Cryptocurrency Scams: The 10 Most Common Types and How They Work

What Are Crypto Scams?

A crypto scam is a type of fraud that exploits the unique characteristics of cryptocurrency, such as its decentralized and pseudonymous nature, as well as the irreversible nature of crypto transactions, to steal funds from victims. 

Crypto scams are expected to cost victims an estimated $17 billion in 2025, driven by AI-enabled fraud, industrialized scam operations, and new impersonation tactics. Financial institutions sit on the front lines of this exposure because stolen funds flow through their platforms before reaching attacker-controlled wallets.

Unlike typical financial fraud, they are irreversibly confirmed on the blockchain. Attribution without bespoke blockchain forensics is near-impossible due to pseudonymous wallets. Stolen assets can often be moved between countries within seconds using decentralized exchanges and cross-chain bridges.

Why crypto scams are a growing risk for financial institutions

Crypto fraud losses now pose a direct risk to institutions. In the 2024 IC3 Annual Report, the FBI logged approximately $9.3 billion in crypto-related losses from almost 150,000 complaints, which was an increase of 66% from 2022. Of that total, $5.8 billion was attributed to investment fraud, including pig-butchering schemes.

When customers fall victim to scams originating from or flowing through institutional platforms, the fallout hits on multiple fronts. Reimbursement costs, regulatory scrutiny, and reputational damage all follow. As liability frameworks tighten, institutions that fail to detect these scams risk enforcement action in addition to direct losses.

The 10 Most Common Crypto Scam Types

The following cryptocurrency scams represent the most prevalent threats that fraud teams and compliance officers encounter. Each scam exploits different vulnerabilities, from human trust to protocol-level weaknesses.

1. Investment scams and Ponzi schemes

Crypto investment scams advertise returns that are too good to be true via fake trading platforms or fabricated portfolio dashboards. The victims send real money and receive fake profits until they try to withdraw. While the victim is still overwhelmed with euphoria, the operator asks for another set of “fees” or “taxes” and disappears. In 2024, these types of schemes accounted for $5.8 billion in losses reported to the FBI.

2. Pig butchering scams

Pig butchering is a mix of long-term romance farming and an investment scam. For weeks or months, scammers build trust with victims on messaging platforms or dating sites, then direct them to fake crypto investment sites. In the first three months of operation, the U.S. DOJ Scam Center Strike Force confiscated more than $578 million in crypto linked to those networks.

3. Bitcoin scams and phishing sites

Threat actors create identical clones of legitimate exchanges and wallet providers to capture credentials and seed phrases. In an investigation, Group-IB revealed a coordinated Bitcoin scam campaign centered on fake investment ads that impersonated local trust brands, specifically targeting residents of Singapore.

4. Rug pulls and DeFi exit scams

Pseudonymous developers release a token, hype it on social media, and then drain the liquidity pool or sell their holdings. In 2025, rug pulls alone caused more than $6 billion in damages across all chains. The OM Mantra token collapse, in which 17 wallets moved $227 million in tokens to exchanges before the price crashed by 90%, is being investigated as one of the year’s biggest crypto scams.

5. Crypto airdrop scams

These scams use airdrop campaigns and impersonate a project to lure users to phishing sites that ask them to connect their wallets or provide seed phrases. Afterward, the rogue transaction can steal all the assets from the connected wallet that signed it within a few seconds.

6. Crypto ATM scams

According to the FBI, between January and November 2025, losses from crypto ATM scams reached $333.5 million. In such cases, scammers impersonate someone from government services or tech support, suspend the victim’s bank account, and then simply ask them to deposit cash at cryptocurrency kiosks. More than 85% of reported losses were by adults over 60.

7. Crypto romance scams

A variation of pig butchering, these scams focus on fabricated romantic relationships. The scammer builds emotional dependency before introducing a “proven” investment opportunity. Victims often liquidate savings, retirement accounts, or take out loans before realizing the scheme.

8. Crypto wallet drainer malware

Crypto wallet drainers are phishing tools designed to trick users into signing malicious transactions, enabling quick asset withdrawals. Even after its shutdown in late 2023, Inferno Drainer, one of the most prolific drainer-as-a-service, still managed to steal from more than 30,000 wallets over a six-month period (2024-2025). They now function as fully commercialized services on Telegram, and kits can cost less than $500.

9. Pump-and-dump schemes

Organizers accumulate a low-cap token early, coordinate fake hype through social media and influencer promotions, and exit once the price rises. Price peaks typically occur within 70 seconds of the pump signal. The $LIBRA token promoted by Argentine President Javier Milei had a $4.56 billion market cap before insiders offloaded, causing the price to crash by 94%.

10. Deepfake and AI-impersonation scams

AI-generated deepfakes and synthetic voices allow attackers to impersonate government officials, exchange support agents, and financial advisors at scale. A recent Chainalysis report found that scams linked to AI service providers earned an average of $3.2 million per operation, roughly 4.5 times as much as schemes without AI tools.

Crypto Scams in Action: Real-World Cases

The following crypto fraud cases, investigated by Group-IB, show how organized scam operations target victims across multiple regions and techniques.

How a scam ring targeted French speakers for millions

The team at Group-IB discovered the CryptosLabs scam ring, which allegedly stole around €480 million from French-speaking victims in France and neighboring countries, including Belgium and Luxembourg. 

The operation spanned over 350 domains and impersonated more than 40 banks, fintechs, and crypto platforms. Victims were presented with fake growth on their portfolios, and French-speaking “account managers” would call them and encourage them to deposit more.

How a fake investment portal defrauded victims

Group-IB reverse-engineered a large-scale campaign in which cybercriminals successfully tricked victims into believing big dividends were waiting for them in a fake investment portal. Starting in June 2022, the operation initially gained trust through fake dividend notifications before gradually draining larger amounts from victims.

How attackers exploit crypto tax anxiety to drain wallets

In a campaign recorded under the declaration trap, attackers posed as tax authorities and mailed victims about mandatory crypto tax declaration fees. 

Victims were sent to phishing sites where they either entered seed phrases, which were then passed on to attacker-controlled Telegram bots, or connected wallets and signed transactions that the Inferno Drainer toolkit processed. Financial institutions should expect customers to report such incidents as the crypto tax deadlines approach.

How to Detect Crypto Fraud Earlier

Effective crypto fraud detection requires correlating on-chain signals with off-chain account behavior. Neither layer alone gives financial institutions enough context to act. The fiat-to-crypto boundary is where banks and fintechs have actual jurisdiction, and detection capabilities need to be concentrated there.

1. Transaction patterns and on-chain indicators of scam activity

Several transaction-level signals suggest that a customer might be interacting with scamming infrastructure. Fraud teams should look for the following behavior patterns at the fiat-to-crypto boundary.

• Sudden first-time cryptocurrency purchases from accounts with no prior crypto activity.
• Multiple rapid transfers to unhosted wallets or wallets flagged by blockchain analytics.
• Transactions are designed just below the reporting threshold.
• Deposits to known scam infrastructure addresses.

Group-IB’s Fraud Protection solution detects these patterns through device fingerprinting and behavioral analytics, determining whether a customer’s session behavior deviates from their established baseline.

2. Account behavior signals that precede fund loss

In cases of pig butchering and investment scams, victims give off identifiable behavioral signs in the days or weeks before money is withdrawn from their accounts. This window is where intervention is still possible.

• Frequent password changes or registration of new devices in a short timeframe.
• Sudden increase in transaction limit followed by large withdrawals.
• Login activity from unusual geolocations or during off-hours.
• Account activity that follows scripted patterns consistent with coached behavior from a scammer.

3. Social engineering indicators

The most underrated early detection signal is the customer. Victims frequently communicate with a scammer for weeks before any money is exchanged, and capable frontline staff trained to identify verbal and behavioral cues can even intervene at the relationship stage.

• Customers who reference “investment advisors” they met through messaging apps or social media.
• Urgency or agitation when staff question transaction details.
• Unwillingness to explain the need for large transfers to crypto exchanges.
• Requests to override fraud warnings or bypass confirmation steps.

4. Using threat intelligence to preempt scam infrastructure

Threat intelligence feeds integrated into fraud case management workflows allow institutions to block scam domains before customers interact with them. A threat intelligence platform continuously monitors and records attacker infrastructure, phishing kits, and the deployment patterns of scam campaigns. This allows fraud analysts to enrich alerts with contextual information about the specific scam operation linked to a suspicious transaction.

Crypto Fraud Prevention Strategies for Financial Institutions

Preventing crypto fraud requires layered controls across customer transactions, internal response processes, and external takedown partnerships.

1. Customer-facing controls

Effective institutions add extra checks, such as cooling-off periods or scam warnings, only when a transaction appears risky. The following controls target the point of payment, where intervention has the highest impact.

• Screening destination wallet addresses against known scam databases in real-time.
• Confirmation friction for new crypto purchases, such as cooling-off periods.
• Scam warning overlays appear at the point of payment when transactions match known fraud patterns.
• Mandatory cooling-off periods before processing limit increases requested by new-to-crypto customers.

2. Fraud response protocols

Recovery of funds depends on the time between signal firing and its execution. Institutions that continuously minimize crypto fraud losses have a well-defined, time-bound escalation pathway that does not depend on manual review queues.

• Automated escalation paths with defined SLAs from alert to containment action.
• Establish direct contact between the fraud operations team and crypto exchanges to quickly freeze funds.
• Pre-authorize containment actions for confirmed scam patterns to eliminate decision latency during live incidents.

3. Takedown capabilities

Constant monitoring and relationships with infrastructure providers are essential to remove scam sites and fake crypto platforms before they scale. The best takedown programs work automatically, speeding up detection and enforcement.

• Ongoing institutional brand protection monitoring across the web, social media, and dark web for impersonation.
• Strong relationships with domain registrars, hosting providers, and platform trust and safety teams for timely removals.

Fight Crypto Fraud with Group-IB

Cryptocurrency scams are industrializing. Scam operations have now turned into full-service criminal markets with specialized tooling, AI-generated content, and professionalized laundering networks. Detection and prevention capabilities needed by financial institutions must be equally sophisticated.

Group-IB Threat Intelligence Platform enables the detection of scam domains, fraud infrastructure, and attackers’ TTPs even before they target customers. Digital Risk Protection identifies and deletes brand impersonation throughout the open web, social platforms, and marketplaces on the dark web. Fraud Protection detects account-level compromises and behavior anomalies.

Explore Group-IB’s solutions for blockchain security to discover how these capabilities can protect your institution and customers from crypto fraud.