1. Introduction
Cryptocurrency scams are constantly evolving, and attackers use increasingly sophisticated techniques to target users.
Many scams do not look like scams — they appear as legitimate interactions, such as support conversations, job offers, or investment opportunities.
The most common scam categories include:
Impersonation scams (e.g., fake support, fake employees, or recruiters)
Phishing attacks – lookalike websites or messages designed to steal credentials
Malicious applications – fake wallets or software that compromise your funds or device
New scam variants often combine multiple techniques (for example, impersonation together with malware distribution), making them more difficult to detect.
2. Golden Rules (Read This First)
If you remember only a few things, remember these:
Never share your seed phrase or private keys with anyone
Always verify people and links through official channels
Do not rush — urgency is a common manipulation tactic
If something feels off, assume it is a scam
Never run code or install software from untrusted sources
Signing unknown transactions is one of the highest-risk actions and can lead to full loss of funds or account compromise.
3. Types of Scams and How to Recognize Them
1. Impersonation Scams
What it is
Attackers pretend to be trusted entities (support agents, company employees, community members) to gain your trust.
How it works
You are contacted via Telegram, Discord, email, or social media
The attacker claims to help or assist you
You are asked to share sensitive data or perform an action
Red flags
Unsolicited messages offering help
Requests for seed phrases or private information
Accounts that look official but are slightly different
How to stay safe
Never share your seed phrase
Only use official support channels
Double-check usernames and links
2. Phishing Attacks
What it is
Fake websites, emails, or messages designed to mimic legitimate platforms and steal your credentials.
How it works
You click a link from a message or ad
You land on a fake website that looks real
You enter your wallet credentials or sign a transaction
Red flags
Slightly altered domain names
Urgent messages asking you to act quickly
Requests to connect your wallet unexpectedly
How to stay safe
Always check URLs carefully
Bookmark official websites
Avoid clicking links from unknown sources
3. Malicious Applications (Fake Wallets & Software)
What it is
Fake or compromised apps designed to steal funds or data.
How it works
You download an app or tool
The app requests wallet access or runs malicious code
Your funds or data are compromised
Red flags
Apps outside official stores
Requests for sensitive permissions
Unknown or unverified developers
How to stay safe
Download only from official sources
Check reviews and publisher details
Avoid installing unknown tools
4. Social Engineering
What it is
Scams that rely on psychological manipulation to trick users into making mistakes.
How it works
Attackers create convincing scenarios to pressure or persuade you into taking harmful actions.
Examples
Fake support asking for your seed phrase
Investment groups promising guaranteed returns (trading signals, etc.)
Fake emergencies (“your wallet is compromised, act now”)
Advanced variant: Fake employees and recruiters (LinkedIn scam)
This is a more advanced form of social engineering that may lead to full system compromise.
What’s happening
Attackers impersonate employees, recruiters, or executives from well-known companies and approach users via LinkedIn or other platforms.
How the scam works
You receive a connection request or message
You are offered a job, collaboration, or interview
You are given a “test assignment”
You are asked to clone a repository, run code, or download files
The code may contain malware that compromises your system
Red flags
Unsolicited job offers or outreach
Requests to run unfamiliar code
Profiles with limited history or suspicious activity
Pressure to act quickly or move off-platform
How to stay safe
Never run code from untrusted sources
Verify the person through official channels
Avoid downloading unknown files or repositories
Report suspicious profiles and stop communication
5. Scam Tokens and DeFi Projects
What it is
Scam tokens are malicious or deceptive cryptocurrencies designed to exploit users, often through hype, fake utility, or hidden contract logic.
How it works
A new token is launched and promoted aggressively
Users are encouraged to buy early
The project may:
drain liquidity
restrict selling
disappear entirely
Red flags
Unverified smart contracts
Unrealistic promises of high returns
Anonymous team with no verifiable history
How to stay safe
Use verification tools – Always check DeFi tokens using Token Sniffer. It's recommended to use multiple verification tools to get a more accurate assessment More details in our article: 6 Tools to Identify a DeFi Scam Token
Do not invest based on hype alone
Research the project and team
4. General Security Recommendations
Follow these security best practices:
Check official sources – Always verify the authenticity of the information before taking any action. Double-check links, email senders, and official channels.
Be skeptical of easy money – If an offer sounds too good to be true, it probably is. Avoid schemes that promise guaranteed high returns.
Use trusted tools to check tokens and contracts – Platforms like Token Sniffer and Etherscan help analyze smart contracts and flag suspicious tokens.
Be cautious when searching in Google or any other search engine – Phishing sites often appear as ads in search results. Always manually type the official website URL.
Protect your wallets and private keys – Never share your seed phrase or private key. Use hardware wallets for long-term storage and multi-factor authentication where possible.
Keep track of token approvals – Use Revoke.cash to manage and revoke permissions granted to DApps.
Report suspicious activity – If you encounter a potential scam, report it to the platform and warn the community.
Save your recovery phrase securely – Never share your 12-word recovery phrase with anyone. Keep it private and store it in a safe place.
Only use wallets you’ve created – Avoid using wallets or addresses provided by unknown sources or purchased online.
How to Verify Social Media Profiles
Check the official website's domain (it should be referenced on https://www.coingecko.com/ or https://coinmarketcap.com/ and other platforms)
Check the registration date and the number of followers (but remember, followers can be artificially boosted)
Consistency of information across platforms (if X refers to a website, the website should also link back to X)
How to Verify Crypto-Related Websites
Fake websites are a common scam method. They look identical to real sites but steal login details or trick users into signing malicious transactions.
Always double-check the domain before logging in or connecting your wallet.
Ways to verify a website:
Bookmark the official site – always access 1inch through 1inch.com
Cross-check on trusted platforms – sites like CoinGecko and CoinMarketCap link to official domains
Check SSL certificates – a real website will have a secure connection (🔒 HTTPS)
What to Do If You Are Affected
Disconnect your wallet from suspicious sites
Revoke permissions if possible
Transfer remaining funds to a secure wallet
Run security checks on your device
Report the incident to the platform and relevant services
5. 1inch Trusted Sources
Official 1inch Channels
Always use officially verified sources when checking for updates, announcements, and support. (!) But even official-looking accounts can be compromised.
1inch’s official communication channels:
X (Twitter) – Official 1inch Twitter for announcements and updates.
YouTube – Official 1inch videos and educational content.
Discord – Community discussions and announcements. Always check if the invite link is from the official website.
Telegram EN – Official chat. Be cautious! 1inch will never message you first in Telegram.
Telegram News - Official News channel. Use only verified group links.
GitHub – Official 1inch repository for open-source code.
Reddit – Official page on
Instagram – Official page on Instagram
Blog – Official blog
Facebook – Official page on FB
If you are unsure whether you're facing a scam, you can always verify with 1inch support:
Email: [email protected], [email protected]
Live Chat: Available on help.1inch.io