How to Spot and Avoid Crypto Scams: A DeFi Safety Guide

Phishing Attacks

Phishing is by far the most common crypto scam, responsible for hundreds of millions of dollars in losses every year. Attackers create fake websites that look identical to real protocols, send fake emails or DMs pretending to be support teams, and post malicious links in Discord and Telegram. The goal is to get you to connect your wallet to a malicious site or enter your seed phrase.

Modern phishing attacks have become extremely sophisticated. Scammers register domains that are nearly identical to legitimate ones -- sometimes differing by a single character or using homoglyph attacks (substituting characters that look similar, like replacing a lowercase 'l' with a capital 'I'). They may create entire fake UIs that perfectly replicate a protocol's interface. Some phishing sites even have fake transaction simulators that show you fabricated results to build confidence before the actual drain transaction.

Defense: Bookmark the real URLs of every protocol you use and access them exclusively through those bookmarks. Never click links in DMs, emails, or social media posts. No legitimate team will ever DM you first asking you to connect your wallet or share your seed phrase. If you receive an unsolicited message about an airdrop, a security issue with your wallet, or a limited-time opportunity, it is a scam. Always verify information through official channels -- go directly to the project's verified Twitter or official website.

Rug Pulls

A rug pull occurs when a project's team abandons it after collecting user funds. This can happen with tokens (the team sells their allocation, crashing the price), NFT projects (funds raised, no product delivered), or DeFi protocols (liquidity removed from pools). Rug pulls are common with new, unaudited projects that promise unrealistic returns.

There are different types of rug pulls. A "hard rug" is when the team drains the liquidity pool or contract entirely, usually taking place suddenly and leaving token holders with worthless assets. A "soft rug" is more gradual -- the team slowly sells their allocation while maintaining the appearance of building, eventually abandoning the project once their tokens are sold. Soft rugs are harder to identify because they unfold over weeks or months.

Red flags include: anonymous teams with no verifiable track record, contracts that are not open-source or have not been audited, liquidity that is not locked (meaning the team can remove it at any time), unrealistic APY promises (1,000%+ APY is almost always unsustainable), aggressive marketing with no substance, and a token distribution where the team holds a disproportionate share of supply.

Defense: Research before you invest. Check whether the smart contract code is verified and audited. Look at the liquidity lock status using tools like DEXScreener or GeckoTerminal. Investigate the team's background and track record. If a project promises guaranteed returns or sounds too good to be true, it almost certainly is. Established protocols with audited code, locked liquidity, and transparent teams are far safer than anonymous new launches.

Fake Airdrops and Token Approvals

Scammers send tokens to your wallet that appear valuable, but interacting with them triggers a malicious smart contract that drains your funds. You might see a token worth thousands of dollars appear in your wallet unexpectedly -- this is bait. The moment you try to swap or sell it, the contract executes malicious code.

Similarly, fake airdrop claim sites prompt you to approve token spending, giving the attacker unlimited permission to empty your wallet of any token you approve. These sites are often promoted through social media ads, fake bot comments, or compromised accounts of real projects.

Some particularly insidious variants involve "permit" signatures -- these look like regular message signatures rather than transactions, but they grant spending approval without requiring a separate on-chain approval transaction. Because they appear as message signatures rather than transactions, users may let their guard down and sign without realizing what they are authorizing.

Defense: Never interact with tokens you did not buy or expect to receive. Do not visit claim sites promoted through random social media posts, DMs, or ads. If a legitimate airdrop exists, you will find information about it on the project's official website and verified social channels. When signing any transaction or message, carefully read what you are approving. Use transaction simulation tools like Pocket Universe or Wallet Guard that can warn you about malicious approvals before you sign.

Social Engineering and Impersonation

Scammers impersonate well-known traders, project founders, or support agents. They may create fake Twitter accounts, Telegram groups, or Discord servers that look legitimate. Their goal is to build trust and then direct you to a phishing site or convince you to send funds directly.

Common social engineering tactics include: fake customer support ("I'm from Hyperliquid support, I need your seed phrase to fix your account"), fake investment opportunities ("Send me 1 ETH and I'll send 2 back"), romance scams (building a relationship over weeks before introducing a "trading opportunity"), and fake job offers from crypto companies that require you to download malware or share wallet credentials.

Telegram and Discord are the primary hunting grounds for social engineering scams. Scammers will create groups that mirror official channels, sometimes adding thousands of bots to make the group appear active and legitimate. They often target users who post questions in real support channels, DMing them immediately with fake help.

Defense: Verify identity through official channels. Check follower counts, account age, and verified badges. Be especially suspicious of anyone offering to help with a problem you did not ask about. Never send crypto to anyone who promises to send more back -- this is always a scam. No legitimate support agent will ever ask for your seed phrase, private key, or any form of wallet access.

Pump and Dump Schemes

In a pump and dump, a group of insiders or influencers coordinate to buy a low-liquidity token, hype it up on social media, and then sell into the buying pressure created by unsuspecting followers. The token price spikes temporarily (the pump) and then crashes as insiders sell (the dump). By the time most buyers realize what happened, the price has collapsed and their investment is worth a fraction of what they paid.

These schemes are particularly common with meme coins and low-cap tokens that can be moved with relatively small amounts of capital. Telegram groups and Discord servers that promise "alpha calls" and "100x gems" are often fronts for pump and dump operations where the group admins buy before announcing the token and sell into their members' buying.

Defense: Be skeptical of tokens being aggressively promoted on social media, especially with urgency ("buy now before it moons"). Check the on-chain data: look at the wallet distribution (are a few wallets holding most of the supply?), the trading history (did a handful of wallets buy large amounts before the promotion started?), and the liquidity depth (can you actually sell your position without massive slippage?).

General Safety Rules

Use a separate wallet for experimenting with new protocols. Revoke unused token approvals regularly. Keep the bulk of your funds in a hardware wallet. Stay skeptical of urgency -- scammers create time pressure to prevent you from thinking clearly. And remember: in DeFi, there is no undo button.

Additional safety practices: verify smart contract addresses through multiple sources before interacting. Use a dedicated browser or browser profile for crypto to minimize the risk of malicious extensions. Enable all available wallet security features. Do not share your wallet addresses publicly if possible -- on-chain activity is transparent, and doxxing your wallet can make you a target. When in doubt, slow down. No legitimate opportunity requires you to act within minutes.

The single most effective safety practice is simple: if something seems too good to be true, it is. Legitimate DeFi yields come from real economic activity (trading fees, lending interest, protocol revenue). Any yield or return that seems disconnected from fundamental value creation is either subsidized temporarily or is a scam.

Hyperdash Tip: Hyperdash connects only to the Hyperliquid protocol. Always verify you are on the authentic Hyperdash URL, and never trust anyone asking you to connect your wallet via a link they send you. Bookmark the official site and treat any other method of accessing it as suspicious.

Frequently Asked Questions

Can stolen crypto be recovered?

In the vast majority of cases, no. Blockchain transactions are irreversible by design. Once funds are transferred to a scammer's wallet, they are gone. In rare cases, law enforcement has tracked and recovered stolen crypto (particularly when large amounts are involved and the attacker makes operational security mistakes), but this is the exception, not the rule. Some protocols and bridges have bug bounty programs where whitehat hackers can return funds for a reward, but this does not apply to individual theft. Prevention is the only reliable strategy.

How do I know if a DeFi protocol is safe to use?

No protocol is completely risk-free, but you can assess relative safety by checking several factors: Has the smart contract code been audited by reputable firms (Trail of Bits, OpenZeppelin, Spearbit)? Is the code open-source and verified on-chain? How long has the protocol been live and how much total value has it secured without incident? Does the team have a public and verifiable identity? Is there an active bug bounty program? Has the protocol survived market stress events? Established protocols with multiple audits, long track records, and transparent teams are significantly safer than new, unaudited projects.

What should I do if I receive unexpected tokens in my wallet?

Do nothing. Do not try to sell them, transfer them, or interact with them in any way. Many scam tokens are designed so that any interaction triggers a malicious smart contract function. Simply ignore them. Most wallets allow you to hide tokens from your portfolio view, which is the safest response. If you are curious about what the token is, look up its contract address on a block explorer -- do not visit any website associated with the token.

Are hardware wallets completely safe?

Hardware wallets are the most secure storage method available, but they are not infallible. They protect against remote attacks, malware, and phishing, but they cannot protect you from physical theft, social engineering that tricks you into signing malicious transactions on the device, or supply chain attacks if you buy from an unofficial source. Always verify transactions on the device screen before confirming. Keep your device firmware updated. And remember that the hardware wallet is only as secure as the seed phrase backup -- if your seed phrase is compromised, the hardware wallet offers no protection.