There’s a moment and if you’ve spent any time in the crypto space, you’ve probably had it where something just feels slightly off. Maybe it’s an Instagram DM from someone you barely know, or a WhatsApp message from a “trading expert” with screenshots of absurd profits. You can’t quite put your finger on why it bothers you, but something doesn’t sit right.
That instinct is worth listening to. Because cryptocurrency scams are now one of the fastest-growing categories of financial fraud in the UK, and they’re getting harder to spot by the day.
According to data from Action Fraud, cryptocurrency-related fraud has cost UK victims tens of millions of pounds in recent years. In North Yorkshire alone, Action Fraud data revealed that over £105,000 was stolen from just 15 people in the space of a few months in 2024 and these weren’t naive or careless individuals. They were ordinary people who got caught out by sophisticated, patient scammers who knew exactly what they were doing.
This guide will guide you through How to Protect Yourself from Cryptocurrency Scams. Whether you’re already investing in crypto, thinking about it, or you’ve got a family member who’s been approached by something that doesn’t feel right by the time you finish reading this, you’ll know exactly what to look for, what to avoid, and what to do if things go wrong.
Why Cryptocurrency Is Such a Prime Target for Scammers
Before we get into the tactics, it helps to understand why crypto specifically attracts so much fraud activity. And it’s not complicated there are a few structural features of the crypto world that make it particularly attractive to criminals.
First, transactions are largely irreversible. Unlike a bank transfer where you might be able to raise a dispute and get funds clawed back, once you’ve sent crypto to a scammer’s wallet, it’s gone. There’s no Visa chargeback, no bank fraud department, no Financial Ombudsman to complain to (in most cases). The finality of crypto transactions is one of the things that makes the technology interesting and it’s also what makes theft so devastating.
Second, most crypto assets fall outside traditional financial regulation. The Financial Conduct Authority (FCA) has begun requiring certain crypto businesses to register and comply with anti-money laundering rules, but many crypto platforms operating internationally including many that UK residents actively use aren’t regulated in any meaningful sense. That means the usual safety net simply doesn’t exist.
Third, there’s still a huge amount of public confusion about how crypto actually works. Scammers exploit that confusion deliberately. They use jargon, flash graphs, fake dashboards and simulated “live returns” to make people feel like they’re participating in something real and legitimate when they’re not.
And fourth honestly, the potential returns on crypto have genuinely been extraordinary at times. Bitcoin went from under £10,000 in early 2020 to over £50,000 by late 2021. Stories of people making life-changing money from crypto are real and widely shared. Scammers piggyback on that legitimate excitement and use it to make their pitches feel believable.
Understanding this context matters because it helps you see why even smart, financially savvy people get caught out. The scammers aren’t idiots. In many cases, they’re running what amount to professional criminal enterprises with scripts, customer service teams and fake trading platforms that look completely convincing.
The Most Common Types of Cryptocurrency Scams in the UK Right Now
Investment Scams with Guaranteed Returns
This is the big one. Someone contacts you through social media, a messaging app, email, or even a dating platform and starts talking about a cryptocurrency investment opportunity. They might claim to be a professional trader, someone who works in finance, or just a regular person who “got lucky” and wants to share the knowledge.
The hallmark of this type of scam is the promise of guaranteed or unusually high returns. Real investments don’t work like that. Legitimate financial advisers are legally required to tell you that capital is at risk. Anyone promising you 20%, 40% or 100% returns with little or no risk is lying to you full stop.
What typically happens is this: they’ll ask you to create an account on a trading platform (usually one they direct you to, which is either fake or controlled by them). You’ll deposit money, and at first you might actually see your “balance” growing. This is deliberate it encourages you to invest more. When you try to withdraw, you’ll either be told you need to pay fees or taxes first, or the platform will simply disappear overnight.
Romance Scams Leading to Crypto Investment
Sometimes called “pig butchering” scams (an unpleasant name but a useful one), these are among the most psychologically cruel forms of crypto fraud. A scammer creates a fake profile on a dating app, social media platform, or even LinkedIn and builds a relationship with the victim over weeks or months. They’re charming, interested, attentive exactly what you’d hope a new romantic connection might be.
Once trust is established, they mention casually at first that they’ve been doing well with a crypto investment. They offer to help you get started. And because you trust them, because you think this is someone who cares about you, the defences that might otherwise kick in just aren’t there.
These scams have become enormously sophisticated. Some victims have lost hundreds of thousands of pounds. If someone you’ve met online and never in person starts talking to you about crypto investment opportunities, please treat it as a red flag regardless of how genuine they seem.
Celebrity Endorsement Scams
Scroll through social media for long enough and you’ll almost certainly encounter an advert claiming that Elon Musk, Martin Lewis, or some other well-known figure has endorsed a particular crypto platform. These are almost universally fake. Scammers use manipulated video clips, AI-generated voices and fabricated quotes to make these endorsements look real.
Between 2020 and 2021, over 435 reports were made to Action Fraud specifically about cryptocurrency scams using fake celebrity endorsements. Since then, the technology used to create convincing fake content has only improved. Martin Lewis himself has repeatedly had to publicly distance himself from such scams and has taken legal action against some platforms that used his name.
If you see a celebrity promoting a specific crypto investment on social media, the smart move is to go directly to that celebrity’s verified official accounts and check whether they’ve posted anything about it. In almost every case, they haven’t.
Phishing Attacks Targeting Crypto Wallets
Phishing in the crypto context works slightly differently from traditional phishing. Instead of trying to steal your bank login details, scammers are after your crypto wallet’s private key or seed phrase the string of words that gives complete access to your wallet.
These attacks often come via email, pretending to be from a legitimate exchange or wallet provider. They’ll tell you there’s a problem with your account, a security alert, or a requirement to verify your wallet. They’ll direct you to a convincing fake website where you’ll be prompted to enter your seed phrase.
Here’s the thing: no legitimate wallet service, exchange or crypto platform will ever ask you for your seed phrase. Ever. Not in an email, not on a website, not on the phone. If anyone asks you for it, they’re trying to steal from you. Your seed phrase is like the master key to a safe that can never be replaced give it to someone and everything inside is theirs.
Rug Pulls and Fake NFT Projects
A rug pull happens when the creators of a crypto project a new coin, a DeFi platform, or an NFT collection hype it up, attract investment, and then abruptly shut everything down and disappear with the funds. The “rug” gets pulled out from under investors.
These are particularly common in the NFT space. A team will launch a project with a slick website, a Discord community, a roadmap promising all sorts of future benefits, and maybe even some celebrity involvement. The project sells out. Then, quietly, the team disappears. The website goes down. The Discord goes silent. The tokens become worthless.
What makes rug pulls so hard to identify is that the people behind them have become very good at mimicking what legitimate projects look like. They spend money on marketing, they engage with community members, they do AMAs (Ask Me Anything sessions). Distinguishing a genuine project from a well-executed rug pull requires real due diligence.
Blackmail and Extortion Scams
These take a different form. You receive an email claiming that the sender has evidence of you visiting adult websites, or has footage of you obtained through your webcam. They demand payment in cryptocurrency usually Bitcoin threatening to send the material to your contacts if you don’t pay.
In the vast majority of cases, this is entirely fabricated. They’re casting a wide net with a mass email campaign, hoping enough people panic and pay up. The personal details they include sometimes a real password you’ve used typically come from historic data breaches available on the dark web, not from any actual surveillance of you. Have I Been Pwned is a useful tool for checking whether your email address has appeared in known data breaches.
Do not pay. If you’re concerned, report it to the National Cyber Security Centre (NCSC) and to your local police.
The Warning Signs That Something Is a Scam
Knowing the types of scams is useful. But what you really need is the ability to spot one in the moment, when you’re being actively targeted. Here are the signals that should make you stop and think very carefully before proceeding.
Unexpected contact. You didn’t go looking for this investment opportunity it came to you. Whether through social media, email, text, or phone, unsolicited contact about crypto investment is an enormous red flag. Legitimate investment opportunities don’t require cold outreach.
Pressure to act quickly. Any suggestion that the opportunity is time-limited, that you’ll miss out if you don’t decide now, or that prices are about to skyrocket and you need to get in before they do all of this is designed to short-circuit your critical thinking. A legitimate opportunity will still be there tomorrow. Take your time.
Guaranteed or exceptionally high returns. The crypto market is genuinely volatile. Bitcoin can lose 40% of its value in a matter of weeks and gain it back again just as fast. Anyone guaranteeing you steady, high returns is either lying or doesn’t understand the market they claim to be operating in.
Being asked for your seed phrase or private keys. As mentioned above this is never legitimate, under any circumstances.
Unusually professional-looking websites. This might seem counterintuitive, but scammers invest heavily in making their platforms look real. A slick website is not evidence of legitimacy. Anyone can buy a domain and a professional template.
Platforms you can’t find through independent research. If you search for a platform and the only results are the platform itself, affiliates promoting it, and pages on obscure review sites that all sound suspiciously positive, be very cautious.
Fees required before you can withdraw. This is one of the most reliable signals of a scam. Legitimate platforms don’t require you to pay a fee, a “tax” or a “processing charge” to release your own money. If you can’t withdraw without paying more in, you’re in a scam.
How to Check Whether a Crypto Firm Is Legitimate
This is arguably the single most important practical step you can take, and it’s free and straightforward to do.
Use the FCA Register
The FCA Register allows you to search for any financial firm or individual operating in the UK and check their authorisation status. While most crypto firms aren’t regulated in the same way as traditional financial services firms, crypto businesses operating in the UK are required to register with the FCA for anti-money laundering purposes.
If a firm isn’t on the FCA Register, you have no protection if things go wrong. You won’t be able to use the Financial Ombudsman Service or the Financial Services Compensation Scheme (FSCS) both of which exist to protect consumers when regulated firms fail or act unfairly.
You can also use the FCA’s Warning List to check whether a specific firm has already been flagged as operating without authorisation or as a known scam.
Contact the FCA Directly
If you’re unsure about a firm and can’t verify their status through the Register, you can call the FCA directly on 0800 111 6768. They can check the details you’ve been given and tell you whether the firm is genuine. This takes a few minutes and could save you everything.
One critical point: always use the contact details from the FCA Register itself. Don’t use phone numbers or email addresses provided by the firm you’re checking, even if they claim to be FCA-registered. Clone firms fraudulent operations that impersonate real, authorised businesses are increasingly common, and they often provide contact details that route back to themselves rather than the real company.
Check for a Physical Address and Verifiable History
Legitimate businesses have verifiable physical addresses, companies house registrations, and a demonstrable history. You can check UK company registrations at Companies House. If a firm claims to be based in the UK but has no Companies House record, that’s a serious problem.
Look at Independent Reviews Carefully
Sites like Trustpilot can be useful, but be aware that scam operations sometimes generate fake positive reviews in bulk. A page full of glowing five-star reviews with generic language, all posted around the same time, should make you suspicious rather than reassured. Look for specific, detailed reviews positive and negative and pay attention to how the company responds to complaints.
Specific Platforms and Channels Scammers Use
Social Media
Instagram, Facebook, Twitter/X, and TikTok are all heavily exploited by crypto scammers. Be sceptical of any investment-related content served to you through paid advertising on these platforms, particularly if it features celebrity endorsements or claims of life-changing returns.
Both Meta and TikTok have been criticised and in some cases subjected to regulatory pressure for allowing fraudulent financial advertising to run on their platforms. The FCA has been vocal about the risks of financial promotions on social media, including those involving crypto.
WhatsApp and Telegram
Group chats and direct messages on messaging apps are a common vector for crypto scams. You might be added to a “trading tips” group without your consent, where a room full of apparent participants enthusiastically discuss their gains from a particular platform. In reality, most or all of the other “members” are controlled by the scammer to create a false sense of social proof.
Dating Apps
As discussed above, dating apps are increasingly used as the opening move in romance-based investment scams. If a match steers conversation towards crypto or investing, be alert.
Phishing emails targeting crypto users are sophisticated and sometimes convincing. Be particularly cautious of emails claiming to be from exchanges you use, informing you of security issues or account problems. Go directly to the official website rather than clicking links in the email, and verify through official channels before taking any action.
What to Do If You Think You’ve Been Targeted
If something feels wrong, stop. Don’t send any more money, don’t make any more investments, and don’t allow remote access to your device. Then take the following steps.
Stop all contact with the suspected scammer. Block them across all platforms. Don’t engage in further conversation they may attempt to manipulate you further, claim there’s been a misunderstanding, or try to convince you to invest more to “recover” your losses.
Contact your bank immediately. If you’ve made bank transfers to fund a crypto investment, your bank may be able to recall some funds if you act quickly enough. Call your bank’s fraud line as soon as possible. Even if the money has already moved, they need to know in order to try and help and to flag potential fraud patterns.
Report to the FCA. Use the FCA’s online reporting tool or call 0800 111 6768. This helps the FCA identify and act against fraudulent operations.
Report to Report Fraud. For matters involving money already lost or crimes that need police investigation, Report Fraud (formerly Action Fraud) is the national reporting centre. You can report online or call 0300 123 2040.
Report to the NCSC. If you received a suspicious email or phishing attempt, report it to the National Cyber Security Centre via [email protected]. Their Suspicious Email Reporting Service (SERS) processes millions of reports and has taken down thousands of scam sites.
Be wary of recovery scams. If you’ve been scammed, you may be targeted again by someone claiming they can help you recover your lost funds for a fee. These “recovery room” scams are extremely common and prey specifically on people who’ve already been victimised. No legitimate organisation will cold-contact you with an offer to recover your crypto losses.
Protecting Your Existing Crypto Holdings
If you legitimately invest in cryptocurrency, the following practical steps will significantly reduce your risk of being hacked or defrauded.
Use a hardware wallet for significant holdings. A hardware wallet (also known as a cold wallet) is a physical device that stores your crypto keys offline. Devices from companies like Ledger and Trezor keep your keys away from the internet, which means they can’t be accessed remotely by hackers. If you hold any meaningful amount of crypto, a hardware wallet is worth the investment.
Enable two-factor authentication on every exchange account. Use an authenticator app rather than SMS-based 2FA where possible SIM swapping attacks, where criminals convince your mobile carrier to transfer your number to a SIM they control, can bypass SMS codes.
Never share your seed phrase with anyone or store it online. Write it down on paper and store it somewhere safe and offline. Don’t photograph it, don’t type it into any app or website, and don’t store it in cloud storage or email.
Use strong, unique passwords for every exchange and wallet account. A password manager like Bitwarden (which has a free tier) makes this easy to manage.
Be careful with public Wi-Fi. Accessing exchange accounts or wallets on public networks is a risk. If you need to, use a reputable VPN service.
Verify withdrawal addresses carefully. There’s a type of malware called a “clipper” that quietly changes copied cryptocurrency addresses to the attacker’s address when you paste. Always double-check the first and last several characters of any address before completing a transaction.
A Word on “Too Good to Be True” and Why We Fall For It
It’s worth pausing to think about why these scams work. It’s not because victims are stupid they demonstrably aren’t. Doctors, teachers, accountants, retirees, people with advanced degrees and decades of financial experience have all been taken in.
The psychological techniques scammers use are sophisticated and deliberate. Creating urgency overrides rational evaluation. Building rapport and trust over time lowers our guard. Social proof showing that lots of other people are apparently benefiting makes something feel safe. The promise of financial security, freedom, or a better life for your family taps into something deep and real.
The best defence isn’t just knowledge it’s giving yourself time and space to think. A genuine opportunity doesn’t disappear because you took a week to do your research. Legitimate companies don’t pressure you to invest before you’re ready. Any time you feel rushed, excited and slightly anxious about a financial decision, that’s precisely the moment to slow down rather than speed up.
Talk to someone you trust. Call the FCA. Take a breath. The scam might be gone by the time you come back to it but so will your hesitation. And that’s a trade worth making.
The Regulatory Landscape in the UK
Understanding where regulation currently sits helps you understand both what protections exist and where the gaps are.
The FCA regulates financial services in the UK and has authority over how crypto businesses handle money laundering risks. From 2020, crypto asset businesses were required to register with the FCA under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations. This doesn’t mean these businesses are regulated in the same way as banks or investment firms it means they’ve met certain baseline anti-money laundering standards.
The government has signalled its intention to bring more of the crypto market under formal FCA regulation over the coming years, extending requirements around financial promotions, consumer protection and operational standards. But we’re not there yet, and the regulatory gaps remain significant.
In the meantime, the practical implication for you is this: even if a crypto platform is FCA-registered, that registration doesn’t guarantee the safety of your funds, doesn’t mean you can use the Financial Ombudsman Service if something goes wrong, and doesn’t mean the FSCS will compensate you if the platform fails. These protections exist for regulated financial products and most crypto investments don’t qualify.
MoneyHelper, the free guidance service backed by the government, has a helpful section on cryptoassets that explains your rights and what protections do and don’t apply.
Talking to Family Members About Crypto Scams
One of the more difficult aspects of this problem is that scams often affect people who are less familiar with the crypto space and more trusting of what they encounter online. If you have elderly parents, a less tech-savvy sibling, or anyone in your life who has mentioned a crypto investment opportunity they’ve been offered, it’s worth having a gentle conversation.
The key is not to be condescending scammers target everyone, and falling for one doesn’t indicate stupidity or vulnerability in any simple sense. Instead, try to approach it as sharing information you’ve come across: “I read something interesting about crypto scams recently, it was a bit alarming actually have you heard about this kind of thing?”
Encourage them to talk to you before making any financial decision involving crypto. Share the FCA’s Firm Checker with them and show them how easy it is to use. Make sure they know that it’s completely acceptable actually preferable to simply not engage with unexpected financial pitches.
The Take Five to Stop Fraud campaign, run by UK Finance with the backing of the government and law enforcement, offers straightforward guidance on spotting fraud across different scenarios and is well worth bookmarking.
Quick Reference: Key Resources
If you’ve read this far and want a handy list to save, here are the key places to go:
To check if a firm is FCA authorised: FCA Register
To see the FCA’s list of known scam operators: FCA Warning List
To report a scam to the FCA: FCA Report a Scam or call 0800 111 6768
To report fraud to police: Report Fraud or call 0300 123 2040
To report phishing emails: [email protected] (NCSC)
To check if your email has been in a data breach: Have I Been Pwned
For free, impartial financial guidance: MoneyHelper
To find a regulated financial adviser: MoneyHelper Adviser Search
For general fraud prevention advice: Take Five to Stop Fraud
Cryptocurrency is a genuinely interesting and evolving part of the financial landscape. Dismissing it entirely is probably an overcorrection the underlying technology has real applications, and the asset class, however volatile, has attracted serious institutional interest. There are legitimate ways to invest in crypto, legitimate platforms to do so, and legitimate advisers who can help you think it through.
But the space is also rife with fraud, and the combination of regulatory gaps, irreversible transactions, and widespread public confusion about how it all works has created an environment where scammers can operate with relative impunity. The losses people are suffering are real, often devastating, and frequently life-altering.
The best protection is knowledge and patience. Know what the warning signs look like. Know how to check whether a firm is legitimate. Know that no genuine investment requires a snap decision and no legitimate trader ever needs your seed phrase. And know that if something feels off, it’s worth taking an hour to verify before you do anything because that hour might be the most financially valuable you ever spend.
If you suspect you’ve been targeted, don’t be embarrassed to report it. You didn’t do anything wrong by being approached, and your report could prevent someone else from losing their savings. The FCA, Report Fraud, and the NCSC all rely on reports from the public to identify and act against fraudulent operations.
Stay cautious, stay curious, and take your time.