Top 5 Crypto Scams to Avoid in 2026

A new token launches on a DEX such as Uniswap, PancakeSwap, or Raydium. The team buys influencer shoutouts, runs Twitter/X spaces, and seeds Telegram groups. Anonymous teams and unaudited contracts are common.

Early buyers — often insiders using multiple wallets — push the price up sharply within hours or days. Screenshots of '100x gains' circulate on social media to draw in retail buyers chasing momentum.

The team retains a large share of the token supply, controls the liquidity pool LP tokens, or embeds malicious functions (mint, blacklist, modifiable fees) in the contract. Honeypot contracts let people buy but block selling.

Once enough capital has flowed in, developers withdraw the paired ETH/BNB/SOL from the liquidity pool or sell their token allocation through fresh wallets. On-chain, this appears as a single large 'remove liquidity' transaction.

The token chart collapses to near zero within minutes. Social channels are deleted or go silent. Funds are typically routed through Tornado Cash alternatives, cross-chain bridges, or mixer-like services, making recovery rare.

A sponsored Google or X result, a lookalike email from 'support@binnance.com', or a Discord DM from a fake admin directs you to act urgently — verify your wallet, claim an airdrop, or resolve a withdrawal issue. AI-generated voice and video impersonations of exchange support staff appeared in 2024–2025 cases.

The link resolves to a domain like 'bìnance.com', 'metarnask.io', or 'app-uniswap.org'. The page is a pixel-perfect clone, often served behind Cloudflare with a valid TLS certificate, so the padlock icon is meaningless.

You either type a password and 2FA code (which the site relays to the real exchange in real time, defeating SMS and TOTP) or connect a Web3 wallet and sign a transaction. The signature is often a Permit, Permit2, or setApprovalForAll — not a transfer — so no funds appear to move at signing time.

Even without a successful sign, attackers may send a 0-value transaction from a vanity address whose first and last characters match one you recently sent to. Wallets that auto-fill from history can paste the attacker's address on your next withdrawal.

Approvals are exercised minutes to weeks later, often batched with other victims. Funds are routed through cross-chain bridges and mixers within hours. By the time the victim notices, the trail is cold.

Random ERC-20 tokens, NFTs, or 'voucher' tokens show up in your wallet. The token name often impersonates a real upcoming airdrop and includes a website URL embedded in the token symbol or NFT metadata.

Visiting the URL leads to a clone of a legitimate airdrop page. Pressing 'Claim' or 'Sell' opens a wallet prompt for an approval, a Permit2 signature, or a 'security check' message.

The signed payload is typically setApprovalForAll on an NFT collection, an ERC-20 approve with type(uint256).max allowance, or a Permit2 signature covering multiple tokens. No assets move at this step, so the wallet appears unaffected.

Within minutes to days, the drainer contract pulls every approved token and NFT in a single transaction, prioritizing the highest-value holdings. Funds are split across fresh wallets and bridged out.

Advertising emphasizes 'guaranteed', 'risk-free', or 'principal protected' daily returns. Real trading strategies, by contrast, never promise fixed daily yield — Treasury bills, the only true risk-free benchmark, paid roughly 4–5% per year through 2024–2025.

Initial investors receive the promised payouts on time, funded entirely by new deposits. These early winners post screenshots and become unwitting marketers, often recruited through multi-level affiliate commissions.

Testimonials, branded conferences, and celebrity endorsements (sometimes paid, sometimes deepfaked) bring in exponentially more capital. The scheme may launch a token that 'pays dividends', adding a second layer of inflows.

When new deposits no longer cover scheduled payouts, the operator imposes withdrawal limits, 'maintenance' freezes, or new KYC requirements. Affiliated 'support' staff blame technical issues or regulators.

Operators close the platform, sometimes claiming a hack. Funds are moved to mixers and offshore exchanges. Civil and criminal recovery typically returns cents on the dollar after years; many cases never produce any restitution.

An attractive, successful-sounding stranger messages you on Tinder, Hinge, Instagram, LinkedIn, or via 'wrong number' WhatsApp/SMS. Profile photos are AI-generated or stolen; in 2024–2025, deepfake video calls became common to defeat 'show me your face' verification.

Conversation moves off the original platform within days. Over 2–8 weeks, the contact shares life details, sends voice notes, and avoids meeting in person — citing travel, military deployment, or visa issues.

The contact mentions an uncle/mentor's trading platform, 'IBM quantitative arbitrage', or an exclusive crypto exchange. Sometimes a fake account dashboard is shared first, showing fabricated profits.

You're walked through buying crypto on a real exchange (Coinbase, Binance) and transferring to the scam platform's deposit address. The fake site shows your balance growing rapidly.

A small early withdrawal goes through, reinforcing trust. The contact urges you to deposit more and may pressure you to take loans, refinance property, or borrow from family.

When you try to withdraw a meaningful amount, the platform demands a 'tax', 'audit fee', or 'unlock deposit' — each new fee never frees the funds. Eventually the contact disappears, the platform goes offline, and recovery 'specialists' (themselves scams) appear.