In 2025, cryptocurrency scams have become more sophisticated and highly organized, blending emerging AI technology with traditional fraud tactics to precisely target users, making them increasinglyIn 2025, cryptocurrency scams have become more sophisticated and highly organized, blending emerging AI technology with traditional fraud tactics to precisely target users, making them increasingly

新手学院/区块链百科/安全知识/How to Spot...Fraud Guide

How to Spot Crypto Scams: The Complete MEXC Anti-Fraud Guide

Aug 18, 2025MEXC

COMMON$0.003427-1.18%

According to the latest Hacken security report, phishing attacks alone caused nearly $600 million in losses in the first half of 2025, while rug pull schemes accounted for over $300 million. Combined, these represent roughly one-third of all digital assets stolen during the same period. In addition, since 2023, AI-related exploit incidents have surged by 1,025%, becoming an emerging threat within the scam ecosystem. Fraudsters now leverage AI-driven deepfake videos and voice cloning to further increase the difficulty of defense.

This article will provide an in-depth analysis of common crypto scams, strategies to counter them, and the security measures offered by MEXC to help investors identify traps and safeguard their assets.

1. Common Types of Crypto Scams

1.1 Phishing Scams

Phishing remains the most common attack vector in the crypto space. Scammers impersonate official entities or public figures to lure users into visiting fraudulent websites or apps. Once a user grants wallet permissions, the attacker can swiftly transfer their assets. Common tactics include impersonating official X (Twitter) accounts, sending deceptive emails, posing as customer service, or offering fake airdrops, all highly convincing. In 2025, phishing attacks have been further enhanced through AI-generated deepfake videos and voice calls, making them harder to detect.

Case Study: Following a major exchange data leak, scammers used compromised KYC information to impersonate customer service representatives. They contacted users via phone or email, prompting them to click phishing links, resulting in over $100 million in losses within months. In another case, during the so-called "XRP Airdrop" scam, fraudsters used high-subscriber YouTube channels to post AI-generated videos mimicking Ripple executives, claiming to launch a "bonus program" that required users to transfer funds in order to receive the airdrop.

Countermeasures:

Cross-verify the source of any link and ensure it originates from official channels; never click on unofficial links.
Never disclose your private key or password to anyone claiming to be "official staff" (MEXC staff will never request this information).
Use a hardware wallet to store crypto assets, minimizing online exposure.
Regularly review and revoke suspicious dApp wallet permissions.
Enable two-factor authentication (2FA) to prevent unauthorized account access.

1.2 Address Poisoning Attack

In an address poisoning attack, scammers send tiny "dust" transactions from a wallet address that closely resembles one you've recently interacted with. The goal is to "poison" your transaction history so that if you later copy a recipient address from past transactions, you may accidentally select the attacker's look-alike address instead of the legitimate one, resulting in an irreversible transfer of funds.

Case Study: A KOL crypto influencer planned to make a large USDT transfer and first tested by sending 1 USDT. Within minutes, two attacker-controlled wallets sent 1 USDT back, each from an address nearly identical to the intended one (e.g., real address: 0x1234...5678, fake address: 0x1234...5b78). When the influencer copied the wrong return address for the main transfer, the funds were stolen.

Countermeasures:

Manually verify every character of the recipient address; cross-check using a blockchain explorer.
On platforms like MEXC, enable the wallet address whitelist so withdrawals can only go to pre-approved addresses.
Avoid using public Wi-Fi for wallet transactions; regularly scan devices for malware.
Periodically review and revoke suspicious dApp permissions.
Treat unsolicited micro-transfers (e.g., 1 USDT) as potential attack vectors; never return funds to such addresses. Instead, investigate and label them as suspicious.

1.3 High-Return Investment Scams

These scams are common in Telegram and Discord groups, where fraudsters promise "high returns," "cross-platform arbitrage," or other lucrative opportunities to lure victims into transferring funds, which are then quickly stolen.

Case Study: A California resident was contacted via WhatsApp and enticed to invest through a fake trading platform. The account interface displayed fabricated profits, but withdrawals were blocked. Shortly afterward, the platform was shut down, resulting in a loss of $40,000 for the victim.

Countermeasures:

Be wary of any claim offering "risk-free high returns." In legitimate markets, higher returns almost always mean higher risk.
Trade only on reputable, regulated exchanges; avoid unverified platforms and unofficial links.
Verify a platform's legitimacy using trusted sources such as CoinMarketCap, CoinGecko, or DappRadar.
Before committing significant funds, perform a small-value test withdrawal to ensure the platform processes payouts.
Join official, verified community channels and promptly report suspicious behavior to moderators or admins.

1.4 DeFi Scams

Scammers create fake DeFi projects to lure users into participating in fraudulent liquidity mining or staking programs, only to execute a rug pull and steal the deposited funds.

Case Study: In the Ionic Money incident, scammers posed as a team called "Lombard Finance" and convinced the platform to list a fake token, LBTC. They minted 250 counterfeit LBTC and used them as collateral to borrow approximately $8.6 million in real assets from Ionic Money. After withdrawing the funds, they abandoned the worthless collateral, causing severe losses to both the platform and its users.

Countermeasures:

Only participate in DeFi projects audited by reputable security firms; personally review the audit reports and pay close attention to any identified risks.
Use blockchain security tools such as GoPlus or TokenSniffer to evaluate a project's legitimacy.
Check contract open-source status and track team wallet activity via blockchain explorers like Etherscan.
Assess the project's credibility based on community engagement quality and its historical track record.
If a project's security is uncertain, test with a small amount first to evaluate protocol stability and withdrawal functionality, never commit large sums upfront.

1.5 Fake Token Issuance and Rug Pulls

In 2025, the memecoin boom made the sector a hotspot for fake token launches and rug pulls. Scammers exploit the "get-rich-quick" sentiment by deploying malicious smart contracts or concentrating token supply in a few wallets. They then combine social media hype with fabricated celebrity endorsements to trigger FOMO, before pulling liquidity or dumping tokens at price peaks, sending the token value to near zero within minutes.

Case Study: One of the most notorious rug pull scandals of 2025 involved the Libra token. Argentine President Javier Milei posted about the token on social media, which the market interpreted as a celebrity endorsement. The token's market cap subsequently soared into the billions of dollars. After a surge of retail investors poured in, Milei deleted the post, and the token's price plummeted by 94%. The incident was widely accused of being a carefully orchestrated "pump-and-dump" scheme.

Countermeasures:

Verify liquidity lock and contract audits, e.g., via MEXC DEX+ security checks and audit reports.
Monitor team wallets through blockchain explorers to detect abnormal sell-offs.
Independently verify celebrity endorsements; never rely solely on public figures as a credibility signal.
Treat memecoin investments as high-risk. Strictly limit position size, set stop-loss levels, and avoid overexposure to a single asset.

1.6 AI-Driven Scams

With the rapid advancement of artificial intelligence, crypto scams in 2025 have become increasingly sophisticated. These AI-powered schemes are not only technically advanced but also highly deceptive, making them difficult to detect. Below are several common and particularly dangerous AI-driven fraud methods:

1) AI-Generated Celebrity Videos: In 2024, an AI-generated deepfake video of Elon Musk appeared in a YouTube livestream soliciting funds. Within just 20 minutes, the scam wallet received multiple transfers from victims. From March 2024 to January 2025, this scheme reportedly stole over $5 million.

2) AI-Generated Fake Customer Support Audio/Video: Scammers use AI tools to produce highly realistic voice or video impersonations of exchange support staff or official project representatives. Through social engineering, they trick users into revealing private keys, seed phrases, or transferring funds. The lifelike realism and targeted nature of such scams make them especially effective at breaching trust.

3) AI-Fabricated Live Facial Video to Bypass KYC: Fraudsters create AI-generated dynamic facial videos that mimic genuine expressions and movements, successfully bypassing biometric KYC verification on exchanges and stealing funds from compromised accounts.

Countermeasures:

Always verify information through official channels (e.g., the project's official website or verified social media accounts).
Never disclose private keys, seed phrases, or passwords, even to "official" personnel.
Enable two-factor authentication (2FA) to strengthen account security.
Treat unsolicited requests and "guaranteed high returns" offers with suspicion, and maintain critical judgment at all times.

2. MEXC's Anti-Scam Support Measures

1) Account Security Protection: MEXC has implemented a comprehensive account security framework with multiple layers of technical safeguards to prevent unauthorized access. Measures include enabling two-factor authentication (2FA), setting up an anti-phishing code, and real-time interception of suspicious login links. In addition, MEXC stores user assets using a cold–hot wallet separation model combined with multi-signature technology, enhancing fund security from the ground up.

2) Trading Security Protection: The platform leverages advanced algorithms and AI to monitor abnormal price fluctuations and suspicious wash trading patterns (such as volume manipulation or market rigging) in real time. Once potential malicious activity is detected, MEXC promptly restricts the relevant suspicious accounts to prevent wash trading, pump-and-dump schemes, and other manipulative behaviors, thereby maintaining market fairness and transparency. Notably, MEXC's high-performance matching engine ensures transactions are executed stably and efficiently, reducing the possibility of malicious traders exploiting system latency for arbitrage.

3) Verify Official Channels With MEXC Verify: To prevent users from being misled by counterfeit official channels, MEXC has introduced MEXC Verify, an official account verification tool. By clicking on MEXC Verify located under the "About" section at the bottom of the MEXC website, users can enter the ID of a social media account (e.g., Telegram, X/Twitter) to verify its authenticity. If the search result displays a green "Verified Official Source" checkmark, it confirms the account is officially operated by MEXC (and will list other official channels linked to that ID). If a red "Unverified Source" warning appears, it indicates the account is not official, prompting users to exercise caution and avoid clicking any links it provides.

4) AI-Driven Scam Detection: MEXC leverages artificial intelligence to enhance both the speed and accuracy of its risk controls. The platform has developed AI models to monitor abnormal trading behavior, irregular login patterns, and unusual on-chain fund movements in real time. Upon detecting suspicious activity, the system automatically blocks the action or escalates it for manual review. This "AI and human" hybrid risk monitoring framework significantly improves response times to emerging scams. In Q2, MEXC's AI-based monitoring successfully reduced the number of scam attempts by 12% quarter-on-quarter.

5) User Security Education: In addition to technical defenses, MEXC places strong emphasis on enhancing user security awareness, helping users identify and avoid scams on their own. The platform's official website features an educational section that provides guidance on account security, fraud prevention in trading, and other best practices. Furthermore, in August, MEXC will launch a series of security awareness campaigns to strengthen users' knowledge and vigilance.

6) Rapid Scam Reporting and Response: MEXC has established a rapid response mechanism to assist users at the first sign of potential fraud. If a user encounters scenarios such as a fake customer service representative requesting a transfer, or being added to an investment group by a stranger who then urges them to deposit funds, they can immediately report it via MEXC's official online Customer Service or the designated support email. Once a report is received, the platform promptly investigates the suspected fraudulent account. If the suspicion is confirmed, MEXC will temporarily freeze the assets in the account to prevent illicit funds from being moved further.

3. User Anti-Fraud Strategy: The "Identify, Prevent, Mitigate" Three-Step Approach

With scam tactics constantly evolving, users must adopt a proactive three-step approach to enhance their defenses:

3.1 Identification: Stay Alert

First, familiarize yourself with the common warning signs of scams mentioned earlier, and always maintain a healthy degree of skepticism. Remember, there's no such thing as a free lunch. Any investment opportunities promising high returns with zero risk should raise immediate suspicion.

Be alert to inconsistencies, such as:

A friend suddenly recommending an obscure token you've never heard of.
A stranger or "customer service" agent privately messaging you for passwords or verification codes.
A trading platform URL that looks almost identical to the official one but contains subtle differences.

These are classic red flags.

Also, follow industry news and official announcements. Many fraudulent tokens exploit the names of well-known figures or institutions. If the official channels have already denied the existence of such a project, you can safely assume it's a scam.

In short, vigilance is your first line of defense. When in doubt, pause all actions and verify directly through official channels.

3.2 Prevention: Build a Strong Defense

Once you've developed the awareness to spot scams, the next and more critical step is to actively implement preventive measures to minimize the risk from the outset.

1) Protect your private keys and account security: Never disclose your account password, verification codes, Google Authenticator codes, or wallet private keys through any non-official channel. Use strong, unique passwords for each account, and enable two-factor authentication (2FA) for an added layer of protection. Take advantage of MEXC's security features, such as binding an anti-phishing code to verify legitimate communications. Regularly update your password, review logged-in devices, and avoid logging in from public networks or shared devices to eliminate account theft risks at the most basic level.

2) Be cautious with links and QR codes: Do not open email attachments, group chat links, or URLs sent via private message from unknown sources, nor should you enter sensitive information on such pages. Always access important websites by manually typing the official domain or using saved bookmarks, rather than clicking links provided by others.

3) Isolate wallets and diversify risk: It's recommended to prepare a "small test wallet" for interacting with new dApps or suspicious websites. This wallet should only hold a minimal amount of funds, while your main assets remain stored in a secure wallet. Once you've confirmed that the transaction process and fund flows are correct, you can proceed with larger trades. This approach helps protect against losses caused by contract vulnerabilities or counterfeit tokens. Additionally, regularly use tools such as Etherscan's Token Approval Checker, SlowMist, or Scam Sniffer to review and revoke unnecessary long-term contract approvals, preventing malicious contracts from exploiting permissions.

4) Reduce trading and investment risks: First, always verify the authenticity of any token. Before purchasing a new token or participating in an airdrop, check whether the project is listed on major exchanges such as MEXC, or confirm that the contract address provided in official announcements is legitimate. Exercise extreme caution with high-risk products such as liquidity mining or staking programs that promise annualized returns in the hundreds or thousands of percent. Choosing a secure and reputable trading platform like MEXC, and fully understanding the project's background and risk disclosures, is a key step in minimizing investment scam exposure.

3.3 Mitigate Losses: Take Immediate Action

If you realize you've been scammed, or even suspect fraudulent activity, act decisively to mitigate further losses. Immediately cut off all contact with the scammer; do not take chances by sending additional funds or sharing more information. If the compromised assets are still in your own wallet, withdraw or transfer them to safety without delay, and replace any exposed seed phrases or private keys.

If the incident involves an exchange account and the stolen funds have not yet been fully withdrawn, contact the exchange's customer service immediately to request an account or asset freeze. In some cases, if the scam proceeds have flowed into centralized platforms or well-known stablecoin contracts, reporting quickly can prompt those entities to freeze suspicious funds.

Important: Do not fall for so-called "fund recovery services." Many individuals on social media posing as blockchain tracing experts are in fact running secondary scams. The only reliable avenues for action are filing an official police report and working with the exchange service team. Even if it's not possible to recover all losses, documenting the incident and reflecting on the experience will strengthen your defenses and help prevent future victimization

Summary

Overall, MEXC has built a comprehensive anti-fraud defense system through a combination of technological safeguards (AI-driven real-time monitoring, account protection), operational measures (abnormal transaction interception, freezing of suspicious assets), and user education (security guides, community awareness campaigns). These efforts create a fairer, more transparent trading environment.

At the same time, users must take primary responsibility for safeguarding their own assets. By enhancing security awareness and following the “Identify, Prevent, Mitigate" strategy, they can dramatically reduce exposure to risk. Every extra layer of caution cuts the odds of falling victim to a scam. With robust platform protection and vigilant user behavior, most fraudulent schemes can be detected and neutralized early.

Looking ahead, as scam techniques grow more sophisticated, exchanges are expected to further upgrade their defenses. For example, combating AI-generated scams and identity impersonation may involve integrating advanced KYC verification tools such as biometric authentication and behavioral pattern analysis. Ultimately, only through close cooperation between platforms and users can we build a strong, enduring security framework that enables safe trading and long-term, steady investment growth.

Disclaimer: This material does not constitute advice on investments, taxes, legal matters, finance, accounting, consulting, or any other related services, nor is it a recommendation to buy, sell, or hold any assets. MEXC Learn provides information for reference only and does not constitute investment advice. Please ensure you fully understand the risks involved and invest cautiously. All investment decisions and outcomes are the sole responsibility of the user.