Product & Graphic Designer | Web3 & crypto enthusiast. Find me as 0xroja on X, Lens, and Nostr.
We can't talk about adoption without mentioning that users need to feel safe when using crypto platforms. The initial journey can be complicated for newcomers, as there are many things to consider and learn to avoid mistakes and falling into the hands of malicious individuals. These bad actors will try every possible way to trick you into revealing confidential information, depositing your funds in the wrong place, or connecting your wallet to a suspicious website.
As cryptocurrencies grow, so do scams and their sophistication. People seeking to make money illicitly see cryptocurrencies as a paradise for fraud: thousands of users operating worldwide without barriers, at any time, across all kinds of platforms and networks creating the perfect breeding ground for scams.
If you've already entered your email on any crypto platform, such as when registering on an exchange, chances are you’ve become a target for attackers. You'll start receiving unexpected emails in your spam folder with the exchange’s logo, offering crypto prizes or warning that your account will be blocked unless you reset your password via a provided link. If you've ever shared your wallet address to participate in crypto or NFT giveaways on social media, you're probably on scammers’ radar as well.
To stay alert and avoid falling victim to scams, let's first go over the most common tactics:
Fake emails designed to obtain your passwords, often by scaring you with messages about account blockages or posing as customer support from a wallet or exchange. If they include links, they likely redirect you to a malicious site where you may be tricked into downloading malware, signing a fraudulent transaction, or filling out a form with your sensitive data.
Scammers create fake versions mirri well-known platforms, tricking you into downloading their applications or connecting your wallet ultimately draining your funds. Always double-check the website address you are connecting to. A good verification method is checking their social media accounts and seeing who follows them. If people you trust follow the product, it adds legitimacy. Scammers often use search engines to promote their fake sites, so accessing a platform for the first time through a search engine can be risky.
Sophisticated scammers create fake apps that bypass Google and Apple’s security reviews. They use the branding and logos of legitimate apps to trick users into downloading malware. In November 2023, a fake app called "Ledger Live Web3" was discovered on the Microsoft Store, designed to deceive Ledger wallet users and steal their cryptocurrencies. According to blockchain analyst ZachXBT, this scam resulted in the theft of approximately 16.8 BTC, valued at around $588,000 at the time.
Source: ZachXBT - Community Alert
Fake promotions on social media, mainly on X (Twitter), require you to connect your wallet to check if you’ve won an airdrop. At that moment, attackers drain your funds. Once a transaction is signed, there’s no way to undo it. As with other scams, these announcements lead to malicious sites asking you to connect your wallet or sign fraudulent transactions. Don’t do it.
Attackers send small amounts of tokens to "pollute" your wallet address. They then analyze the blockchain to see how you move the “dust” alongside your main funds. Instead of just sending a small amount of cryptocurrency, they may send an unknown NFT or token. If you interact with it (e.g., by selling it or claiming a supposed reward), you might accidentally authorize a malicious transaction allowing attackers to empty your wallet.
Also, never use addresses from your transaction history for transfers. If you've been targeted by a dusting attack, you could accidentally send funds to the wrong address. Always start a transfer from scratch by manually entering the correct address and double-checking every character before confirming.
It can be sent via email or shared in chats. Sophisticated malware, such as SpyAgent, extracts wallet recovery phrases from users' devices, giving attackers access to their funds. Interest in crypto-related scams is growing on the dark web. Kaspersky reported an increase in "crypto-stealing drainers," with discussion threads rising from 55 in 2022 to 129 in 2024.
Source: Kaspersky - Surge in interest for crypto-stealing drainers on the dark web
Scammers create identical accounts to real ones on social media to deceive users, posting fake sites or contacting individuals directly. If someone reaches out to you first, it’s most likely a scammer. Block them and do not engage. On platforms like Discord, Telegram, and Twitter, scammers often impersonate crypto or NFT community members to send direct messages offering “help” when they just want to steal from you.
A scam where crypto project creators (such as a token or NFT) abandon the project and run off with investors' funds, leaving them with worthless assets. A notorious case was the LIBRA scam, promoted by Argentine President Javier Milei, currently under judicial investigation in multiple countries.
Scammers take advantage of hype by creating replicas of popular tokens, slightly altering the contract address to deceive users. Always use official contract addresses verified on trusted sites like CoinGecko or the project’s official website.
Use a dedicated email for exchange accounts, not the one you use for daily activities. This helps protect your personal information.
Enable two-factor authentication (2FA) using apps instead of SMS, as mobile lines are vulnerable to SIM swapping.
Have a separate wallet for testing products, with minimal funds, so that any mistakes don’t result in significant losses.
Never store your seed phrase on your computer or mobile device, nor take screenshots of it. Always write it down in a secure location and never share it. If you want to invest more in seed phrase security, consider titanium plates or capsules for long-term protection. Brands like Ledger, Bitbox, Trezor, and Stamp Seed offer specialized products for this purpose.
Use hardware wallets for added security, especially if you’re holding long-term savings. They require more attention than just clicking on a Google extension. There are now many options available, including air-gapped versions that never connect to your phone or computer.
Diversify risk by using more than one cold wallet.
For wealthier users, consider having a dedicated computer solely for interacting with hardware wallets, avoiding other tasks.
Advanced users might consider using multisig (multi-signature) setups, though these aren’t very beginner-friendly.
In recent years, user security has become a priority in product design. Wallets used to be rudimentary and didn’t warn about malicious sites, but many have now improved:
Ledger: This hardware wallet warns users about potential scams through a notification on its website. As mentioned earlier, scammers often clone websites and make slight modifications to the URL, tricking users into downloading fraudulent apps or contacting fake customer support that asks for their seed phrases.
MetaMask, Rabby and Phantom Wallets: These browser extension and mobile wallets have implemented alert systems for various suspicious interactions, such as copycat tokens, malicious contracts, or blocking sites reported by the community. They also offer the option to hide unwanted tokens sent to your wallet, reducing the risk of falling into scams.
In DEXs, CEXs, and crypto apps, it’s important to display explicit scam warnings. I suggest including a clear message confirming that users are on the official site, displaying the URL for comparison with their browser’s address. The best defense right now is avoiding fake websites or mobile apps. Additionally, suggesting users verify the URL through official social media accounts would create a double-check system, whether they access the platform via social media or directly.
It would also be valuable to provide security education, teaching users how to interact safely with the platform and alerting them by reported scams. We must not leave users exposed. From a product perspective, this is a crucial improvement for the next stage of adoption: ensuring users are in the right place and warning them about potential fraud. Someone who loses most or all of their savings is unlikely to return to crypto. Only the most resilient, enthusiastic, or those who can recover their losses will try again. But for the average user—a brother, a parent, an everyday person the situation is different. That’s where we must focus if we truly want to drive adoption forward 🚀.
We can't talk about adoption without mentioning that users need to feel safe when using crypto platforms. The initial journey can be complicated for newcomers, as there are many things to consider and learn to avoid mistakes and falling into the hands of malicious individuals. These bad actors will try every possible way to trick you into revealing confidential information, depositing your funds in the wrong place, or connecting your wallet to a suspicious website.
As cryptocurrencies grow, so do scams and their sophistication. People seeking to make money illicitly see cryptocurrencies as a paradise for fraud: thousands of users operating worldwide without barriers, at any time, across all kinds of platforms and networks creating the perfect breeding ground for scams.
If you've already entered your email on any crypto platform, such as when registering on an exchange, chances are you’ve become a target for attackers. You'll start receiving unexpected emails in your spam folder with the exchange’s logo, offering crypto prizes or warning that your account will be blocked unless you reset your password via a provided link. If you've ever shared your wallet address to participate in crypto or NFT giveaways on social media, you're probably on scammers’ radar as well.
To stay alert and avoid falling victim to scams, let's first go over the most common tactics:
Fake emails designed to obtain your passwords, often by scaring you with messages about account blockages or posing as customer support from a wallet or exchange. If they include links, they likely redirect you to a malicious site where you may be tricked into downloading malware, signing a fraudulent transaction, or filling out a form with your sensitive data.
Scammers create fake versions mirri well-known platforms, tricking you into downloading their applications or connecting your wallet ultimately draining your funds. Always double-check the website address you are connecting to. A good verification method is checking their social media accounts and seeing who follows them. If people you trust follow the product, it adds legitimacy. Scammers often use search engines to promote their fake sites, so accessing a platform for the first time through a search engine can be risky.
Sophisticated scammers create fake apps that bypass Google and Apple’s security reviews. They use the branding and logos of legitimate apps to trick users into downloading malware. In November 2023, a fake app called "Ledger Live Web3" was discovered on the Microsoft Store, designed to deceive Ledger wallet users and steal their cryptocurrencies. According to blockchain analyst ZachXBT, this scam resulted in the theft of approximately 16.8 BTC, valued at around $588,000 at the time.
Source: ZachXBT - Community Alert
Fake promotions on social media, mainly on X (Twitter), require you to connect your wallet to check if you’ve won an airdrop. At that moment, attackers drain your funds. Once a transaction is signed, there’s no way to undo it. As with other scams, these announcements lead to malicious sites asking you to connect your wallet or sign fraudulent transactions. Don’t do it.
Attackers send small amounts of tokens to "pollute" your wallet address. They then analyze the blockchain to see how you move the “dust” alongside your main funds. Instead of just sending a small amount of cryptocurrency, they may send an unknown NFT or token. If you interact with it (e.g., by selling it or claiming a supposed reward), you might accidentally authorize a malicious transaction allowing attackers to empty your wallet.
Also, never use addresses from your transaction history for transfers. If you've been targeted by a dusting attack, you could accidentally send funds to the wrong address. Always start a transfer from scratch by manually entering the correct address and double-checking every character before confirming.
It can be sent via email or shared in chats. Sophisticated malware, such as SpyAgent, extracts wallet recovery phrases from users' devices, giving attackers access to their funds. Interest in crypto-related scams is growing on the dark web. Kaspersky reported an increase in "crypto-stealing drainers," with discussion threads rising from 55 in 2022 to 129 in 2024.
Source: Kaspersky - Surge in interest for crypto-stealing drainers on the dark web
Scammers create identical accounts to real ones on social media to deceive users, posting fake sites or contacting individuals directly. If someone reaches out to you first, it’s most likely a scammer. Block them and do not engage. On platforms like Discord, Telegram, and Twitter, scammers often impersonate crypto or NFT community members to send direct messages offering “help” when they just want to steal from you.
A scam where crypto project creators (such as a token or NFT) abandon the project and run off with investors' funds, leaving them with worthless assets. A notorious case was the LIBRA scam, promoted by Argentine President Javier Milei, currently under judicial investigation in multiple countries.
Scammers take advantage of hype by creating replicas of popular tokens, slightly altering the contract address to deceive users. Always use official contract addresses verified on trusted sites like CoinGecko or the project’s official website.
Use a dedicated email for exchange accounts, not the one you use for daily activities. This helps protect your personal information.
Enable two-factor authentication (2FA) using apps instead of SMS, as mobile lines are vulnerable to SIM swapping.
Have a separate wallet for testing products, with minimal funds, so that any mistakes don’t result in significant losses.
Never store your seed phrase on your computer or mobile device, nor take screenshots of it. Always write it down in a secure location and never share it. If you want to invest more in seed phrase security, consider titanium plates or capsules for long-term protection. Brands like Ledger, Bitbox, Trezor, and Stamp Seed offer specialized products for this purpose.
Use hardware wallets for added security, especially if you’re holding long-term savings. They require more attention than just clicking on a Google extension. There are now many options available, including air-gapped versions that never connect to your phone or computer.
Diversify risk by using more than one cold wallet.
For wealthier users, consider having a dedicated computer solely for interacting with hardware wallets, avoiding other tasks.
Advanced users might consider using multisig (multi-signature) setups, though these aren’t very beginner-friendly.
In recent years, user security has become a priority in product design. Wallets used to be rudimentary and didn’t warn about malicious sites, but many have now improved:
Ledger: This hardware wallet warns users about potential scams through a notification on its website. As mentioned earlier, scammers often clone websites and make slight modifications to the URL, tricking users into downloading fraudulent apps or contacting fake customer support that asks for their seed phrases.
MetaMask, Rabby and Phantom Wallets: These browser extension and mobile wallets have implemented alert systems for various suspicious interactions, such as copycat tokens, malicious contracts, or blocking sites reported by the community. They also offer the option to hide unwanted tokens sent to your wallet, reducing the risk of falling into scams.
In DEXs, CEXs, and crypto apps, it’s important to display explicit scam warnings. I suggest including a clear message confirming that users are on the official site, displaying the URL for comparison with their browser’s address. The best defense right now is avoiding fake websites or mobile apps. Additionally, suggesting users verify the URL through official social media accounts would create a double-check system, whether they access the platform via social media or directly.
It would also be valuable to provide security education, teaching users how to interact safely with the platform and alerting them by reported scams. We must not leave users exposed. From a product perspective, this is a crucial improvement for the next stage of adoption: ensuring users are in the right place and warning them about potential fraud. Someone who loses most or all of their savings is unlikely to return to crypto. Only the most resilient, enthusiastic, or those who can recover their losses will try again. But for the average user—a brother, a parent, an everyday person the situation is different. That’s where we must focus if we truly want to drive adoption forward 🚀.
Share Dialog
Share Dialog
Product & Graphic Designer | Web3 & crypto enthusiast. Find me as 0xroja on X, Lens, and Nostr.
Subscribe to 0xroja
Subscribe to 0xroja
<100 subscribers
<100 subscribers
No activity yet