Top Results (0)

I built CryptoLinks to be the crypto homepage I wish I had from day one. I personally review exchanges, wallets, news sites, and research tools—then keep only what feels safe, useful, and worth your time. Everything is organized by category with plain-English notes, so you can compare options fast, avoid sketchy traps, and move forward with confidence. No fluff, no clutter—just my best picks in one clean place. Bookmark CryptoLinks and use it anytime you’re about to sign up, download a wallet, or click “deposit.”

BTC: 64627.92
ETH: 1867.85
LTC: 46.89
CryptoLinks: Best Crypto & Bitcoin Sites | Trusted Reviews 2026

by Nate Urbas

Crypto Trader, Bitcoin Miner, long-term HODLer. To the moon!

review-photo

Crypto Scam List 2026: Suspicious Sites, Tokens and Rug Pulls

Best Crypto Sites

Written and reviewed by Nate Urbas, CryptoLinks
Last updated: June 29, 2026


I maintain this crypto scam list to help you research suspicious cryptocurrency websites, exchanges, tokens, wallets, investment platforms and blockchain projects before you send money, install an application or connect a wallet.


The CryptoLinks database contains more than 1,200 published warning records. You can use the page search to look for a project name, website domain, token name or symbol. When an individual entry includes a smart-contract address, blockchain network or exact domain, compare those details carefully. Cryptocurrency projects frequently share names and symbols, while phishing websites often change only one character in a legitimate company’s address.


This is a warning and research resource, not a list of criminal convictions. An entry may concern an official regulator warning, a verified phishing or impersonation domain, suspicious smart-contract activity, reported withdrawal problems, a possible rug pull, an inactive project or another material risk. These classifications do not all carry the same level of evidence.


I do not classify a project as fraudulent merely because its token price collapsed, its team is anonymous, its whitepaper is incomplete, its community posted complaints or its website stopped working. These facts may justify further investigation, but none independently proves an intention to defraud users. When the available evidence is incomplete, I describe the observable concern instead of presenting an allegation as established fact.


Do not visit a suspicious domain simply to investigate it. Never connect a wallet, approve a token, sign an unexplained message, enter account credentials or download software from a website already associated with malicious activity.



CryptoLinks is an independent cryptocurrency directory and research website. It is not a regulator, court, police authority, law firm, forensic laboratory or cryptocurrency recovery service. I cannot guarantee that an unlisted project is legitimate, and I cannot promise that lost cryptocurrency will be recovered.




What Appearing on This Crypto Scam List Means


The CryptoLinks warning list brings several kinds of cryptocurrency risk information into one searchable category. Inclusion means that a project, domain, token, wallet or platform has been identified for warning or further scrutiny. It does not automatically mean that every allegation has been proven or that every person connected with the project committed a crime.


Some records may be supported by court documents, law-enforcement announcements or formal regulatory actions. Others may concern public regulator warnings, verified phishing domains, malicious wallet approvals, unusual on-chain activity, repeated withdrawal complaints or projects that appear to have become inactive.


These distinctions matter. A regulator warning may establish that a company was not authorized to provide an advertised service, but it may not represent a criminal conviction. Blockchain records can establish that liquidity was removed or tokens were transferred, but those records may not reveal the real-world identity of every wallet controller or prove why a transaction occurred.


A failed cryptocurrency project is not automatically a rug pull. Projects can collapse because of poor management, technical problems, lack of funding, weak demand or changing market conditions. I use stronger language only when stronger evidence supports it.


Appearing on this list does not automatically mean:



  • Every allegation has been legally proven.

  • Every operator or team member committed wrongdoing.

  • Every customer complaint is accurate.

  • Every anonymous development team is malicious.

  • Every failed token was intentionally fraudulent.

  • Every inactive website took user funds.

  • CryptoLinks can recover lost cryptocurrency.

  • Every project absent from this list is safe.


When a service has closed without adequate evidence of deliberate misconduct, it may be more accurately classified among CryptoLinks’ defunct crypto sites rather than being described as confirmed fraud.




How to Use the Crypto Scam List


Start by searching for the most precise information you have. An exact domain or smart-contract address is more reliable than a project name or token symbol.


Depending on the information included in an individual record, check:



  • Project or company name

  • Exact website domain

  • Alternative or historical domains

  • Token name and symbol

  • Smart-contract address

  • Blockchain network

  • Relevant wallet addresses

  • Warning type

  • Current project or website status

  • Available supporting sources


Do not assume that two projects with the same name are connected. Tokens can have identical tickers on different blockchains, and a fraudulent website may copy the complete identity of a legitimate company.


If you are researching a token, start with CryptoLinks’ rug-pull and honeypot scanners, confirm the contract through a blockchain explorer, and compare the project with its verified official cryptocurrency website where available.


A green scanner result, professional website, visible audit or active social-media account is not a guarantee of safety. Automated tools are useful for identifying common warning signs, but they cannot verify every project claim, wallet connection or future action.




CryptoLinks Status Labels


Each warning should be interpreted according to its current classification. The following labels explain the difference between an official action, a security incident, an unresolved concern and an inactive project.


























































StatusWhat it meansWhat it does not automatically mean
Official enforcement or court findingA court, regulator or law-enforcement authority published a formal action connected with the identified entity.That every allegation was proven or every related proceeding has ended.
Official public warningA regulator or public authority warned about unauthorized activity, impersonation, misleading promotion or another specific concern.A final court judgment or criminal conviction.
Verified phishing, malware or impersonationReliable evidence connects the domain, application or account with credential theft, malicious software, wallet draining or impersonation.That the legitimate company being copied operates the malicious site.
Verified on-chain incidentReproducible blockchain evidence supports a specific event such as liquidity removal, unauthorized minting or exploit-related transfers.That the blockchain data identifies the real-world controller or proves intent by itself.
High-risk or suspectedSeveral material warning signs exist, but the available evidence is not sufficient for a definitive classification.Proven fraud.
Reported issue under investigationA specific and potentially credible report has been received but not fully verified.A verified public allegation.
Inactive or abandonedThe website, service or project appears unavailable, discontinued or no longer maintained.That the operator intentionally defrauded users.
DisputedThe operator or an authorized representative challenged the record and supplied a substantive response.That the original concern was automatically wrong or resolved.
Corrected or resolvedNew evidence changed a material fact, classification or current status.That the original concern never existed.


Official Enforcement or Court Finding


I use this classification when a court, regulator or law-enforcement authority has published a formal action relating to the identified entity. The entry should state exactly what the authority alleged, charged, decided, seized or prohibited without extending the official finding beyond its wording.


A civil enforcement action, criminal charge, court judgment and final conviction have different legal meanings. They should not be presented as interchangeable.


Official Public Warning


This status applies when a regulator or public authority has issued a warning about unauthorized financial activity, misleading promotion, unregistered investment solicitation, impersonation, a clone company or a suspicious website.


A public warning is important evidence, but it may not be a final legal judgment. CryptoLinks’ collection of crypto regulation and legal resources can provide a starting point, but license and warning information should always be confirmed at the original authority’s website.


Verified Phishing, Malware or Impersonation


This classification may be used when reliable evidence connects a domain, application, browser extension or account with:



  • Credential theft

  • Seed-phrase theft

  • Wallet-draining activity

  • Malicious downloads

  • Fake login pages

  • Brand impersonation

  • Deceptive wallet approvals

  • Fraudulent wallet interfaces


The legitimate organization being copied should not be treated as the operator of the impersonation domain.


Verified On-Chain Incident


This means independently checkable blockchain records support a specific event, such as sudden liquidity removal, unauthorized token minting, treasury draining, exploit-related transfers or use of malicious contract permissions.


Blockchain records can establish that a transaction occurred. They do not always reveal the legal identity or intentions of the person controlling a wallet.


High-Risk or Suspected


I use this classification when several substantial warning signs exist but the evidence does not support a more definitive conclusion. The exact concerns should be identified clearly, and uncertainty should not be hidden.


Inactive or Abandoned


This classification means that a project, platform or website appears to be unavailable, discontinued or no longer maintained. Inactivity is not a synonym for fraud.


Disputed, Corrected or Resolved


A disputed label means an operator supplied a substantive challenge. A corrected or resolved label means verifiable information changed an earlier fact, domain attribution, warning, withdrawal issue or project status. Material changes should be recorded rather than silently removed.




CryptoLinks Evidence Levels


A project’s status and the strength of its evidence are separate questions. A clear evidence scale helps readers understand whether a record is based on an official document, independently verifiable data, corroborated reporting or an unverified submission.
































Evidence levelMeaning
Evidence A — AuthoritativeSupported by a court record, law-enforcement announcement, regulator publication or authoritative security notice.
Evidence B — Independently verifiableSupported by reproducible blockchain activity, smart-contract code, domain history, archived content, security research or another independently checkable source.
Evidence C — Corroborated reportingSupported by several credible and independent sources containing materially consistent information.
Evidence D — Credible but incompleteSpecific complaints or reports raise a legitimate concern but do not establish the complete allegation.
Evidence E — Unverified submissionA report has been received but has not been independently verified.


I do not believe an entity should be publicly described as confirmed fraud based only on incomplete complaints or an unverified submission.




How I Investigate a Suspicious Crypto Project


My first task is establishing exactly which entity is being reviewed. Cryptocurrency projects frequently share names, token symbols, branding and copied documentation. A warning about one domain or contract should not automatically be applied to every project using a similar name.


Identifying the Correct Project


Where the information is available, I check:



  • The exact website domain

  • Alternative and historical domains

  • Redirects and lookalike domains

  • Token name and symbol

  • Smart-contract address

  • Blockchain network

  • Company or operator name

  • Relevant wallet addresses

  • Claimed license or registration

  • Current website status


Domain history matters. A domain used by one project several years ago may expire and later be registered by an unrelated operator. An old warning should not automatically be carried forward without evidence linking the old and new activity.


Reviewing the Website and Its Claims


I compare what a project promises with what can be independently checked. Relevant questions include:



  • Does it advertise guaranteed or unusually consistent returns?

  • Is the advertised product operational?

  • Are withdrawal rules disclosed before a deposit?

  • Does a claimed license appear in the correct official register?

  • Are partnerships confirmed by the supposed partner?

  • Are team biographies genuine and connected with the project?

  • Does an audit cover the deployed contract?

  • Do token-supply claims match blockchain records?

  • Are legal documents copied from another business?

  • Does the platform demand new payments only after a withdrawal request?


A weak website, anonymous team or missing whitepaper may increase risk, but none independently proves deliberate fraud.


Readers who need a foundation before evaluating complex projects can use the CryptoLinks cryptocurrency beginner guide and its collection of crypto guides and educational resources.


Verifying Regulation and Company Claims


A license number or financial-services logo displayed on a website is not enough. I look for confirmation through the relevant official register and compare the legal company name, registered address, authorized domain, license number and permitted services.


A fraudulent platform may copy the identity and license details of a legitimate company. In that situation, the warning applies to the impersonating domain—not automatically to the regulated business being copied.


Reviewing Smart Contracts and On-Chain Activity


For tokens and decentralized-finance projects, I focus on the deployed contract and relevant blockchain activity. Checks may include:



  • Contract creator and deployment date

  • Ownership privileges

  • Additional minting permissions

  • Blacklist and pause functions

  • Transfer restrictions

  • Changeable transaction taxes

  • Proxy and upgrade controls

  • Liquidity additions and removals

  • Liquidity locks

  • Token-holder concentration

  • Treasury transfers

  • Exploit-related wallet activity

  • Public wallet labels


Basic checks can be reproduced through CryptoLinks’ list of blockchain explorers. More complex wallet-flow and holder analysis may require specialized on-chain analytics tools.


Explorer and analytics labels can be incomplete or wrong. Important wallet attributions should be supported by more than one source whenever possible.


Checking for Phishing and Security Threats


A phishing or wallet-drainer investigation requires different evidence from a failed investment project. Relevant indicators may include:



  • A cloned exchange or wallet login page

  • A lookalike domain

  • Credential or seed-phrase requests

  • Deceptive wallet approvals

  • Malicious downloads

  • Fake browser extensions

  • Fraudulent mobile applications

  • Compromised social-media accounts

  • Reliable malware or security warnings


The CryptoLinks blockchain security resources cover common wallet, account and transaction threats in greater detail.


Potentially malicious domains should be displayed in a non-clickable format such as example[.]com. Readers should not be directed to a suspected phishing site to verify it themselves.


Evaluating User Complaints


User reports can reveal patterns that are not visible through a website alone, particularly when several independent users describe the same withdrawal process or unexpected demand for additional payments.


Complaints are evidence to assess, not automatic proof. I consider:



  • How specific the report is

  • Whether transaction hashes or payment records exist

  • Whether separate users describe the same sequence

  • Whether reports appear copied

  • Whether the correct domain or contract was identified

  • Whether the operator responded

  • Whether withdrawals were later processed

  • Whether important restrictions were disclosed in advance


A single anonymous accusation should not support a definitive public claim. Victim names, identification documents, email addresses and unnecessary financial details should not be published.


Providing a Right of Reply


When an active project or identifiable business challenges a warning, I consider specific factual evidence. A meaningful response may identify an error, explain an incident, provide regulatory documentation, confirm the correct domain or contract, show that withdrawals resumed or prove that a suspicious site was an impersonation.


A response does not give the operator control over the conclusion. It provides an opportunity to correct material facts and add relevant context.




Common Types of Cryptocurrency Scams


Fake Crypto Exchanges


A fake exchange may imitate an established trading platform or create a professional-looking dashboard from scratch. The displayed balance and profit may not represent real assets.


Depositing is usually easy. Problems often begin when a user requests a withdrawal and is told to pay an additional tax, insurance fee, security deposit, verification charge or account-upgrade fee.


Sending more cryptocurrency rarely solves the problem. Before using an unfamiliar platform, compare it with established services in the CryptoLinks cryptocurrency exchange directory, then verify the exact domain independently.


Fake Investment and Trading Platforms


These websites may advertise managed trading, arbitrage, staking, mining or artificial-intelligence-based investment systems. Some permit small early withdrawals to build trust. When the victim deposits more or requests a larger withdrawal, the platform may delay access and demand another payment.


Claims about automated returns should be compared with how legitimate crypto trading bots actually operate. No trading system can guarantee consistent profit in every market condition.


Ponzi and Pyramid Schemes


A Ponzi scheme generally uses money from newer participants to pay earlier users. A pyramid scheme depends heavily on recruitment. Successful early payments do not prove that a genuine underlying business exists.


Ask what produces the advertised return and whether that activity can be independently verified without relying on continued deposits from new members.


Rug Pulls


A rug pull generally involves insiders abandoning a project or extracting value in a way that leaves other holders unable to exit fairly.


Possible evidence includes:



  • Sudden liquidity removal

  • Undisclosed token minting

  • Insider token dumping

  • Hidden transfer restrictions

  • Extreme sell taxes

  • Treasury draining

  • Abandonment shortly after fundraising


A token-price collapse alone does not prove a rug pull. Use more than one token security scanner, then confirm important findings manually through the correct block explorer.


Honeypot Tokens


A honeypot token may allow users to buy while preventing or severely restricting sales. The contract may let its owner blacklist wallets, pause trading, raise sell taxes, restrict transfers or upgrade the contract after launch.


A clean scanner result does not guarantee safety. Automated tools may miss unusual code, proxy upgrades and off-chain risks.


Phishing Websites and Wallet Drainers


Phishing sites imitate exchanges, wallets, NFT marketplaces, token bridges, airdrop pages or customer-support portals.


Some steal passwords, authentication codes or seed phrases. Others persuade users to sign a malicious transaction or grant unlimited token permissions.


Never connect a wallet through a link received in an unsolicited message. Open important services from a verified bookmark or a manually checked official address.


Fake Wallet Applications


A fraudulent wallet may copy a well-known product or advertise a new wallet with attractive rewards. It may steal seed phrases, replace receiving addresses or install malicious software.


Compare unfamiliar products with reviewed cryptocurrency wallets and verify every download through the provider’s official website.


Users considering self-custody should also understand the responsibilities involved in using non-custodial wallets and protecting a hardware wallet. Self-custody reduces some counterparty risks, but losing or exposing a recovery phrase can permanently compromise the wallet.


Fake Airdrops and Giveaways


These campaigns promise free tokens, exclusive rewards or multiplied deposits. The victim may be asked to send cryptocurrency first, connect a wallet, approve broad token access, enter a seed phrase or pay a release fee.


A legitimate airdrop does not require your private key or recovery phrase.


Fake Presales


A fake presale may collect deposits for a token that never launches or cannot be sold. Before participating, examine the contract, token allocation, vesting, liquidity plan, administrative controls, operator identity and use of funds.


Cloud-Mining Scams


A suspicious cloud-mining service may promise predictable returns without showing credible evidence of mining equipment, electricity expenses, operating activity or genuine payouts.


Compare these claims with the real operating models described in CryptoLinks’ guide to cloud-mining services. Genuine mining profitability changes with token prices, network difficulty, equipment performance and energy costs.


Romance and Trust-Based Investment Scams


In these schemes, a person spends weeks or months building a personal or romantic relationship before introducing a cryptocurrency investment opportunity.


The recommended platform may display fabricated profits. When the victim tries to withdraw, the platform demands taxes, fees or further deposits. An online relationship should never replace independent financial verification.


Fake Customer Support


Fraudsters impersonate exchanges, wallet providers, project teams and recovery services. They may request a seed phrase, password, authentication code, remote access, wallet connection or verification deposit.


Legitimate support personnel do not need your seed phrase or private key.


Impersonation and Deepfake Promotions


Fraudsters can use cloned accounts, fake news pages, edited video and synthetic voices to impersonate celebrities, executives or public officials.


A familiar face or voice is not proof of endorsement. Confirm every promotion through the person or organization’s independently verified official channels.


Job and Task Scams


A victim may be offered easy remote work, product-review assignments or commission-based tasks. A small initial payment can be used to build trust before the victim is asked to deposit cryptocurrency to unlock higher-value tasks or withdraw earnings.


A legitimate employer should not require an employee to send money to receive wages.




How to Check Whether a Crypto Website Is Legitimate


1. Confirm the Exact Domain


Check every character. Lookalike domains may add a hyphen, replace a letter, use an unusual extension or hide the real address inside a misleading subdomain.


Do not rely on a sponsored search result, private message or social-media reply.


2. Find the Official Starting Point


Use independently verified official sources rather than searching only by token name. CryptoLinks’ list of official cryptocurrency websites can provide a starting point, but important information should still be confirmed through more than one source.


3. Search for Official Warnings


Look for notices from financial regulators, consumer-protection authorities and law enforcement. Read the original publication rather than relying only on a third-party summary.


4. Verify the Company and License


Search the relevant official register for the exact company name, domain, license number, address and authorized activities.


A real registration number can still be copied by an impersonation site.


5. Review the Domain’s History


A recently registered domain is not automatically malicious, but it deserves additional scrutiny when a company claims to have operated for many years. Archived pages may reveal changes in ownership, branding and advertised services.


6. Compare Legal and Contact Information


Check whether names, addresses and registration details remain consistent across the terms and conditions, privacy policy, contact page, company register and regulator record.


7. Verify Team Members and Partnerships


Copied photographs and fabricated biographies are common. A partner logo displayed on a website does not prove a partnership. Confirm it through the supposed partner’s own official channels.


8. Read Withdrawal Conditions Before Depositing


Check withdrawal limits, account restrictions, bonus requirements and fees before transferring money. Unexpected payments demanded only after a withdrawal request are a serious warning.


9. Verify the Contract Address


Obtain the contract address from more than one reliable source and confirm the correct blockchain. Do not rely only on a token name or symbol.


10. Review Smart-Contract Permissions


Check whether the owner can mint additional tokens, blacklist wallets, pause transfers, alter fees, restrict sales, upgrade the contract or move liquidity.


11. Examine Liquidity and Token Distribution


Check how much liquidity exists, who controls it, whether it is genuinely locked and whether a small group of wallets controls most of the supply.


12. Read the Audit Scope


Confirm that the audit covers the deployed contract. An audit does not automatically verify the team, business model, reserves, website or future administrative actions.


13. Search for Complaint Patterns


Detailed and consistent reports are more useful than a raw complaint count. Pay particular attention to repeated demands for additional payments, frozen withdrawals and support accounts that move conversations to private channels.


14. Never Share Wallet Secrets


No legitimate project, exchange, investigator or support agent needs your seed phrase or private key.


15. Never Install Remote-Access Software for Support


Remote-access applications can give another person control over your device, accounts and wallets.


Passing these checks reduces risk, but it does not guarantee safety.




High-Risk Crypto Scam Warning Signs


Stop and investigate when you encounter one or more of the following:



















































































Warning signWhy it mattersWhat to verify
Guaranteed profitsCrypto markets are volatile, and legitimate returns cannot be guaranteed.What actually generates the return and whether it can be independently confirmed.
Pressure to deposit immediatelyUrgency prevents careful research and comparison.Whether the opportunity still exists after independent verification.
More money required to withdrawFake platforms commonly invent taxes, insurance or unlocking fees.Whether the charge was disclosed and whether the company is authorized.
Unverifiable licenseLicense numbers and regulator logos can be copied.The exact company, domain and permission in the official register.
Recently created lookalike domainPhishing sites often imitate established brands.Every character in the domain and its registration history.
Seed-phrase or private-key requestAnyone with these credentials can control the wallet.Nothing—do not provide them.
Remote-access requestThe other person may gain control of accounts and wallets.End the session and contact the service through a verified channel.
Unlimited contract permissionsA malicious contract may transfer approved assets.The spender, token, amount and exact action being signed.
Changeable fees or transfer restrictionsThe owner may prevent selling or impose extreme taxes.Owner controls, proxy functions and deployed code.
Unlocked or centrally controlled liquidityLiquidity may be removed without warning.The pool, lock provider, lock amount and expiry date.
Highly concentrated token supplyA few wallets may control the market or sell pressure.Top holders and possible links between wallets.
Fake audit or partnershipLogos and reports can be copied or refer to different code.The claim through the auditor or partner’s own official source.
Support only through private messagingImpersonators frequently use Telegram, WhatsApp and direct messages.The support channel published on the verified official domain.
Guaranteed cryptocurrency recoveryRecovery outcomes depend on exchanges, authorities and transaction paths.The provider’s identity, qualifications, fees and realistic limitations.


No single warning sign proves fraud in every case. The combination, context and quality of evidence matter.




How to Check Token and Smart-Contract Risk


Start with the exact contract address and correct blockchain. Use CryptoLinks’ token security scanners as an initial filter and confirm important findings through a compatible blockchain explorer.


Review:



  • Contract ownership

  • Minting permissions

  • Blacklist functions

  • Pause controls

  • Transfer limits

  • Buy and sell taxes

  • Proxy and upgrade permissions

  • Liquidity ownership

  • Liquidity-lock duration

  • Token-holder concentration

  • Treasury-wallet activity

  • Contract verification status


Renounced ownership can reduce certain risks, but it does not make an entire project safe. Other contracts, wallets or liquidity positions may remain under insider control.


Several apparently separate wallets may belong to the same person or group. On-chain analytics may help identify connections, but clustering methods and wallet labels are not infallible.


Do not interact with an unknown contract merely to test it. A test transaction, approval or signature can still expose your wallet.




What to Do After a Suspected Crypto Scam


Stop Sending Money


Do not pay another tax, verification fee, security deposit, liquidity charge or recovery payment. Additional transfers rarely unlock funds held on a fabricated platform.


Preserve Evidence


Save:



  • Exact website domains

  • Wallet and contract addresses

  • Transaction hashes

  • Dates and times

  • Screenshots

  • Emails and chat messages

  • Account statements

  • Withdrawal terms

  • Contact details used by the operator


Contact the Payment Provider


Contact the exchange, bank, card provider or payment service involved. Provide accurate transaction details and explain that you suspect fraud.


Speed can matter when assets have recently passed through a centralized service, although recovery is never guaranteed.


Review and Revoke Suspicious Approvals


Use a trusted method to review token permissions and revoke suspicious approvals. Do not use a revocation link supplied by the same person or website you suspect.


Secure Affected Accounts


From a clean device:



  • Change passwords

  • Enable stronger authentication

  • Review account-recovery settings

  • Check email-forwarding rules

  • Secure your mobile-phone account

  • Remove unfamiliar applications and browser extensions


Protect Remaining Assets


Move remaining cryptocurrency only when there is a genuine wallet-compromise risk and you understand how to complete the transfer safely. A rushed transaction can create additional loss.


Report the Incident


Report the matter to the appropriate local law-enforcement agency, cybercrime authority, regulator, exchange and relevant security provider. Phishing pages can also be reported to browsers and hosting companies.


Seek Qualified Assistance Carefully


For substantial losses, qualified legal or blockchain-forensic assistance may be appropriate. Verify the provider carefully and reject anyone who guarantees a successful recovery.




Cryptocurrency Recovery-Scam Warning


People who have already lost cryptocurrency are frequently targeted again. The new contact may claim to be a blockchain investigator, ethical hacker, lawyer, exchange employee, government representative or fund-recovery specialist.


Be extremely cautious when someone claims they can:



  • Hack stolen funds back

  • Reverse a blockchain transaction

  • Release frozen assets after another payment

  • Recover all cryptocurrency for an upfront fee

  • Obtain an immediate court order

  • Bribe an exchange employee

  • Trace and recover every transaction

  • Use secret blockchain recovery software

  • Mint replacement tokens


Blockchain analysis can sometimes identify transaction paths, connected wallets or exchanges. Tracing funds is not the same as recovering them.


No legitimate investigator can guarantee that cryptocurrency will be returned.




How to Report a Suspicious Crypto Project


A useful report should include:



  • Project or company name

  • Exact website domain

  • Token name and symbol

  • Smart-contract address

  • Blockchain network

  • Relevant wallet addresses

  • Transaction hashes

  • Date of interaction

  • A clear explanation of the issue

  • Screenshots with sensitive information removed

  • Relevant terms and withdrawal conditions

  • Contact history

  • Public regulator, court or police references


Never submit:



  • Seed phrases

  • Private keys

  • Passwords

  • Authentication codes

  • Full identity documents through an insecure channel

  • Remote-access credentials

  • Unnecessary personal financial records


Submitting a report does not guarantee publication. The correct entity and material facts must first be identified, and the evidence must justify public reporting.


Reports and supporting evidence can be sent through the contact information on the CryptoLinks About and Contact page.




Correction, Appeal and Right-of-Reply Policy


CryptoLinks should correct material errors when credible evidence shows that a published statement is inaccurate.


A project or authorized representative challenging an entry should provide:



  • The exact entry being challenged

  • Proof of authority to represent the project

  • The specific statements claimed to be inaccurate

  • Supporting documentary evidence

  • Current domain and contract information

  • Relevant regulatory documentation

  • An explanation of reported incidents

  • Evidence of repayments or resolutions where claimed

  • A response suitable for public summary


CryptoLinks does not charge for factual corrections, classification reviews, right-of-reply submissions or removal of unsupported information. Advertising payments and commercial relationships do not determine the outcome of a correction review.


Depending on the evidence, an entry may be:



  • Corrected

  • Updated

  • Annotated

  • Reclassified

  • Marked as disputed

  • Merged with another record

  • Removed from the public list

  • Left unchanged


Material corrections should display the date and reason for the change. A threat or general claim of good intentions is not a substitute for specific factual evidence.




Frequently Asked Questions


What Is a Crypto Scam List?


A crypto scam list is a collection of warning and risk records involving cryptocurrency websites, tokens, wallets, applications or investment services. A responsible warning list should identify the relevant entity, explain the concern and distinguish verified findings from incomplete reports.


Does Appearing on This List Prove a Crime?


No. Some records may concern official actions, while others relate to phishing, suspicious contract activity, reported withdrawal problems, unresolved allegations or inactive services. Inclusion is a reason to investigate carefully—not automatic proof of a criminal conviction.


How Do I Check Whether a Crypto Website Is a Scam?


Start with the exact domain. Check regulator records, company information, domain history, withdrawal terms and independent security reports. Verify licenses and partnerships through their original sources. Do not visit a domain already identified as malicious simply to investigate it.


Why Is a Failed Project Sometimes Marked Inactive Instead of Fraudulent?


Projects can fail because of poor management, technical problems, lack of funding or weak demand. Fraud requires stronger evidence than inactivity or a falling token price. When deliberate misconduct cannot be established, the observable status should be described without assuming intent.


What Is a Crypto Rug Pull?


A rug pull generally involves insiders abandoning a project or extracting value in a way that harms other holders. Evidence may include liquidity removal, undisclosed minting, insider dumping, hidden transfer restrictions or abusive contract controls. A price collapse alone is not enough.


How Do I Check a Token Contract?


Confirm the exact contract address and blockchain. Review ownership, minting permissions, blacklist and pause functions, transfer restrictions, fees, upgrade controls, liquidity and token distribution. Use more than one scanner and verify important results manually.


Does a Smart-Contract Audit Prove That a Project Is Safe?


No. An audit normally examines specific code at a particular time. It may not verify the project team, finances, website, reserves, deployed version, future upgrades or administrative decisions.


Are Anonymous Crypto Teams Always Scams?


No. Anonymity can increase accountability and governance risks, but it does not independently prove fraud. It should be considered alongside contract controls, financial claims, security practices, project history and other evidence.


Why Am I Being Asked to Pay Before Withdrawing?


Unexpected demands for tax, insurance, verification deposits or unlocking fees are common on fake investment platforms. Stop sending money and verify the service independently. Repeated payments often lead only to further demands.


What Should I Do After Connecting to a Wallet Drainer?


Disconnect from the website, review and revoke suspicious approvals through a trusted service, preserve transaction evidence and secure related accounts. Move remaining assets only when necessary and when you can do so safely.


Can Stolen Cryptocurrency Be Recovered?


Sometimes assets are frozen, seized or returned, particularly when authorities and regulated services can act quickly. Recovery is never guaranteed. Treat anyone promising certain recovery for an upfront payment as a serious risk.


How Do I Report a Suspicious Cryptocurrency Project?


Provide the exact domain, contract address, blockchain, relevant wallet addresses, transaction hashes, dates and a clear explanation. Include supporting evidence where available, but never send passwords, private keys or seed phrases.


Can a Project Challenge a CryptoLinks Warning?


Yes. A project can identify disputed statements and provide specific, verifiable evidence. CryptoLinks does not charge for factual corrections or review of an unsupported classification.


Why Are Suspicious Domains Not Clickable?


A clickable link could expose readers to phishing, malware or wallet-draining content. Potentially dangerous domains should be displayed in a defanged form, while supporting links should point to trusted evidence rather than the suspicious destination.




Final Crypto Safety Guidance


I use this crypto scam list as one part of a broader verification process—not as a guarantee.


No database can identify every dangerous website, wallet, token or investment platform. Absence from CryptoLinks does not mean that a project has been approved or proven safe.


Before sending money or connecting a wallet, verify:



  • The exact domain

  • The blockchain network

  • The smart-contract address

  • Company and licensing claims

  • Withdrawal conditions

  • Smart-contract permissions

  • Liquidity and token distribution

  • Claimed partnerships

  • Relevant security warnings


Never share a seed phrase, private key, password or authentication code.


Requests for additional money to unlock a withdrawal are a serious warning. So are unsolicited recovery offers promising that funds will definitely be returned.


Evidence matters more than anonymous accusations. When credible contrary evidence is supplied, I review the relevant record and correct material errors.


CryptoLinks provides independent research and risk information. It does not provide legal advice, investment advice, law-enforcement services or guaranteed cryptocurrency recovery.


» All Best Cryptocurrency Websites List (5000+ Top Cryptocurrency Sites) «Biggest and most up-to-date best Cryptocurrency websites list that you can find in Crypto World!