3 Common Crypto Scams And How to Avoid Them

Nothing hinders web3 adoption as much as the fear of getting scammed. Many are interested in the communities, values and products web3 offers, but believe it’s just a matter of time until they lose their assets. 

We’d love to say it’s all wrong, but the space is full of scammers. No matter where you go or what you do, there’s a bad actor trying to extract your money. 

You might read crypto news sites or follow Twitter accounts to stay on top of the latest scams, but it’s exhausting to keep up. And even if you manage to keep up, knowing about all the scams out there can make every smart contract interaction seem like a gamble.

And while you can use Fire to double-check if you should really sign that transaction, you can also learn to spot scams from a far. 

In this article, you’ll find out about 3 indicators that all but guarantee bad actors are around the corner. That way, you can become aware of scams before you even see them. 

Before we get into the list, let’s dive into why scams work so often—even when people know better.

‍What Scammers Take Advantage of

Scams happen to everyone—from the smallest holder to the biggest whale, from anonymous Twitter accounts to tech celebrities. So it’s not about experience or intelligence. In fact, when people get scammed, it’s often not because they don’t know better, but because their judgment lapsed.

Look at the tweets in the image below. All of these are professionals who know what they’re doing, not gullible newbies. If they can get scammed, it can happen to all of us.

Scammers deliberately create or take advantage of circumstances when your judgment is most likely to lapse. 

The most common of those situations are when you feel fear or greed. When you see your friends multiplying their money on a trade or watch an NFT collection’s price skyrocket, it’s natural to feel FOMO or be attracted by the opportunity for quick money. 

In those situations, people often want something to be true, so they look past red flags and hastily approve any transaction. While a transaction simulator like Fire helps, it’s best to avoid those dangerous situations altogether. 

Let’s dive into the indicators that scammers are right around the corner:

1. NFT Collection Takes Off

The floor price of NFT collections can multiply in a matter of weeks or even days. Getting in early can mean booking a nice profit. And it’s human nature to want to profit when you see others make money. 

But scammers take advantage of this desire a few different ways:

Fake Mints

Scammers often set up fake minting sites that look like the original minting site and have a similar URL. 

Because this scam is based on FOMO, scammers often impersonate the real creator by using language that makes this seem like a limited opportunity:

• “Minting the last 500 tokens now!”
• “Surprise mint—another 1000 NFTs now!”

Look at this scam tweet:

Jenkins The Valet is a real, trustworthy and sold out NFT project. But the scammers used similar-looking Twitter handles and domain names to entice people to click. Looking at it objectively, the “ee” in the domain is a giveaway that this is a scam. 

That’s why scammers try to override your defenses: By saying there’s a free, limited sale and that 213 of 300 NFTs are gone already, they trigger their victims’ greed and FOMO responses. That makes them less skeptical and makes it more likely they’ll look past the spelling mistake in the domain.

If you clicked on the site and connected your wallet, you’d see a “mint” or “claim” button and see a transaction in your wallet.

On an authentic site, the transaction would do the following: 

1. Pay some gas to send the transaction to the network
2. Mint an NFT from the collection to your wallet

For a free mint, there would be exactly two elements to the transaction: What you get and a gas fee. In a Fire simulation, this is what it would look like:

But this doesn’t happen on scam sites. Even when the button says “mint”, the transaction it requests might be different. 

Instead, it often asks for token approvals. A token approval means giving a smart contract the ability to transfer your assets. While legitimate marketplaces use approvals to complete trades they facilitate, scammers use them to transfer your assets to themselves. 

Take this example from a recent scam where Azuki’s social handles were exploited: As soon as you connected your wallet, the site asked for WETH approvals: 

This is an obvious scam for two main reasons: 

1. Nothing enters your wallet. If you were minting an NFT, you should be receiving one. 
2. A mint doesn’t require token approvals. It would only send the price in ETH to the contract. 

This type of scam takes a lot of effort. You need to build a website, establish social handles, build a following and more. Some scammers try to exploit the momentum of trending NFT collections another way:

Copycat Collections

A copycat collection is a much simpler scam. A scammer simply gives a collection the same name as the trending one they hope to impersonate. Then they download the artwork and upload it as the collection. 

After minting the NFTs, they list the items on an NFT marketplace like OpenSea. The motive is the same: Scammers hope you want to buy into the collection so badly, you’ll rush the decision without double-checking and buy from their collection—not from the real one.. 

This means you might buy an inauthentic NFT. A fake NFT doesn’t let you access any utility, has no resale value and wouldn’t unlock private communities. 

But while token approvals can drain your wallet, copycat collections usually just cost you the price of purchase. 

To protect you, most marketplaces now have verification programs—so you can look for the checkmark: 

An OpenSea collection search showing the real BEANZ NFT collection and fake NFT collections to avoid.

This is easy to spot for bigger collections. But if you’re trading collections that started trading very recently, marketplaces may not have verified the authentic collection yet, so always verify you’re buying from the authentic collection.

How to spot this scam and protect yourself

To stay safe, always:

• Use Fire to simulate transactions and alert you when a transaction would give approvals you don’t want it to have
• Verify the source—whether you found the link on Twitter or Discord, always make sure the link came from an official source.
• Don’t trust blue Twitter checkmarks, anyone can buy them now!
• Remember that almost no established artist or collection has ever done a surprise mint of a sold-out collection

‍

2. The Fake Airdrop

Whenever a new crypto protocol or app becomes popular, the community starts to speculate whether the company will launch a token to reward its early users. Popular targets of this have included MetaMask, Gem (now OpenSea Pro) and many others. 

As these rumors spread, the community gets excited about the potential for a free token claim. Bad actors love this situation and abuse it by “confirming” the rumor and linking to websites to claim your tokens or sign up for an airdrop. 

Unless it’s announced on official company channels, this token doesn’t exist. MetaMask has denied multiple rumors about it launching an official token.

The scammer’s playbook here is the same as with the NFT collection: They hope you get so excited for free tokens that you’ll approve anything. 

But instead of a free token entering your wallet, you’ll approve the contract to move your tokens—which means they’ll most likely end up in the scammer’s hands.

How to spot this scam and protect yourself

• Not sure if we mentioned this before, but you should use Fire to simulate transactions and understand what you’re signing.
• Always make sure you’re on the official URL. It’s easy for scammers to buy similar-looking domains. If a legitimate company uses a .com address, scammers might buy the same name followed by .co.
• Cross-reference the company’s social media accounts for airdrop/token announcements. If only one account is announcing the token, it might be compromised.

3. The Fake Claim for Real Airdrops

A variation of this scam happens when a token was announced, but isn’t live yet. This has happened numerous times and is one of the easiest scams to fall for. Because the token is announced, victims will question one less thing.

All the scammers need to do is lure people to their website—instead of the official one. 

Take Myria, for example: Myria is a real web3 gaming protocol that has a real token. Yet a scam announcement of its token got significantly more views than the official post!

By using a link-in-bio-tool, the scammers concealed their intentions even more. It’s only when you clicked through to the website via the bio.link link that you saw the scammers had exchanged the “i” with the similar-looking “j”.

As always, the playbook is the same: Scammers hope you’ll connect your wallet and let your greed override your best instincts and give them your token approvals.

How to spot this scam and protect yourself

• Only click on links from official channels. 
• Make sure you’re on the official domain.
• Use. Fire. To. Simulate. Transactions. Before. You. Approve. Them.