December 8, 2025

14 Crypto Scam Types (and How Blockchain Forensics Helps Detect and Disrupt Them)

Key takeaways

Crypto scams are schemes that use deception and the pseudonymity of blockchain to steal digital assets or sensitive information from victims.
According to research from TRM Labs, crypto scams have cost victims at least USD 53 billion since 2023 — and many share on-chain hallmarks.
Blockchain forensics is the practice of analyzing blockchain data to trace transactions, identify illicit activity, and link wallets to real-world actors. It is a critical tool used by investigators to disrupt scam networks.
From phishing to pig butchering, crypto scams largely rely on deception — often preying on victims’ emotions and leading to lasting psychological damage.

‍

As cryptocurrency adoption grows, so does the volume and sophistication of on-chain scams. According to TRM Labs, since 2023, at least USD 53 billion in crypto has been sent to fraud-related addresses — a number likely to rise as attribution improves.

From phishing attacks to pig butchering, crypto scams exploit the irreversible and borderless nature of digital assets. But blockchain forensics — the practice of tracing on-chain activity to detect illicit behavior — offers powerful tools for disrupting these schemes.

This blog post outlines 14 of the most common scam typologies in crypto, how blockchain forensics helps identify and stop them, and what users can do to protect themselves.

Blockchain forensics — sometimes also known as blockchain tracing or blockchain investigation — is the practice of analyzing blockchain transactions to uncover patterns, trace the flow of funds, and attribute activity to real-world actors. Blockchain forensics examines activity on decentralized, pseudonymous ledgers like Bitcoin, Ethereum, and others.

‍

What is a crypto scam?

A crypto scam is a type of fraud that manipulates the decentralized and pseudonymous nature of cryptocurrencies to deceive individuals or organizations. The goal is typically to steal funds, compromise personal information, or gain control of wallets.

Crypto scams come in many forms — fake investment platforms, phishing links, romance scams, or social impersonation. What sets them apart is speed: on-chain transactions happen in a matter of seconds and are hard to reverse, making early detection essential.

What makes crypto scams unique?

Irreversible transactions: Unlike traditional banking, crypto transfers cannot be undone
Cross-border activity: Scammers operate globally, often with operations spanning multiple jurisdictions
Pseudonymity: Bad actors can transact on blockchains without revealing their identities, often bypassing KYC through unregulated services
Automation and scale: Many sophisticated scam operations use bots, phishing kits, or AI-generated content to target and lure victims

‍

The hallmarks of 14 common crypto scam typologies

1. Romance scams

Romance scams often begin on dating apps or social media. Scammers adopt fake personas to cultivate emotional relationships with their targets, eventually manipulating them into sending cryptocurrency under false pretenses — such as medical emergencies, travel mishaps, or legal troubles.

Hallmarks of romance scams:

Initial contact via dating apps or social media
Excuses to avoid video calls or real-world meetings
Emotional manipulation, followed by urgent financial requests
Use of crypto ATMs or exchanges to receive funds
Victims are often instructed to keep the relationship secret

2. Pig butchering scams

Pig butchering scams are a type of romance scam — also often referred to as crypto investment scams or romance baiting — involving extensive grooming by fraudsters posing as romantic partners or successful traders. Over weeks or months, victims are persuaded to invest in fraudulent crypto platforms that simulate legitimate profits.

Hallmarks of pig butchering scams:

Outreach through SMS, WhatsApp, or social platforms
Gradual trust-building followed by investment pitches
Fake apps or platforms showing fabricated returns
Demands for additional deposits to “unlock” funds

3. Fake investment platforms, projects, and ICOs

Investment scams involve fraudsters advertising high-yield investment schemes via fake websites and mobile apps, often simulating successful trades and profits. Scammers might also advertise fake token sales with no real intent of building a real project — ultimately pocketing the funds from investors and disappearing.

Hallmarks of fake investment platforms and fraudulent ICOs:

Promises of “guaranteed” returns
Buzzwords without substance
Ability to withdraw early profits to build trust
Sudden freezing of withdrawals or account locks
No roadmap execution

4. Rug pulls and exit scams

In rug pulls and exit scams, developers intentionally abandon their projects to steal investor funds. These scammers may launch a DeFi protocol or token and attract investors, but then suddenly remove its liquidity and vanish.

Hallmarks of rug pulls:

Anonymous developer teams
No audits or code transparency
Token price crashes after liquidity is drained

5. Ponzi and pyramid schemes

Ponzi schemes use new deposits to pay fake profits to earlier victims. A pyramid scheme is the fraud that recruits members with a promise of payments for enrolling others into the scheme, often luring victims with strong incentives for recruiting as many new investors as possible. These models are unsustainable and collapse once new deposits slow.

Hallmarks of Ponzi schemes:

High referral incentives
Emphasis on recruitment
Lack of transparency about fund management

6. Advance fee scams

In advance fee scams, victims are promised a windfall (e.g. inheritance, lottery, payout) in exchange for a small upfront payment that supposedly covers fees or processing. In reality, the scammer pockets the funds from those smaller transactions and vanishes.

Hallmarks of advance fee scams:

Long, formal messages mimicking legalese
Pressure to act fast
Requests for multiple follow-up payments

7. Pump-and-dump scams

Pump-and-dump scams involve artificially inflating the price of a low-liquidity token through misleading promotions, coordinated buying, or influencer hype — followed by a rapid sell-off by the insiders who orchestrated the scheme.

Hallmarks of pump-and-dump scams:

Aggressive marketing of unknown tokens, often through Telegram or Twitter
Promises of guaranteed price increases or insider access
Sudden, short-lived spikes in token price and trading volume
Developers or promoters selling large holdings shortly after the pump

8. Phishing scams

Phishing scams trick users into disclosing private keys or signing malicious contracts by mimicking trusted services or brands. In the context of crypto, phishing scammers may impersonate reputable cryptocurrency services (e.g. exchanges) and drive users to click on links to fraudulent websites — or even airdrop tokens to users’ wallets, encouraging users to purchase the token. Once victims have accessed these sites or purchased tokens, the scammers steal these users’ login credentials and remove funds from their wallets.

Hallmarks of phishing scams:

Fake login portals for wallets or exchanges
Impersonation of support teams or influencers
Typosquatting (e.g. g00gle.com)
QR code scams at physical events or crypto ATMs
Spam tokens with clickable metadata
Fake rewards for staking or claiming
Website redirects to drainware contracts

9. Drainware

Drainware is malicious code that siphons funds from crypto wallets after victims unknowingly grant permissions to deceptive smart contracts. Unlike traditional malware, drainware exploits gaps in wallet or smart contract security — not direct device infections.

Hallmarks of drainware:

Fake minting or staking websites
Social engineering to prompt approval transactions
No direct fund transfer by the victim

10. Mining scams

Crypto mining scams deceive victims into investing in fraudulent cloud mining operations or hardware schemes with promises of passive income. In reality, these operations often lack any actual mining infrastructure — and instead pocket user deposits or operate as Ponzi schemes.

Hallmarks of mining scams:

Promises of high returns with little to no technical knowledge required
Fake dashboards showing increasing mining yields
Pressure to upgrade to higher “hash power” tiers or recruit others
Lack of transparency about physical mining facilities or partners

11. Tech and IT support scams

In tech and IT support scams, fraudsters impersonate support teams from exchanges, wallets, or antivirus providers to gain remote access to user devices. These scams often begin with fake pop-ups, phishing emails, or unsolicited calls claiming a user’s account has been compromised or urgently needs attention. Victims are tricked into installing remote desktop software, granting the scammer full access to their device.

Hallmarks of tech support scams:

Cold calls or pop-up warnings
Urgency to fix a “compromised” account
Installation of remote desktop software

12. Impersonation scams

Impersonation scams involve criminals pretending to be public figures, company executives, or even friends and family members in distress to trick users into sending cryptocurrency. These scams often rely on urgency and emotional manipulation — such as a spoofed message from a “CEO” requesting an emergency payment, or a deepfake video of a celebrity promoting a fake crypto giveaway.

Hallmarks of impersonation scams:

Deepfake video or voice messages
Fake verification badges on social media
False claims of legal, financial, or medical emergencies

13. Extortion and Sextortion Scams

In extortion and sextortion scams, scammers threaten to release private or fabricated content unless victims pay a ransom — often in cryptocurrency. These scams often arrive as unsolicited emails claiming to have hacked a user’s webcam, device, or browser history. The attacker demands payment (e.g. in bitcoin), citing specific threats like sharing embarrassing content with friends, family, or employers.

Hallmarks of extortion scams:

Claims of hacked webcams or browser data
Demands for Bitcoin with tight deadlines
Threats to send data to employers or family

14. Money mule scams

Money mule scams involve individuals — often unsuspecting — who are recruited to transfer stolen cryptocurrency on behalf of criminal organizations. These scams typically appear as online job offers, “crypto investment” opportunities, or requests from fake friends or influencers. Victims may be told they’re helping with “liquidity,” “payment processing,” or “cross-border transfers” in exchange for a commission. Mules are often asked to receive funds into their wallets and then forward them elsewhere — obscuring the trail and helping criminals launder illicit proceeds.

Hallmarks of money mule scams:

Job offers to “process crypto payments”
Requests to use personal wallets or IDs
Urgency and compensation for quick action

‍

The role of blockchain forensics in disrupting crypto scams

As crypto and digital assets are adopted more broadly across the financial ecosystem, criminals are turning to crypto as a means to their illicit ends. Scammers are also increasingly leveraging sophisticated AI agents — and running operations from remote scam compounds — to expand the scale and reach of their schemes.

Against this backdrop, blockchain forensics has never been more essential in understanding and disrupting illicit activity.

Why scams aren’t isolated — and why patterns matter

Crypto scams rarely occur in silos. Even when the surface-level tactics differ, many schemes rely on shared infrastructure — such as collection wallets, laundering hubs, or phishing kits — that span across typologies.

Blockchain forensics tools like TRM Forensics help uncover these deeper connections. By analyzing behavioral patterns and clustering wallet activity, investigators can detect when multiple scams trace back to the same operators or infrastructure.

How forensic tools accelerate investigations

Speed is essential. Crypto moves fast, and so must investigations. TRM’s blockchain intelligence platform enables:

Real-time fund tracing across 30+ blockchains
Detection of repeat wallet reuse and laundering patterns
Automated generation of case files with transaction flow visualizations

Tools like TRM Forensics and TRM Wallet Screening help compliance teams flag risks before transactions occur — while law enforcement can follow funds from victim to cash-out with minimal delay.

Collaboration is key — from exchanges to regulators

Disrupting scams at scale requires coordination. Blockchain forensics serves as a common operating picture across:

Law enforcement: To initiate and support investigations
Crypto businesses and financial institutions: To screen, block, and report fraud
Regulators and policymakers: To understand ecosystem risk and inform response

Platforms like Chainabuse enable public reporting and community-based intelligence, bridging the gap between victims and investigators.

‍

How TRM helps disrupt crypto scams

TRM helps investigative teams detect, investigate, and disrupt scams using blockchain forensics — whether they’re tracing funds from a pig butchering ring or flagging scam wallets linked to phishing kits.

Capabilities that make a difference

Capability	What sets TRM Labs apart
Cross‑chain and universal tracing	Trace through bridges and swaps across 50+ enhanced blockchains to visualize valid paths in one time-ordered graph — critical for chasing pig butchering and investment scam funds that hop chains to evade detection
Behavioral detection with TRM Signatures®	ML‑powered pattern recognition identifies suspicious behaviors, helping teams quickly spot money laundering patterns often used in Ponzi schemes and ransomware operations
Wallet clustering and entity attribution	Cluster related wallets to expose shared infrastructure and link activity to known threat actors, helping to unmask the operators behind rug pulls, fake investment platforms, and money mule networks
Glass box attribution	Validate intelligence with transparent source documentation and confidence scores-critical for defending connections in court when prosecuting pig butchering and fraud rings
Screening and proactive risk controls	TRM Wallet Screening pre-screens against labeled crypto addresses to flag high‑risk exposure, enabling exchanges to block payments to romance scammers or phishing drainers
Victim and community intelligence	Chainabuse contributes 1.1 million+ victim reports, providing unique attribution that enriches investigations into impersonation scams, tech support fraud, and giveaway scams
Deconfliction and coordinated disruption	TRM Deconflict connects 500+ agencies to coordinate on targets, while features like auto-graph deconfliction help signal risk to VASPs-essential for stopping fast-moving drainware attacks.
Real-time response networks	Beacon Network and the T3 Financial Crime Unit (FCU) enable rapid collaboration to freeze illicit funds from hacks or major fraud before they can be off-ramped
Advanced tracing modes for tricky cases	Purpose‑built tools like UTXO tracing and built‑in demixing support help follow funds through mixers often used to hide proceeds from extortion and darknet markets
AI-powered smart contract analysis	Smart Contracts AI Summary generates clear explanations of complex code, enabling investigators to instantly flag malicious logic used in honeypots, rug pulls, or drainware contracts
Case management and reporting	Native casework and graph exports make it easier to move from first transaction to final brief-ready for subpoenas and referrals for any scam typology
People and process enablers	Principles‑first training through TRM Academy helps teams operationalize best practices to stay ahead of emerging threats like approval phishing and pig butchering

‍

TRM gives compliance teams, investigators, and policymakers the ability to detect signals, connect dots, and stop scams — faster and at greater scale.

‍

What to do if you think you’ve been scammed

If you suspect you’re a victim of a cryptocurrency scam:

Cease communication with the scammer immediately
Document everything: wallet addresses, hashes, URLs, messages
Report the incident on Chainabuse.com
Alert your exchange or wallet provider
Use a revocation tool like Revoke.cash to block further drain
Move remaining assets to a secure wallet with a new seed phrase
File a report with law enforcement
Share your experience to help others avoid similar attacks

‍

Frequently asked questions (FAQs)

1. What is a crypto scam?

A crypto scam is a type of fraud that uses deception and the pseudonymity of blockchains to steal digital assets, personal data, or wallet access from victims.

2. How does blockchain forensics help stop crypto scams?

Blockchain forensics analyzes on-chain data to trace transactions, detect scam patterns, and link wallets to real-world actors — enabling faster disruption of fraud networks.

3. What makes crypto scams different from traditional fraud?

Crypto scams are borderless, fast, and hard to reverse due to the pseudonymous and decentralized nature of blockchains. Many scammers also use AI, bots, and fake apps to scale their attacks.

4. What is pig butchering in crypto?

Pig butchering is a long-term scam where fraudsters build fake romantic or social relationships to convince victims to invest in fraudulent crypto platforms. Eventually these bad actors pocket the victims’ money and disappear, causing immense emotion, psychological, and financial damage.

5. What are common red flags of fake investment platforms?

Red flags include guaranteed returns, buzzwords without substance, limited withdrawals, and platforms that simulate fake profits before freezing accounts.

6. How do phishing scams steal crypto?

Phishing scams mimic trusted services or use malicious links and smart contracts to trick users into sharing private keys or authorizing wallet-draining transactions.

7. How can I tell if I’m being used as a money mule in crypto?

If someone asks you to receive and forward crypto for commissions, especially through personal wallets or with urgency, you may be unknowingly laundering stolen funds.