5 Common Crypto Scams and How to Avoid Them
Education

5 Common Crypto Scams and How to Avoid Them

Joey TeamOctober 23, 2025

As you get into crypto, your wallet is your vault. And just like any vault, thieves will try to find a way in.

The good news: most scams aren't high-tech. They're old tricks dressed up in new technology. They rely on two things: fear and confusion.

If you can learn to spot their tricks and stay calm, you're already 99% safer. Here are the five most common scams to watch out for.

1. The "Support Team" Phishing Scam

This is the most common and most dangerous scam. A person will contact you on social media (like X or Discord) or by email, pretending to be from "Wallet Support," "The Foundation," or "The Security Team."

They'll say your account is "at risk" or "has a problem" and that you need to verify your wallet immediately. To help you, they will send you a link to a website that looks exactly like the real one. This site will ask you to enter your 12 or 24-word secret phrase.

The moment you type in that phrase, your wallet is drained.

How to Beat It:

- Rule #1: Never share your secret phrase with anyone. No legitimate support team, admin, or developer will ever ask for it.

- Check the URL: Always double-check the website address. Scammers use small typos like joey-wallet-support.com instead of joeywallet.xyz.

- Ignore DMs: No real support team or project will ever DM you first to help. All unsolicited DMs are scams.

2. Fake Apps and Malware

Scammers create fake versions of popular wallet apps and post them in app stores or online. You download what you think is the real app, and when you create or import a wallet, the fake app steals your secret phrase.

This also includes malware that hijacks your clipboard. You think you're pasting your friend's wallet address, but the malware replaces it with the scammer's address.

How to Beat It:

- Official Links Only: Only download apps from their official website. For Joey Wallet, that is only joeywallet.xyz.

- Check the Developer: In app stores, check the "Offered By" field. If it's not the official company name, it's fake.

- Double-Check Addresses: Before sending any crypto, manually verify the entire address. Use your wallet's Address Book instead of copy-pasting.

3. The "Fake Airdrop" or "Urgent Mint" Scam

You'll see these on X (Twitter) and Discord. A project announces a "SURPRISE AIRDROP!" or a "LIMITED NFT MINT!" with a link to a site where you can "claim" tokens or "mint" NFTs.

When you connect your wallet, it asks you to approve a transaction. Hidden in that code, the scammer's contract is getting permission to drain your wallet.

How to Beat It:

- If it's too good to be true, it's a scam. Almost all surprise airdrops or free mints are traps.

- Read What You're Signing: Always check what the transaction asks for. If it includes "Set Approval For All" or broad permissions, reject it immediately.

- Use a Burner Wallet: Advanced users keep a small, disposable wallet for testing new dApps.

4. The SIM-Swap Attack

This is a real threat for any service that uses SMS for 2-Factor Authentication (2FA).

A scammer calls your mobile provider and tricks them into swapping your phone number to a new SIM card they control. Once they have your number, they can receive password resets and 2FA codes for your accounts.

How to Beat It:

- Avoid SMS 2FA: Never use SMS for important accounts. Use an app-based authenticator like Google Authenticator or Authy.

- Why Joey Wallet Is Different: Joey uses Web3Auth (social login) instead of SMS. It ties your wallet's security to your device's biometrics and social login, so scammers cannot take over your wallet by stealing your phone number.

5. The "Address Poisoning" or "Dust Attack"

A scammer sends a tiny "dust" amount of crypto (like $0.0001) to your wallet so their address appears in your history. Their address looks almost identical to one you've sent to before (for example, 0x1234...ABCD vs 0x1234...ABCE).

Later, when you're in a hurry, you might copy their address from your history by mistake.

How to Beat It:

- Don't Trust History: Never copy addresses from your transaction history unless you're sure they're correct.

- Use an Address Book: Save trusted addresses in your wallet's Address Book and send only to those saved contacts.

- Always Double-Check: Verify the full address before you send. The safest method is to only use saved contacts.

You Are Your Own Best Defense

This list isn't meant to scare you. It's meant to show that almost every scam relies on you being rushed, scared, or greedy.

Your best defense is to be patient and skeptical. Slow down. Read pop-ups. Double-check addresses. If something feels off, stop. In crypto, a few simple habits keep you safe: trust but verify, and never trust an unsolicited DM.

Related Posts

Custodial vs Non-Custodial Wallets: Who Really Holds Your Keys?
Education

Custodial vs Non-Custodial Wallets: Who Really Holds Your Keys?

Understand the difference between custodial and non-custodial wallets, and why holding your own keys gives you true control of your crypto.

How to Keep Your Crypto Safe on Mobile: 5 Wallet Security Tips
Education

How to Keep Your Crypto Safe on Mobile: 5 Wallet Security Tips

Learn five practical steps to protect your crypto wallet on mobile. From 2FA to cold storage, build strong habits to keep your assets secure.

What Is a Crypto Wallet? A Simple Guide for New Users
Education

What Is a Crypto Wallet? A Simple Guide for New Users

A Web3 wallet is your passport, ID, and bank vault for the new, user-owned internet. Learn what it is and why you need one.

← Back to Blog