Bitcoin scams.
How to spot them before they spot you.
Bitcoin transactions are irreversible. That feature is what makes it valuable, and what makes it a target. Here are the most common scams, the red flags for each, and what to do if you have been targeted.
Why Bitcoin attracts scams
Irreversible transactions (no chargebacks), pseudonymous (harder to trace), and a large population of new users who do not yet understand the technology. The combination creates an environment where scammers thrive, but every scam follows a predictable pattern once you know what to look for.
Recovery scams
"We can recover your lost Bitcoin." Nobody can. This is always a scam. If you lost Bitcoin through a hack, a forgotten password, or a collapsed exchange, no third party can retrieve it. Anyone who claims otherwise is trying to steal more from you.
Fake exchanges and platforms
Sites that look like real exchanges, let you "deposit" and watch fake gains, then demand fees to withdraw. The withdrawal never comes. Red flags: unsolicited DM with a link, domain that is not the exact official URL, "guaranteed returns," and withdrawal fees that keep increasing.
Pig butchering
The most devastating scam by dollar volume. Someone builds a genuine-seeming relationship over weeks or months, romantic or platonic, then introduces "an investment opportunity." They share screenshots of fake returns. You invest, see fake gains, invest more. When you try to withdraw, the money is gone. Rule: anyone you met online who steers the conversation toward investments is running this playbook.
Giveaway scams
"Send 1 BTC, get 2 back." Elon Musk never said this. Neither did anyone else. Ever. These run on hacked YouTube channels, fake Twitter accounts, and spoofed livestreams. Nobody is giving away Bitcoin.
Fake wallet apps
Apps that look like Ledger Live, Trezor Suite, or other wallets. They steal your seed phrase on entry. Only download from: the manufacturer's official website. coldcard.com, trezor.io, shop.ledger.com. Never from app stores or third-party download sites.
Rug pulls and new coins
"Get in early on the next Bitcoin." There is no next Bitcoin. New coins with big promises and anonymous teams are almost always exit scams. The founders sell their pre-mined tokens into retail demand and disappear. More on why altcoins are not Bitcoin.
Hidden exchange spreads (not a scam, but a hidden cost)
This is not a scam in the legal sense. It is a disclosed, legal cost that most comparisons ignore. Many retail exchanges advertise a low transaction fee while charging a large spread on top of the real market price. The spread is the gap between the global Bitcoin price and the price the exchange quotes you, and it can be larger than the advertised fee.
Bitcoin market price: $102,946. Exchange quotes you: $103,923. Spread: $977 (0.95 percent). You pay that 0.95 percent before any advertised transaction fee. Retail-focused apps routinely quote spreads in the 1 to 3 percent range verify×DON'T TRUST, VERIFYClaim: Retail-focused Bitcoin apps routinely charge spreads in the 1 to 3 percent range, and some charge over 3 percent.Verify at: CoinGecko reference price ↗ · Coinbase fee disclosure ↗Compare the exchange quote at the moment of purchase against CoinGecko's reference. Spreads change, so check at the time you buy..
- Note the price the exchange quotes at the moment of purchase.
- Open coingecko.com/en/coins/bitcoin → or mempool.space →.
- The difference between the two is the spread. On a $100 buy a 2 percent spread is $2. On a $10,000 buy it is $200.
A spread is not fraud. Exchanges disclose it. Retail apps often charge more because they offer instant onboarding, insured custody, and a simpler interface. The problem is only that most users never compare spreads before committing to a DCA schedule, so a small per-transaction cost compounds across hundreds of future buys. See How to Buy Bitcoin → for the full walk-through.
Address poisoning
The attacker sends a tiny amount of Bitcoin to your wallet from an address that looks almost identical to one you have recently transacted with. They are hoping you will copy that lookalike address from your transaction history the next time you want to send to that person. The attacker's address typically shares the first and last few characters with the real one.
The defense: verify the full address before sending, all 34+ characters, not just the first and last few. Better: use the address-book feature in your wallet. Never copy addresses from transaction history.
Fake hardware wallets
Counterfeit Ledger, Trezor, or other hardware wallets sold through Amazon, eBay, or unofficial retailers. Some come with a "pre-configured" seed phrase included in the packaging. When you add funds, the attacker who controls the pre-configured seed phrase sweeps your Bitcoin.
The defense:
- Buy hardware wallets only from the manufacturer's official website.
- Never use a pre-configured seed phrase. Always generate a fresh one on your device.
- Never enter your seed phrase into a hardware wallet during setup. A real setup only shows you the phrase. It never asks you to type one in.
See Hardware Wallets for vendor recommendations and verification steps.
SIM swap attacks
The attacker calls your mobile carrier claiming to be you. They convince the carrier to transfer your phone number to a new SIM card the attacker controls. Now they receive all your SMS messages, including 2FA codes for your exchange accounts. They drain any exchange-held Bitcoin before you realize what happened.
Why it works: mobile carriers have poor identity verification. A persistent attacker with basic personal information, often from public data breaches, can often succeed.
The defense:
- Do not keep significant Bitcoin on exchanges.
- Do not use SMS 2FA for Bitcoin exchanges. Use a hardware security key (YubiKey) or an authenticator app (TOTP), not SMS.
- Set a carrier PIN or port-freeze with your mobile carrier.
- Self-custody eliminates this attack entirely. SIM swaps cannot reach your hardware wallet.
Phishing (the seed-phrase trap)
Fake websites mimicking real Bitcoin services (exchanges, wallets, Ledger, Trezor). Delivered via email, Google ads, or social media. The goal: get you to enter your seed phrase.
Common variants:
- "Ledger security alert" email directing you to verify your device on a fake Ledger site.
- Fake crypto wallet app in the App Store or Google Play that asks for your seed phrase to "import."
- Search-engine ad for "MetaMask download" or "Exodus wallet" pointing to a clone domain.
The defense: your seed phrase should never be entered into any website or app. Ever. Under any circumstances. For any reason. Bookmark legitimate URLs and do not click links in emails. For seed-phrase entry: only your physical hardware device.
Exchange failures (not fraud by you, but lost funds either way)
Not user-error scams. The risk of exchange-held Bitcoin being lost when exchanges fail or commit fraud.
Historical examples:
- Mt. Gox (2014): approximately 850,000 BTC lost verify×DON'T TRUST, VERIFYClaim: Mt. Gox lost approximately 850,000 BTC in 2014.Verify at: Mt. Gox bankruptcy trustee site ↗Repayment to creditors began in 2024-2025 from recovered coins..
- QuadrigaCX (2019): approximately $190M in customer funds inaccessible after the founder died and was the only person holding the cold-wallet keys verify×DON'T TRUST, VERIFYClaim: QuadrigaCX customer funds (~$190M) became inaccessible after founder Gerald Cotten died in December 2018 holding sole control of the cold-wallet keys.Verify at: Ontario Securities Commission Report on QuadrigaCX (June 2020) ↗The OSC investigation found the missing funds resulted from fraudulent operations, not only the founder's death..
- FTX (2022): over $8 billion in customer funds missing at the time of bankruptcy verify×DON'T TRUST, VERIFYClaim: FTX bankruptcy filings document over $8 billion in missing customer funds.Verify at: FTX bankruptcy docket (Kroll) ↗ · DOJ press release on Bankman-Fried verdict ↗DOJ secured a guilty verdict on seven counts in November 2023; the bankruptcy estate has documented the scope of missing funds in court filings..
- Celsius, BlockFi, Voyager (2022): customer funds frozen during bankruptcy proceedings; partial repayments years later.
Why exchange failures are structural, not exceptional
An exchange holds customer assets in pooled wallets. The exchange controls the keys. Customers have a contractual claim against the exchange, not direct ownership of specific coins on-chain. When the exchange fails, the path back to your assets runs through bankruptcy court.
An exchange is not a bank in the federally-insured sense. The FDIC does not insure crypto holdings at any institution, including bank-affiliated platforms verify×DON'T TRUST, VERIFYClaim: The FDIC does not insure crypto-asset holdings at any institution.Verify at: FDIC insured deposits guide ↗ · FDIC advisory on misrepresentation of FDIC insurance for crypto (2022) ↗FDIC insurance covers deposit accounts at insured banks up to $250,000 per depositor per ownership category. It does not extend to crypto assets even when held at an FDIC-insured institution.. SIPC, which protects securities-account holders against broker failure, also does not cover crypto holdings verify×DON'T TRUST, VERIFYClaim: SIPC does not cover cryptocurrency holdings at any broker.Verify at: SIPC: What SIPC Protects ↗SIPC covers securities and cash held in qualified securities accounts. Crypto assets fall outside SIPC's coverage.. Customers of a failed crypto exchange become unsecured creditors, standing behind secured lenders, operating expenses, and other priority claims in the bankruptcy queue. Recoveries vary widely and arrive years after the failure.
The defense: hold on exchanges only what you are actively trading. Self-custody is the only real protection against exchange failure. "Not your keys, not your coins" describes counterparty risk, not ideology.
What will never happen
Bitcoin's cryptography has not been broken. No one will "hack" your wallet by guessing your private key. The number of possible keys exceeds the estimated atoms in the observable universe.
Hardware wallets, strong passwords, and self-custody do not protect you from the behavioral attacks above. Those attacks bypass cryptography by tricking you. What protects you:
- Understanding how the attacks work (this page).
- Never sharing your seed phrase. Not with anyone. Not under any circumstances.
- Not keeping Bitcoin on exchanges.
- Verifying addresses character by character before sending.
The math is secure. The human is the vulnerability.
What to do if you have been scammed
- Do not pay "recovery" fees. This is a second scam targeting victims of the first one.
- Report to the FTC: reportfraud.ftc.gov
- Report to FBI IC3: ic3.gov
- Document everything: screenshots, wallet addresses, transaction IDs, communication logs.
The universal rule: if it seems too good to be true, it is. Nobody is giving away Bitcoin. High guaranteed yields do not exist. The only safe way to acquire Bitcoin is to buy it yourself from a reputable exchange and withdraw it to your own wallet.
If you want to understand how these scams actually play out in practice, the mechanics, the psychology, and the aftermath for victims, Coffeezilla (Stephen Findeisen) documents them better than anyone else online.
His investigations are primary-source journalism: recorded calls, leaked documents, on-camera confrontations with the people running the scams. The CryptoZoo series is a good entry point for understanding how celebrity-endorsed crypto projects are constructed and collapsed verify×DON'T TRUST, VERIFYClaim: Coffeezilla published a multi-part CryptoZoo investigation documenting the Logan Paul-associated crypto project.Verify at: youtube.com/@Coffeezilla ↗Search the channel for "CryptoZoo" to find the original three-part series and subsequent updates..
Related
Last updated 2026-04-15.
Subscribe via RSS for new articles.