How to Avoid Crypto Scams in 2025

Crypto scammers made off with over $3 billion from retail investors in 2023 alone. Most of it didn't come from sophisticated hacks. It came from people making decisions without enough information — clicking Approve on the wrong thing, buying into a project without checking it first, or landing on a fake site that looked real.

The honest truth is that most of these losses were preventable. Not with paranoia — with a few specific habits. Here's what you actually need to know.

Honeypot tokens: you can buy, you can't sell

A honeypot is a token with a hidden restriction in its contract that prevents most wallets from selling it. The price climbs as buyers come in — because there's demand but no supply on the sell side. People watch the chart going up, buy more. Then the creators, who control an exception in the contract, dump all their holdings and disappear.

You're left with tokens you can't sell. The money is gone.

Before buying any token — especially a new one someone sent you or posted in a Discord — paste the contract address into a honeypot checker. GoPlus and RugCheck both do this for free. If it flags as a honeypot, walk away no matter how good the chart looks.

Phishing sites that look exactly like the real thing

Scammers build pixel-perfect copies of Uniswap, MetaMask, Phantom, and other popular crypto sites. The URL is slightly off — "uniswap-app.com" instead of "app.uniswap.org" — but the page looks identical.

These sites do one of two things: they ask you to "verify" your wallet by entering your seed phrase, or they show you an approval transaction that — when you sign it — gives the attacker full access to drain your wallet. Both take seconds. Both are irreversible.

The fix: bookmark the real URLs for every site you use. Don't click links from Discord, Twitter, or even search results. Google ads have been used to promote phishing sites above the real ones. Type the URL yourself.

Rug pulls: the team disappears with your money

Rug pulls happen when a project's team deliberately drains the liquidity pool or project treasury and goes dark. They build hype, get people to buy in — sometimes through fake partnerships, paid promotions, or manufactured trading volume — then pull out all the liquidity at once. The token price crashes to near zero instantly.

Some warning signs that are easy to check:

• —Anonymous team with no verifiable history — not automatically bad, but worth noting
• —Liquidity that isn't locked (check on DexTools or DexScreener)
• —A very small number of wallets holding most of the supply
• —Contract ownership not renounced — the team can still change the contract rules
• —No audit from a reputable firm

None of these individually mean a project is a scam. Several of them together? Be very careful.

Fake airdrops and "free token" traps

Random tokens show up in your wallet all the time. You didn't buy them — they were just sent to you. The value shows up in your wallet tracker and it looks like free money.

Don't interact with them. These tokens are designed so that the act of trying to approve, swap, or interact with them in any way triggers a transaction that drains your wallet. The "free tokens" are bait.

The rule: if you didn't know a token was coming, don't touch it. Just ignore the balance. It can't hurt you sitting there.

The minimum set of habits that prevent most losses

• ✓Check token contracts before buying — GoPlus, RugCheck, or TokenSniffer all work
• ✓Bookmark every crypto site you use; never click to them from links
• ✓Never enter your seed phrase anywhere except your wallet app's recovery screen
• ✓Read approval requests before clicking — or use something that reads them for you
• ✓Revoke old token approvals every few months at revoke.cash
• ✓Ignore tokens you didn't buy

Frequently asked questions