Bitcoin and cryptocurrency scam
No AI-generated content: this article is written and researched by humans
Table of contents
Click here for a quick summary
Short summary: Bitcoin and cryptocurrency scams to watch out for

As Bitcoin and other cryptocurrencies surged in price and popularity, hackers and cybercriminals became more interested in stealing them. Here are the most common scams and attacks related to cryptocurrencies:

  • Phishing emails
  • Spoofed and imposter websites
  • Tech support and security impersonation scams
  • Crypto giveaway scams
  • Employment scams
  • Extortion
  • Man-in-the-Middle cyberattacks
  • Investment frauds and pyramid schemes

Read the full article below for an in-depth look into Bitcoin and cryptocurrency scams and ways to prevent them.

Between late 2023 and throughout 2024, phishing, company impersonations, and other crypto-related cyberattacks and scams surged significantly. Reports show that crypto-related fraud losses reached at least $9.3 billion in 2024, a 66% increase year-over-year, highlighting the rapid growth of scam activity alongside rising prices. Bitcoin’s price rose by more than 150% during that period, climbing from around $30,000 to over $70,000 at its peak.

Since cybercrime is not going away anytime soon, I’ve prepared an in-depth guide to the most common cryptocurrency-related scams, how to recognize them, and how to avoid them. Additionally, I’ll share information on how to secure your Bitcoin and other cryptocurrency investments from hackers and cybercriminals.

The six most common Bitcoin scams and cyberattacks

If you’ve been HODLING (a term for long-term crypto investors who haven’t panic-sold through the up-and-downs), you might be familiar with some of these scams and cyberattacks. But if you’re just entering the world of crypto, you need to be aware of the risks. Hackers and cybercriminals are constantly thinking up new inventive ways to steal Bitcoin and other altcoins.

If you’ve been making good moves and gains with cryptocurrency, the last thing you want to do is hand it over to some fraudster online. Here are some of the latest crypto cyberattacks and scams to look out for.

1. Email impersonation: spoofed websites and phishing attempts

This scam is the most common in the cryptocurrency world. Through phishing emails, scammers might impersonate representatives from popular cryptocurrency exchanges like Binance, Huobi Global, or Coinbase.

They could also impersonate Bitcoin wallets or other cryptocurrency apps. Oftentimes, they’ll issue a “security alert” to alarm you and lure you to a fraudulent site where they can capture your security and account credentials. This allows them to gain access to your Bitcoin or cryptocurrency account.

Fraudsters have become quite skilled at recreating websites to look like the real deal. They use social engineering to convince people to hand over their personal details, too.

How to protect yourself against phishing attempts

  • Avoid suspicious links: Be wary of clicking links. If a hacker has copied a site and changed a minor part of the URL, such as adding a zero instead of the letter “O,” you could be redirected to a spoofed site. Also, look for grammatical errors, strange wordings, and misspellings in emails.
  • Type it yourself: To protect yourself, it’s a good idea to manually type in the name of the website into your browser to ensure you get to the right one. A little extra time spent to ensure your protection is worth it.
  • Use hints in your browser: Before entering confidential data like passwords, always check the browser. Is there a locked padlock icon in front of the URL? When you look at the full domain name, is there an https:// before the site address? Is the URL the correct name of the site? If this isn’t the case, you could be on a malicious site.

For more tips on how to spot phishing attempts, take a look at our full article about phishing.

2. Phone impersonation: security and tech support scams

Fraudsters sometimes create false customer support phone numbers for cryptocurrency exchanges, wallets, or apps. Through spam emails and phishing attempts, they’ll try to bait Bitcoin owners into calling with phony security alerts or customer service queries.

But beware: scammers can call you, too. Outbound calls are particularly dangerous because fraudsters can spoof real support numbers. Never provide any confidential information when a representative calls you.

Keep in mind that this scam — as well as the previous — could come from any industry. You could get fraudulent emails and phone calls from scammers claiming to be from Amazon, Google, Netflix, or your bank, looking for login information, credit card numbers, or other sensitive account information.

What information are phone impersonators after?

  • Cryptocurrency transactions: A fraudulent customer support agent might ask you to send a transaction to an external blockchain address to “verify” your address. Never make any transactions unless you’re sure of the reason.
  • Passwords and login info: Never give an account password or login information for “verification” over the phone or in an email. You should only enter it in secure parts of legitimate websites.
  • Private keys: Your Bitcoin or crypto secret key is for you and you alone. Never give it to anyone.
  • Remote access: Scammers could request remote access to your device to “fix an issue” you might have. You should never give a cryptocurrency customer service rep (or anyone) remote access to your computer.
  • Two-Factor/multifactor authentication info: Fraudsters could be hunting for 2FA codes or passwords to access your account. Never give these up. They’re there to offer an extra wall of protection in case your passwords are compromised.

3. The man-in-the-middle Bitcoin attack

A Man-in-the-Middle attack isn’t a scam at all, but a cyberattack that can happen when you’re using public Wi-Fi. This could be at the airport, train station, or a restaurant or coffee shop.

A hacker intercepts the data between your device and the internet router. This allows cyber thieves to read any data you send — including passwords, login information, and private keys.

If you’ve logged into a Bitcoin app, wallet, or account, the thieves can gain access to your Bitcoin or other cryptocurrencies. It’s even possible this could happen at home or on a trusted network if a hacker is close enough to intercept the signal from your Wi-Fi.

using public wi-fi
man-in-the-middle attack

How to protect yourself against a Man-in-the-Middle attack

The best way to stop an MITM attack is to block the middleman. This is easy with a good, reliable VPN. A VPN encrypts all data going to and from your device. So if a hacker intercepts your data at the airport, they won’t be able to read it due to that encryption.

how to protect yourself against a Man-in-the-Middle attack

A VPN also protects you from snooping by your internet service provider (ISP). If an employee is abusing access or someone hacks the ISP, they won’t be able to decrypt your information because of the VPN.

When it comes to security, we recommend NordVPN. It ranks at the top of our review list for security and protection. It is also our number 1 no-logs provider for privacy-conscious users.

NordVPN
Deal
Get 75% OFF NordVPN + 3 months free
Visit NordVPN

4. Social media cryptocurrency giveaway scams

There are countless fraudsters running fake Bitcoin giveaways on Facebook, Instagram, and other social media outlets. They show off bogus screenshots with fake messages from companies or celebrities like Elon Musk promoting the giveaway. Bot accounts swarm the fraudulent posts, seemingly confirming their legitimacy.

However, once you’ve found your way to the fraudulent website, they’ll need youraddress verification.” You verify your address by sending Bitcoin to the fraudulent giveaway’s blockchain address.

They claim they’ll send you the giveaway after they’ve received the verification payment, but you won’t get that far. The best-case scenario is that you send them Bitcoin and get nothing in return.

The worst thing that can happen is you wind up clicking a malicious link, scanning a fraudulennt QR code, or entering your account information on a fraudulent site, which can result in significant financial loss.

What to do when you see a Bitcoin giveaway

  • Don’t use blockchain address verification: Never “verify” your blockchain address by sending Bitcoin or cryptocurrency.
  • Be wary of social media: Manipulated screenshots and forged messages are quite common. Make sure you’re looking at an official social media page, and not a fraudulent one.
  • Do research: There are real opportunities to earn cryptocurrency, like referral programs for crypto startups. Use Google to research the company or entity doing the giveaway. Is it legitimate?
  • Check domains and websites: Verify the giveaway URL to ensure it’s legitimate and not a phishing or spoofed site.
  • Report: Always report scams and fraud when you see them.

5. Bitcoin extortion and sextortion scams

Unfortunately, “I know your password” and other extortion scams are making a comeback. What once were low-tech, simple coercion emails have become more sophisticated.

Fraudsters and hackers can purchase passwords and corresponding emails on the dark web from old data breaches. So you might see one of your old passwords in the subject of an email. While these scams can make your heart jump, they’re almost always fraudulent.

They might also claim to have accessed your computer and its camera and obtained sexually explicit video or images of you. This is called a sextortion scam. These spam emails are just looking to shake victims up. The endgame here is for the perpetrator to get you to send Bitcoin to their blockchain address.

What to do when you receive an extortion or sextortion email

  • Don’t reply: Don’t answer, and don’t send any payments. You can report the email to the FBI’s Internet Crimes Complaint Center IC3 if you’re in the US. Report international scams at eConsumer. If you receive the message through your work email, tell your company’s IT department.
  • Change your passwords: If you haven’t changed your passwords in a while, now’s the time to do so. Make sure they’re different across each account, and that they contain a combination of uppercase and lowercase letters, symbols, and numbers.
  • Mark as spam: After you’ve reported the email, mark it as spam and delete it. That way, future messages from the sender won’t find their way into your main inbox.
  • Run a malware scan: Run a scan to check your computer or device for any malware, just to make sure you’re safe. Check out our full article on antivirus software and have a look at our top five picks for more information and tips.

6. Bitcoin investment and business opportunity scams

American consumers reported losing more than $80 million to cryptocurrency investment scams during Bitcoin’s last bull run, according to a study from the Federal Trade Commission (FTC). That’s ten times higher than the year before. Almost half of those victims were between the ages of 20 and 39, the FTC said.

With this type of scam, companies or individuals will approach you, offering outrageous investment returns and “financial freedom.” Usually, the investment is actually a scheme involving Bitcoin or other cryptocurrencies. There are different kinds of investment scams.

Pyramid schemes

These are recruiting schemes. The idea is that you pay an upfront Bitcoin or crypto payment for the right to recruit. For each new member you recruit for the program — which could provide access to cryptocurrency investing advice, early access to new ICOs (Initial Coin Offerings), or other incentives — you’re promised cryptocurrency rewards.

Let’s say you pay $500 in Bitcoin to join the program. For each person you recruit, you might get $100 in Bitcoin back. You offer your recruits a similar deal.

The more people you recruit, the more money you make. If you come across a scheme in its early stages that actually pays out, sure, you could make money.

But pyramid schemes are illegal for a reason: at some point, the number of recruiters outweighs the potential recruits. Scammers often take advantage of this pay-to-play model without ever actually paying up.

Phony investment managers

In this scheme, you’ll be contacted by “investment managers.” They’ve apparently made millions and are well-versed in cryptocurrency trading. They can also make you millions if you let them manage your cryptocurrency.

If they’re looking for small scores, they might ask for upfront fees. If they’re ambitious, they might try to hustle large sums for “investments.” Of course, the chances that they’ll actually win you anything are very slim.

Instead, you’ll just lose money by paying them and giving them access to your financials. Be wary of any social media cryptocurrency “experts” reaching out to handle your investments.

Job offers and employment scams

Scammers might also impersonate recruiters and human resources, targeting job hunters. If your resume or CV is posted somewhere online, you might receive an interesting “job offer” letter.

Most commonly, fraudsters ask for a cryptocurrency payment to start job training. Or they might be looking for cryptocurrency investors or fund managers. Either way, you’re paying up in Bitcoin and won’t get anything in return.

Celebrity endorsement investment scams

The UK removed thousands of links to fake celebrity endorsement scams last year. These are similar to the giveaway scams in that they use celebrities to rope in victims. Fake news stories are circulated on social media from seemingly legitimate sources like ABC or the BBC.

Scammers use real photos with false testimonials from celebrities about huge gains from cryptocurrency investments. In the UK, fraudsters used Richard Branson and Ed Sheeran to push phony investment opportunities, while in Australia, fake versions of Mel Gibson and Chris Hemsworth dolled out testimonials.

It’s one of the most common tactics employed when launching crypto pump and dump schemes. Check out this article for a comprehensive list of NFT scams and how to protect your digital assets.

How to protect your Bitcoin and cryptocurrency

Now that you’re up to date on scams and cyberattacks, it’s time to protect your investment.

First of all, you should never store your cryptocurrency on an exchange like Coinbase, Binance, or Gemini. Exchanges are for trading, not storing. While these trading platforms have heightened security protocols, they’re a huge target for hackers.

Binance was hacked in 2019 and had $40 million in Bitcoin stolen. Since then, cryptocurrency hacks have grown in scale, with losses reaching nearly $3 billion in 2025 alone. According to recent reports, hackers have stolen well over $4 billion from major crypto exchange breaches over time, with most attacks still targeting exchanges and centralized platforms.

So what’s the safest way to stash your Bitcoin and cryptocurrency? And what other ways to protect your money are there? If you’re looking to hold long-term, or just safely store your crypto before it’s time to sell, you’ll need a good digital wallet.

Protect your Bitcoin with a digital wallet

These wallets interact with the blockchain network that cryptocurrencies run on. Each has a private key and a public address. The private key allows you to access the wallet to make purchases, send crypto to other parties, or move it to exchanges. The public blockchain address allows you to receive transactions.

There are different kinds of wallets that meet consumers’ different needs.

Cold wallets

Cold wallets are stored offline and are not connected to the internet. These wallets are actual hardware (they look like USBs), are considered the most secure, and carry the least risk.

They’re best for long-term investors who want to hold. These could best be compared to safes, vaults, or safety deposit boxes. You can store a lot of money or valuables in them, and they’re extremely secure, but it takes more time to get them out.

Sidenote: Paper wallets (physically printed on paper with keys and QR codes) were popular in Bitcoin’s early days. However, since the advent of hardware wallets, they’ve fallen out of favor.

You’re not physically printing and storing Bitcoin as currency, but rather just printing a digital wallet’s Bitcoin information. Since paper wallets are easy to damage, misread, or lose, they’re not generally recommended.

If you are mining Ethereum or Bitcoin, using a cold wallet is a wise idea.

Hot wallets

Hot wallets are connected to the internet and are more suited for purchases, transactions, and active traders. They’re easy to set up and easy to access. Usually, investors and traders will keep large sums in cold wallets and smaller amounts in hot wallets. Here are some hot wallet options:

  • Desktop wallets: This is software downloaded, encrypted, and stored on your laptop or desktop device. If your device is connected to the internet, make sure to get good antivirus software. Check out Exodus or Coinbase’s wallets to get an idea.
  • Mobile wallets: Mobile wallets are similar to desktop wallets, but for smartphones and mobile devices. They provide more convenience and can offer QR transactions for those who use and trade digital currency regularly. Since they’re connected to the internet, they are slightly less secure.
  • Web-based wallets: These are wallets that you access through the internet. While these are the most convenient, they’re also the most insecure. They’re susceptible to DDOS and other kinds of cyberattacks. If the storage site suffers a data breach, your information will also be at risk.

For more information on how to buy and sell Bitcoin safely, have a look at our in-depth article.

Security starts with a strong password

Experts tell you to make your passwords strong for a reason. This especially goes for your Bitcoin and cryptocurrency accounts. The average person has around 25 accounts they need to remember passwords for — which can be quite daunting. We’ve all fallen into bad habits of reusing passwords for different sites. We also tend to make weak passwords and don’t change them for years.

You want to make sure your Bitcoin and other cryptocurrency-related passwords are strong, changed often, and not reused across other sites. Don’t use anything that could be linked back to you easily — like schools you’ve attended, jobs you’ve worked, or children’s or pets’ names — and make it a combination of uppercase and lowercase letters, symbols, and numbers.

The question is: how are you going to keep track of all those good passwords? This is where password managers come in. They help you create, store, and manage your complex and strong passwords. In case you’re looking for the best password manager, 1Password came out on top of our password manager reviews.

Keep your crypto software up to date

Strong online security is a lot like getting a new car: it takes routine maintenance to keep everything running smoothly. Hackers never rest in their attempts to break software security.

When vulnerable code is discovered, software makers update the security to close the loophole. But no matter how good they are at closing the vulnerability, it won’t do you any good unless you get the update.

Staying on top of updates can seem like a dull chore, but almost all hacked software lacks the latest fix. Stay on top of keeping your crypto-related software up to date to prevent losing your valuable Bitcoin.

Some cryptocurrencies use advanced technologies to maintain privacy, so it’s important that you regularly update the exchange software (such as the Ledger) to prevent any hiccups.

Think like a con artist

To avoid these common crypto scams, it’s a good idea to put yourself in a hacker’s shoes (or maybe at their laptop). The entire point of cons and scams is to rattle the victim and distract them from the criminal’s endgame.

Scammers and con artists want to alarm you and get you moving quickly before you’ve had time to think about the scenario. It’s only after falling victim and having time to settle down that people begin to question how odd the situation was in the first place. Understanding how scammers think will help you stay ahead of them. So what do these scammers really want?

They want you to send Bitcoin and cryptocurrency

The end game for a lot of these scams is to have you send Bitcoin or cryptocurrency to a fraudster’s blockchain address. Traditional banking methods allow you to stop payments or reverse transactions. If you think you’ve made an error or been defrauded, chances are you can get that money back by communicating with your bank.

However, that’s not the case with Bitcoin and other cryptocurrencies. Bitcoin is a digital currency that no institution controls. You’ve got to have total confidence that the party or merchant you’re sending cryptocurrency to is an entity that can be trusted.

Once you’ve sent it to a blockchain address, there’s no going back, and no one to turn to for help. This is good news for scammers: once they’ve fooled you for just a moment, they’ve won.

They want access to your Bitcoin or cryptocurrency accounts

Fraudsters also want to gain access to your Bitcoin wallet or account. Once they’ve got access, they can send cryptocurrency wherever they want. Through the different scams and cyberattacks we looked at earlier, they hope to get:

  • Private keys: Cryptocurrency wallets have a secret key (or keys) that only the owner should know. Getting hold of this key allows fraudsters to spend money and make transactions.
  • Passwords and login info: They’re looking for access to victims’ cryptocurrency accounts and apps.
  • Remote access: Scammers could request remote access to your device to “solve a problem.” Once a scammer has control of your device, they’re able to access your cryptocurrency accounts, your online financial accounts, and your entire online life.
  • Two-Factor/multifactor authentication info: They could be hunting for 2FA/MFA codes or passwords to access your Bitcoin accounts and apps.

However, scammers will be more than happy to take other things to use against you if they can’t get to your Bitcoin. Many scammers are getting increasingly better at social engineering.

Through trickery and manipulation, they could pry all kinds of personal information from you — like pet names, important dates, or schools you attended — to put into password or security question-guessing software.

Summary

Bitcoin and other cryptocurrencies are not immune to scams and other cybercrimes. And, with crypto popularity steadily rising, cybercrimes are rising together. From Man-in-the-Middle attacks, to phishing attempts, and data extortion, you can easily fall victim if you do not stay vigilant. 

The easiest way to protect your Bitcoin and cryptocurrency investments is to learn about all possible threats, rely only on trustworthy exchanges and wallets, and use additional tools such as password managers, VPNs, and antivirus software to further enhance the security of your data and online transactions.

FAQ

Frequently Asked Questions
What are the most dangerous Bitcoin and cryptocurrency scams?

The most common Bitcoin scams are phishing emails, spoofed and imposter websites, and cryptocurrency company impersonation scams. On social media, there are often fraudulent crypto giveaways that try to lure you to malicious sites.

What should I do if I receive a blackmail email about my Bitcoin wallet?

Don’t reply, don’t answer, and don’t send any payments. Instead, you should:

  1. Change your passwords.
  2. Report the extortion email.
  3. After you’ve reported the email, mark it as spam and delete it. That way the sender won’t find their way back into your main inbox.
How do I protect my Bitcoin?

You’ll want to store your digital assets in a hot or cold wallet. Cold wallets are hardware and aren’t connected to the internet, which makes them safer. Also, always use a secure VPN when making online cryptocurrency transactions or trades to secure your internet connection.

What are Bitcoin scams?

There are all kinds of Bitcoin scams, but the end result is usually the same. Hackers and cybercriminals use tricks in order to get you to send Bitcoin to their blockchain address, or take control of your account. They might do this through phishing attempts, impersonations, or even by gaining remote access to your device.

Taylor Moore

Taylor Moore

Senior Editor

Taylor is a sports journalist with a keen interest in technology and internet freedom. He covers topics related to sports broadcasts, upcoming sporting events, internet accessibility, and more. He has an extensive background in the cybersecurity and VPN space and writes articles in sports, online privacy, and the broader cybersecurity niche at VPNOverview.

More articles from the Finance section

Leave a comment

20
comments
  1. Gilberto

    Need help my broker scam me with bitcoin

    Reply
    • Priscilla Sherman

      Unfortunately, it can be very hard to retrieve stolen Bitcoin after you've been scammed. We advise you to report the scam to an official organization, like the FTC or the FBI Internet Crime Complaint Center.

      Reply
  2. christina c

    my husband and I both have been receiveing emails about having a bitcoin account he had one from dept.of cyber security compensation from leaks in our data,saying to pay $60 to cover the exchange rate ...but we have never purchased any bitcoin they say once they convert it we get 9,000.00 from the government could this be true???HELP

    Reply
    • Priscilla Sherman

      Hi Christina,
      This definitely sounds like a scam. If you've never had a Bitcoin account/purchased any Bitcoin, there is no reason for any compensation (and even if you did, there isn't really a current reason for compensation, either). Likely, the sender just wants to steal your money. We advise you NOT to engage (definitely don't click any links in the email) and to mark the email as "phishing," so other people who receive it can be warned, too!
      Good luck!

      Reply
    • Elizabeth W

      This has just recently happen to me but on Facebook messenger. I was pretty smart about it and he didn't win the battle. I put a lock on my cash app where he kept trying to take them from. So since then I've been through hell and back with this person. And still going through it. He has taken over my devices to where I don't have access to alot of my thing. I've been thru 3 new phones with new numbers. 21 email addresses. And just plain ole torture. And get this the local police won't do a dam thing to help Me.

      Reply
      • Priscilla Sherman

        We're really sorry to hear that happened. It sounds like this person managed to hack you, even if he didn't get access to your money. If this is giving you so much trouble, it might be wise to contact a local professional to help you get full access back to your systems and devices. On top of that, if you're from the US, you can always use the FBI's Internet Crime Complaint Center and follow the tips listed under the "What to do when hacked?" section in our Hacking article. All the best of luck!

        Reply
  3. Cal A

    Ok someone claims that my phone has been mining since 2019 and I got 28000.00 sitting there that needs to be exchanged for a nominal fee of course and it goes through cashapp but I cannot get past cash apps security to receive it. I have sent several return emails asking for the conversion fee to ve taken out at time of conversion but and of course nobody will contact me . Someone help this country boy out please.

    Reply
    • Priscilla Sherman

      Hi Cal! The first thing to do here would be to make sure this is actually true. Who is claiming your phone has been mining anything? Have you set up your phone to do that? It sounds like this could very well be a scam that aims to get your hopes up and then steal your money by making you log in on an untrustworthy site or app. Be careful that doesn't happen to you!

      Reply
  4. Alice Jane

    I think I am a victim of a crypto-scam like this. This person messaged me on whatsapp and was very convincing. The conversation lead to crypto and they had me sign up for binance and coin-isp. If this happens to you my best advice is to tell them you will not be doing anything financial until you meet them in person. I know this betrayal, it hurts but you just mustn’t, make it a rule for yourself always.

    Reply
    • Priscilla Sherman

      That is definitely a good rule to use! We hope you're doing okay and didn't face any financial damage.

      Reply
  5. Misty

    Someone on a dating site claims to be an advisor in bitcoin. Kept trying to get me involved. Because I said not till we meet he's disappeared. I believe this may be a scammer.

    Reply
    • Priscilla Sherman

      You might be right! Several people have reported coming across crypto scams on dating sites, especially in China and Japan. Good that you held them off. It sounds like these scammers use dating sites and apps to find victims for their Bitcoin investment scams.

      Reply
  6. Dorothy

    Great article, I have better understanding of this crypto scams now.

    Reply
    • David Janssen

      We're glad we could be of help! Stay safe :)

      Reply
  7. Daniel

    I think I am a victim of a crypto-scam like this. This person messaged me on whatsapp and was very convincing. The conversation lead to crypto and they had me sign up for binance and coin-isp. If this happens to you my best advice is to tell them you will not be doing anything financial until you meet them in person. I know this betrayal, it hurts but you just mustn't, make it a rule for yourself always.

    Reply
  8. jakesman

    lots of people are getting scammed everyday, and i happen to be a victim of one of these scams, fortunately i was able to recover my last funds

    Reply
Leave a comment