Common Digital Currency Scams and How to Avoid Them
Digital currency fraud has become one of the most significant financial crime categories tracked by US federal agencies, with the FBI's Internet Crime Complaint Center (IC3) reporting $5.6 billion in cryptocurrency-related losses in 2023 alone. This page covers the primary fraud types targeting digital currency holders and participants, the mechanics behind each scheme, the regulatory bodies involved in enforcement, and the decision criteria used to distinguish legitimate platforms from fraudulent ones. Understanding these patterns is relevant to anyone holding, transacting, or investing in digital assets across the US landscape.
Definition and scope
Digital currency scams are fraudulent schemes designed to extract private keys, seed phrases, funds, or personal credentials from victims by exploiting the pseudonymous, irreversible, and largely uninsured nature of blockchain-based transactions. Unlike traditional bank fraud, where chargebacks and deposit insurance can limit losses, digital currency transfers are final by design — a property that fraudsters actively exploit.
The Federal Trade Commission (FTC) documented that consumers reported losing more than $1 billion in cryptocurrency to scams in 2021. The FTC, the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), and the Financial Crimes Enforcement Network (FinCEN) each hold distinct but overlapping jurisdictions over digital currency fraud depending on asset classification, transaction type, and the regulatory status of the platform involved. The broader regulatory framework determines which agency has primary enforcement authority in a given case.
Scams in this space broadly divide into two structural categories:
- Theft-based schemes — where the attacker takes direct control of assets through phishing, SIM-swapping, or malware
- Deception-based schemes — where victims voluntarily transfer funds based on fabricated information, false identities, or manipulated market signals
How it works
Most digital currency scams follow a four-phase operational structure:
-
Targeting and contact — The fraudster identifies a victim through social media, dating platforms, unsolicited messages, or fake job postings. Platforms such as Telegram, WhatsApp, and LinkedIn have been specifically identified by the FBI as primary contact vectors in investment fraud operations.
-
Trust establishment — The attacker builds credibility over days or weeks. In romance-based schemes, this phase can extend 30–90 days before any financial request is made. In impersonation scams, trust is manufactured through fake websites, spoofed communications from known institutions (such as Coinbase or the IRS), or fabricated endorsement screenshots.
-
Extraction trigger — A specific mechanism prompts the victim to transfer funds or reveal credentials. This trigger can be a fabricated profit opportunity, a fake emergency, a "tax" required to unlock withdrawal access, or a phishing link designed to harvest private key data.
-
Exit and obfuscation — Funds are moved through mixing services, cross-chain bridges, or converted to privacy coins to reduce traceability. The CFTC's customer advisories note that recovery is rarely possible once this phase begins.
Common scenarios
Pig butchering (Sha Zhu Pan) scams
Classified by the FBI as a crypto investment fraud variant, pig butchering combines romance fraud with fabricated trading platforms. Victims are introduced to a fake exchange controlled by the attacker, shown false profits to encourage larger deposits, then denied withdrawals. The FBI's IC3 reported this scheme as one of the fastest-growing fraud categories in 2022 and 2023.
Rug pulls
Common in decentralized finance (DeFi) environments, a rug pull occurs when developers of a token project drain liquidity pools after attracting investor deposits, then abandon the project. The SEC has pursued enforcement actions in cases where rug-pulled tokens qualified as unregistered securities.
Phishing and wallet drainers
Attackers create replica websites of legitimate exchanges or wallet interfaces. A victim enters seed phrase credentials, which are immediately harvested and used to empty the wallet. Wallet drainer malware, a subcategory documented by blockchain analytics firm Chainalysis, can automate asset extraction across connected contracts within seconds of seed phrase entry.
Pump-and-dump schemes
Coordinated groups inflate the price of a low-market-cap token through coordinated buying and false promotional claims, then sell holdings at peak price. The CFTC has explicitly classified this activity as market manipulation under the Commodity Exchange Act.
Impersonation of government agencies or exchanges
Fraudsters pose as IRS agents, SEC investigators, or customer support representatives claiming accounts are frozen or under investigation. Victims are instructed to transfer funds to a "secure wallet" controlled by the attacker. The IRS has published formal guidance clarifying it does not initiate contact through social media or demand cryptocurrency payments.
Decision boundaries
Distinguishing legitimate platforms and opportunities from fraudulent ones involves applying concrete evaluation criteria rather than general skepticism:
| Signal | Legitimate | Fraudulent |
|---|---|---|
| Regulatory registration | Registered with FinCEN as MSB; may hold state BitLicense or equivalent | No verifiable registration; foreign jurisdiction with no US nexus |
| Withdrawal access | User-initiated at any time | Restricted until "fees" or "taxes" are paid |
| Profit guarantees | None; risk disclosures present | Guaranteed returns cited (e.g., "10% weekly") |
| Platform verifiability | Domain matches known entity; auditable | New domain, no audit history, cloned UI |
| Unsolicited contact | Absent | Initial outreach via social media or messaging app |
The SEC's Office of Investor Education and Advocacy maintains a registration lookup tool at investor.gov that allows verification of whether an investment professional or firm is registered. FinCEN's MSB Registrant Search (fincen.gov/msb-registrant-search) confirms whether a money services business is filed with federal authorities.
Seed phrases and private keys are the only credentials that provide direct custody of digital assets. No legitimate exchange, wallet provider, government agency, or support representative requires these credentials for any operational purpose. Any request for a seed phrase is definitionally fraudulent regardless of context or claimed urgency.
References
- FBI Internet Crime Complaint Center (IC3) — 2023 Cryptocurrency Fraud Report
- Federal Trade Commission — Cryptocurrency Scam Data Spotlight (2022)
- Securities and Exchange Commission — Office of Investor Education and Advocacy
- Commodity Futures Trading Commission — Customer Advisories on Cryptocurrency Fraud
- Financial Crimes Enforcement Network — MSB Registrant Search
- IRS — Guidance on Cryptocurrency and Scam Impersonation