Cryptocurrencies can be complicated: they're confusing to new users and basically unregulated in Australia, all of which makes them an ideal playing ground for scammers. But with a little bit of know-how and a heads up to common tricks, you can protect yourself against cryptocurrency scams, including those involving Bitcoin.
This is not an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade or use any services.
11 common crypto scams to keep an eye out for
1. Phishing
The first scam on the list is one that you may well be familiar with already, as it's also been widely used to target customers from major banks.
Known as "phishing," this type of scam occurs when you receive an unsolicited email that looks as if it's from your bank — or, in this case, from your crypto exchange or wallet provider. This email contains a link that takes you to a site that looks almost identical to the exchange or wallet you usually use, but is actually a scam site.
Once you enter your account details on this unofficial page, the scammers have everything they need to log in to your real account and steal your funds.
How to avoid phishing scams:
Always double-check URLs to make sure you're visiting the genuine website.
Don't click on suspicious links that are emailed to you.
Never disclose your private key.
Expert insight
"Never share your private keys or seed phrase and keep our crypto wallet safe, ignore and delete random direct messages or urgent requests, download crypto mobile apps from official sites, use multi-factor authentication, do your own research and do not get swayed easily by 'experts' and more importantly, never act on your irrational exuberance of greed!"
Jeremy Cheah
Associate professor of decentralised finance, Nottingham Trent University
2. Fake exchanges and wallets
In a similar vein to phishing scams, keep an eye out for fake Bitcoin exchanges. They might walk and talk like a reputable exchange, but they're merely a front to separate consumers from their hard-earned cash.
Some will entice users with promotional offers that sound too good to be true. Others pressure users into creating an account and depositing funds, perhaps even offering "bonuses" to those who deposit larger amounts. But once they have your money these platforms might charge ridiculously high fees, make it very difficult to withdraw funds or simply steal your deposit altogether.
Other scammers have turned their attention to creating quite sophisticated fake wallet apps that, once downloaded to a user's smartphone, can be used to steal critical account details. These apps have even made it into official, legitimate app stores like Google Play, so it pays to do your research before downloading anything to your phone.
Google Play scam
In April 2024, Google sued two Chinese nationals in New York federal court, accusing them of misusing its Google Play app store to scam thousands of users out of their money through cryptocurrency investment apps. Google said the alleged fraudsters Yunfeng Sun and Hongnam Cheung engaged in a "social engineering" scheme to lure victims to their apps through text messages and What's App.
Thoroughly research any exchange or wallet before creating an account — who is the team behind the exchange or wallet? Where is the company registered? Are there reliable reviews from other users confirming its legitimacy?
Don't let yourself be pressured into depositing funds or providing any personal information.
Don't just randomly pick a wallet from the app store — only download apps and software from legitimate wallet providers and exchanges.
An exchange with KYC is more secure because it is less susceptible to hacks, data breaches, fraud and criminal activities. It increases customer confidence and trust because it complies with anti-money laundering legislations and ensures market stability because it reduces the risk of scams.
Cryptos may be based on new technology, but there are still plenty of scammers using old tricks to con unwitting consumers.
The classic example of this is an unsolicited phone call or email from someone claiming to be with the ATO. This fictional tax man will try to convince you that you owe the ATO money and you'll be facing legal action if you don't transfer them a certain amount of crypto as soon as possible. Or, they call you to let you know they've intercepted a scam attempt and they want to "help" you recover your account.
The tried-and-tested "Nigerian prince" scam has also migrated into the world of cryptocurrency. So if you're contacted out of the blue by someone overseas promising you a share in a large sum of digital currency if you help them transfer funds out of their own country, use your common sense and recognise it for the scam it is.
How to avoid old-school scams:
Use your common sense.
Don't trust unsolicited emails or phone calls.
Never give personal details to an incoming call – look up their phone number and call them back.
Someone called claiming to be from Coinspot. It looked like he was calling from a Victorian residential phone number, which was my first red flag. He said there was unusual activity on my account from Singapore, and asked if I was trying to change my email – I said no and asked him to close the account. He said he did, without asking me any questions to confirm my identity, which was another red flag. A week later, I received a text saying: 'Your log-in code is 652337. Please do not share this code. If this was not you, please give us a call on +61370344765'. I blocked the numbers and did not ring it as it's very obvious this is a scam and I'm sure they'll want my personal details to access the account. Beware!
Seduced by the astronomical price rises Bitcoin has experienced since its inception, many everyday consumers venture into the world of cryptocurrency looking for the next big thing. After all, if "the next Bitcoin" ever actually arrives, getting in at the ground floor could see early-adopters earn a fortune.
And if you want to get in on the ground floor, the easiest option for the average person is to buy coins or tokens in an ICO. There's a huge appetite for new digital currencies — in the first half of 2018 alone, ICOs raised a total of US$11.69 billion — and with many new buyers having limited knowledge of how the crypto industry works, it's the perfect breeding ground for scammers.
FLiK and CoinSpark
In April 2024, the Securities and Exchange Commission (SEC) obtained a final judgment against defendants Ryan Felton, FLiK, and CoinSpark, whom the SEC had previously charged for their involvement in two fraudulent initial coin offerings (ICOs). The complaint alleged Felton misappropriated funds to purchase a home and a Ferrari, instead of building the digital asset trading platform he was meant to create.
This has led to the rise of fake ICOs which, with some slick marketing and a little bit of hype, can convince people to buy a cryptocurrency that doesn't actually exist. Bottom line: if you're dreaming of getting rich quick from a crypto ICO, be aware that for every ICO success story there are many, many more failures, even if the project isn't a scam.
How to avoid fraudulent ICOs:
Thoroughly research any ICO before buying in. Look at the team behind the project, its white paper, the purpose of the currency, the tech behind it and the specifics of the token sale.
5. Bitcoin blackmail scams
Similar to how scammers will sometimes pretend to represent the tax office in the hope of coercing victims out of money, they'll also pretend to be hackers with some kind of incriminating evidence.
One common variation of this scam arrives in the form of an unsolicited email, where the sender claims to be a hacker who has accessed your PC. They will say they've found some kind of incriminating evidence, or taken over your webcam to capture footage of you doing something embarrassing or which you'd rather other people didn't know about. The emails promise to send the incriminating evidence to all of your email or social media contacts unless you send some Bitcoin to the blackmailer, and will typically include instructions on how to purchase Bitcoin and where to send it.
Naturally, it's all a lie. The phony blackmailers don't have any evidence and nothing will happen regardless of whether or not you make a payment. This scam is purely a numbers game, where the perpetrators hope that by sending out enough emails they'll scare enough people into sending them some Bitcoin.
How to avoid Bitcoin blackmail scams
Search online to see if other people are saying they've received the same email
Don't believe the scammers
Consider using VPNs to browse more privately, for additional peace of mind against this type of scam
6. Impersonation giveaway scams
One type of scam that's common to many large sites and social media platforms is a celebrity impersonation giveaway scam. Here, the scammers will impersonate a celebrity or other notable person and announce that they're giving away a lot of cryptocurrency for free, as long as you send them some cryptocurrency first.
The scammers will often promise to send back double what you send them. Although especially prominent on Twitter, this scam has also appeared on platforms including YouTube, where scammers will impersonate a celebrity in a video or livestream.
This scam is all about quickly rushing victims into a bad decision by making them think they're missing out. A typical giveaway scam always specifies a total amount of cryptocurrency, such as "5,000 ETH giveaway" and then uses an army of bots and fake accounts to make it look like people are actually receiving money.
After seeing all the apparently free money being given away, victims race to send money to the scammers before they have time to think it over.
On Twitter, the fake giveaway bots will often have a blue "verified" check mark, but this does not mean anything. The scammers obtain this by taking over verified accounts and then changing the names. Similarly, scams will often have thousands of likes, views, retweets or other types of social proof. Those are just from bots, and don't mean anything either.
Although there are some ways to get free crypto, it's only possible to get small amounts and there's often some kind of catch.
How to avoid impersonation giveaway scams
Assume that anytime a celebrity is offering to give away free cryptocurrency on social media, it's a scam
Double check the user name of the suspected scam account, and compare that to the username of the celebrity's real account
Check the provided cryptocurrency address using a blockchain explorer. You can see how much money the scam is making and whether or not it's actually sending any money out
7. Ponzi or pyramid schemes
A Ponzi scheme is a simple but alarmingly effective scam that lures in new investors with the promise of unusually high returns. Here's how it works: a promoter convinces people to invest in their scheme. These initial investors receive what they believe to be returns, but are actually payouts from the money deposited by newer investors. Now satisfied that the scheme is legit, those investors who received payouts pump more of their money into the scheme and encourage others to do the same.
Sooner or later, the scheme collapses when the promoter runs off with the money or it becomes too difficult to lure new investors. These types of pyramid schemes are nothing new and can be easy to spot, but that hasn't stopped some crypto buyers from being scammed in a handful of high-profile incidents.
Bitconnect
In January 2018, Bitcoin investment lending platform Bitconnect shut down its lending and exchange services amid allegations it was a Ponzi scheme. Launched in early 2017 with promises of returns of up to 40% per month, the platform was quick to attract criticism from the wider crypto community and soon drew the attention of regulators.
How to avoid Ponzi/pyramid schemes:
Look out for cryptocurrency projects that encourage you to recruit new investors to enjoy bigger profits.
Never trust a scheme that promises returns that sound too good to be true.
8. Rug pulls and exit scams
A rug pull is a type of exit scam in which a smart contract is robbed of its funds by one of the contract's own developers, after a substantial number of users have deposited money. Rug pulls have become increasingly common in the DeFi space, where users deposit funds into specialised smart contracts in order to earn rewards – a process known as "yield farming". Once a large enough sum of funds has been deposited into the contract, one of the developers will then steal the funds, either using the contract's keys or a hidden backdoor in the code.
A rug pull can be very difficult to spot before it happens as they typically originate from profitable projects that function as intended, unlike a Ponzi scheme or ICO scam which are illegitimate from the outset. Furthermore, because of the rapid and dynamic nature of DeFi, users often enthusiastically "pile in" to new projects early in their life-cycle while profits are highest, which may give the project an unwarranted degree of trust.
SushiSwap was famously rug pulled for 37,400 ETH by its developer, Chef Nomi, after amassing US$1 billion worth of funds after only a few weeks of operation.
How to avoid crypto rug pulls:
Steer clear of DeFi projects where the private keys are held by one individual.
Beware of pseudonymous developers or teams without a thorough reputation.
Look for DeFi projects that have gone through a smart contract audit by a trusted third party, as this will help reduce the likelihood of a backdoor attack – although even these can be spoofed.
Use restraint to avoid chasing gains and jumping into a project before it has time to prove itself.
9. Malware
Malware has long been a weapon in the arsenal of online scammers. But thanks to the complicated and highly technical nature of cryptocurrencies, much of which isn't well understood by most people, malware now poses an even bigger threat.
Rather than stealing credit card and bank account details, crypto-related malware is designed to get access to your web wallet and drain your account, monitor the Windows clipboard for cryptocurrency addresses and replace your legitimate address with an address belonging to a scammer, or even infect your computer with a cryptocurrency miner.
How to avoid cryptocurrency malware scams:
Update your antivirus software regularly to protect yourself against malware.
Never download and install programs unless you're 100% sure they're from a reputable, legitimate provider.
Don't open suspicious attachments.
10. Mining scams
Cloud mining allows you to mine cryptocurrencies like Bitcoin without having to purchase the expensive hardware required to do so. There are several legitimate cloud mining services that let users rent server space to mine for coins at a set rate. There are also some legitimate ways to invest in Bitcoin mining companies and share profits from them.
However, there are also plenty of cryptocurrency mining scams out there. Some promise astronomical (and implausible) returns and fail to disclose a range of hidden fees, while others are fronts for Ponzi scams and are simply designed to part you from your money.
It's also important to note that even if it's not an outright scam, cloud mining will always be a bad investment compared to simply buying cryptocurrency, as will leasing any other form of cryptocurrency mining equipment. The quirks of Bitcoin mining economics means that no matter what Bitcoin prices do, you'll always be better off just buying the equivalent amount of Bitcoin instead of trying to invest that money in a mining scheme.
Even if they're not technically scams, it's a mathematical fact that all "legitimate" Bitcoin cloud mining businesses and consumer-oriented miner rental schemes are invariably bad investments.
How to avoid cryptocurrency mining scams
Avoid all cloud mining and rent-a-miner schemes under all circumstances
11. Pumps and dumps
Cryptocurrencies are often dismissed as a speculator's dream come true that are ripe for a little bit of market manipulation, which has led to the rise of what are known as "pump and dump" schemes. This is where large groups of buyers target an altcoin with a small market cap, buy that coin en masse at a particular time to drive its price up (which attracts a whole lot of new buyers fueled by FOMO — a fear of missing out) and then sell to take advantage of the significant price rise.
This sort of thing is illegal in traditional securities markets, but is a common occurrence in the largely unregulated world of cryptocurrencies. In fact, there are several online groups and forums dedicated to this exact practice, so it's important that you stay savvy and know how to steer clear of these scams.
How to avoid pump and dump scams:
Be wary of low-market-cap cryptos that normally have a low trading volume but that suddenly experience a sharp price rise.
Keep an eye out for "fake news" on social media that hypes particular coins.
Carefully research the credentials of any cryptocurrency before buying.
GVT pump and dump
In January 2018, a fake Twitter account purporting to belong to cybersecurity guru and crypto enthusiast John McAfee tweeted support for the GVT cryptocurrency, naming it "coin of the day."
For some in the crypto community, this was good enough reason to buy some GVT, and just four minutes after the tweet was posted the price of GVT had jumped from $30 to $45 and trading volume had doubled. Fifteen minutes later, the price was hovering around the $30 mark once again, after early buyers "dumped" and ran.
Unsure whether a particular crypto website is a scam or not? Use this checklist to help sort legitimate providers from those platforms you're better off avoiding altogether.
Does the company's app glitch out and make it impossible to log in? If you can't access your account, you can't access your funds either.
Does the website connect securely over https (not http)? If the address starts with "http" instead of "https," the data you send to the website is not secure.
Can you see the word "Secure" or an image of a padlock in your web browser's address bar? This indicates that a website is secure.
Does the website's URL have any noticeable spelling mistakes or errors? If so, it could be a fake.
Does the site feature bad grammar, awkward phrasing or spelling mistakes? If it does, this doesn't necessarily indicate a scam, but it does mean you should proceed with caution.
Does the website promise abnormally high returns? (For example, does it claim you'll be able to double your investment?) This should raise a big red flag and is a common indicator of a scam.
Is there an "About us" page? Does it show the real people behind the company? Does it provide any details about where the company is registered? If there's little or no information about who the company is and what it does, you could be dealing with a scam.
Do legitimate, reputable websites link to this site? This could indicate that the site is trusted and respected.
What do other users say about the website? Are there any negative reviews and, if so, what do they say? The crypto community is usually pretty quick to spread the word about scams.
Who is the registered owner of a domain or website? Is the owner hidden behind private registration? Has the domain been registered for less than six months? (You can find this information by searching for the platform's URL registration details on a site like WHOis.net). The more information you can find about the people/company behind a website, the better.
Is there anything else about the website that raises red flags or just seems too good to be true? If there's something that just doesn't seem right, trust your gut.
Does the website claim any celebrity endorsements? Many investment scams use fake celebrity endorsements to get people to lower their guard.
Did you first hear about it on social media, or did they approach you first? Social media and unsolicited messages are common ways for scammers to reach new victims.
Please note that this checklist is far from foolproof, as it's possible for a website to pass several of the above tests with flying colors and still be a scam. The important thing to remember is to do your due diligence before providing any personal or financial information to any website or app.
Finder survey: How many Australians from different states have lost cryptocurrency or had it stolen?
Response
WA
VIC
SA
QLD
NSW
No I haven't
16.67%
26.24%
32.88%
21.11%
20.85%
Through an incorrect transaction
3.92%
1.14%
2.74%
1.01%
1.81%
Lost access to a wallet or private keys
0.98%
1.14%
1.01%
1.81%
Other
0.98%
0.76%
1.37%
0.5%
0.3%
Through a centralised exchange hack
0.98%
1.14%
1.37%
2.51%
0.6%
Through a DeFi hack
0.76%
0.5%
0.91%
Source: Finder survey by Pure Profile of 1009 Australians, December 2023 Data for ACT, NT, TAS not shown due to insufficient sample size. Some other states may also be excluded for this reason.
What to do if you've spotted a scam or become a victim
If you've sent money overseas as the victim of a scam, it's important to know that the chances of you getting your money back are unfortunately very slim. This is true for all international scams, but cryptocurrency in particular is especially difficult to recover.
You can still report it though, to help prevent other people from falling victim.
If you've spotted a scam or been the victim of one, you can report it to ACCC's Scamwatch. To help spread the word faster, you can also report specific types of scams to the relevant agencies.
ReportCyber. Report cybercrimes here, including phishing, blackmail, Nigerian prince schemes and online extortion attempts.
ASIC. Report financial crimes here, such as investment scams and Ponzi schemes.
You can also help by reporting any scams you see on social media, using the 'report' button provided by most platforms.
Tips to help you avoid crypto scams
There are plenty of other simple steps you can take to protect yourself against Bitcoin and crypto fraud, such as:
Use 2-factor authentication. If you're using a crypto wallet or exchange that supports two-factor authentication, enable this feature before depositing any funds. It's simple to set up and provides an extra layer of account security.
Use a cold wallet. A "hot" wallet is one that's connected to the internet, while a "cold" wallet is one that's held offline. Storing your crypto offline in a secure cold storage wallet is usually considered to be a much safer option than using an online wallet.
Stick with established providers. Avoid new and untested platforms. Let the early-adopters take the risks and make sure you don't get involved with an exchange or wallet until you can be sure it's legitimate. Better still, only use exchanges that are registered with the Australian Transaction and Analysis Reporting Centre (AUSTRAC).
Update your antivirus software. Make sure your PC is protected against malware by keeping your antivirus software up to date.
Always double-check addresses. Get into the habit of scanning the URL bar to look for the https and "secure" lock symbol, and remember to double-check the URL to make sure you're visiting the correct site.
Never share your private keys with anyone.You need your private key to access your crypto holdings, so make sure you never disclose any of your private keys to a third party.
Disclaimer: Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.
Andrew Munro was the global cryptocurrency editor at Finder. During his time he covered all aspects of cryptocurrency and the blockchain. Before he became cryptocurrency editor, he was a content writer for Finder covering various topics over his nearly 5 years in the role. Prior to joining Finder he was a web copywriter. Andrew has a Bachelor of Arts from the University of New South Wales. See full bio
Tim Falk is a writer for Finder, writing across a diverse range of topics. Over the course of his 15-year writing career, Tim has reported on everything from travel and personal finance to pets and TV soap operas. When he’s not staring at his computer, you can usually find him exploring the great outdoors. See full bio
Hi there I would like to know please a company called BTC Transactions and they say they are in Queen Street. London.
Finder
SarahJuly 13, 2023Finder
Hi Santolo, There doesn’t appear to be any information about this company online. We recommend you do more research to verify their authenticity.
Jan.May 13, 2018
I want to ask if Foro (forocorporatefinance.com) is a legit bitcoin broker?
Finder
JeniMay 13, 2018Finder
Hi Jan,
Thank you for getting in touch with finder.
Upon checking on bitcoin trading site, I didn’t see forocorporatefinance.com. As a friendly reminder, while we do not represent any company we feature on our pages, we can offer you general advice. I suggest that you also verify it with bitcoin by visiting their official page then proceed in the contact us page to enquire about their legit brokers.
I hope this helps.
Have a great day!
Cheers,
Jeni
How likely would you be to recommend Finder to a friend or colleague?
0
1
2
3
4
5
6
7
8
9
10
Very UnlikelyExtremely Likely
Required
Thank you for your feedback.
Our goal is to create the best possible product, and your thoughts, ideas and suggestions play a major role in helping us identify opportunities to improve.
Important information about this website
Finder makes money from featured partners, but editorial opinions are our own.
Finder is one of Australia's leading comparison websites. We are committed to our readers and stand by our editorial principles.
We try to take an open and transparent approach and provide a broad-based comparison service. However, you should be aware that while we are an independently owned service, our comparison service does not include all providers or all products available in the market.
Some product issuers may provide products or offer services through multiple brands, associated companies or different labeling arrangements. This can make it difficult for consumers to compare alternatives or identify the companies behind the products. However, we aim to provide information to enable consumers to understand these issues.
We make money by featuring products on our site. Compensation received from the providers featured on our site can influence which products we write about as well as where and how products appear on our page, but the order or placement of these products does not influence our assessment or opinions of them, nor is it an endorsement or recommendation for them.
Products marked as 'Top Pick', 'Promoted' or 'Advertisement' are prominently displayed either as a result of a commercial advertising arrangement or to highlight a particular product, provider or feature. Finder may receive remuneration from the Provider if you click on the related link, purchase or enquire about the product. Finder's decision to show a 'promoted' product is neither a recommendation that the product is appropriate for you nor an indication that the product is the best in its category. We encourage you to use the tools and information we provide to compare your options.
Where our site links to particular products or displays 'Go to site' buttons, we may receive a commission, referral fee or payment when you click on those buttons or apply for a product.
When products are grouped in a table or list, the order in which they are initially sorted may be influenced by a range of factors including price, fees and discounts; commercial partnerships; product features; and brand popularity. We provide tools so you can sort and filter these lists to highlight features that matter to you.
Please read our website terms of use and privacy policy for more information about our services and our approach to privacy.
We update our data regularly, but information can change between updates. Confirm details with the provider you're interested in before making a decision.
Hi there I would like to know please a company called BTC Transactions and they say they are in Queen Street. London.
Hi Santolo, There doesn’t appear to be any information about this company online. We recommend you do more research to verify their authenticity.
I want to ask if Foro (forocorporatefinance.com) is a legit bitcoin broker?
Hi Jan,
Thank you for getting in touch with finder.
Upon checking on bitcoin trading site, I didn’t see forocorporatefinance.com. As a friendly reminder, while we do not represent any company we feature on our pages, we can offer you general advice. I suggest that you also verify it with bitcoin by visiting their official page then proceed in the contact us page to enquire about their legit brokers.
I hope this helps.
Have a great day!
Cheers,
Jeni