TL;DR
The five most common crypto scams are rug pulls, honeypots, phishing attacks, fake airdrops, and pump-and-dumps. All are avoidable if you know the warning signs and verify before you interact.
Crypto's permissionless nature means anyone can create a token or website. While this enables innovation, it also enables scams. Learning to recognize common attack patterns is essential for protecting your capital.
1. Rug Pulls
What It Is
A rug pull occurs when developers create a token, attract buyers, then drain the liquidity pool. Leaving holders with worthless tokens that can't be sold.
How It Works
- Scammer creates a token and adds liquidity (e.g., SOL/SCAMTOKEN pool)
- Marketing creates hype. Social media, influencers, fake volume
- Price rises as buyers enter
- Developer removes all liquidity from the pool
- Token becomes untradeable or crashes to zero
Warning Signs
- Unlocked liquidity: Check if LP tokens are locked. Unlocked liquidity can be pulled at any time
- Anonymous team: No verifiable identities or track record
- No audit: Unaudited contracts can contain hidden withdrawal functions
- Concentrated ownership: One wallet holding 50%+ of supply is a massive red flag
Use RugCheck.xyz for Solana tokens. It analyzes liquidity locks, ownership concentration, and contract risks automatically.
2. Honeypots
What It Is
A honeypot is a token contract designed to let you buy but prevent you from selling. The code includes hidden restrictions that block sell transactions.
How It Works
- Contract appears normal. You can see buys going through
- You buy the token successfully
- When you try to sell, the transaction fails or gets rejected
- Only the contract creator can sell (via whitelist or special function)
Warning Signs
- Buy-only transactions: If you see many buys but no sells on the chart, it's likely a honeypot
- Transaction errors on sell attempts: Others complaining they can't sell
- Too good to be true pumps: Price only going up with no selling pressure
If you're unsure, buy a tiny amount (worth the gas fee) and immediately try to sell. If you can't sell, you've confirmed a honeypot with minimal loss.
3. Phishing Attacks
What It Is
Phishing tricks you into connecting your wallet to a malicious site or signing a transaction that drains your funds. Unlike other scams, this targets your entire wallet. Not just one token.
Common Phishing Methods
- Fake websites: URLs that look like real DEXs or protocols (e.g., "juplter.ag" instead of "jup.ag")
- Malicious signatures: Approval transactions that give unlimited access to your tokens
- DM scams: "Support" reaching out to "help" with a problem you posted about
- Fake browser extensions: Wallet clones that steal your seed phrase
Protection Rules
- Bookmark legitimate sites: Always access DEXs from bookmarks, never from search results or links
- Check URLs carefully: One character difference can be a scam site
- Never share your seed phrase: No legitimate service will ever ask for it
- Use a hardware wallet: Physical confirmation required for transactions
- Revoke unused approvals: Regularly check and revoke token approvals you no longer need
If anyone DMs you first offering help, it's a scam. Real support never reaches out first. They wait for you to contact them through official channels.
4. Fake Airdrops
What It Is
You receive tokens in your wallet that you didn't buy. When you try to interact with them. Sell, swap, or claim. You either sign a malicious transaction or connect to a phishing site.
How It Works
- Scammer sends tokens to thousands of wallets (costs almost nothing on Solana)
- Token name or metadata includes a URL: "CLAIM AT FREEAIRDROP.COM"
- Curious holders visit the site and connect their wallet
- The "claim" transaction actually drains their wallet
Protection Rules
- Ignore random tokens: If you didn't buy it and don't recognize it, don't touch it
- Never visit URLs in token names: Legitimate airdrops don't work this way
- Don't try to sell them: Even attempting to swap can trigger malicious code
- Hide unknown tokens: Most wallets let you hide tokens you don't want to see
Real airdrops are announced on official project channels and typically claim through the project's verified website. Not through random tokens appearing in your wallet.
5. Pump and Dumps
What It Is
Coordinated buying drives up the price, then insiders sell at the top, crashing the price on everyone who bought the hype.
How It Works
- Group accumulates large positions at low prices
- Coordinated marketing blitz. Influencers, Twitter raids, Telegram groups
- "Alpha" calls create FOMO, retail buys in
- Price spikes as demand exceeds supply
- Insiders sell their bags into the buying pressure
- Price collapses, late buyers hold worthless tokens
Warning Signs
- Sudden social media push: Token appearing everywhere simultaneously
- Paid promotions: Influencers shilling tokens they were paid to promote
- "Get in before it's too late": Urgency tactics designed to override rational thinking
- Parabolic price action: Unsustainable vertical charts
- No fundamentals: No product, no team, no reason to exist beyond speculation
By the time a pump reaches mainstream attention, insiders are already selling. The "opportunity" being marketed is actually the exit liquidity they need.
General Protection Principles
Universal Red Flags
- Promises of guaranteed returns
- Pressure to act immediately
- Anonymous teams with no track record
- No clear utility or reason to exist
- Locked discussions or censored criticism
- Fake partnerships or celebrity endorsements
- Unverified contract addresses
Before Any Trade
- Verify the contract address from official sources
- Check liquidity locks on RugCheck or similar tools
- Review holder distribution. Avoid concentrated ownership
- Look for actual trading activity. Both buys AND sells
- Research the project. Website, team, community
Learn to Verify Tokens
Our complete guide covers how to check any token before trading.
Token Safety GuideSummary
- Rug pulls: Developers drain liquidity. Check for locked LP
- Honeypots: Can buy but can't sell. Verify selling works first
- Phishing: Malicious sites steal your wallet. Bookmark real sites, never share seed phrase
- Fake airdrops: Random tokens are traps. Ignore them completely
- Pump and dumps: Coordinated hype then dump. If it's everywhere, you're late
The common thread: verify before you interact. Every scam relies on victims acting without checking. Take the time to verify, and you'll avoid most threats. This same principle applies to signal services -- learn how to evaluate any signal service before subscribing. You can also check our transparent signal history to see what legitimate performance data looks like.