obsidiate.
Set up & trade safely
BeginnerLesson 9 of 107 min read

The scam catalogue

Scams feel infinite, but they are not. Strip away the costumes and there are perhaps five plots, recycled for decades and merely reskinned for crypto. The asset class attracts them for practical reasons: transactions are irreversible, value moves across borders in minutes, and the audience includes many newcomers handling unfamiliar money. You cannot memorize every scam, because new skins appear weekly. You can absolutely memorize the plots — and the one tell they all share.

What follows is the catalogue: how each plot works, what it looks like from the inside, and the precise moment where walking away costs nothing. Read it once now; the scripts will be instantly recognizable forever after.

The giveaway: send one, get two back

The oldest plot and somehow still profitable: a celebrity, a famous founder, or an official-looking account announces that to celebrate something, any crypto sent to an address will be returned doubled. The accounts are hacked or impersonated, increasingly fronted by convincing deepfake video. The arithmetic is the whole rebuttal — no mechanism exists by which a stranger doubles your money for free, and anyone who genuinely wanted to give money away would not require you to send money first. That requirement is the scam. There has never been a real version of this offer, and there never will be.

Fake support: the helpful stranger

You post in a public forum about a withdrawal issue. Minutes later a direct message arrives from “support”, complete with logo and polite urgency, offering to fix it. Real support does not work this way — scammers monitor public complaints precisely because a frustrated user with a stuck transaction is a user primed to follow instructions. The fake agent walks you toward one of three doors: revealing your password or 2FA codes, installing remote-access software, or paying a “verification deposit” to release your funds.

  • Real support never initiates contact through direct messages or private chats.
  • Real support never asks for your password, your 2FA codes, or your seed phrase — they do not need them and will not want them.
  • Real support never asks you to install remote-access software or to send funds anywhere to “verify” or “unlock” an account. There is no such procedure, anywhere.

Phishing: the perfect copy

Phishing sites are pixel-perfect replicas of real platforms parked at almost-right addresses — one letter swapped, a different ending, a plausible subdomain. They arrive through sponsored search results sitting above the real site, through urgent emails about suspicious activity, and through fake apps in app stores. You log in to the replica; the replica forwards your credentials, and your 2FA code, straight to the attacker in real time, who is logging into the real site as you type.

The defenses are mechanical, which is good news, because vigilance is not a plan. Bookmark your exchange and only ever enter through the bookmark. Never reach a financial login through a search ad or an email link — if an email worries you, open the bookmark and check from inside the app. And let your password manager be the domain expert: as the account-security lesson covered, its refusal to autofill on a lookalike is the alarm that human eyes routinely miss.

Bookmark now, while nothing is wrong. Every future moment when you might meet a phishing site is a moment you will be rushed, worried, or distracted — exactly when reading a domain character by character fails.

Romance and pig-butchering: the long con

The cruelest plot runs on weeks of patience. A wrong-number text, a dating-app match, a friendly stranger online — followed by genuine-feeling daily conversation with no mention of money. Only after trust is established does the new friend mention their trading success, offer to teach you, and point you to a platform — a fake one, run by their organization. Your first small deposit shows immediate profits. A small withdrawal even works, which feels like proof. Then come larger deposits, sometimes savings, sometimes borrowed money. When you finally try to withdraw it all, the site invents taxes and release fees — each payable in advance, each followed by another — until you stop paying, and the friend and the platform evaporate together.

The unfailing signature: someone you have never met steering you toward a specific platform and away from established ones. The warmth is the product. The profits on the screen are a number in a database, typed by the same organization that texted you. And the early successful withdrawal is not evidence of legitimacy — it is bait, budgeted for.

Seed-phrase theft: the skeleton key

Anyone who learns your seed phrase owns everything it controls, instantly and irreversibly, from anywhere on earth. So an entire scam industry exists to ask for it politely: fake wallet-support agents responding to your complaints, “validation” and “synchronization” websites that promise to fix a connection issue, emails about mandatory migrations, even physical letters posing as your hardware-wallet manufacturer with a QR code to a phrase-harvesting form. The rule has no exceptions and no fine print: the phrase exists to be typed into a replacement wallet device if yours dies — never into a website, never into a form, never read to a human. Every person or page asking for it is a thief, with a probability of one.

Urgency: the universal tell

Every plot above, and every one yet to be invented, shares a single load-bearing element: compressed time. The giveaway ends in minutes. The agent needs your code right now. Your account will be suspended today. The investment window closes tonight. Urgency exists because scams dissolve under examination, so the script must keep you from examining — and manufactured deadlines are how. Legitimate institutions are boringly patient: real support tickets sit in queues, real platforms give notice, real opportunities survive a day of thought. The countermeasure is almost embarrassingly simple: any unsolicited financial request, wait 24 hours and ask someone you trust. Scammers cannot afford to wait, and their reaction to your delay — pressure, escalation, anger — is itself the confession.

One sentence to keep: real support never asks for passwords, codes, seed phrases, remote access, or money — and nothing legitimate ever requires you to act before you have had time to think.

Key takeaways

  • Scams are five recycled plots in rotating costumes — learn the plots and the costumes stop mattering.
  • Nobody doubles money sent to a stranger, and anyone contacting you first about your account is presumed fake.
  • Beat phishing mechanically: bookmarks for entry, password-manager autofill as the domain check, and never log in through ads or email links.
  • Pig-butchering hides behind weeks of warmth; the tell is a new acquaintance steering you to an unknown platform whose early profits and first withdrawal are staged.
  • A seed phrase is typed into a replacement wallet device or nowhere — every other request for it is theft.
  • Urgency is the universal tell. The 24-hour rule costs nothing legitimate and breaks nearly everything fraudulent.
PreviousWhat trading actually costsNextFrom portfolio to checkout: the card