14 Crypto Scams to Watch For in 2026

Cryptocurrency scam losses reached $9.3 billion in the United States alone in 2024, a 66% increase from the previous year (FBI IC3). In the UK, Action Fraud recorded £649 million in investment fraud losses, with cryptocurrency accounting for 66% of reports. These figures are expected to climb in 2026 as scammers adopt more sophisticated tactics.

The threat is not just technical. In December 2025, Coinbase disclosed that criminals had bribed overseas support contractors to access customer data, then demanded a $20 million ransom. The breach could cost the exchange up to $400 million. When even major platforms are compromised through their own staff, the old advice to "use reputable exchanges" only goes so far.

I've been tracking crypto scam tactics for several years now, watching the methods evolve from crude phishing attempts to the sophisticated social engineering operations we see today. The Coinbase insider breach in December 2025 prompted me to put together this breakdown. When attackers can simply bribe their way past security controls, it signals a shift that every crypto holder needs to understand.

This guide covers the 14 crypto scams most likely to cause damage in 2026, based on 2024-2025 incident data and emerging threat patterns.

Get threat intelligence like this delivered to your inbox. Subscribe to CyberDesserts for practical security insights.

Why Crypto Scams Keep Accelerating

Three factors make cryptocurrency attractive to criminals.

Irreversibility. Once a transaction is confirmed on the blockchain, there is no chargeback mechanism. Victims cannot reverse fraudulent transfers the way they might dispute a credit card charge.

Pseudonymity. While blockchain transactions are public, linking wallet addresses to real identities requires significant investigative resources. Scammers exploit this gap to operate across jurisdictions with minimal accountability.

Regulatory fragmentation. Cryptocurrency regulation varies dramatically across countries. Scammers target victims in jurisdictions with strong consumer protections while operating from locations with weak enforcement.

The FBI's Operation Level Up has notified over 6,400 cryptocurrency fraud victims since January 2024. Of those contacted, 77% were unaware they were being scammed. Some were in the process of liquidating retirement accounts or selling their homes to fund what they believed were legitimate investments.

In the UK, social media remains a primary vector, with 36% of all investment fraud reports linked to a social media platform. WhatsApp was the most frequently used platform by scammers (40%), followed by Facebook (18%) and Instagram (14%).

Credential theft also fuels these scams. Infostealers harvest browser cookies, wallet credentials, and exchange login details, which are then sold on dark web marketplaces or used directly to drain accounts.

The 14 Crypto Scams to Watch For in 2026

1. Investment Fraud (Pig Butchering)

Investment fraud remains the costliest category. The FBI recorded $5.8 billion in losses from cryptocurrency investment schemes in 2024 alone, accounting for 71% of all cryptocurrency-related losses reported.

These scams typically begin with unsolicited contact via social media, dating apps, or messaging platforms. The scammer builds a relationship over weeks or months before introducing a "guaranteed" investment opportunity. Victims are directed to professional-looking platforms that display fabricated gains, encouraging larger deposits.

Victims over 60 lost $2.8 billion, more than any other age group. The term "pig butchering" comes from the scammer's practice of "fattening" victims with trust before "slaughtering" them financially. The FBI discourages this terminology as it further victimises those affected.

2. Rug Pulls and Exit Scams

Rug pulls occur when project creators drain liquidity or abandon a project after attracting investment. The token becomes worthless, and investors cannot sell.

Rug pulls accounted for 68% of all crypto scams in Q1 2025 (DappRadar). While the number of incidents dropped 66% compared to 2024, total losses exploded to nearly $6 billion. A single incident, the suspected Mantra Network collapse, accounted for 92% of that figure.

The nature of rug pulls is shifting from DeFi protocols and NFT projects to predominantly memecoin-related schemes. Research from Solidus Labs found that 8% of Ethereum ERC-20 tokens and 12% of BNB Chain BEP-20 tokens are programmed for rug pulls.

Red flags to watch:

• Anonymous or unverifiable development team
• Unlocked liquidity (developers can withdraw at any time)
• Single wallet holding a large percentage of token supply
• Disabled selling mechanisms (honeypot contracts)
• Unrealistic promised returns

Tool: RugCheck.xyz analyses Solana tokens for common rug pull indicators including liquidity locks, holder distribution, and contract permissions. The tool is integrated into several DeFi platforms and provides risk scores before you invest.

3. Insider Threats and Exchange Breaches

The Coinbase breach in December 2025 demonstrated that technical security is not enough. Attackers bribed customer support contractors in India to access sensitive customer data. They used this information to impersonate Coinbase staff and steal funds through social engineering.

Coinbase estimates the breach could cost up to $400 million in remediation and damages. The attackers demanded a $20 million ransom. One arrest has been made in Hyderabad, with more expected.

This pattern is not unique to cryptocurrency. Supply chain compromises through trusted third parties have become a dominant attack vector across industries. Third-party contractor access will remain the weak point for exchanges because social engineering attacks targeting support staff bypass technical controls entirely.

4. Fake Exchanges and Trading Platforms

Fraudulent exchanges mimic the interfaces of legitimate platforms like Binance, Coinbase, or Kraken. They offer attractive signup bonuses and zero-fee trading to encourage deposits.

Hundreds of fake exchange domains appear monthly. These platforms operate normally at first, processing small withdrawals to build trust. Once a user deposits a significant amount, withdrawals are suspended for "verification" or "security audits" that never resolve.

Before depositing on any platform:

• Verify the exchange is listed on CoinMarketCap or CoinGecko with confirmed volume data
• Check for regulatory registration in your jurisdiction
• Search for user reviews on Reddit and Trustpilot
• Confirm the domain matches the official exchange exactly

5. Deepfake Celebrity Scams

AI-generated videos featuring well-known figures have become a primary tool for crypto fraud. Scammers create realistic deepfakes of Elon Musk, Tim Cook, and other tech leaders promoting fake investment opportunities or giveaways.

A deepfake Elon Musk livestream on YouTube collected at least $5 million from victims between March 2024 and January 2025. Funds were traced to exchanges including MEXC and to darknet markets. Similar scams using fake Tim Cook footage appeared during the iPhone 16 launch.

Warning signs:

• Investment promotions from celebrity accounts with no verification on official channels
• Urgency messaging ("limited time", "act now")
• Requests to send cryptocurrency to "verify eligibility" for giveaways
• Slightly unnatural mouth movements or audio sync issues

No legitimate giveaway requires you to send cryptocurrency first.

6. Social Media Scams and Manufactured Trust

Social media has become the most effective channel for crypto scammers. According to the FTC, 70% of people who were contacted through social media platforms reported financial losses, totalling $1.9 billion in 2024. The number of investment scam victims who reported social media as their initial contact method grew from 4,889 in 2020 to 26,569 in 2024.

Scammers manufacture credibility through multiple platforms simultaneously.

Facebook and Instagram

A Reuters investigation found that Meta generated approximately $3 billion in 2024 from ads tied to scams, illegal gambling, and other banned content. Meta's own internal safety staff estimated the company's platforms were involved in roughly one-third of all successful U.S. scams.

In June 2025, a joint investigation by New York authorities disrupted a scam that used Facebook ads promising high returns on cryptocurrency investments. The scammers paid Vietnamese "Black Hat" advertisers to place deceptive ads, using over a million dollars in stolen cryptocurrency to fund the campaign. Meta shut down more than 700 accounts associated with the scheme.

Bitdefender documented hundreds of Facebook accounts impersonating cryptocurrency exchanges like Binance and TradingView, using these fake pages to distribute malware.

X (Twitter)

X has become a primary vector for crypto scams through several attack patterns. Scammers exploit a URL redirect feature that allows links to appear as if they come from legitimate accounts like Binance or Ethereum Foundation. While the link displays a trusted account name, clicking redirects to a scammer's post promoting wallet drainers or fake giveaways.

Verified accounts present another vulnerability. One wallet drainer operation advertising through X stole $59 million from victims through purchased ads, often posted from legitimate verified accounts that had been compromised (BleepingComputer). The blue verification badge now indicates only that someone paid for a subscription, not that the account is trustworthy.

Support bot scams monitor X in real-time for keywords like "MetaMask", "Phantom", "help", or "wallet". When someone posts asking for assistance, automated bots immediately reply posing as customer support, directing victims to phishing sites that harvest wallet recovery phrases. High-profile accounts including OpenAI executives have been repeatedly compromised to promote fake token launches.

Telegram

Chinese-language Telegram markets have become the largest illicit crypto marketplaces ever recorded. Two markets alone, Tudou Guarantee and Xinbi Guarantee, enable close to $2 billion monthly in money laundering, scam tool sales, and fraud services (Elliptic, 2025). These markets process more illicit crypto volume than all traditional dark web markets combined.

Victims are added to Telegram groups populated by bots posing as successful investors. The groups feature a "guru" dispensing investment advice, supported by fake testimonials from other supposed members. The SEC charged multiple investment clubs in December 2025 that operated through WhatsApp, luring victims with social media ads promising AI-generated investment tips.

YouTube

A sophisticated scam operation has stolen over 256 ETH (approximately $939,000) through fake trading bot tutorials on YouTube (SentinelLABS, 2025). The operation uses aged YouTube accounts that previously posted legitimate crypto content to appear credible.

The scammers curate the comment sections aggressively. Negative comments are deleted within hours. Fake testimonials from bot accounts claim profits from the system. The result is a comments section filled with apparent success stories, creating false social proof.

Red flags across all platforms:

• Investment groups you were added to without requesting membership
• Overwhelming positive comments with no technical questions or criticism
• Pressure to act quickly before an "opportunity" closes
• Testimonials from accounts with minimal history or generic profiles
• Claims of guaranteed returns with specific percentages
• "Customer support" responding to your posts within seconds of posting
• URLs that redirect to different accounts than displayed

For security teams and developers: If your organisation uses Telegram, Discord, or X for community management, monitor for impersonation channels and accounts. Scammers create near-identical copies of legitimate project channels to redirect users to phishing sites or fake token sales.

7. Malicious Smart Contracts Targeting Developers

This scam specifically targets developers and technical users who deploy smart contracts. It represents a supply chain attack vector that security professionals should understand.

Scammers promote "trading bots" or "arbitrage tools" through YouTube tutorials and developer communities. The videos explain how to deploy a smart contract using Remix IDE that will supposedly generate passive income through automated trading.

The catch: the contract code contains obfuscated wallet addresses belonging to the attacker. Techniques include XOR operations, string concatenation, and decimal-to-hex conversion to hide the malicious payload. When the developer deposits funds to "activate" the bot, those funds are immediately accessible to the attacker.

SentinelLABS documented a campaign that stole over 256 ETH ($939,000) through fake MEV bot tutorials. The scammers used aged YouTube accounts with legitimate crypto content history to appear credible. One wallet associated with the scam collected over $900,000.

Technical red flags:

• Contracts requiring minimum deposits to "activate" functionality
• Obfuscated address variables or encoded strings in constructor functions
• Owner permissions that allow fund withdrawal without restrictions
• Code that differs from the explanation in the tutorial
• Requests to disable security warnings during deployment

For developers: Never deploy contract code from social media or video tutorials without thorough review. Check for hardcoded addresses, examine owner permissions, and test on testnets first. The npm ecosystem has seen similar supply chain attacks through malicious packages that harvest credentials. The pattern is the same: trust exploitation through apparently helpful code.

8. Phishing and Wallet Drainers

Phishing attacks in cryptocurrency go beyond credential theft. Modern wallet drainer attacks trick users into signing malicious transactions that grant the attacker permission to transfer assets.

Malicious browser extensions mimicking legitimate wallets have appeared on official app stores. Fake customer support accounts on social media direct users to phishing sites. Address poisoning attacks manipulate transaction histories to trick users into sending funds to scammer-controlled addresses.

Approval phishing is becoming the primary vector. Attackers focus on tricking users into signing seemingly innocent transactions that actually grant unlimited token approvals. Victims often do not realise they have been compromised until their wallets are drained days or weeks later.

Protection measures:

• Verify all wallet addresses character by character against a trusted source
• Never sign transactions you do not fully understand
• Regularly revoke unnecessary token approvals using tools like Revoke.cash
• Contact exchange support only through official channels, never via social media DMs

9. SIM Swapping

SIM swapping attacks exploit mobile carrier vulnerabilities to take control of a victim's phone number. Once an attacker controls the number, they can intercept SMS-based two-factor authentication codes and reset passwords on exchange accounts.

Compromised social media accounts from SIM swaps have been used to promote fake tokens and phishing links. Attackers either bribed carrier employees or used social engineering to convince support staff to transfer numbers. The Coinbase insider breach shows that staff corruption remains an effective attack vector across industries.

Defences:

• Use authenticator apps or hardware security keys instead of SMS for 2FA
• Set a PIN or security question with your mobile carrier
• Request a port freeze on your mobile account
• Monitor for unexpected loss of mobile signal

10. Address Poisoning

Address poisoning exploits human behaviour in cryptocurrency transactions. Attackers send tiny amounts of cryptocurrency to your wallet from an address that closely resembles one you regularly transact with. The goal is to trick you into copying the scammer's address from your transaction history.

Because blockchain transactions are irreversible, any funds sent to the poisoned address are permanently lost. More sophisticated variants target ENS domains and other human-readable address formats, registering domains with subtle typos or homoglyph characters.

Prevention:

• Never copy addresses from transaction history
• Use address book features in your wallet for regular recipients
• Verify the complete address, including middle characters, before sending
• Consider using ENS or similar naming services with careful verification

11. Pump and Dump Schemes

Coordinated groups artificially inflate token prices through organised buying and social media promotion, then sell their holdings once the price peaks. Retail investors who bought during the pump are left holding worthless tokens.

Private Telegram and Discord groups coordinate pump and dump operations on low-liquidity tokens. Some schemes involve paid influencer promotions where the influencer holds undisclosed positions.

Red flags:

• Sudden price spikes with no corresponding news or development
• Coordinated social media promotion from accounts with suspicious activity patterns
• Low trading volume relative to market cap
• Tokens heavily promoted in trading signal groups

12. Cryptojacking

Cryptojacking installs hidden mining software on victim devices, using their computing resources to mine cryptocurrency for the attacker. Victims experience degraded device performance and increased electricity costs.

Browser-based mining scripts, compromised cloud infrastructure, and malicious applications all serve as cryptojacking vectors. Enterprise environments are targeted for their higher computing capacity.

Detection signs:

• Unexpectedly high CPU or GPU usage
• Device overheating or fans running constantly
• Increased electricity bills
• Sluggish device performance

13. Fake ICOs and Token Presales

Initial Coin Offering scams promise early access to tokens at discounted prices before public launch. Investors send funds but receive nothing in return, or receive tokens that never list on any exchange.

The Squid Game token scam exploited the popularity of the Netflix series. Investors could buy but not sell. The token rose 45,000% before the developers pulled liquidity and disappeared with approximately $3 million. Data shows 30% of rug pulls involve presale scam elements.

Before participating in any presale:

• Verify team identities through LinkedIn, GitHub, or previous projects
• Check for independent smart contract audits
• Research whether liquidity will be locked and for how long
• Be sceptical of projects with no working product

14. Recovery Scams

Recovery scams target people who have already lost money to cryptocurrency fraud. Scammers pose as law firms, government agencies, or blockchain forensics companies and promise to recover stolen funds for an upfront fee.

The FBI has issued warnings about fictitious law firms and recovery services targeting distressed victims. These scams exploit emotional vulnerability, with some impersonating government agencies for credibility. Victims pay fees but receive nothing, doubling their losses.

Warning signs:

• Unsolicited contact claiming knowledge of your previous losses
• Upfront payment required before any work begins
• Guaranteed recovery promises
• Claims of government affiliation without verifiable credentials

Search Facebook for "crypto recovery" and you will see profiles riddled with red flags: fake reviews, WhatsApp numbers that do not match the claimed location, post history that only goes back a few weeks, and testimonials that read like templates. These are not subtle operations.

Legitimate recovery firms do not guarantee outcomes and typically work on contingency rather than requiring payment upfront.

How to Spot Crypto Scams

Certain patterns appear consistently across scam types. Recognising these red flags can prevent losses regardless of the specific scheme.

Guaranteed returns. No legitimate investment guarantees profits. Cryptocurrency is volatile. Anyone promising guaranteed or fixed returns is lying.

Urgency and pressure. Scammers create artificial time pressure to prevent careful consideration. "Limited time offers" and countdown timers are manipulation tactics.

Unsolicited contact. If someone contacts you first with an investment opportunity via social media, dating apps, or messaging platforms, treat it with extreme suspicion.

Anonymous teams. Legitimate projects have identifiable founders with verifiable backgrounds. Anonymous developers might have good reasons for privacy, but they also face no accountability if they disappear with your funds.

Withdrawal restrictions. Any platform that accepts deposits easily but creates obstacles to withdrawal is a major red flag. Test with small amounts before depositing significant funds.

Too-good-to-be-true returns. Returns significantly above market rates require significantly above-market risk. Often that "risk" is that the platform is fraudulent.

Tools like RugCheck.xyz for Solana tokens and Token Sniffer for Ethereum can analyse smart contracts for common scam patterns before you invest.

How to Report Crypto Scams

Reporting fraud helps law enforcement identify patterns, track criminal organisations, and potentially recover funds. Even if you cannot recover your personal losses, your report may prevent others from being victimised.

Cryptocurrency fraud is increasingly cross-border. In 2025 alone, Europol coordinated the takedown of multiple networks laundering over €700 million through fake crypto platforms. Your report contributes to these international enforcement efforts regardless of where you are located.

United States

FBI Internet Crime Complaint Center (IC3)

Website: ic3.gov

The IC3 is the primary US reporting mechanism for cryptocurrency fraud. Include all transaction details: wallet addresses, transaction hashes, platform names, and any communication with the scammer. The FBI's Operation Level Up uses these reports to identify active fraud and warn potential victims before they lose more money.

Federal Trade Commission (FTC)

Website: reportfraud.ftc.gov

The FTC collects fraud reports and shares data with law enforcement agencies.

State Regulators

Many states maintain cryptocurrency scam trackers. The California DFPI publishes a searchable database at dfpi.ca.gov/crypto-scam-tracker.

United Kingdom

Action Fraud

Website: actionfraud.police.uk | Phone: 0300 123 2040

Action Fraud is the UK's national reporting centre for fraud and cybercrime. In 2024, Action Fraud received 25,843 investment fraud reports totalling £649 million in losses. Cryptocurrency was the most common asset type, accounting for 66% of all reports.

Financial Conduct Authority (FCA)

Website: fca.org.uk/consumers/report-scam | Phone: 0800 111 6768

Report suspected scams to the FCA, particularly if a firm claims to be FCA-authorised. Use the FCA Firm Checker to verify if a company has permission to offer crypto services in the UK. Note that most crypto activities remain unregulated in the UK, so you may not have access to the Financial Ombudsman Service or FSCS protection.

Scotland: Report to Police Scotland on 101, or contact Advice Direct Scotland on 0808 164 6000.

European Union

Your National Police

Report to your country's police force first. For cross-border cases, national authorities coordinate with Europol.

Europol

Europol coordinates international investigations but does not take individual complaints directly. However, your national report feeds into their cross-border enforcement efforts. Europol's 2025 SOCTA report identified online crypto scams as one of the fastest-growing threats to EU security.

European Anti-Fraud Office (OLAF)

For fraud involving EU funds or institutions: anti-fraud.ec.europa.eu

Reporting to Exchanges

If funds were transferred through a legitimate exchange before reaching the scammer, report the fraud to that exchange. Some exchanges can freeze accounts associated with fraud, though recovery is rarely successful once funds leave the platform.

Important Warning

Be wary of "recovery services" that contact you after reporting fraud. Many are secondary scams targeting people who have already lost money. The FBI, FCA, and other regulators have all issued warnings about fictitious law firms and recovery agencies.

What's Changing in 2026

Three structural shifts are making crypto scams more dangerous.

AI amplification across the scam lifecycle. Scammers now have access to the same generative AI tools as legitimate businesses. The barrier to running sophisticated fraud operations has dropped significantly.

AI-powered chatbots will enable scammers to maintain relationships with multiple victims simultaneously in pig butchering schemes. Real-time deepfake technology will enable "interactive" scam streams where the fake celebrity appears to respond to audience questions. Voice cloning attacks will expand beyond public figures to target victims' personal networks, impersonating family members or colleagues.

Bot networks will generate increasingly realistic comment histories and social media profiles with months of fabricated activity, making verification of social proof increasingly difficult.

Professionalisation and consolidation. The data shows fewer incidents but dramatically higher damage per incident. Scam operations are consolidating into more organised, well-funded groups. They invest in branding, customer service infrastructure, and long-term relationship building.

Telegram-based scam markets now sell complete fraud infrastructure: stolen identity data, fake investment platform templates, AI deepfake tools, and phishing kits. This lowers the barrier for new scammers while increasing the sophistication of attacks.

Rug pull teams are using better branding and more structured narratives, making risks harder to spot early. The shift from DeFi protocols to memecoins means faster cycles and less technical due diligence from victims.

Insider access as the persistent weak point. The Coinbase breach demonstrated that human access points remain exploitable even when technical security is strong. Bribing or social engineering employees and contractors bypasses technical controls entirely.

Third-party contractor access, particularly for outsourced support functions, will remain the primary attack vector for exchange breaches. North Korean state-sponsored groups specifically target crypto businesses through social engineering, with compliance professionals and developers with deployment access increasingly in scope.

As AI coding assistants become more common, attackers will exploit developers who paste code from tutorials without reviewing it. Expect scams disguised as "AI-powered trading tools" that require smart contract deployment.

For Security Teams and Crypto Organisations

If you work in cybersecurity or for a cryptocurrency-related business, these scams present specific risks beyond individual financial loss.

Insider threat vectors. The Coinbase breach pattern, where overseas contractors were bribed for customer data, is replicable. Organisations handling cryptocurrency or customer data should review third-party access controls, particularly for support functions that may be outsourced.

Supply chain risks. Developers in the crypto space face targeted attacks through malicious packages and contract code. The same patterns seen in npm supply chain attacks apply to smart contract libraries and DeFi integrations. Establish code review requirements for any third-party contract interactions.

North Korean threat actors. State-sponsored groups specifically target crypto businesses through phishing and social engineering. Compliance professionals and developers with deployment access are increasingly targeted. The Treasury Department has documented billions in losses from these operations.

Impersonation of your brand. Scammers routinely create fake Telegram channels, support accounts, and websites mimicking legitimate crypto projects. Monitor for impersonation and establish clear official communication channels your users can verify.

Employee targeting. Staff members may be targeted through pig butchering or investment scams, potentially leading to credential theft, insider compromise, or reputational damage if they unknowingly promote scams.

Practical steps:

• Implement strict access controls for customer data, especially for contractors
• Establish monitoring for brand impersonation across Telegram, Discord, and social platforms
• Include crypto scam awareness in security training programmes
• Review smart contract dependencies and third-party integrations
• Ensure incident response plans cover insider threat scenarios

Summary

Cryptocurrency scam losses reached $9.3 billion in the US and £649 million in the UK in 2024, with similar patterns emerging across Europe. The 14 scam types covered here represent the threats most likely to cause damage in 2026:

1. Investment fraud (pig butchering)
2. Rug pulls and exit scams
3. Insider threats and exchange breaches
4. Fake exchanges
5. Deepfake celebrity scams
6. Social media scams and manufactured trust
7. Malicious smart contracts targeting developers
8. Phishing and wallet drainers
9. SIM swapping
10. Address poisoning
11. Pump and dump schemes
12. Cryptojacking
13. Fake ICOs and presales
14. Recovery scams

Protection requires a layered approach:

• Verification: Check team identities, contract audits, and platform legitimacy before investing
• Technical controls: Use hardware wallets, authenticator apps, and revoke unnecessary approvals
• Behavioural awareness: Recognise urgency tactics, guaranteed returns, and unsolicited contact as red flags
• Reporting: Report incidents to ic3.gov even if recovery seems unlikely

The Coinbase insider breach showed that trusting major platforms is not sufficient. Understanding how scams operate and maintaining healthy scepticism remains your best defence.

This article is regularly updated as new threats emerge.

Last updated: January 2026

Frequently Asked Questions

How do I report a crypto scam?

In the US, file a complaint with the FBI's Internet Crime Complaint Center at ic3.gov and the FTC at reportfraud.ftc.gov. In the UK, report to Action Fraud on 0300 123 2040 and the FCA on 0800 111 6768. In the EU, report to your national police, who coordinate with Europol for cross-border cases. Include all transaction details, wallet addresses, and communications with the scammer.

Can stolen cryptocurrency be recovered?

Recovery is difficult but sometimes possible. Law enforcement has recovered funds in some cases, and the FBI's Operation Level Up has saved victims an estimated $400 million by intervening before further losses. Europol has also seized assets in major cross-border operations. However, most stolen cryptocurrency is not recovered due to the pseudonymous nature of blockchain transactions.

What is a rug pull in crypto?

A rug pull occurs when cryptocurrency project creators abandon the project after attracting investment, typically by draining liquidity from trading pools. This leaves investors holding worthless tokens they cannot sell. Tools like RugCheck.xyz can help identify warning signs before investing.

How do pig butchering scams work?

Pig butchering scams involve building a relationship with victims over weeks or months through social media or dating apps. Once trust is established, the scammer introduces a fraudulent investment opportunity. Victims are directed to fake platforms showing fabricated profits, encouraging larger deposits until the scammer disappears with the funds.

Are crypto recovery services legitimate?

Most "recovery services" that contact you after a scam are themselves scams. The FBI, FCA, and other regulators have all warned about fictitious law firms targeting fraud victims. Legitimate recovery requires law enforcement involvement. Be extremely sceptical of any service requiring upfront payment or guaranteeing recovery.

References and Sources

1. FBI Internet Crime Complaint Center. (2025). 2024 Internet Crime Report. Cryptocurrency fraud losses totalled $9.3 billion, a 66% increase from 2023. Investment fraud accounted for $5.8 billion.
2. FBI Operation Level Up. (2025). Program statistics as of July 2025. 6,475 victims notified, $400.9 million in estimated savings, 77% of victims unaware they were being scammed.
3. City of London Police / Action Fraud. (2025). Investment Fraud Statistics 2024. £649 million in losses from 25,843 reports, cryptocurrency involved in 66% of cases.
4. Federal Trade Commission. (2025). Consumer Sentinel Network Data Book 2024. $12.5 billion total fraud losses, $1.9 billion from social media-initiated scams, 70% loss rate for social media contacts.
5. DappRadar. (2025). Rug Pull Analysis Q1 2025. Seven incidents recorded with nearly $6 billion in losses, 6,499% increase from 2024.
6. Coinbase. (2025). Security incident disclosure, December 2025. Support contractor breach, $20 million ransom demand, estimated $400 million in potential costs.
7. Elliptic. (2025). The State of Crypto Scams 2025. Telegram-based markets Tudou Guarantee and Xinbi Guarantee enabling close to $2 billion monthly in illicit transactions.
8. SentinelLABS. (2025). Crypto Trading Bot Scam Analysis. Over 256 ETH stolen through malicious smart contracts promoted via YouTube tutorials.
9. Reuters/Fortune. (2025). Investigation into Meta advertising practices. Approximately $3 billion in 2024 revenue tied to scam ads, internal estimate of involvement in one-third of U.S. scams.
10. Europol. (2025). Cryptocurrency Fraud Network Takedown. €700 million laundered through fake crypto platforms, coordinated enforcement across eight countries.
11. Solidus Labs. (2024). Rug Pull Report. 8% of Ethereum ERC-20 tokens and 12% of BNB Chain BEP-20 tokens programmed for rug pulls.
12. U.S. Department of the Treasury. (2025). Action Against Prince Group TCO. $4 billion in illicit proceeds laundered through Huione Group between 2021-2025.
13. New York Attorney General. (2025). Joint investigation announcement. 700+ Facebook accounts shut down, $440,000 in cryptocurrency seized or frozen.
14. UK Financial Conduct Authority. (2025). Financial Lives 2024 Report. Approximately 800,000 UK adults experienced investment or pensions-related fraud in the 12 months to May 2024.
15. BleepingComputer. (2024). X/Twitter Crypto Drainer Ad Campaign Analysis. MS Drainer operation stole $59 million through paid advertisements on X, often using compromised verified accounts.