How do scams work on crypto exchanges?
Crypto exchange scams range from impersonation of real exchange support staff and phishing to fake exchange platforms designed to trap deposits and fraudulent "account verification" fees that steal funds before any trade occurs.
Last reviewed: 10 June 2026
Explanation
Legitimate cryptocurrency exchanges — regulated platforms where real digital assets are bought and sold — are themselves targets of impersonation and phishing. Separately, entirely fake exchanges are built specifically to defraud users. Understanding the difference matters when assessing a platform you encounter for the first time.
Phishing attacks on exchange users are highly polished: emails warning of suspicious logins, withdrawal confirmations, or KYC expiry look identical to genuine exchange communications and link to login pages that steal credentials. Once an attacker has your login and, if possible, bypasses 2FA through a SIM-swap or phishing of your authenticator code, they drain your balance within minutes.
Fake exchanges are built to look professional and may even process small withdrawals initially to build confidence. They are typically introduced through social media investment groups, romance connections, or Telegram trading channels. The scam completes when users try to withdraw significant funds and are told they must pay a tax, compliance, or verification fee — which is consumed and the withdrawal never materialised.
Even genuine exchanges can be misused in pig-butchering scams: a scammer walks you through opening a real exchange account, then instructs you to move funds from that exchange to a fake trading platform. The real exchange is simply the on-ramp; the fraud happens on the secondary platform.
Common red flags
- Exchange you have never heard of was recommended by a romantic contact or social media group
- Platform shows spectacular account gains but withdrawal attempts trigger new fee demands
- Email about your exchange account links to a domain that is not the official exchange domain
- Exchange requires large upfront "identity verification" or "insurance" fees before you can trade
- Support contacts you via Telegram or WhatsApp rather than through the exchange's official support system
- The exchange has no verifiable regulatory registration in your jurisdiction
- Withdrawal requests take unusually long and support cites invented technical reasons
What to do now
- Use only exchanges regulated in your country — check registration with the relevant financial authority
- Navigate to your exchange by typing the URL directly, not through email or social media links
- Enable two-factor authentication using an authenticator app rather than SMS
- Never move funds from a real exchange to another platform at the suggestion of a romantic contact or social media group
- If withdrawal fees appear after depositing, stop sending money — legitimate fees are deducted from your balance, not charged in advance
- Report fake exchanges to your national financial regulator and file with the FTC or IC3
Frequently asked questions
How do I check whether a crypto exchange is legitimate?
Look for regulatory registration in your country — in the US this means FinCEN registration and often state money-transmitter licences; in the UK, FCA registration. Check independent review sites, look for a verifiable business address, and confirm the domain matches official communications.
Can I recover crypto stolen through exchange phishing?
Cryptocurrency transactions are generally irreversible on the blockchain. You can report the theft to law enforcement and the exchange, and sophisticated investigations have occasionally recovered funds, but the realistic recovery rate is very low. Prevention is the primary defence.