3Web3 101
Part 5 · Trading & Safety · Chapter 15

Common Scams and How to Avoid Them

Web3 is a dream environment for scammers: transactions are hard to reverse, support is limited, and users must understand what they sign.

← Back to contents 38 min read

15. Common Scams and How to Avoid Them

#One-Sentence Version

Web3 is a dream environment for scammers: transactions are hard to reverse, support is limited, and users must understand what they sign.

Bookmark this chapter and reread it. It can help you avoid many common losses.

#Why Web3 Has So Many Scams

Three structural reasons:

  1. Transactions are hard to reverse. Once confirmed, there is usually no chargeback.
  2. No instant safety net. You can report crimes, but on-chain transfers usually cannot be undone like card fraud.
  3. High education barrier. Many users do not understand signatures, approvals, or networks.

Your main defense is your own caution.

#Scam 1: Phishing Websites

Scammers copy a real website and change the domain slightly.

Examples:

  • Fake Google search ads.
  • Fake social accounts with paid verification.
  • Discord or Telegram fake admins.
  • DM links pretending to help you.

Defense:

  1. Bookmark official sites and use bookmarks.
  2. Do not click search ads for wallets, exchanges, or DeFi apps.
  3. Assume unsolicited support DMs are scams.
  4. Check every character in the domain.

#Scam 2: Fake Approvals and setApprovalForAll

Scammers ask you to "claim an airdrop," "free mint," or "verify account." The wallet prompt is actually:

  • approve: lets an attacker contract spend your ERC-20 token.
  • setApprovalForAll: lets an attacker move all NFTs in a collection.
  • permit / permit2: gas-free off-chain approval, often harder to notice.

Defense:

  1. Read every signature.
  2. Use wallets that parse and warn about risky actions.
  3. Check token, amount, and spender address.
  4. Be extra careful with gas-free signatures.
  5. Revoke unused approvals with trusted tools such as revoke.cash after verifying the domain.

#Scam 3: Address Poisoning and Clipboard Malware

Scammers send tiny transfers from an address that looks similar to one you use. Later, you copy the wrong address from history.

Clipboard malware can also replace an address after you copy it.

Defense:

  1. Check more than the first and last 4 characters.
  2. Send a small test transfer before large transfers.
  3. Use wallet address books.
  4. Recheck after pasting.

#Scam 4: High-APY Ponzi Schemes

Promises such as "1% daily," "300% APY," or "USDT guaranteed yield" are classic red flags.

Common claims:

  • "Official partnership with a major exchange."
  • "AI quantitative trading, 30% monthly guaranteed."
  • "Staking mining, 500% APY."

Rule:

If yield is absurdly high and "guaranteed," it is probably paid from new victims' deposits.

Defense:

  1. The closer something is to risk-free, the less likely it can offer extreme yield.
  2. Understand where the yield comes from.
  3. Small successful withdrawals do not prove safety. They may be part of the bait.

#Scam 5: Pig Butchering

A stranger builds trust over weeks or months, then introduces a "profitable platform."

The app looks professional. You may profit at first. Then you deposit more, and withdrawals stop.

Defense:

  1. Treat unsolicited romance/investment chats as high risk.
  2. Never trade on a "special internal app" sent by a stranger.
  3. If you are asked to pay tax, deposit, or unlock fees before withdrawal, it is likely another scam.

#Scam 6: Fake Airdrops and Fake Mints

"Claim your token now!" "Mint is live!" "Last chance!"

Scammers create fake websites that ask you to sign malicious approvals.

Defense:

  1. Use official websites or verified official social posts only.
  2. Ignore tokens or NFTs that randomly appear in your wallet.
  3. Urgency is a pressure tactic. Slow down.

#Scam 7: Rug Pulls

A team launches a token, builds hype, pumps price, then removes liquidity or dumps reserved tokens.

Variants:

  • Pulling liquidity directly.
  • Slowly selling team allocation.
  • Honeypot contracts that allow buying but block selling.

Defense:

  1. Use only money you can lose on new small tokens.
  2. Check token distribution, liquidity locks, and mint permissions.
  3. Anonymous team + low liquidity + extreme hype = danger.
  4. Influencer promotion is often paid.

#Scam 8: Hardware Wallet Phishing

You buy a second-hand or unofficial hardware wallet. It includes a pre-written seed phrase. You deposit assets. The scammer already has the seed and drains the wallet.

Defense:

  1. Buy only from official or authorized channels.
  2. Do not buy second-hand hardware wallets.
  3. Check packaging and reset state.
  4. The seed phrase must be generated by your device during setup.

#Scam 9: Fake Support

You ask for help publicly. A fake admin or support account DMs you.

They ask for seed phrase, private key, screen sharing, or a "verification" link.

Defense:

  1. Use official support channels.
  2. Never share seed phrase or private key.
  3. Never share screen while secrets are visible.
  4. Never pay "unlock" or "service" fees to random support accounts.

#Scam 10: Malicious Browser Extensions or Apps

A useful-looking extension steals wallet data or manipulates signatures.

Defense:

  1. Keep browser extensions minimal.
  2. Check developer, user count, update history, and reviews.
  3. Use a dedicated browser profile for wallet activity.
  4. Install wallet apps only from official app stores or official links.

#Mini Case Studies

The examples below are fictionalized, but each one is based on common scam patterns that happen repeatedly in Web3.

#Case 1: The "Free Airdrop" That Was a permit

Alice sees a post saying a popular protocol is giving early users a token airdrop. The website looks professional and asks her to "sign to verify eligibility." The wallet popup does not show a gas fee, so she assumes it is safe.

What actually happened: the signature was a permit approval that allowed the attacker to spend her USDC. A bot submitted the signed approval on-chain and drained her stablecoins.

Warning signs:

  • The link came from a comment, DM, or repost instead of the project's official site.
  • The wallet showed an approval-like message, spender address, or unreadable data.
  • The site created urgency: "claim ends in 30 minutes."

Better response: close the page, go to the project's official website from a bookmark or verified profile, and compare the claim flow before signing anything.

#Case 2: The Address That Looked Familiar

Ben often sends USDT to the same exchange deposit address. One day, he copies an address from his wallet history because it has the same first and last characters. He sends a large amount and later realizes the middle characters are different.

What actually happened: an attacker had sent Ben a tiny transfer from a lookalike address. That poisoned his transaction history.

Warning signs:

  • The address was copied from recent activity, not an address book.
  • Only the first and last 4 characters were checked.
  • No small test transfer was sent.

Better response: save trusted addresses in an address book, check more characters, and send a small test transfer before large transfers.

#Case 3: The "Support Agent" After a Public Question

Clara posts in a Discord channel: "My transaction is stuck. Can someone help?" Within minutes, an account with the same avatar as a moderator DMs her and sends a "support portal."

What actually happened: the portal asked her to connect a wallet and enter a seed phrase for "synchronization." The attacker imported the wallet and moved the assets.

Warning signs:

  • Support contacted her first by DM.
  • The site asked for a seed phrase or private key.
  • The helper pressured her to act quickly.

Better response: never trust support DMs. Use only official support channels, and never type a seed phrase into a website.

#Case 4: The Fake Exchange Withdrawal Fee

Daniel meets someone online who introduces him to a trading platform. The dashboard shows large profits. When he tries to withdraw, the platform asks for a "tax payment," then a "risk deposit," then an "account unlock fee."

What actually happened: the exchange was fake. The displayed profits were just numbers in a scam database. Every extra payment was another theft.

Warning signs:

  • A stranger introduced the platform.
  • Profits looked unusually smooth and high.
  • Withdrawal required new deposits before release.

Better response: stop sending money. Preserve evidence and report the platform. Do not pay additional "unlock" fees.

#Case 5: The Token You Can Buy but Cannot Sell

Emma finds a new meme coin trending on social media. The price chart is going up fast. She buys in, sees her balance increase, and tries to sell, but every sell transaction fails.

What actually happened: the contract was a honeypot. It allowed buys but blocked sells for normal users, while the creator could sell or drain liquidity.

Warning signs:

  • The token was very new and promoted heavily by influencers.
  • The contract was not verified or had strange transfer restrictions.
  • There was little real liquidity and no trustworthy documentation.

Better response: avoid new tokens unless you can read the contract or trust independent analysis. Use only money you can lose completely.

#Case 6: The "Official" Hardware Wallet With a Printed Seed

Frank buys a discounted hardware wallet from a marketplace. Inside the box is a card with 24 words already printed. The instructions say the wallet is "preconfigured for security." He deposits assets, and they disappear later.

What actually happened: the attacker already knew the printed seed phrase. The hardware wallet was just bait.

Warning signs:

  • The device came from an unofficial seller.
  • The seed phrase was pre-written or printed.
  • Setup did not require generating a fresh seed on the device.

Better response: buy hardware wallets from official or authorized channels only. Generate the seed yourself during setup.

#Case 7: The Malicious "Portfolio Tracker"

Grace installs a browser extension that claims to show all wallet balances across chains. It has few reviews but looks useful. Later, wallet popups start appearing on unrelated sites, and one signature drains her NFTs.

What actually happened: the extension injected malicious scripts into pages and manipulated wallet interactions.

Warning signs:

  • The extension had few users, unclear developers, or broad permissions.
  • Wallet prompts appeared when no Web3 action was expected.
  • The same browser profile was used for normal browsing and wallet activity.

Better response: keep wallet browsers clean, install very few extensions, and use a separate browser profile for Web3.

#Case 8: The Wrong Network Withdrawal

Helen wants to send USDT to a friend's exchange account. She chooses a cheaper network because the fee is lower, but the friend's exchange only supports deposits on another network for that asset.

What actually happened: the funds arrived on a network the recipient exchange did not credit automatically. Recovery depends on the exchange and may be slow, expensive, or impossible.

Warning signs:

  • The sender checked only the token name, not the network.
  • The recipient did not confirm the exact deposit network.
  • The fee was chosen before confirming compatibility.

Better response: always confirm asset, network, and recipient address together. For first-time transfers, send a small test amount.

#X / Twitter-Specific Scam Patterns

X is one of the main information channels for Web3, which also makes it one of the main attack surfaces. The scams below are especially common there.

#1. Fake Verified Accounts in the Replies

A real project posts an announcement. Within seconds, lookalike accounts appear in the replies with the same avatar, similar display name, and sometimes a paid verification badge.

Typical message:

"Claim is live now. Use the official link below."

Why it works: users often read replies faster than they check domains.

Defense:

  • Do not trust links in replies.
  • Click through to the project's official profile and website.
  • Check the handle, not just the display name or badge.

#2. Hacked Official Accounts

Sometimes the scam does not come from a fake account. A real founder, influencer, or project account gets compromised and posts a malicious mint, airdrop, or token link.

Why it works: the account is genuinely trusted, so normal "check the profile" habits are not enough.

Defense:

  • Treat sudden urgent claims from any account as suspicious.
  • Cross-check with the project's website, Discord, GitHub, or multiple team members.
  • Be extra careful if the post asks for a fast signature or wallet connection.

#3. Fake Airdrop Threads

Scammers write long, polished threads explaining that a major project has launched a surprise airdrop. The thread includes screenshots, fake eligibility rules, and a claim link.

Warning signs:

  • The project itself has not announced it on official channels.
  • The thread uses urgency: "first 10,000 wallets only."
  • The claim requires a message signature, permit, or approval.

Defense: never claim from a thread link alone. Start from the official project website or docs.

#4. Quote-Tweet Contract Address Traps

A real token launch or project announcement gets quote-tweeted by scammers who include a fake contract address.

Typical message:

"Official CA: 0x...."

Why it works: users want to buy early and copy the first contract address they see.

Defense:

  • Never copy contract addresses from random replies or quote tweets.
  • Use the project website, official docs, block explorer verified pages, CoinGecko, or CoinMarketCap.
  • For new launches, wait until multiple official channels confirm the address.

#5. Fake Support Under Complaint Posts

You post: "My wallet is stuck" or "I cannot claim." Bots and fake support accounts reply or DM immediately.

Typical message:

"We can help. Validate your wallet here."

What happens next: the "validation" page asks for a seed phrase, private key, or malicious signature.

Defense:

  • Do not ask for wallet help in public unless you are ready for scam DMs.
  • Disable DMs from unknown accounts if needed.
  • Real support never needs your seed phrase.

#6. Fake Whitelist or Allowlist Spots

An account says you won a whitelist spot for a mint, private sale, or early access round. It asks you to connect a wallet and sign quickly.

Warning signs:

  • You did not participate in anything.
  • The account pressures you with a countdown.
  • The mint page is not linked from the official project site.

Defense: whitelist wins should be verifiable through official channels. If you cannot verify it independently, ignore it.

#7. "Security Alert: Revoke Now" Links

Scammers post fake warnings that a protocol has been hacked and tell users to revoke approvals through a link.

Why it works: fear is as powerful as greed. Users rush to "protect" assets and sign on a malicious page.

Defense:

  • If you need to revoke approvals, type the trusted approval tool's domain yourself or use a bookmark.
  • Never use an emergency link from a random post.
  • Verify the incident from multiple reliable sources.

#8. Fake Livestreams, Spaces, and Giveaways

Scammers run fake livestreams or Spaces using project branding, founder names, or AI-generated voices. They promote "send 1 ETH, receive 2 ETH" giveaways or claim links.

Defense:

  • No legitimate project doubles your money for sending funds.
  • Treat giveaway links in Spaces, livestream chats, and reposts as hostile by default.
  • Verify from the official website, not the live chat.

#Web3 Self-Defense Checklist

#Never Do

  • Never share seed phrases or private keys.
  • Never store seed phrases in screenshots, cloud notes, or email.
  • Never click wallet or exchange links from search ads.
  • Never trust unsolicited investment DMs.
  • Never sign in a hurry.
  • Never keep large long-term assets on a CEX if you intend self-custody.
  • Never believe guaranteed high yield.
  • Never blind sign.

#Do

  • Bookmark official sites.
  • Back up seed phrases physically.
  • Use cold wallets for large holdings and hot wallets for small activity.
  • Separate wallets by purpose.
  • Test large transfers with small amounts first.
  • Pause before signing.
  • Revoke unused approvals.
  • If unsure, close the page and think.

#If You Have Already Been Scammed

  1. Act quickly: move remaining assets to a new safe wallet.
  2. Revoke approvals: use trusted approval tools.
  3. If it involves a CEX, contact the exchange immediately.
  4. Report and preserve evidence: transaction hash, addresses, chat logs, domains.
  5. Avoid recovery scams: anyone promising recovery for an upfront fee is probably another scam.

#Three Sentences to Remember

  1. Unsolicited support, experts, or investors are usually dangerous.
  2. Pause before signing; gas-free signatures can be the most dangerous.
  3. Guaranteed high yield does not exist; leaking your seed phrase is leaking your money.

#End of the Handbook

You now have the core Web3 map:

  • Blockchains, layers, and gas.
  • Wallets, addresses, private keys, seed phrases, and signatures.
  • Coins, tokens, stablecoins, and NFTs.
  • DeFi, DEXs, and DAOs.
  • CEXs, DEXs, and common scams.

Next steps depend on your goal:

  • Try a small on-chain action on an L2.
  • Study one area deeply: DeFi, NFTs, DAOs, gaming, or security.
  • Learn development: Solidity, Rust for Solana, or smart contract security.
  • Stop here: also fine. You can now understand Web3 conversations much better.

Appendix:

The best safety tool in Web3 is slowing down.