5 Cryptocurrency Scams Investors Must Be Aware of in 2025

Scam 1: Advanced phishing attacks

Advanced phishing attacks now focus on crypto wallets and exchange accounts, employing deft strategies that exploit user trust to steal private keys or login details.

To execute advanced phishing attacks, criminals create counterfeit websites that imitate legitimate platforms. They disseminate misleading emails pretending to be trusted entities or employ social engineering techniques to trick victims into revealing sensitive information. Some impersonate support personnel or craft cloned interfaces to gather data.

Attackers may utilize sophisticated methods for these phishing schemes:

• Wallet drainers: These malicious programs or scripts are used in phishing attempts. Once a victim connects their wallet to a fraudulent site and approves a malicious transaction or grants token permissions, the attacker can swiftly transfer funds out of the wallet.

• Quishing: Fraudsters deploy malicious QR codes in emails, text messages, or on public surfaces. When scanned, these codes redirect users to phishing sites or initiate harmful downloads that compromise personal or financial information.

• Spear phishing: This method specifically targets certain individuals or organizations. Scammers create tailored messages, often employing urgent phrases like “Immediate Action Required.” The intent is to instill a sense of urgency, pushing victims to make hasty, costly decisions.

In August 2025, Zak Cole, a core Ethereum developer, found his crypto wallet drained after a malicious Cursor extension compromised his private key. Earlier that year, in May 2025, an elderly US citizen fell prey to a $330-million Bitcoin (BTC) heist, where the attacker utilized advanced social engineering to access the victim’s wallet.

Did you know? The earliest documented Bitcoin scam dates back to 2011, when a Ponzi scheme named “Bitcoin Savings & Trust” promised investors a 7% weekly return, ultimately defrauding them of over 700,000 BTC.

Scam 2: Rug pulls

Scammers frequently leverage the excitement surrounding decentralized finance (DeFi) platforms and non-fungible token (NFT) projects to trick investors. A prevalent tactic is the rug pull, where developers abruptly withdraw liquidity and disappear with investors’ funds.

These schemes often imitate genuine ventures, promising exceptional returns or exclusive digital assets, but ultimately divert funds from unsuspecting users. Many are inflated projects relying on social media hype without substantiating value. Others are cloned platforms mimicking trusted DeFi or NFT sites to deceive users into depositing assets.

Indicators of rug pulls include unrealistic claims of high returns with minimal risk, lack of transparent audits or public code, and anonymous teams unwilling to divulge their identities or qualifications.

Since the start of 2025, rug pulls have resulted in nearly $6 billion in losses throughout the Web3 ecosystem. In comparison, total losses from rug pulls were only around $90 million in early 2024.

A notable example is the LIBRA token on the Solana network. After Argentine President Javier Milei mentioned the token on X, its market value skyrocketed to $4.56 billion. However, post-deletion of the post, the token’s value plummeted by over 94%, sparking allegations of a rug pull.

Scam 3: Impersonation

Impersonation—often via social media—poses a significant risk to the crypto ecosystem, eroding trust and resulting in substantial losses. Scammers frequently masquerade as trusted influencers, developers, or support staff on platforms like X.

In impersonation scams, fraudsters infiltrate discussions or create counterfeit profiles to exploit users seeking quick profits. They often conduct fake giveaways, offering doubled returns in exchange for minor “verification” deposits. Scammers may also run impersonation accounts copying celebrities or send direct messages as faux exchange support to gain wallet access or hasten fund transfers.

Warning signs include accounts with slight misspellings (e.g., “@ElonMuusk”), unverified profiles lacking verification badges, and any requests for direct crypto transfers, as legitimate entities never solicit these.

In 2024, crypto scams inflicted $9.9 billion in losses globally, with impersonation contributing to a fourfold increase, according to the Federal Trade Commission. In Hong Kong, scammers impersonated Chief Executive John Lee through a bogus X account and a deepfake video promoting a supposedly government-backed digital currency.

Did you know? Even as blockchain security enhances, scams continue to evolve. In 2024-25, scammers transitioned from hacking smart contracts to manipulating human behavior. By 2025-26, their tactics had developed even further.

Scam 4: AI-powered deepfake scams

AI-powered deepfake scams have emerged as a significant threat, utilizing advanced technology to mislead users and seize assets. Criminals now exploit artificial intelligence to generate highly realistic videos or voice clones of notable executives, influencers, and celebrities.

Derived from publicly available material such as interviews, podcasts, and YouTube content, AI-driven deepfakes are incredibly convincing. They can easily deceive even the most cautious users.

In August 2024, The New York Times characterized a deepfake impersonating Elon Musk as “the internet’s biggest scammer.” One victim, 82-year-old retiree Steve Beauchamp, was so convinced by the video that he invested his entire retirement savings of $690,000 over several weeks. The funds vanished without a trace, and many others have fallen victim to similar scams.

Quantum AI was an allegedly fraudulent online investment scheme that falsely claimed to leverage AI and quantum computing to yield high returns for investors. The scammers reportedly manipulated their website to show fabricated trading results and used deepfake videos to market the scheme.

Deepfakes blur the distinction between authentic and fraudulent communication. They exploit trust, urgency, and FOMO (fear of missing out), presenting a serious risk.

Did you know? Crypto romance scams surged during the pandemic and continue into 2025. Scammers cultivate trust on dating platforms before introducing fake “investment opportunities,” ultimately leading victims to send their life savings.

Scam 5: Crypto support

Fake crypto support scams are an escalating threat, targeting users with deceitful offers of assistance to siphon money or sensitive information. Fraudsters commonly pose as customer support agents from trusted exchanges or wallet services.

Scammers impersonating customer support representatives contact victims via social media platforms like X and Telegram or through counterfeit websites that closely resemble official domains. By extending seemingly legitimate assistance, they manipulate user trust.

These criminals often distribute phishing links disguised as support portals, promote “wallet recovery” services that solicit private keys or seed phrases, or offer bogus refunds designed to deplete accounts. Such tactics exploit users already grappling with technical issues or seeking swift solutions.

A notorious crypto support scam arose following the Coinbase data breach in May 2025, where leaked personal information—including names, addresses, ID images, and banking details—was allegedly exploited. Criminals posing as Coinbase support reached out to victims, urging them to share security codes, two-factor authentication (2FA) details, or transfer assets to fraudulent wallets.