Cryptocurrency scams cost users billions every year. Because blockchain transactions are irreversible, there is no way to recover funds once they are sent to a scammer. Learning to recognize common attack patterns is your strongest defense.
Phishing Attacks
Phishing is the most common vector for stealing crypto. Attackers create convincing replicas of legitimate sites and trick users into entering their seed phrases or private keys.
- Fake MetaMask popups — browser extensions or injected overlays that mimic MetaMask's interface and prompt you to “reconnect” or “verify” your wallet by entering your seed phrase
- Typosquatted domains — sites with nearly identical URLs (e.g., metamask.io vs. rnetamask.io or metam4sk.io) designed to capture credentials
- Fake dApps — cloned interfaces of popular DeFi protocols that drain your wallet when you approve a transaction
Always bookmark the official URLs of services you use regularly and navigate via bookmarks rather than search results or links.
Social Engineering
Scammers exploit trust and urgency in social channels:
- Discord and Telegram DMs — unsolicited messages offering “help” with wallet issues, often impersonating moderators or support staff. Legitimate team members will never DM you first.
- Impersonation accounts — social media profiles mimicking project founders or developers, sometimes with verified-looking badges. Always verify through official channels.
- Fake airdrops and giveaways — “Send 1 ETC, receive 10 back” promotions are always scams. No legitimate project operates this way.
Rug Pulls and Exit Scams
A rug pull occurs when a project's developers drain the liquidity pool or abandon the project after attracting investment. Warning signs include:
- Anonymous teams with no verifiable track record
- Promises of unrealistically high returns (“1,000% APY guaranteed”)
- Locked or non-existent source code
- Aggressive marketing pressure to “buy now before it's too late”
- No audit from a recognized security firm
How to Verify
Before interacting with any project or contract on Ethereum Classic, take these steps:
- Check the contract on Blockscout at etc.blockscout.com — look for verified source code and transaction history
- Cross-reference URLs from multiple official sources (project GitHub, official Twitter, documentation sites)
- Never click links from DMs — navigate to sites manually or through bookmarks
- Search for community reviews — check whether others have reported issues
- Start small — test with a minimal amount before committing significant funds
When in Doubt
If something feels rushed, too good to be true, or pressures you to act immediately, stop. Legitimate opportunities do not disappear in minutes. Take the time to verify independently, ask in community channels, and never let urgency override caution.