Friday, June 26, 2026 · BTC block —
Ledgerwise
Advertise
MarketsDaily BriefToolsLearnAbout Advertise with us
Live
BTC $59,634.00 +0.26% ETH $1,570.39 +0.58% USDT $0.9986 +0.03% BNB $564.72 +1.55% USDC $0.9998 +0.02% XRP $1.04 +0.76% SOL $71.80 +8.26% TRX $0.3196 -1.19% FIGR_HELOC $1.01 -2.90% HYPE $63.33 +0.59% DOGE $0.0753 +2.02% RAIN $0.0157 -0.63% USDS $0.9995 +0.00% LEO $9.30 -0.55% BTC $59,634.00 +0.26% ETH $1,570.39 +0.58% USDT $0.9986 +0.03% BNB $564.72 +1.55% USDC $0.9998 +0.02% XRP $1.04 +0.76% SOL $71.80 +8.26% TRX $0.3196 -1.19% FIGR_HELOC $1.01 -2.90% HYPE $63.33 +0.59% DOGE $0.0753 +2.02% RAIN $0.0157 -0.63% USDS $0.9995 +0.00% LEO $9.30 -0.55%
Security

Avoiding Crypto Scams: Rug Pulls, Phishing & Honeypots

The most common ways people lose crypto to fraud — and a practical playbook to protect yourself from each one.

Ledgerwise Research··3 min read

Crypto's openness is its superpower and its weakness. The same permissionless rails that let anyone build also let anyone scam. The good news: the vast majority of crypto fraud follows a handful of predictable patterns. Learn them once and you'll dodge most of it.

Phishing and fake sites

The single most common way people lose funds isn't a sophisticated hack — it's being tricked into giving access away.

  • Fake websites clone a real exchange or wallet pixel-for-pixel, often promoted through ads or search results. You log in, and your credentials (or seed phrase) go straight to the attacker.
  • Seed-phrase theft. No legitimate service will ever ask for your 12/24-word recovery phrase. Anyone who does is stealing from you. Full stop.
  • Impersonation. Fake "support staff" in Telegram, Discord, or X DMs reach out offering help, then walk you into a drain. Real support never DMs first and never asks for keys.

Defense: bookmark official sites, never type your seed phrase into anything, and treat every unsolicited DM as hostile.

Rug pulls

A rug pull is when a project's creators raise money or attract liquidity, then disappear with it. Common forms:

  • Liquidity rug: developers pull the liquidity backing a token, leaving holders unable to sell.
  • Slow rug: the team quietly dumps their allocation over time while hyping the project.
  • Fake team / fake roadmap: an entire project built purely to attract deposits.

Red flags: anonymous teams with no track record, tokenomics where insiders hold a huge share, "guaranteed" returns, frantic urgency, and liquidity that isn't locked.

Honeypots

A honeypot is a malicious token you can buy but not sell — the contract is rigged to block selling for everyone except the creator. The chart looks like it only goes up, which is exactly the bait.

Defense: before buying an obscure token, check whether others can actually sell it. Token-safety scanners and contract checks exist for this; if you can't verify it, don't buy it.

Pump-and-dumps

A coordinated group hypes a low-liquidity coin to inflate the price, then dumps on the people who FOMO in. By the time you hear about a "guaranteed 100x," you're usually the exit liquidity. Social-media hype and paid influencer shills are the engine here.

"Too good to be true" yields and giveaways

  • Fake giveaways: "send 1 ETH, get 2 back" — a scam as old as crypto itself. No one doubles your money for free.
  • Ponzi yields: unsustainable fixed returns ("1% daily!") paid from new deposits until the whole thing collapses.
  • Romance / "pig butchering" scams: a stranger builds trust over weeks, then steers you to a fake investment platform showing fake profits.

The unifying rule: if the return seems impossibly good, you are the product. Real yield comes from a real source you can name. If you can't, walk away.

Approval and signature drains

In DeFi, interacting with apps means granting token approvals and signing messages. Malicious sites trick you into:

  • Approving unlimited spending of your tokens to an attacker's contract.
  • Signing a transaction that transfers ownership of assets.

Defense: read what you're signing, grant minimal approvals, and periodically revoke unused approvals with a token-approval tool.

Your anti-scam checklist

  1. Never share your seed phrase — with anyone, for any reason.
  2. Bookmark real sites; ignore ads and unsolicited links.
  3. Verify before you trust — teams, contracts, and "support."
  4. Assume DMs are scams until proven otherwise.
  5. Use a hardware wallet for serious funds — see wallets explained.
  6. Revoke stale token approvals regularly.
  7. Slow down. Urgency is the scammer's favorite weapon. Real opportunities survive a night's sleep.

The bottom line

You don't need to be a security expert to stay safe — you need a few firm rules and the discipline to follow them when you're excited or rushed. Protect your keys, distrust unsolicited contact, and remember that impossibly good returns are the oldest trap in the book.

Educational content only — not financial advice.

Keep reading

Basics

What Is Bitcoin? A Complete Beginner's Guide

How the first cryptocurrency works, why it was created, and what gives it value — explained from first principles, no jargon.

4 min readRead
Security

Crypto Wallets Explained: Hot vs Cold, and How to Stay Safe

What a crypto wallet really stores, the difference between hot and cold wallets, and a practical checklist to keep your funds safe.

3 min readRead
Basics

What Is Ethereum? Smart Contracts and the World Computer

Ethereum is more than a coin — it's a programmable blockchain that powers DeFi, NFTs, and stablecoins. Here's how it works.

3 min readRead