction, failed swap, bridge delay, missing token, wrong network mistake, or wallet error. Fake support often appears exactly when the user is stressed. Use official support routes and public transaction data instead of direct-message repair links.

Main types of common crypto scams

The names change, but the mechanics repeat. Each scam below should be judged by what it asks the user to reveal, approve, sign, install, or send.

Phishing links

Phishing links imitate real crypto websites, wallets, DEXs, bridges, explorers, claim pages, NFT marketplaces, or support portals. The goal is to make the user connect a wallet, sign a message, approve a spender, download fake software, or reveal secrets.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Fake support accounts

Fake support accounts appear in replies, direct messages, Telegram groups, Discord servers, forums, and search results. They often ask for wallet validation, remote access, seed phrases, private keys, screenshots, or repair links.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Seed phrase theft

Seed phrase theft happens when a user enters recovery words into a website, sends them to support, stores them in an unsafe cloud location, or installs a malicious tool that captures them.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Private key theft

Private key theft is similar to seed phrase theft but may expose a single account directly. A private key should never be pasted into websites, support chats, forms, or unknown apps.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Wallet drainer pages

Wallet drainers are malicious pages designed to make users sign, approve, or transfer in a way that allows assets to be moved. They may be disguised as claims, mints, swaps, migrations, staking dashboards, or verification pages.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Token approval scams

Approval scams ask users to grant token spending permission to a malicious or unnecessary spender. The approval may remain active after the page is closed or after a transaction fails.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Fake airdrops

Fake airdrops promise free tokens or rewards, then ask for a seed phrase, unsafe approval, malicious signature, deposit payment, or wallet connection to a copied claim page.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Fake token claims

Fake claim pages often use countdowns, eligibility checks, official-looking logos, and direct-message links to push users into unsafe wallet requests.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Fake DEX pages

Fake DEX pages copy swap interfaces and may ask for approvals, signatures, or transfers that do not match a real swap. Users should verify the domain and router/spender contracts.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Fake bridge recovery pages

Bridge delays create stress. Scammers use fake recovery pages that claim to release stuck funds if users enter recovery phrases, approve tokens, or sign messages.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Fake presales and launchpads

Fake presales ask users to send funds to attacker addresses or connect to copied allocation pages. Real-looking countdowns and tokenomics graphics do not prove legitimacy.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Fake token migrations

Fake migrations claim that users must urgently convert old tokens to new tokens. They often ask for broad approvals or direct transfers.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Honeypot tokens

A honeypot token may allow buying but block selling or use hidden rules to trap traders. Users should understand contract risk before interacting with unknown tokens.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Impersonation scams

Impersonators copy influencers, founders, exchanges, wallet brands, project teams, moderators, and support staff. They may use similar names, profile images, or handles.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Giveaway scams

Giveaway scams promise to multiply deposits or reward users who send funds first. Sending crypto to receive more crypto back is a classic danger pattern.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Romance and relationship scams

A scammer builds trust over time, then introduces a fake investment platform, wallet setup, mining scheme, or trading opportunity. The emotional layer makes verification harder.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Investment manager scams

A fake trader or manager promises guaranteed returns, manages a fake dashboard, and asks users to deposit more when withdrawals are blocked.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Fake mining and cloud yield scams

Fake platforms show artificial balances and rewards, then ask for deposits, fees, taxes, or verification payments before withdrawal.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Malicious browser extensions

A malicious extension can imitate a wallet, monitor browsing, inject fake pages, or request sensitive data. Use official sources and review extension permissions carefully.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Cloud backup exposure

A user may accidentally expose seed phrases by storing screenshots, notes, emails, documents, or scanned backups in cloud services. Convenience can become wallet risk.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Fake recovery services

Recovery scams target victims after a loss. They promise to recover funds but ask for upfront fees, seed phrases, private keys, remote access, or more personal information.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

QR code scams

A QR code can hide a destination URL, wallet address, or payment request. Users should inspect where a QR code leads before connecting or sending funds.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Clipboard address replacement

Malware or malicious tools may replace a copied address with an attacker address. Always compare addresses carefully, especially for large transfers.

The safer workflow is to verify the official source, exact URL, selected network, wallet request, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result. If the page asks for a seed phrase, private key, recovery phrase, wallet password, recovery code, remote access, or cloud backup key, stop immediately.

Universal crypto scam checklist

This checklist is designed for ordinary users before connecting a wallet, approving a token, signing a message, claiming an airdrop, using a DEX, bridging funds, joining a presale, importing a token, downloading a wallet, or following support instructions.

  1. Check the source: Start from official documentation, official app pages, verified social profiles, or saved bookmarks rather than direct messages or random search ads.
  2. Check the exact domain: Look for misspellings, extra hyphens, strange subdomains, special characters, copied brand words, and redirects.
  3. Check what the wallet asks: Identify whether the prompt is connect, sign, approve, transfer, swap, bridge, mint, claim, delegate, stake, or contract interaction.
  4. Check whether secrets are requested: No normal support page, DEX, bridge, explorer, airdrop, wallet connection, or token claim needs a seed phrase or private key.
  5. Check the network: Confirm chain, gas token, explorer, token contract, and app support.
  6. Check token contracts: Token names, logos, and tickers can be copied. Contract addresses and official sources matter more.
  7. Check approvals: For approvals, review token, spender, amount, network, and whether the permission matches the intended action.
  8. Check signatures: Reject vague validation, repair, synchronization, migration, unlock, whitelist, or claim messages from unverified pages.
  9. Check transaction value: Confirm whether the transaction sends native currency or tokens beyond gas.
  10. Check recipient address: Verify where funds are going and compare addresses carefully.
  11. Check public results: Use the correct block explorer to review status, transfers, approvals, contracts, timestamps, gas, sender, and recipient.
  12. Stop under pressure: Urgency is a signal to slow down, not a reason to sign faster.

Related guide: If something already happened, the correct response depends on whether the user only opened a page, connected a wallet, signed a message, approved a token, submitted a transaction, or revealed a seed phrase/private key. Read What to Do After Clicking a Suspicious Crypto Link, What to Do If Seed Phrase Was Exposed, and What to Do If Private Key Was Exposed.

Warning signs

Warning signs should not create panic; they should create a pause. When one appears, slow down and verify from official sources before taking wallet action.

  • A page asks for a seed phrase: This is one of the clearest danger signals. Seed phrases are for wallet recovery, not support, claims, swaps, mints, bridge fixes, or validation.
  • A support account contacts first: Unsolicited support is high risk, especially after a public post about a problem.
  • A link uses urgent claim language: Phrases like final chance, claim now, validate wallet, unlock funds, or migration deadline can be used to rush users.
  • A wallet asks for unlimited approval: Unlimited approval is not always malicious, but it should be understood before signing. Check spender, token, amount, and reason.
  • A signature message is vague: Messages that only say validate, repair, synchronize, unlock, or verify can hide risk.
  • A transaction sends value unexpectedly: A claim or verification page should not quietly send valuable tokens or native currency to an unknown address.
  • A domain looks almost right: Small spelling changes, extra words, and strange subdomains are common in phishing.
  • A token only has a familiar name: Token names and logos can be copied. Verify the contract and network.
  • A page asks to install a special tool: Wallet repair extensions, claim activators, node synchronizers, and recovery downloads are common scam covers.
  • A service guarantees recovery: Funds recovery scams often target victims and request fees, secrets, or remote access.
  • A dashboard shows profits but blocks withdrawal: Fake investment dashboards may ask for taxes, unlocking fees, or verification deposits.
  • A QR code hides the destination: Inspect where a QR code leads before connecting, signing, or sending.
  • A remote access request appears: Remote access can expose wallet prompts, files, seed phrase backups, and browser sessions.
  • A cloud backup contains recovery words: Screenshots and notes can sync across devices and accounts, creating hidden exposure.
  • A community moderator asks for private information: Even a person with an official-looking name should not need seed phrases, private keys, or passwords.

Common mistakes

These mistakes are common because crypto interfaces can be confusing and scams often appear during moments of urgency. The fix is not shame; it is a repeatable verification habit.

Typing a seed phrase into a website

A seed phrase should never be entered into a claim page, support form, DEX, bridge, explorer, migration page, staking site, or recovery bot. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Trusting a direct-message helper

Scammers often reply faster than real support. Official support should not ask for wallet validation links, secrets, remote access, or special repair tools. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Approving without checking spender

The spender contract is the permission receiver. If the spender is malicious, token funds can be at risk up to the approved amount. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Assuming connection equals safety

Connecting shares a public address and lets the page request actions. The next prompt may still be dangerous. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Signing unreadable messages

A signature can be meaningful. If the user does not understand the message or source, rejecting is safer. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Relying on logos and token names

Logos and names are easy to copy. Verify contract addresses and official sources. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Clicking sponsored search results

Promoted results can lead to fake wallets, fake exchanges, fake DEXs, and fake support pages. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Ignoring old approvals

A wallet may still have permissions from old dApps. Review allowances after suspicious activity or periodic wallet maintenance. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Using a storage wallet for risky claims

A long-term wallet should not be used casually for unknown airdrops, mints, presales, or experimental dApps. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Believing guaranteed returns

Crypto markets are risky. Guaranteed profit claims, fixed daily returns, and risk-free trading bots are common scam signals. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Sending funds to receive more back

Giveaway multiplication claims are classic scams. Sending crypto first does not prove a reward will come back. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Assuming a failed transaction means no risk

An approval may have succeeded before a claim failed. Check explorer activity and allowances. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Deleting a cloud screenshot and assuming all risk is gone

A screenshot may have synced, cached, backed up, or been restored elsewhere. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Following recovery service promises

Recovery scammers target victims. Be cautious of upfront fees, secrets requests, and impossible guarantees. The safer habit is to check official links, read wallet prompts, separate public data from secrets, review token approvals, verify contracts, and use block explorers for public transaction checks.

Examples and scenarios

The following examples are educational. They are not financial, investment, trading, legal, tax, cybersecurity incident response, or asset recovery advice. They show how common scam patterns appear in realistic user situations.

Scenario 1: Fake airdrop claim in a social reply

A user sees a reply under a real project post claiming rewards are live. The link uses a lookalike domain. The user should ignore the reply and use official links only. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 2: Seed phrase validation page

A page says the wallet must be validated by entering recovery words. This is unsafe. No claim, DEX, bridge, explorer, or support flow should need recovery words. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 3: Fake DEX approval

A copied swap page asks for unlimited approval of a valuable token. The user should check the official domain, router, spender, token, and network before signing. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 4: Fake bridge recovery

A bridge delay leads the user to a fake recovery page that asks for private keys. The user should use official bridge support and public transaction hashes. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 5: Fake support after a failed swap

The user posts about a failed swap and receives direct messages. The support account sends a repair link. The user should use official support pages only. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 6: Fake token migration

A page says old tokens will expire unless migrated immediately. The wallet asks for broad approval. The user should verify the migration from official sources. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 7: Honeypot token hype

A token is promoted as easy profit, but buyers cannot sell. Users should understand contract risk and avoid trusting hype alone. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 8: Copied hardware wallet setup page

A fake setup page asks the user to type the device recovery phrase. Hardware wallet setup should not require seed phrase entry on a website. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 9: Cloud screenshot exposure

A user screenshots a seed phrase and it syncs to cloud photos. The wallet should be treated as potentially exposed. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 10: Romance investment platform

A person builds trust over weeks and introduces a trading platform with fake profits. Withdrawals later require fees. This is a common long-form scam pattern. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 11: Fake giveaway multiplier

A post claims users can send one coin and receive two back. The user should not send funds to participate. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 12: QR code phishing

A QR code in a chat opens a fake claim page. The user should inspect the destination URL before connecting. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 13: Clipboard replacement

A copied address changes before sending. The user should compare the destination carefully, especially for large transfers. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 14: Fake wallet extension

A user installs a wallet extension from a random link. The extension asks for a seed phrase. Use official extension sources only. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 15: Fake explorer support

A page pretending to be an explorer offers to fix failed transactions if the user enters recovery information. Explorers do not need wallet secrets. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 16: NFT mint drainer

A mint page claims a free NFT but asks for a signature or approval that does not match the mint. The user should verify source and wallet request. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 17: Presale deposit scam

A copied presale page provides an attacker deposit address. The user should verify official allocation rules and payment addresses. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 18: Staking dashboard impersonation

A fake staking page asks for approval or signature under a similar domain. The user should verify official app links and contracts. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 19: Fake tax or withdrawal fee

A fake investment platform blocks withdrawal and asks for tax or unlock fees. Real withdrawal processes should be verified through official regulated channels where applicable. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

Scenario 20: Recovery service targeting victims

After a loss, a service promises guaranteed recovery for an upfront fee. The user should be cautious and avoid sharing secrets or paying more under pressure. The safer workflow is to verify the official source, exact domain, wallet request, selected network, token contract, spender contract, approval amount, transaction recipient, signature contents, and explorer result before acting.

What users should check before connecting a wallet

Wallet connection is not the same as giving token approval, but it still starts the interaction. After connection, a site can request signatures, approvals, transactions, network switches, token imports, or contract calls.

  • Official source: Did the link come from official documentation, a verified app page, or a trusted bookmark?
  • Domain: Is the spelling exact? Are there strange subdomains, redirects, lookalike letters, or extra words?
  • Purpose: Why does the site need wallet connection?
  • Wallet account: Is this the right account, or should a lower-exposure wallet be used?
  • Network: Is the selected network expected?
  • Next prompt: Does the site immediately ask for approval, transfer, or signature after connection?

What users should check before signing a message

A signature may be used for login, wallet ownership proof, terms acceptance, or protocol authorization. The problem is that many users treat all signatures as harmless. A safer habit is to read the message and verify the source before signing.

  • Message content: Does it clearly match the intended action?
  • Source domain: Is the page official?
  • Purpose: Is the signature needed for login, claim, order, permit, or another action?
  • Urgency: Is the page using pressure language?
  • Clarity: If the message is unreadable or vague, stop and verify.

What users should check before approving a token

Token approvals are common in DeFi, but they are also common scam tools. Approval gives a spender contract permission to move a token. The key question is not only whether the app is familiar, but which exact contract is receiving permission and how much permission is granted.

  • Token: Which token is being approved?
  • Spender: Which contract receives permission?
  • Amount: Is the allowance limited or unlimited?
  • Network: Is this the correct chain?
  • Reason: Does the action actually require approval?
  • Source: Is the app URL official?
  • Afterward: Should the approval remain active?

How to verify with a block explorer

A block explorer helps users check public facts without exposing wallet secrets. It can show whether a transaction succeeded, failed, transferred tokens, approved a spender, called a contract, or sent native currency.

  1. Use the correct explorer: Match the explorer to the network where the action happened.
  2. Search transaction hash: Check status, timestamp, sender, recipient, value, gas, and contract interaction.
  3. Check token transfers: Confirm what moved in or out.
  4. Check approval events: Look for spender permissions.
  5. Check contract addresses: Compare token and app contracts with official sources.
  6. Do not enter secrets: A block explorer does not need a seed phrase, private key, password, or recovery code.

What to do if something already happened

The response depends on what happened. Opening a link is not the same as connecting a wallet. Connecting is not the same as signing. Signing is not the same as approval. Approval is not the same as sending funds. Revealing a seed phrase or private key is the highest-risk case.

  • Only opened a suspicious link: Close the page, do not enter secrets, and verify official sources.
  • Connected a wallet: Disconnect from the site if appropriate and reject further prompts.
  • Signed a message: Save details, check what was signed, and monitor wallet activity.
  • Approved a token: Review and revoke unnecessary or suspicious approvals through trusted tools.
  • Submitted a transaction: Check the transaction hash on the correct block explorer.
  • Entered a seed phrase or private key: Treat the wallet as compromised and use a safe response workflow.

External reference paths for learning

Crypto scam prevention overlaps with wallet education, seed phrase safety, official link verification, browser extension safety, token approvals, transaction review, public blockchain inspection, and social engineering awareness. External pages can change, so users should always verify that any wallet, support page, explorer, documentation page, extension, or security guide is official before relying on it.

Long-tail crypto scam questions

What are the most common crypto scams?

Common crypto scams include phishing links, fake support, seed phrase theft, private key theft, fake airdrops, fake claim pages, malicious token approvals, wallet drainers, fake presales, fake token migrations, fake investment platforms, and recovery scams.

How do crypto phishing scams work?

Crypto phishing scams copy real websites, apps, support pages, or social accounts. They try to make users connect wallets, sign messages, approve spenders, download fake tools, or reveal seed phrases.

Can a wallet be drained by connecting?

Basic connection usually shares a public address, but danger can follow if the user signs a message, approves a token, or confirms a transaction. Verify the site before connecting and read every prompt.

What is a wallet drainer?

A wallet drainer is a malicious page or tool designed to make users approve, sign, or transfer in a way that lets assets be moved. It may appear as an airdrop, mint, migration, staking page, or DEX.

What should I do if a site asks for my seed phrase?

Stop immediately. A legitimate claim page, DEX, support page, bridge, explorer, or wallet connection does not need a seed phrase. If the phrase was entered, treat the wallet as compromised.

Can token approvals be dangerous?

Yes. Token approvals can allow a spender contract to move approved tokens. Users should check the token, spender, amount, network, and official source before approving.

How do fake airdrop scams work?

Fake airdrops promise rewards and push users to connect wallets, approve tokens, sign messages, send fees, or enter seed phrases. Verify the official campaign source and exact domain.

How can I tell if crypto support is fake?

Fake support often contacts users first, sends repair links, asks for wallet validation, requests seed phrases, asks for remote access, or pressures the user. Use official support pages only.

Is it safe to share a transaction hash?

A transaction hash is public blockchain information and can be used for troubleshooting. It does not give wallet control. Seed phrases and private keys must remain private.

Is it safe to share my wallet address?

A wallet address is public and can receive funds or show public history. It does not control the wallet, but users should consider privacy before sharing it widely.

What is a fake token migration scam?

A fake migration claims users must urgently move old tokens to new tokens. It may ask for broad approvals, transfers, or signatures. Verify official announcements and contracts.

What is a honeypot token scam?

A honeypot token is designed so users can often buy but cannot sell, or selling is heavily restricted. Unknown token contracts should be treated carefully.

Can a failed transaction still be risky?

Yes. A failed transaction may still indicate a risky site, and an approval may have succeeded separately. Check explorer activity and token allowances.

How do recovery scams work?

Recovery scams target victims after a loss. They promise guaranteed recovery but ask for upfront fees, seed phrases, private keys, remote access, or more deposits.

How do I verify a crypto website?

Check official documentation, verified social links, exact domain spelling, redirects, app links, contract addresses, and whether the wallet request matches the intended action.

What is the safest habit against crypto scams?

Verify before acting. Check official sources, wallet prompts, contracts, approvals, recipients, signatures, and explorer results, and never reveal seed phrases or private keys.

FAQ

Are all crypto links dangerous?

No. Many crypto links are legitimate, but users should verify the source and exact domain before connecting a wallet or signing. Random direct messages, sponsored results, shortened links, and social replies deserve extra caution.

Can scammers steal crypto without my seed phrase?

Yes. A scammer may use malicious approvals, unsafe signatures, wrong-address transfers, fake DEX interactions, or wallet-draining pages. Seed phrase theft is only one type of scam.

What is the difference between approval and transfer?

Approval gives a spender permission to use a token up to an allowed amount. Transfer sends assets. Both require careful review, but they are different wallet actions.

Should I revoke approvals after a scam attempt?

If a suspicious site received approval, review and revoke unnecessary permissions through trusted tools. Revoking approvals can reduce spender risk, but it does not fix seed phrase exposure.

What if I signed a suspicious message?

Stop interacting with the page, save details, check wallet activity, and review whether the signature authorized any meaningful action. Avoid signing more messages from the same source.

What if I clicked a scam link but did not connect my wallet?

Close the page and avoid entering information. If no wallet was connected, no signature was made, no approval was granted, and no secrets were entered, the risk may be lower, but device/browser hygiene still matters.

What if I entered my seed phrase into a fake page?

Treat the wallet as compromised. From a safe environment, create a new wallet, move remaining assets if possible, review approvals, and stop using the exposed phrase as secure.

Can a fake app look exactly like the real one?

Yes. Fake apps and pages can copy logos, layouts, colors, wording, and token names. The exact domain, official source, contract address, and wallet request matter more than appearance.

Can scammers use real transaction hashes?

Yes. A scammer can show public transaction hashes to seem credible. Public data can be real while the support page, claim link, or instruction is still fake.

Why do scammers ask for remote access?

Remote access can expose wallet prompts, files, browser sessions, cloud backups, seed phrase screenshots, and transaction confirmations. Legitimate support should not need control of a user’s device.

Can a cold wallet be affected by scams?

Yes. A cold wallet can still sign a malicious transaction or approve a bad spender if the user confirms it. The seed phrase can also be exposed through fake setup or cloud storage.

Are fake presales common?

Fake presales and launchpads can copy tokenomics, countdowns, dashboards, and deposit instructions. Users should verify official sources and payment addresses before sending funds.

What should I do after sending funds to a scam address?

Save transaction hashes and public details, stop sending more funds, avoid recovery scams, and consider appropriate reporting routes. Do not share seed phrases or private keys with anyone promising recovery.

Can I use a block explorer to detect scams?

A block explorer can help verify public facts such as transfers, approvals, contracts, and transaction status. It does not guarantee safety, but it helps users inspect what happened.

What is the first rule of crypto scam prevention?

Never reveal seed phrases or private keys. Then verify official links, read wallet prompts, check approvals, inspect contracts, and avoid urgent direct-message instructions.

Related concepts

Common crypto scams connect to wallet recovery, private keys, seed phrases, browser extension wallets, token approvals, DEX interactions, claim pages, cloud backups, cold wallet habits, public transaction verification, and fake support. These pages help readers move through the Eonwell archive in a safer order.

Summary

Common crypto scams are attempts to make users reveal secrets, approve unsafe token spending, sign misleading messages, install malicious tools, send funds to attackers, or trust copied websites and fake support accounts. The surface may change from an airdrop to a bridge, DEX, presale, NFT mint, hardware wallet setup, token migration, or recovery service, but the core question stays the same: what is the page asking the user to reveal, approve, sign, install, or send?

The most important boundary is public data versus secret data. Wallet addresses, transaction hashes, token contracts, spender contracts, approval events, explorer links, and public transfers can usually be inspected publicly. Seed phrases, private keys, recovery phrases, wallet passwords, optional passphrases, recovery codes, two-factor backup codes, cloud backup keys, and remote device access should remain private.

Users should verify official sources, exact domains, selected networks, token contracts, spender contracts, approval amounts, transaction recipients, signature contents, wallet prompts, and block explorer results before acting. A page that creates urgency, asks for wallet validation, requests secrets, pushes remote access, hides details, or asks for unrelated approvals should be treated carefully.

If something already happened, the response depends on the action. Opening a link is different from connecting a wallet. Connecting is different from signing. Signing is different from approval. Approval is different from a transfer. Revealing a seed phrase or private key is the highest-risk case and should be treated as wallet compromise.

The safest crypto habit is slow verification before action. Check the source, read the wallet prompt, inspect the contract, confirm the recipient, review approvals, use public block explorers, and reject any request that asks for recovery secrets. Crypto scams often succeed by making users move too fast; safety improves when the user pauses long enough to verify.

Eonwell does not recommend any specific wallet, exchange, DEX, token, chain, bridge, protocol, explorer, RPC provider, approval checker, scanner, browser extension, support service, recovery service, cold wallet, cloud provider, presale, investment platform, or transaction. This page is for neutral crypto education only and is not legal, financial, investment, tax, cybersecurity incident response, or asset recovery advice.