How To Avoid Crypto Scams: Best Practices To Protect Yourself

Let's identify the most common threats so you know them when you see them and then give you the best solution.


Interests in Cryptocurrency have boomed over recent years, and so has the number of scammers and impersonators. From videos featuring Ethereum founder Vitalik Buterin used to lure people into giving up cryptocurrencies to CoinDesk’s email hacking incident, the examples are countless.

If there is anything we can learn from these events is that we always can do better in security. Online scamming is not something new. Phishing emails and fake profiles have been part of the Internet culture since its inception. What seems to be changing is the proficiency and mastery of scams - fraudsters are upping their game to a level that is hard to detect in plain sight.

Let’s first identify the most common threats so you know them when you see them and then give you the best solution.

Common Crypto Scams and Threats

Fake MetaMask Extension

The MetaMask extension is an Ethereum wallet plugged into your browser for accessing distributed applications. The extension connects the Ethereum web3 API into your website’s javascript, so that dApps can read from the blockchain.

According to Kaspersky research, a notorious hacker group known as BlueNoroff manipulated the popular MetaMask extension to steal funds from that user: they intercepted the transaction process and injected their own line of code to drain the accounts.

How To Protect Yourself

You should always keep your MetaMask up to date and ensure that all updates take place within your browser. The original download should come from the official website.

Malicious NFT Airdrops Target OpenSea Vulnerability

OpenSea is the biggest online non-fungible token (NFT) marketplace according to Statista. Almost a year ago, a lot of users fell victim to a scam that saw hackers airdropping ”free NFTs” to users, only to see their funds disappear from their wallet. Check Point Research went into a detailed analysis and worked closely with OpenSea to resolve the problem and prevent this from ever happening again.

How To Protect Yourself

You should always be careful when receiving external requests to sign your online wallet. Don’t be eager to approve requests and ensure you know where the request is coming from. If in doubt, reject the request until you are absolutely sure this is a request you trust and approve.

Honeypot and Rug Pull Scams

Let’s start with rugpulls. The name comes from the real-life scenario of pulling the carpet underneath someone’s feet. How does that translate into the crypto world? Scammers will launch a new currency attached to a liquidity pool and wait for people to start buying/selling the coin. Once there is enough money in the pool, scammers will withdraw the funds and flee before you know it.

Now, let’s move on to honeypots. Again, the name stems from a real-life scenario where your funds get stuck and you can’t get it out. Here’s how honeypots work: scammers will incorporate a piece of code into the smart contract that only allows their wallets to sell the coin. Everyone else can buy, but they are the only ones that can sell. What happens next?

Performance graphs indicate a steep buying curve encouraging investors to buy. The value keeps going up and market sentiment shows a coin that rises in valuation. The hard realisation that you have been scammed comes when you decide to sell. The scammer code does not allow you to sell and your money is essentially trapped forever.

Honeypot scams can last from days to weeks to months, depending on how long it takes people to realise they can only buy and not sell.

How To Protect Yourself

Avoid trading or getting involved with coins that are under the radar. Instead, check that your coin of choice ranks amongst the top on CoinMarketCap and their trading volumes. Other ways to spot mischief and stay away are:

  • Revert from currencies where a few purses have the majority of the tokens
  • They are audited by a renowned company

Phishing Emails and Ads

If you think Google Ads are annoying and just clog the top of your search results, wait till you read about the crypto scam associated with them. Fraudsters follow the designated procedure and bid on keywords on Google Ads, setting traps for cryptocurrency enthusiasts that are thirsty for content that will give them a competitive advantage, according to the Check Point investigation. How did the scam work exactly?

People searching for MetaMask and Solana were presented with links to phoney lookalike websites. Once they landed on the fake website, there was no way to tell they shouldn’t create accounts. The level of detail in the design and behaviour of the website, led people to create and fund accounts, only to see their funds disappear.

When it comes to email phishing it usually involves a malicious link in an email that loads a piece of code on the computer infecting it immediately.

How To Protect Yourself

Never navigate to a website through ads. Type the name of the website yourself and ensure the url is SSL-protected and corresponds to the real name of the brand. Sometimes, scammers are able to make the real and scam URL look exactly the same.

As far as emails go, check the sender and ensure all emails you open come from contacts, and people you recognise and know. Emails containing links should be treated with caution and so should PDFs and files that you need to download on your device.

Impersonators Pretending To Be Telegram Admins

Telegram groups are littered with scammers trying to impersonate high-profile influencers, company staff or group admins to get in your good graces. They might ask you for personal information, transfers, receive odd calls or even be added to groups without asking to.

These are all signs you should be weary of and here is how you can protect yourself.

How To Protect Yourself

Check your Telegram privacy settings and hide information such as your telephone number that shouldn’t be shared with the public. Moreover, you should identify admins on the Telegram channel member list by clicking on “members” or “info”.

If someone contacts you, click on the photo/avatar of the person you are talking to, check the username and compare it with the list of admin usernames. Furthermore, you should only interact with official social channels [check pinned message] in the channel.

We advise you to change your privacy settings accordingly, to avoid not being added to groups or receive calls from strangers. Here’s how:

Telegram > Settings > Privacy and Security > Calls, then Groups & Channels

👉Set “Who can call / add me ” to “My contacts” rather than “Everybody"
👉 You can also check the list of official Admins: /adminlist

( You can check by typing /adminlist )

More Ways To Protect Yourself From Crypto Scams

Never share your seed phrase with anyone. Nobody will ever ask you to share it - no company, person or platform. This is strictly personal information and it should not be shared under any circumstances.

Use a hardware wallet to hold and keep assets secure. It adds an extra layer of security as they are unaffected by viruses if they were to be stored in a digital form.

Use a password manager and never reuse passwords. Password managers allow users to use stronger, more complex passwords as they don’t have to rely on memory.

2FA on all accounts (emails, exchanges, platforms). ideally the phone with the 2fa codes should be external to your day to day phone

Last but not least, ensure you follow a project's official links. In the case of Polkastarter, go to a project’s dedicated page and scroll to the bottom of the page.

About Polkastarter

Polkastarter is the leading decentralized fundraising platform enabling crypto’s most innovative projects to kick start their journey and grow their communities. Polkastarter allows its users to make research-based decisions to participate in high-potential IDOs, NFT sales, and Gaming projects.

Polkastarter aims to be a multi-chain platform and currently, users can participate in IDOs and NFT sales on Ethereum, BNB Chain, Polygon, Celo, and Avalanche, with many more to come.

Stay tuned for more upcoming IDOs
Website | Twitter | Discord | Telegram | Instagram | Newsletter | YouTube | Spotify