Scams and frauds are as old as finance itself and the world of cryptocurrency is no exception. 

In fact, the decentralized and borderless nature of crypto has made it a fertile ground for bad actors, many of whom operate beyond the reach of traditional law enforcement. In this Wild West of digital finance, scammers weren’t just present; they were often operating at full throttle, exploiting legal gray areas and global loopholes. 

Investing in any financial market comes with risks. That’s the nature of the game. Whether it’s market volatility or systemic shocks, seasoned investors understand the adage: live by the sword, die by the sword. You can’t enter the battlefield of investing expecting never to be struck. Every blow, every loss, is a lesson that sharpens your understanding and resilience. But what makes crypto different is the sheer speed, scale, and anonymity with which fraud can occur. 

ALSO READ

Unlike traditional banking systems where cross-border transactions face scrutiny, cryptocurrency can be transferred instantly across the world, often with little oversight and zero recourse once funds are lost. In this article, we will break down some of the common types of scams and frauds in crypto history.

Ponzi Schemes

These involve paying early investors with money from new investors instead of legitimate profits. The people behind the scheme advertise how they have the skill to invest your money in bitcoin or some other coin and make you more profits than investing by yourself in bitcoin. They have a charm and many people fall for them. 

The name Ponzi comes from Charles Ponzi and it refers to a type of fraudulent investment operation where returns are paid to earlier investors using the capital from newer investors, rather than from profit earned by the operation of a legitimate business. 

BitConnect was an example of such a high yielding investment Ponzi scheme cryptocurrency in 2016. In 2018 Bitconnect shut down and its price went from a high of almost 500$ per coin to zero. Its founders claimed that the platform could generate monthly returns of 40% by trading on the volatile crypto exchange. Two billion dollars of investor money was lost and founders were indicted for fraud by the SEC.

Rug Pulls

A rug pull in the crypto world is a deceptive scheme where a cryptocurrency or NFT project’s developers abruptly abandon the project after attracting investments, taking the funds and leaving investors with essentially worthless tokens or digital assets. 

It gets its name from the idiom, “pulling the rug out from under someone,” which implies a sudden and unexpected withdrawal of support, leaving the victim in a difficult situation.  

Developers launch a new crypto project, token, or NFT collection, often promising high returns or groundbreaking technology. They generate buzz through social media, influencers, and aggressive marketing. As the hype builds, investors are lured into buying the project’s tokens or NFTs, adding liquidity to the project’s pools. Once enough funds are amassed, the developers abruptly withdraw the liquidity (often by selling their own holdings), essentially draining the project’s resources and causing the token’s value to plummet. Investors are left with tokens that are now virtually worthless, and the developers often disappear with no trace. 

Squid Game Token was an example of rug pull.  A play-to-earn crypto game inspired by the Netflix show (not officially licensed) and the reality was investors couldn’t sell their tokens due to smart contract restrictions. $3.3 million vanished when the developers disappeared.

Fake ICOs

ICOs or Initial Coin Offerings was the equivalent of an IPO in the crypto world. This was where project raised money by receiving bitcoin or Ethereum and then sent the coin of their project with a promise and white paper. It was IPOs on steroids as money could be raised from anywhere in the world specially after the success of the Ethereum ICO. But fraudsters created fake ICOs with no projects behind and created hype around a token launch. There would be no teams behind these projects. 

Centra Tech of 2017 was an example where they claimed they were backed by Visa and Mastercard and listed celebrities like Floyd Mayweather to promote the project. Investors lost 25 million and founders were sent to prison. There were dime a dozen of these in the ICO boom of 206-2018.

Phishing and Social Engineering

In the cryptocurrency world, phishing is a deceptive tactic used by cybercriminals to steal users’ digital assets or confidential information. These attackers impersonate trusted organizations such as crypto exchanges, wallet providers, or even well-known individuals by creating fake websites, emails, messages, or social media profiles that appear legitimate. The goal is to trick users into revealing sensitive data, such as private keys, seed phrases, passwords, or login credentials. Once this information is compromised, scammers can quickly gain access to wallets and drain funds irreversibly. 

In December 2020, over 270,000 Ledger customers’ personal details including names, phone numbers, and home addresses were leaked publicly on a hacker forum called RaidForums, following a data breach of Ledger’s e-commerce database. By mid 2021, cybercriminals began using this data for sophisticated phishing campaigns. 

One alarming tactic involved sending physical letters to affected users. These letters closely mimicked official Ledger branding; with logos, return addresses, and even reference numbers to appear authentic. The letter claimed the user’s device needed an urgent replacement and included a malicious “new” Ledger device preloaded with spyware. It warned that if the user didn’t act quickly, their wallet access would be “restricted.” Victims who plugged in the fake device and entered their seed phrase inadvertently gave full access to their funds, allowing scammers to steal them.

In one of the largest crypto thefts in history, hackers stole over $600 million from the Ronin Network, which supports the popular blockchain game Axie Infinity, in March 2022. According to investigations, the Lazarus Group—a North Korean state-backed hacking organization—was behind the attack. The group used a fake job recruitment scheme to compromise a senior engineer at Sky Mavis, the company behind Axie Infinity. Using LinkedIn, the hackers posed as recruiters from a fake company and led the engineer through multiple rounds of interviews. They eventually sent a fraudulent offer letter containing a spyware-laced PDF file. Once the engineer downloaded the file, the malware infiltrated the company’s systems and gave the attackers access to private validator keys that secured the Ronin sidechain.

Pump and Dump Schemes

A common scam in the crypto space involves manipulative price pumping, where insiders or influencers hype up a token often with exaggerated or misleading claims to drive up its price. Once the coin gains enough traction and retail interest, these early holders “dump” their tokens, cashing out at a profit while leaving unsuspecting investors with massive losses. 

Tokens inspired by celebrities or internet culture such as so called “Eloncoin” variants have frequently seen this pattern. In many cases, these coins were aggressively promoted on platforms like Telegram or Reddit, encouraging followers to buy in quickly before prices “mooned.” Once prices peaked, large holders sold off, crashing the value and trapping latecomers in losses a textbook pump-and-dump.

In May 2025, Hailey Welch, widely recognized as the “Hawk Tuah girl” from a viral TikTok video, was associated with the launch of a meme coin called $HAWK, built on the Solana blockchain. Fueled by her sudden fame, the coin rapidly went viral, reaching a market capitalization close to $500 million within hours of launch. However, blockchain analysts quickly raised red flags: data revealed that a few wallets controlled between 80% and 90% of the total token supply. Within two hours, one of those wallets sold off a large portion, netting over $1.3 million and triggering a 90%+ crash in the token’s value. Many retail buyers especially fans unfamiliar with crypto were left holding near-worthless tokens. Hailey Welch publicly denied orchestrating a scam, stating she had little understanding of how cryptocurrency worked and claimed she didn’t personally profit from the token. She added that any proceeds she did receive were spent on legal and public relations expenses related to the coin’s release and fallout.

Exchange Hacks, Scams and Mismanagement

Over the years, multiple cryptocurrency exchanges have lost customer funds—either due to external hacks, poor internal controls, or outright fraud. These platforms often act as centralized “honeypots”, attracting attackers from around the world because they hold vast sums of digital assets in one place. Without robust security and transparency, investor funds can vanish with little to no recourse. 

One of the earliest and most infamous examples, Mt. Gox handled over 70% of global Bitcoin transactions at its peak. In 2014, it collapsed after approximately 850,000 BTC were stolen which was valued at hundreds of millions of dollars at the time. While initially blamed on hacking, investigations revealed a mix of technical incompetence, weak security, and mismanagement rather than a clear case of fraud. The event shook investor confidence and contributed to a major market crash. 

The Canadian exchange QuadrigaCX lost access to over $190 million in crypto after its founder, Gerald Cotten, reportedly died in India, taking the only known private keys with him. However, forensic investigations later showed that the funds were likely missing long before his death, and many suspect the death may have been faked. Audits revealed that Cotten had misused customer deposits for years, engaging in what amounted to a Ponzi-like scheme. 

In one of the most dramatic collapses in financial history, FTX, once the second-largest crypto exchange, imploded in November 2022. It was revealed that founder Sam Bankman-Fried and key executives had misused billions of dollars in customer funds, funneling them to affiliated hedge fund Alameda Research. The company’s collapse exposed deep levels of fraud, misrepresentation, and regulatory failure, leaving users unable to recover their deposits.

Stablecoin Fraud

Various stablecoins were marketed as safe and stable where as they were not backed by anything. Algorithmic stablecoins like Terra and Iron lost the peg when the underlying coins crashed and investors who thought they had a safe coin were left with coins printed from thin air. 40 billion dollars were wiped out of the market. Other stablecoins like USD Tether for years did not have any transparency or audits that proved they really had user deposits stored in a safe or in US treasuries. 

Impersonation and Giveaways

Scammers impersonate celebrities or companies offering fake “free crypto” giveaways. In the twitter scam of 2020 scammers hacked verified Twitter accounts of  Elon Musk, Apple, Obama and sent Message: “Send me 0.1 BTC, I’ll send back 0.2 BTC.”. $100,000+ stolen in hours before Twitter intervened.

ALSO READ

Fake Wallets and Apps

Decentralized, non-custodial wallets like Base and MyEtherWallet (MEW) do not have a central authority that can recover your password or restore access if you lose your private keys or seed phrase. However, many users were misled into believing that Coinbase—the creator of Base or that MEW had customer support teams who could reset their wallets and return lost funds. Scammers exploited this misconception by posing as support agents. They claimed they could help recover lost wallets but required the user to send an initial deposit to “verify ownership.” Once the victim sent the funds, the scammers would request additional payments, dragging out the scheme until the victim realized it was a scam often after losing even more money, in addition to the original lost crypto due to forgotten credentials.  

In a separate but related scam, fake versions of Metamask and Trust Wallet were distributed through app stores and unofficial websites. When users unknowingly downloaded these fake apps and entered their seed phrases, the apps immediately transmitted the data to attackers—who then emptied their wallets within minutes.

If you’re considering investing in cryptocurrency, it’s essential to understand the risks particularly the prevalence of scams and take steps to protect your assets. 

If you choose to self-custody your crypto, be vigilant about security practices and safeguarding your private keys.

If you prefer using an exchange for custody, ensure it has robust security infrastructure and a strong real-world balance sheet capable of absorbing potential losses from cyberattacks. 

Alternatively, if you want exposure to crypto with a greater layer of protection, consider investing through a regulated ETF, such as the one offered by BlackRock, a $10 trillion asset manager. Unlike smaller or unregulated platforms, BlackRock has a reputation and resources at stake and is far more likely to make investors whole in the event of a failure.

Disclaimer

Nithin Eapen is a technologist and entrepreneur with a deep passion for finance, cryptocurrencies, prediction markets and technology. You can write to him at neapen@gmail.com.

The website managers, its employee(s), and contributors/writers/authors of articles have or may have an outstanding buy or sell position or holding in the securities, options on securities or other related investments of issuers and/or companies discussed therein.  The content of the articles and the interpretation of data are solely the personal views of the contributors/ writers/authors.  Investors must make their own investment decisions based on their specific objectives, resources and only after consulting such independent advisors as may be necessary.