How to buy, store, and use bitcoin without getting ripped off.
If you are nervous about getting scammed, you are paying attention to the right thing. Here is the part that should reassure you: almost none of these scams are clever hacks. They are con tricks that lean on how new bitcoin users feel about money, pressure, and trust, which means once you can see the pattern, you can sidestep it. This guide walks through the most common scams, how to recognize each one, and the handful of concrete steps that stop nearly every loss.
Read it before your first purchase. Come back to it before any transaction that matters. You do not have to memorize all of it today, just the part that fits what you are about to do.
Learn to spot these patterns and you sidestep most of the losses people suffer here.
A counterfeit copy of a real exchange (Coinbase, Kraken, Binance) shows up in Google Ads, app stores, or in a direct message. It looks identical to the real thing, down to the logo. You deposit your money, and it quietly disappears.
Watch for a web address that is slightly off (coinbase-secure.com, coinbasse.com). Be wary of an app with only a handful of reviews or a recent publish date, and of any 'customer support' link that arrives unprompted from search results.
Here is the one habit that stops this cold: type the exchange address into your browser yourself, then bookmark it and use the bookmark from then on. Never reach an exchange through a Google Ad, an email, or a message someone sent you. On app stores, check that the developer name matches the official company and that the review count runs into the tens of thousands.
Someone reaches out on a dating app, on social media, or even through a wrong-number text. They take weeks to build a real-feeling friendship or romance, then introduce you to a 'great investment opportunity' that needs you to send bitcoin. Small early withdrawals actually work, which earns your trust. Then you put in a large amount, and everything vanishes.
The tell is a new online contact who steers the conversation toward investing, a trading platform you cannot find mentioned anywhere else, and pressure to add more money right after an early 'gain.'
The rule that protects you is simple: never send bitcoin to anyone you met online, no matter how long you have been talking or how close it feels. If a new friend is pointing you toward an investment, you are looking at a scam. Full stop.
You search 'Coinbase support' or post a question in a Telegram or Discord group. Within minutes, someone claiming to be 'support' messages you directly and asks for your seed phrase (the 12 or 24 words that ARE your wallet), your 2FA codes (the one-time login codes from a text or app), or remote access to your screen to help 'fix' the issue. None of it is real help. They are taking your money.
The pattern to recognize is an unprompted message from 'support,' and anyone at all asking for your seed phrase, recovery phrase, private keys (the secret that signs off on spending your bitcoin), or 2FA codes.
Hold on to this one and you are safe here: no real exchange, wallet, or support team will ever ask for your seed phrase or private keys. Not once. If a conversation asks, close it. Reach support only through the official site, signed in to your own account.
Your seed phrase, those 12 or 24 words, is the master key to your bitcoin. Whoever holds it controls the money. If anyone else gets it, they can empty your wallet in seconds, and the move cannot be undone. The bait comes dressed up as a 'wallet audit,' a 'verification' step, a fake free-coin giveaway (an airdrop), or a phishing site (a fake page pretending to be a real one) that asks you to type the words in.
If any site, app, browser add-on, or person asks for your seed phrase, that is the alarm. The only time you ever enter those words is during your own wallet setup or a genuine restore. Anywhere else, stop.
Write your seed phrase on paper and keep it offline, ideally split across two separate physical spots. Never type it into a website, never take a photo of it, never drop it into cloud notes or email. Picture it as the combination to a safe that can never be re-set, because that is exactly what it is.
An email or text lands that looks like it came from your exchange, warning about 'suspicious activity' and offering a link to 'verify your account.' The link opens a cloned login page that simply records your username and password as you type them.
The signs are urgent wording ('verify now,' 'account will be closed'), a sender address that is slightly off (security@coinbase-help.com), and links that, when you hover over them without clicking, do not match the exchange's real web address.
Make this your reflex: never click a link in any message about your crypto accounts. Reach the exchange by typing the address you bookmarked yourself. It also helps to set up email filters that flag anything claiming to be from the major exchanges.
A platform dangles returns that sound too good to be true (1% a day, 20% a month, 'guaranteed'). The early money looks real because it is quietly paid out of newer investors' deposits. In a Ponzi scheme, the whole thing keeps running only until the new deposits slow down, then it collapses and the latest investors lose everything.
Be on guard for promised returns well above what the market pays, referral bonuses for recruiting new investors, hand-wavy explanations leaning on words like 'arbitrage,' 'trading bots,' or 'proprietary algorithms,' and a company name you cannot find anywhere outside its own marketing.
Anchor yourself to one fact: bitcoin on its own does not pay interest. Any platform paying you to park bitcoin with them is taking risks with your money, often reckless ones. The safe path is to hold your bitcoin in your own wallet. If a yield offer tempts you, understand exactly where the money comes from before you deposit a single cent.
A tweet, a YouTube livestream, or a slick website claims Elon Musk, Michael Saylor, or some other famous name is 'giving away bitcoin.' The deal: send 0.1 BTC to the address shown, get 0.5 BTC back. You send yours, and nothing comes back.
The giveaway is any version of 'send X to get 2X,' anything that asks you to send crypto first, and a livestream stitched together from looped celebrity footage with auto-generated captions.
Carry this with you: nobody gives away bitcoin in return for bitcoin you send first. There are no exceptions. The moment you see the offer, you have spotted the scam.
Malware (hidden malicious software) sits on your computer or phone and watches your clipboard, the temporary spot that holds whatever you copy. When you copy a bitcoin address to pay someone, it silently swaps in the attacker's address before you paste. You end up sending your money to a stranger without noticing.
Things to notice: a device that has slowed down for no clear reason, software you installed from somewhere other than an official source, and browser add-ons holding broad permissions you do not remember granting.
Build this check into every send: after you paste an address, compare the first 4-5 and last 4-5 characters against the address you meant to use. For any large transfer, send a small test amount first. And keep your devices clean by steering clear of pirated software and sketchy browser add-ons.
In a SIM swap, an attacker talks your mobile carrier into moving your phone number onto their SIM card. From that point your text-message login codes go to them, not you, and they walk into your exchange accounts.
The warning signs are cell service that drops out for no reason, and login alerts for accounts you did not just sign in to.
Two moves take this off the table. First, stop using text messages for your login codes on exchange accounts. Use an authenticator app instead (Google Authenticator, Authy, 1Password) or a small hardware security key (a YubiKey). Second, ask your carrier to put a PIN on your account that anyone must give before your number can be moved.
A fake wallet app or browser add-on poses as a real one (MetaMask, Ledger, Trust Wallet). During setup it asks you to 'import' your seed phrase, and the moment you type those words in, they go straight to the attacker, who can then empty your wallet.
Treat these as red flags: an add-on grabbed from outside the official store, a brand-new app with only a few reviews, and a browser popup nudging you to 'reconnect' your wallet.
Only download wallet software from the official website, reached through the project's verified social accounts. On app stores, double-check the developer name. And never import your seed phrase into a wallet unless you installed it yourself from a source you have confirmed is real.
Print these, tape them above your desk, and glance at them before every transaction.
Your seed phrase never touches the internet. Paper, offline, two locations. That is the whole rule.
Use a hardware wallet for anything you can't afford to lose. A hardware wallet is a small offline device that keeps your keys off any internet-connected computer. Ledger and Trezor both work, and setup takes about an hour. Once it is configured, your bitcoin is shielded from every software-based attack above.
Turn on authenticator-app login codes for every exchange account. Never text-message codes.
Check the bitcoin address before every send. Compare the first 4-5 and last 4-5 characters.
Send a test transaction first for anything above $500. The small network fee is cheap insurance against a costly mistake.
Reach exchanges and wallets through your own bookmarks. Never search for them.
Assume every direct message about bitcoin is a scam. Because almost all of them are.
If someone is rushing you, it's a scam. A real financial decision is never ruined by waiting 24 hours.
If you can't see how something earns its returns, keep your money out. Especially any platform promising you interest on bitcoin.
Nobody legitimate ever asks for your seed phrase. There has never been a single exception.
Before your first bitcoin purchase, walk through each of these and make sure it is true.
Take a breath, then move fast. Once the funds leave your wallet, getting them back is unlikely, but every minute still counts and there are real steps you can take right now.
Stop any transfer still in progress right now.
Change the passwords on the affected accounts, using a different device.
Reach your exchange's official support (open your bookmarked address, log in, and find support there).
Report it to the FBI's IC3 (ic3.gov) and the FTC (reportfraud.ftc.gov).
If you lost a significant amount, contact your local police.
Bitcoin transactions are irreversible, so no one can undo a payment for you. The faster you act, the better your chance of limiting the damage.
Bitcoin itself is sound technology. Most of the money lost here is lost to con tricks, not technical failures, and that is good news for you, because con tricks can be spotted. Stay a little suspicious, slow down, and check things before you act. Treat your bitcoin like cash in your pocket that nobody can replace if it is taken (because that is exactly what it is), and you will avoid nearly every trap.
This guide is educational content, not financial advice.