Common Bitcoin Scams and How to Avoid Them

Every year, billions of dollars worth of Bitcoin are stolen. Not by hacking the blockchain - Bitcoin's network hasn't been compromised in 15 years. The theft happens by fooling the people who hold it.

Social engineering, not technical attacks, is how most Bitcoin gets stolen. The target is you, not the network. Understanding the playbook is the best defense.

The seed phrase scam (most common, most devastating)

The most valuable thing you own in Bitcoin is your seed phrase - the 12 or 24 words that can regenerate your entire wallet. What a private key actually is explains why.

Every seed phrase scam has one goal: get you to type those words into a website or app they control.

The fake support variant: You post on Reddit or Twitter about a problem with your wallet. Within minutes, "support agents" appear in your DMs offering help. They send you to a website that asks for your seed phrase to "verify" your wallet. This is a scam. Legitimate wallet support never asks for your seed phrase. There is no legitimate reason for anyone to ever ask for it.

The fake wallet variant: You download a wallet app from a third-party site or a slightly-wrong URL. The app looks real, works fine, but when you "import" your existing wallet using your seed phrase, the seed is quietly sent to attackers.

The "verify your wallet" email: A message claiming to be from Coinbase, Ledger, or your wallet provider says your account needs to be verified. The link goes to a fake site that harvests your credentials or seed phrase.

The rule: Your seed phrase never goes online. Not into any website. Not into any app you didn't download from the official source. Not to any support agent. Not ever.

Giveaway scams

"Elon Musk is giving away 1,000 BTC - send 0.1 to receive 1 back." This one is almost comically obvious - and yet it has stolen hundreds of millions of dollars.

The presentation changes constantly. Fake YouTube livestreams with hacked celebrity accounts. Fake Twitter posts from convincingly-spoofed handles. Sometimes it's a fake version of a real exchange offering a "promotional" giveaway.

The rule: nobody is giving you free bitcoin. If you send bitcoin to receive more bitcoin back, you will never receive anything. The money is gone the moment you send it.

Romance scams (pig butchering)

This is the most psychologically sophisticated attack and causes some of the largest individual losses.

Someone reaches out on a dating app, social media, or messaging platform. They spend weeks or months building a genuine-seeming relationship. Eventually, they mention they've been making great returns on a crypto trading platform and offer to show you how.

You invest small amounts. You "see" your balance growing. You invest more. At some point - usually when you try to withdraw - you're told you need to pay a fee, tax, or penalty to get your money out. That money disappears too. The platform was always fake. Your "friend" was always a scammer.

This scam is called "pig butchering" because the victims are fattened up before being slaughtered. The FBI reports billions in losses annually. If someone you've never met in person is recommending a crypto investment platform, treat it as a scam until proven otherwise.

Fake exchanges and investment platforms

Websites that look like legitimate exchanges but aren't. They may show real-seeming prices, account balances, and trading history. When you try to withdraw, you're hit with endless fees and delays until you eventually give up or run out of money.

Signs of a fake platform:

• You found it through a link from someone you met online
• It's not listed on CoinGecko or CoinMarketCap
• The URL is slightly different from a well-known exchange
• Withdrawals are always blocked or require "fees"

Use only well-established exchanges. Our exchanges page covers the main reputable options.

Phishing attacks

Emails, texts, or ads designed to look like legitimate companies. The goal is to get you to click a link and enter your login credentials or seed phrase on a fake site.

Look-alike domains are common: coinbase-secure.com, ledger-support.io, b1tcoín.com. One character different from the real thing.

Protect yourself:

• Bookmark the real URLs for every exchange and wallet you use
• Never click login links in emails - go directly to the site
• Use a password manager that won't auto-fill credentials on wrong domains
• Enable two-factor authentication on every exchange account

SIM-swap attacks

More technical but increasingly common. An attacker contacts your mobile carrier, pretends to be you, and gets your phone number transferred to a SIM card they control. Now they receive your SMS two-factor authentication codes.

With your phone number, they can often reset passwords for your email, exchange accounts, and anything else tied to your number.

Defenses:

• Lock your SIM with a carrier PIN (call your carrier and ask for "SIM lock" or "port protection")
• Use an authenticator app (Google Authenticator, Authy) instead of SMS for 2FA
• Use a hardware security key (YubiKey) for critical accounts if possible
• Don't publicize that you hold Bitcoin

Malware and clipboard hijacking

Clipboard hijackers are software that monitors your clipboard and automatically replaces any Bitcoin address you copy with the attacker's address. You think you're sending to the right address; you're actually sending to the scammer.

When sending Bitcoin, always verify the recipient address character by character - at minimum the first and last several characters. Some wallets display the address on a hardware device screen, preventing clipboard hijacking from affecting the final confirmation.

Only download wallet software from official sources. Be cautious about browser extensions.

The simple rules that prevent most losses

Never share your seed phrase with anyone, for any reason, ever.

Verify every Bitcoin address before sending. No exceptions.

If it sounds too good to be true, it is. Free Bitcoin, guaranteed returns, "get in early" opportunities.

Anyone who initiates contact offering crypto advice or investment help is probably running a scam. Real opportunities don't come through unsolicited DMs.

Move significant holdings to self-custody. Bitcoin sitting on an exchange is vulnerable if the exchange is hacked or your account is compromised. A hardware wallet with your seed phrase stored offline removes most attack surfaces.

If you've been scammed

Report it:

• FTC (ftc.gov/complaint) - US Federal Trade Commission
• FBI IC3 (ic3.gov) - Internet Crime Complaint Center
• Your local police - for local record-keeping and insurance purposes

Recovery is unlikely. Bitcoin transactions are irreversible by design. But reporting helps authorities build cases against scam operations and may help others.

Sources

• FBI Internet Crime Report 2023 - FBI cybercrime statistics including crypto fraud
• FTC Consumer Alerts - Crypto Scams - FTC guidance on avoiding fraud
• Chainalysis Crypto Crime Report - Annual blockchain fraud analysis
• Coinbase Security Center - Security tips from a major exchange

---

Keep Reading

• What Is a Private Key? - Understanding what scammers are trying to steal
• Bitcoin Wallets Explained - How to hold bitcoin more securely
• Bitcoin Security: Why the Network Can't Be Hacked - The cryptographic foundation (and why social engineering is the real attack vector)
• How to Buy Bitcoin in 2026 - Getting started with reputable platforms