Guide
How to Protect Yourself From Crypto Scams: The Complete Defense Playbook
Bottom line: know the four playbooks, never share keys, never sign blindly
Crypto scams look endless but the patterns are few. Learn the four big types — social-media investment scams, fake support/impersonation, wallet drainers (approval abuse), and rug pulls — and follow a few rules, and you'll avoid most losses.
This is the advanced companion to the scam checklist, going deeper into how attacks actually work.
Key points
- Never enter your private key or recovery phrase anywhere, on any site. Legitimate support will never ask for it.
- Trade only with FSA-registered operators. Investment pitches via social media or dating apps are almost always scams.
- A wallet "signature" or "approve" can be handing over your money. Never approve what you don't understand.
- Periodically revoke unused token approvals.
- In 2025, social-media investment/romance scam losses hit a record high (Japan's NPA). "Guaranteed gains" is a red light.
Playbook 1: social-media investment & romance scams (the biggest threat)
They approach via chat apps, social media, or dating apps and steer you toward a "special investment," "AI auto-trading," or "an exchange only I know." They show small fake "profits" to build trust, demand more deposits or "withdrawal fees," then vanish.
2025 was a record-worst year
Per Japan's National Police Agency, 2025 social-media investment/romance and special-fraud losses set a sharp record, with generative AI making schemes more convincing. "Profitable," "just for you," "right now" are classic scam words.
Tells: unsolicited investment pitches or romance-based approaches; requests to install a "dedicated app" from outside the official app store; profits visible only on screen, with "tax/fees" demanded only at withdrawal.
Playbook 2: fake support & impersonation
Posing as "exchange support" or an "official wallet," they reach you on X, Discord, email, or phone, claim "your account is at risk," and extract your private key, 2FA code, or recovery phrase.
- Legitimate support never asks for your private key or seed phrase.
- Don't click DMs or search-ad links claiming to be official. Always go via your bookmark.
- "Share your screen" or "install this app" is classic remote-access fraud.
Playbook 3: wallet drainers (approval abuse) — advanced but vital
They get you to connect your wallet to a fake site and sign a malicious "signature" or token "approve," stealing standing permission to drain your assets later. Globally, drainers have caused hundreds of millions of dollars in losses per year.
"Signing = consent," "approve = withdrawal permission"
Wallet confirmation screens can be visually manipulated. Build the habit of reading what you're signing. Reject anything meaningless, and never grant "unlimited" approvals.
Defenses:
- Don't connect to sketchy airdrops or fake mint sites (see airdrop cautions).
- Keep important assets on a hardware wallet and verify details on-device before signing.
- Periodically revoke unused token approvals; avoid unlimited approvals.
- Separate a daily (hot) and storage (cold) wallet.
Playbook 4: rug pulls, fake tokens, Ponzis
Developers raise funds with a new token/project, pull the liquidity, and disappear (rug pull). Or a "high yield" scheme pays old investors with new investors' money (Ponzi).
Red flags: "guaranteed X% APY" / "principal guaranteed" (risk is inherent; guarantees are nearly always lies); anonymous team, no audit, an empty white paper; rewards centered on referrals (a Ponzi sign).
Common scam signs (quick table)
| Sign | Why it's dangerous |
|---|---|
| "Guaranteed gains / principal protected" | Nothing is certain in investing |
| "Right now / only for you" | Pressure that prevents clear thinking |
| Asks for private key or seed | Legitimate parties never do = scam confirmed |
| Install outside the official app store | Doorway to malware/remote access |
| Fees/taxes demanded only at withdrawal | The classic "won't let you cash out" trick |
| Meaningless signature / unlimited approve | A drainer empties your wallet |
Defense checklist (save this)
- [ ] Trade only with FSA-registered operators
- [ ] Never enter your private key or seed anywhere
- [ ] Reach official sites via a bookmark (not ads/DM links)
- [ ] Use 2FA with an authenticator app
- [ ] Read what you sign/approve; reject unlimited approvals
- [ ] Periodically revoke unused token approvals
- [ ] Keep large holdings on a cold wallet
- [ ] Sleep on any "great opportunity" — never decide instantly
If you've been hit
Stay calm: (1) immediately contact your exchange/card issuer to freeze; (2) if your wallet may be compromised, move assets to a fresh wallet and revoke approvals; (3) report to police and consumer-affairs centers. Sent crypto is often unrecoverable — and beware "recovery" scams (a second-wave fraud).
FAQ
Q. Can a recovery agent get my money back? A. Most are second-wave "recovery" scams. Distrust any "refund/recovery" service that asks for an up-front fee; use official channels (police, consumer centers).
Q. Can just connecting my wallet drain it? A. Connecting alone usually doesn't, but a later malicious signature/approval can. Always read what you sign and don't sign on suspicious sites.
Q. What about celebrity/official "giveaways"? A. "Send first and I'll double it" is a classic scam — assume it's a lie, without exception.
Sources
- National Police Agency, social-media investment/romance scams: https://www.npa.go.jp/bureau/safetylife/sos47/case/sns-romance/investment/
- National Consumer Affairs Center of Japan: https://www.kokusen.go.jp/
- FSA crypto consumer alerts: https://www.fsa.go.jp/
Important notice
This article is educational information, not investment or tax advice. Crypto carries risk of price swings and hacking. Rules and tax law change; this guide reflects publicly available information as of June 2026. Verify the latest details with Japan's NTA (tax), the FSA (regulation), or a licensed professional, and only invest money you can afford to lose.
This article is informational only and is not financial, investment, or trading advice. Prices are reference snapshots and may be outdated. Always do your own research.