The Bitcoin Scam Survival Guide

A counterfeit version of a real exchange (Coinbase, Kraken, Binance) appears on Google Ads, app stores, or in social media DMs. The site or app looks identical to the real one. You deposit funds and they disappear.

URL that's slightly off (coinbase-secure.com, coinbasse.com). App with few reviews or recently published. Unsolicited 'customer support' links from search results.

Type the exchange URL directly into your browser. Bookmark it. Never click exchange links from Google Ads, emails, or DMs. On app stores, verify the developer name matches the official company and check review counts in the tens of thousands.

Someone contacts you on a dating app, social media, or even a wrong-number text. After weeks of relationship-building, they introduce you to a 'great investment opportunity' that requires sending bitcoin. Early withdrawals work to build trust. When you invest a large amount, everything vanishes.

New online contact who quickly pivots to investment discussions. Unfamiliar trading platforms you can't find elsewhere. Pressure to invest more after an initial 'gain.'

Never send bitcoin to anyone you met online, regardless of how long you've talked. If it sounds like an investment opportunity from a new friend, it's a scam. Full stop.

You search 'Coinbase support' or post a question in a Telegram/Discord group. Within minutes, 'support' responds by DM asking for your seed phrase, 2FA codes, or remote access to help 'fix' an issue.

Unsolicited DMs from 'support.' Anyone asking for your seed phrase, recovery phrase, private keys, or 2FA codes.

No legitimate exchange, wallet, or support team will ever ask for your seed phrase or private keys. Ever. Close any conversation that asks. Access support only through the official site, logged into your account.

Your seed phrase (usually 12 or 24 words) is the master key to your bitcoin. If anyone gets it, they can drain your wallet instantly and irreversibly. Scams include 'wallet audits,' 'verification,' fake airdrops, and phishing sites that trigger seed phrase entry.

Any site, app, browser extension, or person requesting your seed phrase. Any prompt to enter your seed phrase outside of initial wallet setup or a genuine restore.

Write your seed phrase on paper. Store it offline, ideally in two separate physical locations. Never type it into any website, never photograph it, never store it in cloud notes or email. Treat it like the combination to a safe that cannot be changed.

An email or text appears to come from your exchange warning about 'suspicious activity' with a link to 'verify your account.' The link leads to a cloned login page that captures your credentials.

Urgent language ('verify now,' 'account will be closed'). Slightly wrong sender addresses (security@coinbase-help.com). Links that don't match the exchange's real domain when you hover.

Never click links in emails about your crypto accounts. Go directly to the exchange by typing the URL you have bookmarked. Enable email filter rules to flag anything claiming to be from major exchanges.

A platform offers returns that sound too good to be true (1% daily, 20% monthly, guaranteed returns). Early investors get paid with new investor deposits. Eventually the scheme collapses.

Promised returns significantly above market rates. Referral bonuses that reward bringing in new investors. Complex explanations involving 'arbitrage,' 'trading bots,' or 'proprietary algorithms.' Names you've never heard of outside of the platform's marketing.

Bitcoin itself does not generate yield. Any platform paying you to hold bitcoin is taking risk with your money, often recklessly. Stick to holding bitcoin in your own wallet. If you want yield, understand exactly where it comes from before depositing a cent.

A tweet, YouTube livestream, or website claims Elon Musk, Michael Saylor, or another figure is 'giving away bitcoin.' Send 0.1 BTC to a specified address and receive 0.5 BTC back. Nothing comes back.

'Send X to receive 2X.' Any offer that requires sending crypto first. Livestreams with auto-generated captions and looped celebrity footage.

No one gives away bitcoin in exchange for you sending bitcoin first. This is a universal truth in crypto. If you see it, it's a scam.

Malware on your computer or phone monitors your clipboard. When you copy a bitcoin address to send funds, the malware silently replaces it with the attacker's address before you paste.

Unexplained slowdowns on your device. Installing software from unofficial sources. Browser extensions with broad permissions you don't remember approving.

Always verify the first 4-5 and last 4-5 characters of any pasted bitcoin address against what you intended to send to. Send a small test transaction first for any large transfer. Keep your devices clean by avoiding pirated software and suspicious browser extensions.

Attackers convince your mobile carrier to transfer your phone number to their SIM card. They then receive your SMS-based 2FA codes and take over your exchange accounts.

Sudden loss of cell service without explanation. Account login alerts you didn't trigger.

Never use SMS for 2FA on exchange accounts. Use an authenticator app (Google Authenticator, Authy, 1Password) or a hardware security key (YubiKey). Ask your carrier to add a PIN to your account that must be provided before any SIM changes.

Malicious wallet apps or browser extensions impersonate real ones (MetaMask, Ledger, Trust Wallet). They ask you to 'import' your seed phrase during setup, which sends the phrase to the attacker.

Extensions downloaded outside official stores. New apps with few reviews. Popups in your browser prompting you to 'reconnect' your wallet.

Only download wallet software from the official website linked directly from the project's verified social accounts. Double-check developer names on app stores. Never import your seed phrase into a wallet you didn't install yourself from a verified source.