Crypto Fraud Glossary:
60+ Terms Explained

A fraudulent scheme where scammers promise free cryptocurrency tokens ("airdropped" into your wallet) in exchange for connecting your wallet to a malicious smart contract. The moment you interact with the contract, it drains all your tokens and NFTs. Often promoted through fake social media posts mimicking legitimate projects.

Example: "Claim your free 500 PEPE tokens! Connect wallet here." — The "claim" transaction grants the scammer unlimited spending permission on your wallet.

A sophisticated attack where scammers send you a tiny (often $0.00) transaction from a wallet address that closely resembles an address you've previously interacted with. The goal is for you to copy the scammer's address from your transaction history instead of the legitimate address, sending funds to the attacker.

Your normal address: 0x1A2b...9ZcF. Attacker's address: 0x1A2b...9ZcG — nearly identical at first glance.

Fake exclusive investment communities ("alpha groups") that promise insider crypto tips for an upfront membership fee. Once paid, the "tips" are either worthless or promote tokens that the group operators already own and sell into the price spike (pump and dump). The "VIP" framing creates FOMO and perceived legitimacy.

"Join our private Telegram — we've returned 400% this month. Limited to 50 members. $500 entry fee." — Always fraudulent.

A scam where victims are directed to a physical Bitcoin ATM to convert cash into crypto and send it to a scammer's wallet address. Commonly used in government impersonation scams ("you owe IRS taxes"), romance scams, and lottery fraud. Bitcoin ATMs often charge 10–20% fees and are largely unregulated, making them scammer-preferred.

FTC data: Bitcoin ATM scams cost Americans over $110 million in 2023. The caller claiming to be the IRS, FBI, or Social Security Administration who asks you to pay via Bitcoin ATM is always a scammer.

A distributed, immutable digital ledger that records all cryptocurrency transactions across a network of computers. Once a transaction is recorded on the blockchain, it cannot be altered or deleted. This irreversibility is why crypto fraud recovery is so difficult — there is no central authority that can reverse a completed transaction.

When you send Bitcoin, the transaction is broadcast to thousands of computers simultaneously. After confirmation, it is permanent — even if you were scammed.

A hack targeting cross-chain bridge protocols — software that allows cryptocurrency to move between different blockchains (e.g., Ethereum to Solana). Bridges hold large quantities of assets and have been responsible for some of the largest DeFi thefts. The Ronin Bridge hack (2022) stole $625 million; the Wormhole Bridge hack stole $320 million.

Bridge exploits are not typically targeted at individual users but reduce overall DeFi ecosystem security and destroy project value.

Malware that silently monitors your clipboard and replaces any copied cryptocurrency wallet address with the attacker's wallet address. When you paste an address to send funds, you paste the scammer's address instead. This attack is invisible to the user and can operate undetected for months.

Prevention: Always manually verify the first 6 and last 6 characters of any pasted wallet address before confirming a transaction.

A cryptocurrency wallet that stores private keys completely offline — never connected to the internet. Hardware wallets (Ledger, Trezor) are the most common form of cold storage. Because private keys never touch an internet-connected device, cold wallets are immune to remote hacking, phishing, and most malware attacks. Best practice for storing significant crypto holdings.

Rule of thumb: Keep only crypto you plan to spend in a hot wallet (exchange). Store everything else in a hardware cold wallet. A Ledger Nano costs ~$79 and could save you everything.

A secondary scam targeting people who have already lost money to crypto fraud. "Recovery agents" — often found on social media, forums, or even proactively contacting victims — claim they can retrieve stolen cryptocurrency for an upfront fee. After payment, they disappear or request additional fees indefinitely. Legitimate law enforcement and blockchain forensics firms never charge upfront fees.

Any "crypto recovery service" that contacts you proactively after a scam, or charges upfront fees, is fraudulent — 100% of the time.

Any cryptocurrency fraud that uses a fabricated romantic or close personal relationship to gain a victim's trust before introducing a fraudulent investment platform. The most sophisticated form is pig butchering (sha zhu pan). Responsible for over $2.48 billion in documented losses in 2024 and growing rapidly. The "romance" element is entirely manufactured.

Financial services and products built on blockchain networks using smart contracts, without traditional banks or intermediaries. DeFi protocols enable borrowing, lending, trading, and earning yield without accounts or ID verification. While genuine DeFi innovation exists, the space is disproportionately targeted by rug pulls, exit scams, smart contract exploits, and flash loan attacks due to limited regulatory oversight and the technical complexity that prevents most users from auditing code.

Total Value Locked (TVL) in DeFi peaked at ~$180 billion in 2021 before multiple scams and the market crash reduced it dramatically.

AI-generated video or audio that convincingly replicates the appearance and voice of real people — typically celebrities or public figures — used to promote fraudulent cryptocurrency investments or giveaways. Deepfake videos of Elon Musk, MrBeast, and other influencers have been used in scams generating hundreds of millions in losses. Technology is advancing rapidly, making detection increasingly difficult.

A 2024 deepfake of Elon Musk promoting a "Bitcoin doubling" platform generated over $25M in victim losses before being taken down.

A type of malicious smart contract designed to steal all assets from a victim's wallet in a single transaction. Wallet drainers are embedded in fake NFT minting sites, fake DeFi protocol interfaces, and phishing pages. When a user "approves" a transaction (e.g., to "mint" an NFT), they unknowingly grant the drainer contract unlimited permission to transfer all tokens from their wallet.

In 2023, wallet drainer tools caused over $300M in losses. The "Inferno Drainer" toolkit alone was responsible for $80M across 689 phishing sites.

An attack where tiny amounts of cryptocurrency ("dust" — often fractions of a cent) are sent to multiple wallet addresses. By monitoring how the dust moves, attackers can de-anonymise wallet holders — linking wallets to real identities. This information is then used for targeted phishing attacks, extortion, or physical theft ("$5 wrench attack").

If you receive an unexpected tiny amount of crypto you didn't request, don't move it. Contact your wallet provider for guidance.

When operators of a seemingly legitimate crypto project, exchange, or platform suddenly shut down and abscond with all user funds. Exit scams can happen at any stage — during a token launch, after months of operation, or even after building a community of thousands. The Turkish exchange Thodex exit scammed $2 billion in 2021; its founder was sentenced to 11,196 years in prison.

The key difference between an exit scam and a rug pull: exit scams often involve previously legitimate operations that turn fraudulent; rug pulls are fraudulent from the start.

The second-largest cryptocurrency by market cap, and the primary blockchain on which smart contracts and DeFi protocols operate. Most crypto scams involving smart contracts, rug pulls, NFT fraud, and wallet drainers operate on the Ethereum blockchain (or its compatible chains like BNB Chain, Polygon, and Base) because of Ethereum's dominance in the DeFi and NFT spaces.

Ethereum's programmability is what makes it useful for legitimate innovation — and also the primary attack surface for smart contract fraud.

A fraudulent trading platform designed to look and feel like a legitimate cryptocurrency exchange. Fake exchanges display real-time price data (pulled from public APIs), show fabricated account balances, and often process small initial withdrawals to build trust. Once a victim deposits significant funds, withdrawals are blocked using various pretexts (KYC requirements, tax payments, compliance holds). The platform then goes offline.

Detection: Check every exchange on CoinGecko.com and your national financial regulator's register. If it's not independently listed, do not use it.

A sophisticated DeFi exploit that borrows enormous sums of crypto without collateral (using a "flash loan" that must be repaid within a single transaction), manipulates a protocol's price oracle or liquidity pool using those funds, profits from the artificial manipulation, and repays the loan — all in one atomic blockchain transaction. If any step fails, the entire transaction reverts.

The Euler Finance flash loan attack (2023) stole $197 million in a single transaction. The funds were later returned after negotiation.

A psychological state exploited heavily by crypto scammers — the anxiety that others are profiting from an opportunity you're missing. Scammers manufacture FOMO through artificial time limits, fake price charts showing explosive growth, social proof ("10,000 people have already joined"), and urgency language ("last chance before it closes"). Recognising FOMO as a manipulation tool — not a signal — is essential to scam protection.

Any investment opportunity that requires urgency is designed to prevent rational decision-making. Apply the 48-hour rule: wait 48 hours before any investment decision made under time pressure.

On public blockchains, all pending transactions are visible before they're confirmed. MEV (Maximal Extractable Value) bots monitor the mempool and insert their own transactions ahead of profitable ones — essentially cutting in line. While technically sophisticated, this behaviour extracts value from regular users and is particularly common in DeFi trading. Estimated to cost DeFi users over $1 billion annually.

One of the oldest and most prevalent crypto scams. Fraudsters impersonating celebrities, companies, or exchanges promise to "double" or "multiply" any cryptocurrency sent to a specified wallet address. The promise is always false — no funds are ever returned. Commonly executed via hacked social media accounts, deepfake videos, and YouTube livestreams. The Elon Musk giveaway impersonation scam has generated hundreds of millions in victim losses.

Iron rule: No one is ever giving away free cryptocurrency. "Send 1 BTC and receive 2 BTC back" is 100% fraud. Always. No exceptions, ever.

A cryptocurrency token that allows you to buy but not sell. Hidden code in the smart contract permits only the deploying wallet to execute sell transactions. The token price is artificially pumped to attract buyers who see a rising chart — but when they try to sell, the transaction fails. All buyers are permanently trapped with worthless tokens while the deployer sells their allocation.

Always test a new token with a tiny purchase and immediately attempt to sell before investing significant funds. Use honeypot.is or tokensniffer.com to scan tokens before buying.

A cryptocurrency wallet that is connected to the internet — including mobile wallets (MetaMask, Trust Wallet), exchange accounts (Coinbase, Binance), and browser extensions. Hot wallets are convenient for daily transactions but are more vulnerable to hacking, phishing, and malware than cold wallets. Best practice: keep only funds you plan to use soon in hot wallets.

Your Coinbase account is a hot wallet. Your Ledger hardware device is a cold wallet. Never store more than you can afford to lose in a hot wallet.

Fundraising events where new cryptocurrency projects sell tokens to early investors. While legitimate ICOs exist, the 2017–2018 ICO boom saw an estimated 80% of all ICOs identified as fraudulent — raising billions before delivering nothing. Modern equivalents include IDOs (Initial DEX Offerings) and IEOs with similar fraud rates. Common tactics include fabricated team credentials, plagiarised whitepapers, and fake partnerships.

The 2017 ICO boom raised over $5 billion. The US SEC has prosecuted hundreds of ICO issuers for securities fraud.

Fraud where scammers impersonate trusted entities — government agencies (IRS, SEC, FBI), crypto exchanges (Coinbase, Binance "support"), celebrities, or known project teams — to steal funds or credentials. Government impersonation scams demand crypto payment for fake debts or legal threats. Exchange impersonation uses fake customer service to steal login credentials or seed phrases.

No government agency accepts cryptocurrency as payment. Ever. No legitimate exchange support agent will ask for your seed phrase. Ever.

A regulatory requirement for financial institutions, including crypto exchanges, to verify the identity of their customers. KYC typically involves submitting government ID and sometimes a selfie. Legitimate exchanges require KYC for compliance. Scammers often use "KYC verification" as a pretext to extort additional payments from victims trying to withdraw funds — demanding fees before processing fake identity checks.

Real KYC is completed once during account setup and is free. Any platform demanding payment for "KYC verification" to release your withdrawal funds is running a scam.

A pool of cryptocurrency locked in a smart contract that provides liquidity for decentralised exchange trading. Users who deposit crypto into liquidity pools earn trading fees. In rug pull scams, developers create a token, add an initial liquidity pool to allow trading, attract investors, then remove ("pull") all liquidity — leaving token holders with worthless assets and no way to sell.

A key rug pull indicator: is the liquidity pool "locked" for a time period? Unlocked liquidity allows developers to remove it at any time.

A mechanism that prevents liquidity pool tokens from being withdrawn for a specified time period, verified on-chain. Legitimate DeFi projects lock liquidity to demonstrate commitment and prevent rug pulls. However, scammers have faked lock certificates and used time periods as short as 24 hours. Always verify locks independently on platforms like Team Finance or Unicrypt rather than trusting developer claims.

A service that mixes cryptocurrency from multiple sources together to obscure the transaction trail, making it difficult to trace the origin of funds. Mixers are used by privacy-conscious users but also heavily by scammers and hackers to launder stolen crypto. Tornado Cash, the largest Ethereum mixer, was sanctioned by the US Treasury in 2022 after processing billions in stolen funds. Using a mixer can trigger regulatory scrutiny.

Blockchain analysts can often identify mixer usage even if they can't trace funds through it — the act of using a mixer itself becomes a red flag in investigations.

See: Seed Phrase. A mnemonic (or mnemonic phrase) is another name for a seed phrase — the 12 or 24 words used to recover a cryptocurrency wallet. Never share it. Ever.

A person who, knowingly or unknowingly, receives stolen funds into their crypto wallet and forwards them to another wallet (keeping a commission). Scammers recruit mules through fake job offers ("crypto payment processor," "financial agent"). Being a money mule is a serious criminal offence in most jurisdictions — even if the mule didn't know the funds were stolen. Being recruited as a mule is a crime even if the mule is also a victim.

Any "job" that involves receiving crypto payments and forwarding them — minus a commission — is a money mule scheme. Report it to your national financial crime agency.

Non-Fungible Token (NFT) fraud encompasses rug pulls (project abandoned after mint), wash trading (inflating perceived value through self-trading), fake minting sites (wallet drainers disguised as official mint pages), and counterfeit collections (copying artwork from legitimate projects). The 2021-2022 NFT boom saw an estimated 30% of all projects identified as fraudulent. NFT fraud cost victims an estimated $100M+ in 2023.

Always verify the official NFT minting link through the project's verified official social accounts — never through Discord links or search engine results, which scammers routinely manipulate.

An attack that exploits the price feeds (oracles) that DeFi protocols use to determine real-time cryptocurrency prices. By temporarily manipulating the oracle price — often using a flash loan — attackers can trick a protocol into executing transactions at false prices, draining funds from liquidity pools. Oracle attacks have caused billions in DeFi losses.

A cyberattack that uses deceptive websites, emails, or social media posts mimicking legitimate crypto services to steal wallet credentials, seed phrases, or private keys. Crypto phishing is highly sophisticated — fake sites use domain names like "coinbase-verify.com" or "metamask-support.io" with SSL certificates. Common vectors include email campaigns, Google/Facebook ads, and fake customer support on social media.

Always access exchange websites by typing the URL directly or using a saved bookmark. Never follow links from emails or social media to your exchange. Always verify the exact domain.

The world's most financially devastating form of cryptocurrency fraud. Scammers build weeks-to-months-long romantic or friendship relationships with victims before introducing a fraudulent crypto trading platform. The victim is "fattened" (pig butchering = sha zhu pan in Mandarin) with trust and small investment wins, then "slaughtered" when all their savings are extracted. Caused $2.48 billion in documented losses in 2024. Primarily operated by Southeast Asian organised crime compounds, often using trafficked workers.

Key identifier: Any online romantic interest or close friend who introduces a crypto investment platform — regardless of relationship duration — is almost certainly running a pig butchering operation.

A fraudulent investment scheme where returns to existing investors are paid using funds from new investors — not legitimate profits. Crypto Ponzi schemes often disguise themselves as "yield farming," "staking pools," or "arbitrage bots." The scheme collapses when new investor recruitment slows. BitConnect (2016-2018) was the largest crypto Ponzi, defrauding investors of an estimated $2.4 billion.

Red flags: guaranteed daily/weekly returns, returns paid in the project's own token, heavy emphasis on recruiting new investors, inability to explain how returns are generated.

A secret, unique cryptographic string that proves ownership of a cryptocurrency wallet and authorises transactions. Your private key is mathematically linked to your public wallet address. Whoever holds your private key controls your wallet entirely — it is the literal key to your crypto. Losing it means permanent loss of funds. Sharing it means instant theft. No legitimate service ever needs your private key.

A private key looks like: 5HueCGU8rMjxECyDialwujzvQZvjfGYMfKkzFiJuNHbgnX3Z. Never store it digitally. Never share it. Write it on paper and store it securely offline.

A market manipulation scheme where organisers artificially inflate ("pump") the price of a low-liquidity cryptocurrency through coordinated buying and misleading promotion, then sell ("dump") their pre-purchased holdings at the peak — crashing the price and leaving other buyers with losses. Extremely common in small-cap altcoins and memecoins. Often coordinated through Telegram groups posing as "alpha" investment communities.

If a Telegram group tells you to buy a specific obscure token in the next 5 minutes, you are the target of a pump and dump — not the beneficiary.

The most common DeFi and NFT scam. Developers launch a token or NFT project, build hype through social media and paid promotion, attract investor capital, then abruptly remove all liquidity from the trading pool and abandon the project — taking all funds and leaving investors with worthless tokens. The term comes from the metaphor of "pulling the rug" from under investors. Rug pulls accounted for 30% of all crypto scam losses in 2024 ($2.97 billion).

Types: Hard rug (sudden disappearance), Slow rug (gradual sell-off by developers), Soft rug (project abandoned after launch, no development). Detection tools: Rugcheck.xyz, Tokensniffer.com, De.fi Scanner.

A sequence of 12 or 24 random words (drawn from the BIP-39 word list) that serves as the master key to a cryptocurrency wallet. Your seed phrase can generate all private keys associated with your wallet — meaning anyone with your seed phrase has complete control of all your crypto, forever, across all devices. Phishing attacks, fake wallet apps, and "wallet recovery" scams overwhelmingly target seed phrases. This is the single most valuable piece of information you own.

Your seed phrase looks like: "gravity force piano lens dance mountain castle bright..." — 12 or 24 words. Write it on paper. Store it offline in multiple secure locations. Never type it anywhere online. Never photograph it. Never share it with anyone — ever.

An attack where criminals use social engineering to convince a mobile carrier to transfer your phone number to their SIM card. This gives them control of your SMS messages — allowing them to bypass SMS-based two-factor authentication on crypto exchanges and email accounts. SIM swap attacks have been responsible for millions in crypto theft. The solution is to use authenticator app 2FA (Google Authenticator, Authy) or hardware security keys (YubiKey) instead of SMS-based 2FA.

Never use SMS as your only 2FA method for exchange accounts. Criminals can SIM swap you in under 30 minutes with the right social engineering.

Self-executing code stored on a blockchain that automatically enforces the terms of an agreement when predetermined conditions are met — without any human intermediary. Smart contracts power DeFi protocols, NFTs, DAOs, and token launches. They are immutable once deployed — bugs and backdoors cannot be removed. This is why smart contract audits by independent security firms are critical before investing in any DeFi project.

When you "approve" a transaction in MetaMask, you are often granting a smart contract permission to interact with your tokens. Always check what permissions you're granting before approving.

A formal security review of a smart contract's code by independent cybersecurity specialists, checking for vulnerabilities, backdoors, and exploitable bugs before deployment. Reputable audit firms include CertiK, Trail of Bits, OpenZeppelin, Quantstamp, and Hacken. The presence of a verified audit from a reputable firm is a meaningful (though not absolute) positive indicator. Beware of fake audit certificates — always verify directly on the auditor's website.

A project claiming a "CertiK audit" can be verified at certik.com/leaderboard. If the project isn't listed, the audit claim is fraudulent.

Psychological manipulation techniques used to deceive people into revealing confidential information or taking harmful actions — rather than exploiting technical vulnerabilities. Virtually all crypto scams use social engineering as their primary attack vector: urgency, authority, reciprocity, scarcity, liking, and social proof. Understanding these principles (Robert Cialdini's "Influence") is one of the most powerful scam prevention tools available.

A scammer posing as Coinbase support (authority), telling you your account is compromised (urgency), and offering to help secure it immediately (reciprocity) — all social engineering.

Cryptocurrencies designed to maintain a stable value — usually pegged 1:1 to the US dollar. USDT (Tether) and USDC (USD Coin) are the largest stablecoins. Scammers prefer stablecoins for extracting funds because their value doesn't fluctuate, making it easier to calculate theft amounts and convert to fiat. Most pig butchering platforms request deposits in USDT. The collapse of algorithmic stablecoin TerraUSD (UST) in 2022 wiped out $45 billion in "stable" value.

A cognitive bias where people continue investing in a losing venture because of previously invested resources (money, time, emotion) — rather than evaluating the current situation rationally. Scammers deliberately exploit this: "You've already invested $50,000 — you can't stop now, you'll lose everything. Just one more payment and you'll be able to withdraw." Recognising sunk cost fallacy in action is crucial to stopping further losses.

In a pig butchering scam: every "one more fee" payment is a new loss, not a step closer to recovery. The correct decision is always to stop — regardless of what has already been lost.

When you interact with a DeFi protocol, you often grant it permission to spend your tokens — an "approval." Scam contracts request unlimited approval (spending all tokens in your wallet forever) rather than approval for a specific transaction. If you later realise the contract is malicious, you must revoke the approval or your tokens remain at risk. Tools: revoke.cash (Ethereum), approvals.bscscan.com (BNB Chain).

Best practice: Use a tool like revoke.cash monthly to audit and revoke any token approvals you no longer need. Never grant unlimited approval to unaudited contracts.

A security method requiring two forms of verification to access an account — typically a password plus a one-time code. For crypto accounts, 2FA quality matters enormously: SMS 2FA is vulnerable to SIM swapping. Authenticator app 2FA (Google Authenticator, Authy) is significantly more secure. Hardware security key 2FA (YubiKey) is the most secure option. Always use the strongest 2FA option available on any crypto exchange.

Priority order: YubiKey hardware key > Google Authenticator app > Authy app > SMS (avoid if possible). SMS 2FA is better than nothing but should not be your only protection.

Software or hardware that stores the cryptographic keys needed to access and control cryptocurrency on the blockchain. Crucially, a crypto wallet does not store your coins — it stores the keys that prove ownership. "Losing" a wallet means losing the keys; the crypto itself remains on the blockchain. Types: exchange wallets (custodial — exchange holds keys), software wallets (MetaMask, Trust Wallet — you hold keys), hardware wallets (Ledger, Trezor — cold storage).

The phrase "not your keys, not your coins" refers to the risk of keeping crypto on exchanges (custodial wallets) — if the exchange is hacked or exits, you lose everything.

Artificially inflating trading volume by buying and selling an asset to yourself (or colluding parties). In crypto, wash trading is used to create the illusion of demand and price momentum for tokens or NFTs, attracting genuine buyers. Chainalysis estimates that wash trading accounts for a significant portion of reported DeFi and NFT trading volume. It's illegal in traditional markets but difficult to regulate in decentralised crypto environments.

An NFT "sold" for $500,000 with the buyer and seller being the same person (via different wallets) — used to establish a price floor that attracts real buyers.

Web3 refers to a vision of the next internet built on blockchain technology, featuring decentralised applications (dApps), crypto wallets as identity, and user ownership of digital assets. Web3 scams exploit the novelty and complexity of this ecosystem — fake dApps that drain wallets, scam "Web3 job offers" that require seed phrase submission, fake metaverse land sales, and fraudulent GameFi play-to-earn schemes.

Any "Web3 job" that requires you to purchase crypto or reveal your seed phrase as part of the application or onboarding process is a scam.

A technical document published by a cryptocurrency project explaining its technology, use case, tokenomics, and roadmap. The original Bitcoin whitepaper (Satoshi Nakamoto, 2008) is the template. Scam projects often publish whitepapers that are plagiarised, technically incoherent, or deliberately vague to appear legitimate. A professional-looking whitepaper is a necessary but insufficient indicator of legitimacy — always verify the team and check for code audits independently.

Fraudulent "yield farming" or "liquidity mining" platforms that promise extraordinarily high APY (Annual Percentage Yield) returns — sometimes 500%, 1000%, or more — in exchange for depositing cryptocurrency. These platforms either exit scam immediately after attracting sufficient deposits, or drain depositor wallets via malicious smart contract approvals. Legitimate yield farming exists but generates realistic returns (5–25% APY on established protocols).

APY above 100% is almost always a sign of either a Ponzi scheme or an unsustainable inflationary token reward that will collapse in value. If someone promises you 1000% APY with no risk, it is fraud.

A software vulnerability that is unknown to the software developer and therefore has no patch or fix available. In crypto, zero-day exploits can target wallet software, exchange infrastructure, or smart contract standards. When a zero-day is discovered by a malicious actor before the developer, it can be exploited for large-scale theft. This is why keeping all wallet software updated and using audited, established protocols matters.