Spotting crypto scams

In regular banking, fraud usually requires the attacker to actually steal something: your card, your login, your codes. In crypto there is a category of scam that does not need any of that. The attacker just needs you to sign a transaction. You willingly press confirm, and your funds go to their address. No bank reverses it. No support team rolls it back. Self-custody makes this entire category possible.

The good news is that almost all of these scams use a small number of patterns. Once you have seen them, the variations become recognizable. This lesson goes through the most common ones and how to slow down before you sign.

Wallet drainers

A drainer is a malicious smart contract designed to look like a legitimate transaction (a swap, a claim, a mint) but quietly send all your tokens or NFTs to the attacker's address when you sign. It usually shows up after you connect your wallet to a malicious website.

The flow is consistent:

Connecting a wallet, by itself, does not move any funds. The damage happens when you sign. That is the moment to slow down. Always. Even if everything before it looked normal.

Token approvals: the slow-motion drainer

On most blockchains, before a contract can move your tokens, you need to grant it an "approval" or "allowance." Almost every legitimate DeFi action involves at least one approval (swapping on a DEX, depositing in a lending pool, etc.). It is normal and useful.

It is also a known attack surface. A malicious contract can ask for an "unlimited" approval on a specific token. If you grant it, that contract can move all of your tokens of that kind, any time it wants, even months later. You signed one transaction. They drained at a time of their choosing.

• Pay attention when a wallet asks you to approve a token. Read which token and which contract.
• When you can, approve only the amount you actually need for the transaction, not "unlimited".
• Periodically use a tool like revoke.cash or your wallet's built-in approvals page to cancel old approvals you no longer need.
• Be suspicious of any "claim airdrop" or "mint NFT" page that wants an approval on a token you already own.

Fake airdrops and free token traps

You will see tokens randomly appear in your wallet, with a name like "Visit X.com to claim $5000." The token itself is fake. If you visit the site to "claim" it, you land on a wallet drainer.

You may also see legitimate-sounding airdrops promoted in Discord, Twitter, or Telegram. Real projects sometimes do real airdrops. The scammers piggyback by setting up identical-looking sites at slightly different URLs. Once the airdrop is announced, dozens of malicious copies appear within hours.

• Never click links to "claim" tokens that randomly appear in your wallet. Treat the tokens as worthless and the link as a trap.
• For real airdrops, find the link in the project's official documentation or pinned post, not a DM, not an ad.
• Type the URL by hand or use a verified bookmark. Phishing sites often use a one-letter difference in the domain.
• If a real airdrop is "missed," you have not lost anything real. Walking away costs nothing.

Fake support, fake giveaways

These are crypto versions of the scams from the earlier lesson. Someone in a Discord DM "from the project team" offers to help you with a problem. Someone replying to your tweet "from the Coinbase support account" asks you to verify your wallet. A celebrity-looking account announces a "double your ETH" giveaway.

The rules are the same as in the general scam lesson. Real teams almost never DM you. Real support does not need your recovery phrase or any signed transaction from you. Giveaways that double your money do not exist. The crypto-specific twist is just that the scam now ends with a wallet signature instead of a wire transfer.

Reading what you are about to sign

Every wallet shows you something before you sign. The quality of that information varies. Older wallets just show "Confirm transaction" with a hash. Newer wallets and hardware devices try to translate the transaction into human-readable terms: "You are sending 0.5 ETH to address X" or "You are approving Contract Y to spend up to 1,000,000 USDC."

A few habits make this practical:

• Use a wallet that shows the destination address and what is changing in your balance. Rabby, MetaMask in newer versions, and most hardware wallet screens do this.
• If the wallet shows a warning about a contract or a destination, do not click past it. Stop and verify.
• If you are using a hardware wallet, read the details on the device screen, not just the website. The device is the only part of the chain that cannot be lied to by malware.
• If the transaction asks for an approval on a token you did not expect to approve, that is the signal to back out.

Rug pulls and the limits of due diligence

A rug pull is when the people behind a new token quietly empty out the project (liquidity, treasury, sometimes both) and disappear. The token instantly drops to nothing. The buyers are left holding worthless coins.

Rug pulls are not really wallet scams. They are bad investments dressed up as opportunities. The defense is mostly about what you choose to buy, not how you sign for it. A short, honest list of what helps:

• Be skeptical of new tokens with anonymous teams and very high promised returns.
• Look at how concentrated the token supply is. A few wallets holding the majority is a major risk.
• Check liquidity. If a token has very little liquidity, even a small sell can crash the price.
• Recognize that most new tokens fail. Treat any investment in them as money you might never see again.

There is no perfect filter for rug pulls. The strongest defense is position sizing: do not put more into any single speculative token than you would be okay losing entirely.

A short checklist before signing

When a wallet pop-up appears and asks you to sign, run through this in your head:

• How did I get to this page? Did I type the URL or did I follow a link?
• Is the wallet popup showing what I expected (a swap, a mint, an approval)?
• What address or contract is the destination? Does it match the project I think I am interacting with?
• Is it an approval? If so, what token and what amount?
• Does any part of this say "this transaction has unusual behavior" or show a warning? Why?

If anything is off, close the popup. There is no transaction in crypto that you must sign in the next ten seconds. Real opportunities are still real ten minutes later.

In crypto, the most expensive scam is the one you sign yourself. The cheap defense is reading the popup carefully before you press confirm.

The final lesson pulls all of this into a simple security routine you can actually follow on a regular schedule, with concrete checks for the week, the month, and the year.