Cryptocurrency Scams and How to Spot Them

Bitcoin introduced a new revolutionary technology to the world: the blockchain.

As the pioneer in decentralisation, it offers an alternative to the current monetary system.

However, the cryptocurrency market is relatively new: it started in 2009, took off in 2013 and boomed in 2017, as of today, the market is yet to be regulated.

Thanks to its robust privacy features, some malicious individuals can take advantage of novice users.

Investors need to take extra care not to fall for scams and fraudulent investment opportunities.

In general, if an investment opportunity guarantees a fixed return, asks for an initial pay-out or gives “too good to be true” offers, it is most probably a scam.

We identified six types of scams that target less tech-savvy individuals, primarily on social media.

  • Ponzi & Pyramid schemes
  • Cloud mining
  • Flipping
  • Phishing
  • Malware
  • Shitcoins and ICOs

Ponzi & pyramid schemes


Both Ponzi and pyramid schemes give returns to early investors from the capital of new investors.
While Ponzi investors believe they are earning routine returns, pyramid scheme participants are tasked to seek new investors and are incentivised to do so. In other words, a Pyramid scheme is a Ponzi scheme with aggressive affiliate marketing incentives.

How-to Spot

They offer guaranteed returns and promise low risks to investors.
Furthermore, the initial fee is omitted in their marketing content and disclosed only after the “click-bait”. In the case of pyramid schemes, they often state that you earn incentives on every level of affiliates that invests in the project.

Cloud mining


Cloud mining refers to a service selling outsourced mining services: the investor is promised the mining output (crypto-assets) without enduring the mining input (hardware, electricity, ventilation, heat).

While the idea sounds appealing, cloud miners remain secretive about investment returns, data warehouses’ location and equipment. There is often no proof that any mining rigs exist.

Furthermore, the contractual relationship between miners and investors states hash power as the primary selling indicator, but it does not guarantee any mining output.

Historically, many cloud miners were identified as Ponzi scams - at tropyc, we believe all cloud mining services are scams or very poor investments at the least.

A cloud miner has no incentive to market his product, give customer support, sell mining contracts or take any market risks.

A rational investor should instead mine independently. It is more profitable for an individual to buy cryptocurrencies and assets directly on the secondary market than to buy contracts from cloud miners.

How-to Spot

Very easy to spot cloud miners as they advertise this type of service openly.



Flipping scams consists of promising an absurd rate of return in a record time without any contractual relationship.

Once the attackers receive the funds... radio silence: the other end of the deal is never delivered.

Flipping is mostly present on social media and initiated by fake accounts.

Scammers show off signs of wealth (picture of piles of cash or digital wallet screenshots), have fake accounts to comment their posts (to improve their credibility) and often request "only serious” investors to contact them, as if the opportunity was unique.

How-to Spot

Marketing content promises a fixed rate of return and often reveals fake pictures of wealth.

Scammers advertise the fast turnaround aggressively and ask for the funds to be deposited.



The act of phishing in cryptocurrency consists in convincing holders to input their wallet private keys and passwords, by redirecting them to a fake website or by claiming to be a representative of a cryptocurrency brand (mostly Bitcoin or Ethereum).

Of course, there is no existing official team or company that “owns” or represents bitcoin (although there is a team of developers and a bunch of lobbyists).

Phishing attackers target new users, not aware of how to manage wallets and cybersecurity.

Paradoxically, some of them may warn victims about never sharing private keys and passwords while asking for them.

Indeed, the most common phishing techniques are to offer a wallet security assessment or a private key hack check.

Never share your passwords and private keys with a third party. Otherwise, you will lose all of your crypto assets.

How-to Spot

Phishing websites will often use a cryptocurrency logo for their branding and social media profile pictures to pretend they are part of an “official” entity.

Afterward, the malicious service will request sensitive wallet information or ask for a password reset by sharing a fake link.

Phishing attacks also happen with ICOs, where the malicious agent will purchase Google ads to promote and position its fake website at the top of google searches.



Malware are malicious pieces of software or links intended to steal information and disrupt your system.

In a cryptocurrency context, malware software is often advertised as a wallet, auto-mining tool, or disguised as shortened URLs especially on social media.

The attacker gets access to your entire system: not only your crypto-asset wallets but also all of your private information.

How-to spot

Avoid at all costs shortened URLs without HTTPS, especially in social media groups populated by spammers such as “Bitcoin earner” or “Crypto-currency investment and trading”.

We advise you only to download official wallets.

Shitcoins & fraudulent ICOs


New digital currencies and crypto assets are popping up very frequently: while some genuinely add value to the decentralised economy, others are not worth the investment.

Floating tokens and token sales that promote “shitcoins” do not have any value as such or rebrand an existing project.

By doing so, tokens are stealing the hard work of talented developers by merely forking a cryptocurrency.

How to spot

Shitcoins share the same patterns:

  • Poor web application, design and shallow whitepaper
  • Affiliate marketing with attractive bonuses
  • Aggressive social media marketing campaigns for groups of beginners
  • Anonymous founding team
  • No community groups where investors can interact amongst each other (Slack, Telegram, Facebook)
  • Token supposedly asset-backed by a real asset but impossible to claim easily by the token holder

Specific to ICOs :

  • Cloudy and misleading token distribution
  • Early bird bonuses going up to 50%
  • Pre-mined assets, or a pre-ICO that occurred a short period of time before the main sale but with a drastically different valuation

Have a look at our ICO listing and rating page, where we have listed project fundamentals, token distribution and rated them for you.