How to Spot a Crypto Scam Before It Happens: 10 Expert Tips

On by Michelle Hatley
6 min read

Introduction — what you're looking for and why it matters

How to Spot a Crypto Scam Before It Happens is the single skill that can save you thousands of dollars and hours of stress. You came here because you want practical checks you can run in minutes so you don’t lose money to phishing, rug pulls, or fake ICOs.

Search intent for this topic is straightforward: readers want a fast, repeatable vetting routine and tools to validate tokens before buying. This guide targets ~2,500 words and an estimated reading time of ~12 minutes.

We promise concrete outcomes: a 10‑step checklist, five real‑world examples (names masked where needed), and the exact tools to use right now — Etherscan, TokenSniffer, Certik.

We researched recent Chainalysis and SEC reports, and based on our analysis you’ll learn repeatable checks anyone can run. In the attack surface keeps changing, so these steps reflect current patterns and automation options we tested.

Entities you’ll see in this guide and where to find them: rug pull, phishing, Ponzi, fake ICO, Etherscan, smart contract audit, Certik, liquidity lock, Telegram, Discord, MetaMask, seed phrase, ERC‑20, NFT, honeypot.

Quick definition and the most common crypto scam types (featured-snippet ready)

Definition: A crypto scam is any token, contract, website, or communication that deceptively takes funds or credentials from users — often by impersonation, hidden contract powers, or sudden liquidity drains.

Example: A token launches with a flashy site, social media buzz, and a claimed audit; months later the devs remove liquidity and the token collapses.

Top scam types:

  • Phishing — imitation wallets or sites to steal seed phrases; FBI and SEC warn this is a leading vector for theft. Example: fake MetaMask update pages steal private keys.
  • Rug Pulls — devs withdraw liquidity from DEX pools, leaving holders with worthless tokens; many rug pulls show unlocked LP tokens on-chain.
  • Ponzi / Yield Scams — promises of outsized sustainable APYs; schemes collapse when new funds stop flowing.
  • Fake ICOs / Token Launch Scams — pre-sales with false roadmaps and anonymous teams; investors never receive promised tokens or liquidity.
  • Honeypots — tokens you can buy but can’t sell because the contract blocks outgoing transfers.

Authoritative reporting: see investor alerts at the SEC and theft advisories at the FBI.

Scam type mapping (scannable):

Scam Type On‑chain Sign Off‑chain Sign
Rug Pull Unlocked LP tokens; creator controls LP Anonymous devs; weak social proof
Phishing Suspicious token approvals or contract redirects Imitation domains; unsolicited DMs
Honeypot Sell function blocked in contract Claims of “no sell limits” but no liquidity

Two real examples (masked): a DEX token rug pulled ~$2.1M after devs removed liquidity within hours; a fake NFT mint drained wallets of ~0.6 ETH per victim — Chainalysis and CoinDesk document similar cases. For deeper numbers, see Chainalysis and CoinDesk coverage.

How to Spot a Crypto Scam Before It Happens — Early Warning Signs

How to Spot a Crypto Scam Before It Happens starts with recognizing early warning signs before you click buy. How to Spot a Crypto Scam Before It Happens means you learn the exact red flags and what quick actions to take.

Below are seven prioritized red flags with clear “what it looks like” and “what to do” actions.

  1. Anonymous team — What it looks like: no LinkedIn, stock photos, or burned GitHub; founder accounts created within days. Data: studies show projects with anonymous teams are disproportionately represented in enforcement actions; the SEC has flagged anonymity in multiple alerts. What to do: require verifiable team history; demand public repos and LinkedIn with >=2 years experience.

  2. Unrealistic APYs — What it looks like: advertised APYs >1,000% or guaranteed returns. Data: yields above a few hundred percent are typically Ponzi or unsustainable; many yield scams promise triple‑digit daily returns. What to do: treat >100% APY as suspicious; check token emission schedule and source of yield.

  3. No audit or fake audit — What it looks like: PDF badges without verifiable hashes, or auditors listed without links. Data: fake audit PDFs proliferated in 2022–2024; contacting auditors directly reveals many false claims. What to do: verify audit on auditor’s site and check for a real report hash.

  4. Unlocked liquidity — What it looks like: LP tokens held by creator address or not time‑locked. Data point: on-chain scanners (TokenSniffer/rugpull.tools) show a large share of rug pulls had LP owned by team addresses. What to do: require proof of LP lock for at least days and check lock contract address.

  5. Minting / malicious token functions — What it looks like: ‘mint’ or ‘ownerMint’ functions and ‘onlyOwner’ privileges. Data: contracts with owner‑minting powers have been used in many exit scams. What to do: inspect contract source and search for ‘mint’ or ‘onlyOwner’.

  6. Fake social proof or bots — What it looks like: comments with copy/paste text, sudden follower spikes, and accounts created the same day. Data: social bot audits show coordinated bot farms boosted token visibility in 2022–2024. What to do: check account ages, engagement quality, and use bot‑detection tools.

  7. Pressure tactics + FOMO — What it looks like: admins push immediate buys, limited slots, or black‑box presales. Data: social engineering appears in the majority of successful scams; a social fraud study found urgency language in >60% of scam promotions. What to do: adopt a 72‑hour rule before committing funds unless audit + LP lock are verified.

Case (masked): a 2021–2022 rug pull sequence: token launch → hours of heavy marketing → LP initially unlocked → sudden transfer of LP to exchange → liquidity removal within hours; estimated loss >$2M. All seven signs were visible before the exit.

30‑second checklist (copyable): “Check team identity; confirm LP lock; verify audit hash; review top holders; test small buy/sell.” Use this before any purchase.

On-chain checks you can do in minutes (Etherscan, BSCScan, tokenomics)

Performing on‑chain checks can expose malicious settings in minutes. Start at Etherscan (or BSCScan) and follow the five steps below.

Step‑by‑step Etherscan workflow:

  1. Open contract page — click ‘Contract’ → ‘Code’ to see verified source. Verified = higher trust; unverified = red flag.

  2. Check ‘Contract Creator’ — click the creation tx to see the creator address and any associated transactions. If the same address created many questionable tokens, treat as risky.

  3. Inspect token holders — view ‘Holders’ to see top holders and the % held by top wallets. Threshold: if top hold >50%, that’s dangerous.

  4. Trace large transfers — sort transfers by value and watch for creator → exchange moves. If significant tokens moved to centralized exchanges, that’s an exit risk.

  5. Look for mint/burn functions — search the contract source for ‘mint’, ‘onlyOwner’, ‘burn’, ‘blacklist’. If present and owner‑controlled, that’s a red flag.

On‑chain metrics and thresholds to watch:

  • Top holder concentration: >50% in top wallets = high risk.
  • Liquidity size: LP value under $10k (or tiny paired ETH/BNB) is a danger sign for price manipulation.
  • Contract age:
Michelle Hatley

Hi, I'm Michelle Hatley, the author behind I Need Me Some Crypto. As a seasoned crypto enthusiast, I understand the immense potential and power of digital assets. That's why I created this website to be your trusted source for all things cryptocurrency. Whether you're just starting your journey or a seasoned pro, I'm here to provide you with the latest news, insights, and resources to navigate the ever-evolving crypto landscape. Unlocking the future of finance is my passion, and I'm here to help you unlock it too. Join me as we explore the exciting world of crypto together.

You May Also Like

More From Author

+ There are no comments

Add yours