Cryptocurrency investing offers new and exciting opportunities, but it’s also rife with scams and tech-savvy con artists. And since the crypto space remains largely unregulated, it’s often difficult to distinguish between genuine investment opportunities and scams.

In just the first half of 2024, investment scams conned Canadians out of nearly $107 million—almost half of that ($51.6 million) via cryptocurrency scams, according to the Canadian Anti-Fraud Centre (CAFC). Crypto investments are the top type of investment scams reported to CAFC, says Nancy Cahill, acting client and communications outreach officer. Fewer than 5% of scams are reported, so the actual numbers are likely much higher.

Scammers often find victims on social media

Cryptocurrency scams are often intertwined with other types of scams—and the criminals behind them cast a wide net. Con artists frequently find potential marks on social media. According to an analysis by TradingPlatforms based on FTC data, nearly one-third of social media crypto fraud happens on Instagram, and one-quarter on Facebook. Some ruses start out as romance scams. Once suspects gain a victim’s trust and affection, they present an “investment opportunity” or request crypto or money to pay for a made-up expense, such as medical bills.

10 types of crypto scams

There are many types of scams to watch out for, and unfortunately, as investors get savvier, the cons evolve and become trickier to spot. To protect yourself, always know where your money is going, understand the crypto advertising rules in Canada, and only use trusted and compliant crypto trading service providers. (As a starting point, see MoneySense’s picks for the top crypto platforms in Canada, all of which securities regulators have approved to do business in this country.) An exhaustive list of crypto scams is likely impossible, but to protect yourself, here are 10 to watch out for.

1. Pump-and-dump, or rug pull

In a “pump and dump” or “rug pull” scheme, promoters of a cryptocurrency hype it up to boost demand, and when the price soars, they sell all their coins for a quick profit. Because they sell in large volumes, other investors get nervous and sell their coins, too. As panic sets in and the selling spreads, the coin’s value plunges. The promoters get rich and small investors are left “holding the bag,” faced with huge losses.

A notorious example of an alleged crypto pump-and-dump scheme is a coin called Squid Game. Launched in October 2021, it rode the popularity of the Netflix series of the same name—despite having no affiliation. Less than two weeks later, Squid Game’s crypto developers suddenly sold their holdings when the coin’s price hit $2,800, making themselves $3.3 million richer (all figures in U.S. currency). Today, one Squid coin is worth about a tenth of a penny.

The pump-and-dump scam is not unique to crypto, of course. It’s what high-flying stockbroker Jordan Belfort—the subject of the Hollywood film The Wolf of Wall Street, starring Leonardo DiCaprio—engaged in during the 1990s. His firm was accused of artificially inflating the price of penny stocks before selling their shares to make lots of fast money—costing investors up to $200 million. In the early 2000s, Belfort served 22 months in federal prison for securities fraud. He’s now marketing himself as an investment guru.

2. Giveaway scam, or 2-for-1 scam

In a giveaway scam, someone asks you to send cryptocurrency to their wallet address, with the promise of sending you double the amount. “Send me 1 token, I’ll send you 2 in return” is a typical overture.

This type of scam is especially effective during crypto bull markets when investors may be experiencing FOMO and the prospect of free crypto may seem too tempting to pass up.

3. Phishing scams

Phishing scams use phony communication through channels like email or social media to trick people into sharing confidential information like credit card numbers and PINs. It’s called “phishing” because scammers try to bait people into clicking a link that will take them to fraudulent websites—for example, an imitation of a bank or crypto exchange site. 

Once the target has taken the bait, the scammers get in touch by email or other means and ask them to share or enter their data using various pretexts, such as a software upgrade or a limited-time special offer. The scammers then use it to hack into the victim’s exchange accounts and wallets. 

4. Airdrop scam

Airdrop scams are a type of giveaway scam. In a typical airdrop, coin marketers give away assets like new crypto coins and non-fungible tokens (NFTs) in an effort to promote a project. To qualify, users may have to complete tasks like resharing social posts or creating an account. Once received, these assets need to be “claimed” in order to be sold.

For this, scammers may use airdrops as a ruse to lure people to a fraudulent website in the hope of collecting sensitive information, like the private keys to their crypto wallet. It’s much like those email scams that ask you to tap a link to sign into a bank account to receive a refund or wired money—same strategy, different currency.

Also be wary of initial coin offerings (ICOs), in which a crypto promoter solicits investments in a new cryptocurrency. Most ICOs are scams. Some red flags to watch for: little or no information about the team launching the coin, no whitepaper or other foundational document (but note that these can also be faked) and fake celebrity endorsements. Recently, several ICO scams, created using AI-generated images and fake social media accounts, tried to exploit public excitement around the 2024 Olympic Games.

5. Service provider support scams

Support scams are an internet-wide problem, and crypto is no exception. Con artists pretend to be representatives of crypto companies to trick their targets into parting with their money or revealing private information, such as passwords to their crypto exchange accounts or the private keys to their crypto wallets. With this information, they could rob you of your investments.

Scammers impersonate the staff of crypto services—such as decentralized apps (dApps), wallets and exchanges—on community platforms and messaging apps such as Discord or Telegram. They create authentic-looking accounts to gain the trust of unsuspecting investors, asking for passwords, private keys or remote access to their devices. Then they transfer the victim’s assets to their own accounts.

Genuine service providers will not communicate through unofficial channels like unverified social media accounts or personal email addresses, nor will they ask for your passwords or private keys.

Beware the risks of crypto investing

In addition to protecting yourself from scams, remember this: Cryptocurrency investing can be profitable, but prices are also highly volatile. Before you buy or stake any digital coin, consider whether it fits your investment plan, risk profile and long-term goals. Always do your own research, and carefully review service providers’ user agreements and risk disclosures before you click “buy.”