How to spot and avoid a cryptocurrency scam?

Red Flags in Token Launches

1. A project announces a token sale with no publicly verifiable whitepaper or technical documentation.

2. The team hides behind anonymous profiles, using stock photos or refusing to disclose real names and professional backgrounds.

3. Smart contracts are not audited by reputable third-party firms like CertiK or OpenZeppelin.

4. Liquidity is locked for an unusually short period—sometimes less than 30 days—or the lock certificate is fake or unverifiable.

5. The token’s initial distribution heavily favors insiders, with over 60% allocated to private sale participants or team wallets without vesting schedules.

Suspicious Exchange Listings

1. A new coin appears on obscure or unregulated exchanges with minimal trading volume and no order book depth.

2. The listing coincides with sudden spikes in social media mentions, often driven by coordinated bot accounts using identical phrasing.

3. The exchange does not display clear information about its jurisdiction, licensing status, or KYC/AML policies.

4. Trading pairs include only stablecoins or low-liquidity tokens, avoiding major assets like BTC or ETH, which limits external price discovery.

5. Withdrawal delays or unsupported withdrawal methods—such as requiring users to submit ID scans via Telegram—are common indicators of platform manipulation.

Phishing and Impersonation Tactics

1. Fake wallet interfaces mimic legitimate platforms like MetaMask or Trust Wallet, often distributed through malicious browser extensions or cloned websites.

2. Social media accounts impersonating official project representatives post urgent “update required” messages with embedded links leading to credential harvesters.

3. Direct messages from “support agents” request seed phrases or private keys under the guise of “security verification” or “wallet recovery.”

4. Email notifications claim transaction failures or wallet freezes and direct users to spoofed domains ending in .net or .org instead of the official .com.

5. QR codes shared in community chats redirect users to unauthorized contract addresses when scanned, especially during “airdrop claim” events.

DeFi Protocol Anomalies

1. Yield farming incentives promise APYs exceeding 10,000%, with no sustainable revenue model backing the returns.

2. Governance tokens grant no actual voting rights—voting weight is hardcoded to favor early wallets or multisig signers.

3. Flash loan attacks occur repeatedly on the same protocol without meaningful code upgrades or security patches.

4. The protocol’s frontend dynamically loads JavaScript from external, unversioned CDNs, allowing remote code injection.

5. Staking contracts lack emergency withdrawal functions or pause mechanisms, making user funds permanently irretrievable upon failure.

Frequently Asked Questions

Q: Can I trust a project just because it has a verified Twitter account?Verification on social platforms only confirms identity ownership—not legitimacy, solvency, or ethical operation. Many scammers obtain verification through deceptive means or purchase legacy accounts.

Q: Is it safe to invest if a celebrity endorses a token on Instagram?No. Paid endorsements carry no legal liability for performance or accuracy. Regulatory bodies like the SEC have fined influencers for promoting unregistered securities without disclosures.

Q: What does it mean if a token’s contract is “renounced”?Renouncing ownership removes the deployer’s ability to alter core functions—but it does not prevent minting backdoors, front-running exploits, or malicious logic embedded at deployment. Renouncement alone offers no security guarantee.

Q: Why do some scam tokens show high trading volume on CoinGecko or CoinMarketCap?Volume can be inflated through wash trading, bot-driven transactions, or reporting from non-audited exchanges. These platforms aggregate data without verifying authenticity—high numbers do not reflect organic demand or liquidity health.