The 10 most common crypto scams in 2026
A continuously-updated reference of every major crypto-scam type GACS tracks across 250,000+ community-verified signals — ranked by 2026 victim-report volume. Each entry links to the full pattern, red-flag list, and recovery steps.
Open the Panic Guide first — the first 24 hours decide whether your bank can recall the funds. Then come back to this list to identify which scam pattern you hit.
- 1.
Wallet drainer addresses
On-chain addresses confirmed as drainer destinations, MEV sandwich attackers, or known scam routing wallets.
Impact: Address-poisoning attacks accounted for $46M+ of confirmed losses in the last 12 months — and the average victim sends 100% of their intended transfer to the poisoned address.
Top red flag: Address has hundreds of incoming transfers from unrelated victims.
Full pattern & recovery - 2.
Fake brokers & boiler-room scams
Unlicensed 'investment platforms', boiler-room brokers, and pig-butchering operators that promise high returns and then block withdrawals.
Impact: Median pig-butchering loss reported to GACS in the last 90 days: $58,300. Largest single report: $1.9M.
Top red flag: Cold contact via WhatsApp, Telegram, Instagram, or a dating app turning into 'crypto advice'.
Full pattern & recovery - 3.
Fake websites & phishing sites
Look-alike domains, fake exchanges, and phishing sites used to drain wallets, steal logins, or run fake giveaways. Verified by the GACS community in real time.
Impact: GACS users report a median loss of $4,800 to fake-website drainers — and 71% never recover any of it.
Top red flag: Domain is one or two characters off a well-known brand (e.g. binnance.com, metarnask.io).
Full pattern & recovery - 4.
Fake-returns scams — 'tax', 'commission', and 'liquidity-release' fees blocking withdrawals
Fake investment platforms show huge on-screen profits but block every withdrawal behind a new 'tax' or 'liquidity' fee. The exact playbook, why every fee is also fake, and how to escape without losing more.
Impact: GACS data shows the median fake-returns victim pays 3.4 separate 'release' fees averaging $7,200 each — more than the original deposit, on top of the original deposit, in 62% of cases.
Top red flag: Your dashboard shows 30–300% profit in days or weeks — the numbers are fabricated, the platform is a front-end.
Full pattern & recovery - 5.
Social media impersonation & fake giveaways
Fake support accounts, impersonated founders, and bogus giveaway campaigns on X, Telegram, Discord, Instagram, and TikTok.
Impact: GACS receives 240+ social-impersonation reports per week — most for X, Telegram, and Discord, with a fast-growing share on TikTok comments.
Top red flag: 'Support' account DMs you first — real support never does.
Full pattern & recovery - 6.
Rug-pull tokens & honeypot contracts
Tokens with malicious contracts, honeypot transfer logic, or anonymous teams that pull liquidity. Flagged by on-chain analysts and the GACS community.
Impact: GACS Wallet Checker flagged 14,200 honeypot or rug contracts in the last 30 days alone, across Ethereum, BSC, Base, and Solana.
Top red flag: Contract has mint / pause / blacklist / fee functions controlled by a single wallet.
Full pattern & recovery - 7.
Memecoin pump-and-dump scams
Coordinated pump-and-dump memecoins, fake 'community takeovers', and copycat tickers used to drain late buyers.
Impact: On Solana alone, more than 3,800 launchpad memecoins per day reach $10k+ market cap in 2026 — and over 90% are below 10% of their peak within an hour.
Top red flag: Ticker is identical to a viral coin but the contract address is different.
Full pattern & recovery - 8.
Airdrop scams — fake token drops, drainer-claim pages & 'unclaimed' wallets
Fake airdrop sites, drainer claim pages, and 'you have unclaimed tokens' DMs are the #1 wallet-drain vector of 2026. Here is exactly how they work and how to verify a real airdrop in 60 seconds.
Impact: Airdrop-themed drainer pages cost retail wallets an estimated $580M in 2025 (Chainalysis crime report), with the median victim losing $1,200 in a single signature.
Top red flag: An airdrop you never heard of suddenly appears in your wallet — interacting with it triggers the drainer.
Full pattern & recovery - 9.
Phone & SMS crypto scams
Cold-call investment 'opportunities', smishing texts, and SIM-swap precursors targeting crypto holders.
Impact: Account takeovers via SMS 2FA are the leading cause of full-balance exchange losses reported to GACS — the median victim loses everything in under 90 minutes.
Top red flag: Caller already knows your name, exchange, or that you hold crypto.
Full pattern & recovery - 10.
Sextortion scams — webcam blackmail, AI deepfake nudes & 'I hacked your camera' emails
Webcam blackmail, AI-generated deepfake nude threats, and 'I hacked your computer' email extortion. What's real, what isn't, and exactly what to do if you've been targeted.
Impact: FBI IC3 logged 34,000 sextortion reports in 2025 with $65M in confirmed losses; minor victims are growing the fastest year-over-year (+178%).
Top red flag: Email or DM claims to have a video of you, often quoting an old leaked password to seem real.
Full pattern & recovery
The Safe Scanner cross-checks against every entity behind the patterns on this list — free, no signup, 4-second verdict.
Open the Safe ScannerMethodology: ordering reflects 2026 victim-report volume in the GACS blacklist, weighted by independently-confirmed reports. Median-loss figures are drawn from self-reported victim submissions and may understate true losses (most fake-broker victims under-report). See our full detection methodology.