security

How to Spot and Stop Crypto Scams

By SimpleSwap | SimpleSwap Blog | 2 hours ago

A practical crypto scam guide to the cons targeting crypto users right now, and the steps that actually keep your funds safe.

What's happening

In June 2026, Microsoft flagged a new clipboard hijacking malware it detected as CryptoBandits. It hides on USB drives disguised as everyday documents, and once it runs, it checks your clipboard about twice a second. The moment you copy a wallet address, it replaces it with one the attacker controls, so your funds go to them while your screen still shows what you expect. This trick has a name, crypto clipboard hijacking, and it is one of the fastest-growing threats this year.

The same malware can lift your seed phrases and private keys, then take screenshots of your wallet to map out what you hold. Two habits shut it down: never plug in a USB stick you don't trust, and always check where your funds are going before you hit send.

Crypto scams are at record levels, and more of them now aim at you directly instead of the platforms you use. Most break no code at all; they borrow the trust you already have in familiar tools and get you to approve the loss yourself. To put a number on it, US victims reported more than $11 billion lost to crypto fraud in 2025, and the schemes below are how much of it begins. The good news is that the final move is always yours, so a few habits put most of these cons out of reach. Treat this crypto scam guide as a field manual: spot the pattern, then act on the checklist below.

The scams you'll actually run into

Recognizing each one on sight is half the battle. These are the ones you are most likely to meet.

The "secret bonus" or "hidden loophole." A message or file claims you can unlock a bonus or a bigger discount on a popular service by exploiting a flaw nobody is supposed to know about. To claim it, you are told to install a browser extension and run a short script. These fake crypto extensions usually pose as a price tracker or a discount unlocker, and they pass every casual look before they go to work. Once active, the extension silently swaps the deposit address on the real site, so your money goes to the scammer while everything on screen still looks normal. The bait works because it makes you feel clever, not because the service is being generous. There is no hidden bonus, only code waiting to redirect your funds.

Pig butchering and other investment scams. A stranger builds a friendly relationship over days or weeks, often through a dating app or a chat, then points you to a slick platform showing fake profits. The name is grim for a reason: a pig butchering scam fattens you up with attention and a few small wins before the slaughter. You "invest" and watch the numbers climb, only to find you cannot withdraw a cent. Pig butchering scams have become one of the largest sources of crypto losses, and like most of this list, the pig butchering crypto scam runs on patience rather than hacking. The fix is unglamorous: nobody you met online should be steering where your money goes.

Fake support and "compensation" forms. After a breach or an outage makes the news, fake "support" accounts and bogus "compensation" forms appear everywhere, asking for your wallet details or seed phrase. Real support never slides into your DMs to fix a problem you never reported. The tell is who reaches out first: a genuine team waits for you to open a ticket, while a fake agent appears uninvited and rushes you toward a form or a wallet connection.

Search results that lead to fake sites. Scammers buy ads and game search rankings so a cloned version of a popular wallet or exchange sits right at the top of your results. You click what looks like the official link and land on a pixel-perfect copy, where any seed phrase or wallet connection you hand over goes straight to them. Even if the web address can look almost right, with a swapped letter or an extra word, you would never notice it at a glance. The fake can match the real thing down to the logo, which is why the safest move is to never reach a crypto service through a search result.

Fake airdrops and approval phishing. A fake crypto airdrop dangles a free token drop and asks you to connect your wallet and sign. That signature is not a claim; it is a token approval that lets the attacker move your funds later. This is what approval phishing means: you are tricked into granting permission to spend rather than handing over a password. The prompts are hard to read, so people approve without seeing what they actually agreed to, and the wallet looks untouched until the allowance is used.

Address poisoning. The attacker sends you a tiny transaction from an address that looks almost identical to one you use. Later, you copy the wrong one from your history and send it straight to them. If the money vanishes this way, you might search "crypto wallet hacked" in a panic, yet nothing was broken into: you simply copied a lookalike. Checking the full address, not only the first and last characters, shuts this down.

What to do about it

Most of these schemes fall apart against the same short checklist of crypto security best practices. Build these habits into how you move funds, and you take away the exact moment scammers depend on. If you remember only one thing about protecting crypto from scams, make it this: slow down before you send.

Start with a baseline layer

Before any habit, give yourself an automatic net that catches the obvious threats so you only have to think about the rest.

  • Run a reputable antivirus and keep it switched on. It is your first line of defence against malware and rogue scripts that sit behind many of these scams, including the clipboard hijacker that started this guide.
  • Use a tool that blocks malicious and phishing sites before they load. Many major VPNs now bundle this kind of web protection, including NordVPN, Surfshark, Proton VPN, and ExpressVPN, so known-dangerous domains are filtered out before you ever reach them.

Verify before every send

  • Open the deposit address only inside the official app or site you are using, never from a link or a screenshot someone sent you.
  • Check the full address, not just the start and end, and confirm you are on the right network before sending.
  • If you use a hardware wallet, confirm the address and amount on the device's screen, since malware cannot change what the device displays.
  • After you paste an address, read it again right before you confirm, because clipboard-hijacking malware swaps at the last second.

Never do these

  • Do not install a browser extension or run a script because a file or a stranger told you to.
  • Do not chase any "loophole" or "secret exploit" that promises free value. The feeling of getting one over on a service is exactly the hook.
  • Never share your seed phrase or private keys with anyone, for any reason. No real service will ever ask for them.

Lock down your setup

  • Bookmark the official sites you use and reach them through the bookmark, not through search ads or links in messages.
  • Switch off autorun for removable drives, and be wary of opening files from a USB stick you don't fully trust, since a document that is actually a disguised shortcut is a common way for clipboard-swapping malware to sneak onto a machine.
  • Keep long-term holdings in a hardware wallet, such as our partner Cypherock, so your keys stay offline and every send is confirmed on a device an attacker cannot reach.

If you think you have been targeted or hit

  • Stop sending anything, and disconnect the suspicious extension or close the tab right away.
  • If you have signed or sent anything, move your remaining funds to a fresh wallet on a clean device you trust.
  • Report it to support, so the platform can warn others and help where they can.
  • Take crypto scam reporting seriously beyond the platform: filing with your national fraud body, such as the FBI's IC3 in the US, creates a record that can help investigators trace stolen funds.

Crypto scam guide bottom line

Scammers count on a fast, confident click. The simplest defense is to slow down and verify everything inside the official app before you act on any shortcut that looks too good. If anything seems suspicious, report it to our support team through any official channel so we can flag it for everyone.

This article was written by SimpleSwap — a self-custodial multi-source swap aggregator. 2,800+ assets, 20+ liquidity providers across CEX and DEX sources, 20M+ swaps since 2018. Wallet-to-wallet by design, with routing handled under the hood.

The information in this article is not a piece of financial advice or any other advice of any kind. The reader should be aware of the risks involved in trading cryptocurrencies and make their own informed decisions. SimpleSwap is not responsible for any losses incurred due to such risks.

Cryptocurrency security tokens

How do you rate this article?

2
SimpleSwap
SimpleSwap Verified Member

SimpleSwap is a self-custodial multi-source swap aggregator that helps users exchange crypto wallet-to-wallet with more privacy and control. It supports swaps across 20+ liquidity providers and 2,800+ assets, combining CEX and DEX liquidity under the hood

SimpleSwap Blog
SimpleSwap Blog

SimpleSwap is a self-custodial multi-source swap aggregator that helps users exchange crypto with more privacy and control, without comparing providers and routes themselves. It supports direct wallet-to-wallet swaps across 20+ liquidity providers and 2,800+ swappable assets, combining liquidity from well-known CEX and DEX sources under the hood.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
BingX Debuts Ultra TradingView, Elevating Institutional-Grade Trading Experience for Professional Traders BingX Debuts Ultra TradingView, Elevating Institutional-Grade Trading Experience for Professional Traders
Blockman PR

Blockman PR

7 hours ago
1 minute read

MEXC Adds Nine Ondo Tokenized Stocks Covering AI, Semiconductors, and Optical Communications MEXC Adds Nine Ondo Tokenized Stocks Covering AI, Semiconductors, and Optical Communications
Blockman PR

Blockman PR

6 hours ago
1 minute read

What Happens To Your Digital Life After You Die? What Happens To Your Digital Life After You Die?
Chriss Gkesios

Chriss Gkesios

20 hours ago
3 minute read