In crypto, what really empties a beginner's wallet usually isn't the market but scams. These scams share a trait: they all dress themselves up as something you trust — the official app, official support, an official airdrop. You think you're dealing with Binance, while across from you is someone waiting to collect your seed phrase and codes.

The good news is that these scams have relatively fixed "faces," and only a few scripts. Recognize them all and your defenses improve noticeably. This piece takes apart the three main lines — fake apps, fake support, fake airdrops — then gives you one life-saving rule and an emergency procedure for after you've been hit. It names no specific platform and invents no figures, only methods you can use right away.

1. Why beginners fall for this most

It's not that beginners are foolish; it's that scammers target information gaps and emotions:

  • Can't tell official from knock-off. A beginner doesn't know what a legitimate download channel looks like, and installs anything with a similar icon and name.
  • An instinctive trust of "official." Hear "I'm Binance support" or "an official event" and half your guard drops.
  • Fear of missing out, lure of a deal. "Limited-time airdrop" or "guaranteed yield" hits the FOMO nerve precisely, and a person in a hurry stops verifying.

So the first step in avoiding scams isn't memorizing every new trick, but building the reflex of "anything involving money and passwords, slow down and verify first." However scams reinvent themselves, this reflex holds.

2. Where fake apps come from

A fake app is the source — install a knock-off client and the username and password you type may go straight to the scammer. They reach you mainly through these channels:

  • Knock-off download sites and cloud-drive links. The installer a "download site" offers may have been altered, with code embedded to steal your information.
  • Search-engine ads. Search a platform's name and the top result may be a phishing site that bought an ad, with a domain a letter or two off from the official one — indistinguishable at a glance.
  • Installers sent in group files or DMs. Phrases like "internal version," "premium version," or "no-verification version" are themselves danger signs; the official channel never distributes apps this way.
  • QR codes. A QR code in a group, a DM, or even pasted up offline that takes you straight to a knock-off download page.
The most dangerous kind Any client claiming to be "no-verification," "cracked," or "an internal high-rebate version" is a hundred percent a problem. Legitimate exchanges have no such thing; its only purpose is to scam you. See it and swipe away.

3. How to verify the official download channel

Remember one principle: go in through the official source you found yourself, not a link someone pushed to you. Specifically:

  • Recognize the official main domain. Binance's official site is the main domain binance.com (and its language sub-paths). A domain with a string of extra characters after "binance," or an odd suffix, is basically fake. Go by the guidance in the Binance official help center for downloads and official information.
  • Search the phone's official app store. Check the developer name, download count, and reviews. But don't rely on this alone — knock-offs occasionally slip into stores, so still judge by the developer info.
  • Check the domain character by character. Before going to a site, look at the full domain in the address bar, and watch for lookalike characters (writing l as 1, adding a hyphen) impersonating the real one. If unsure, don't enter your account details.
  • Save the official entry as a bookmark. Once you've confirmed the official address through a reliable route the first time, bookmark it and only ever go in from the bookmark, sidestepping search ads and links others send.
A good habit Always start downloads and logins from your own saved bookmark or the official app. However urgent someone's reason for sending you a "log in / download from this link right away," pause for one second first — that second is often the line between getting scammed and not.

4. The fixed scripts fake support uses

Fake support is the most "human" part of a scam, and the one most likely to lower your guard. But the scripts are highly alike, and recognizing these traits catches them almost every time:

  • They contact you first. This is the number-one red flag. Genuine official support almost never calls or DMs you out of the blue saying "your account is anomalous." Any "support" that comes to you should be treated as a scammer by default.
  • They create tension and rush you. "Your account is suspected of a violation and is about to be frozen," "someone is stealing your coins, do what I say now" — using panic so you can't think.
  • They ask for codes, passwords, or your seed phrase. This is the decisive trait. Anyone asking for these, however official they sound, is 100% a scammer, no exception.
  • They steer you to transfer or "verify funds." Getting you to move coins to a "safe account" or "verification address," or to install remote-control software so they can "operate" for you. Do it and the money's gone.
  • They pull you into off-platform chats. Steering you to an unfamiliar messaging app or group, away from the official environment where they have more room to work.
Commit this test to memory Real support solves problems without ever needing your password, codes, or seed phrase, and won't have you move money for "safekeeping." The moment the other side touches those two things, end the conversation. If you have a question, go into the help center from your own official bookmark to find live support — don't use the contact details the other side gave you.

5. Fake airdrops and phishing-link tricks

Airdrops are real, and precisely because the real ones exist, the fakes have a market. These tricks mostly run on phishing, in a few common forms:

  • "Click the link to claim an airdrop / reward." The link points to a phishing site that looks exactly like the official one, luring you to enter your account password or 2FA code — and entering it hands over the keys.
  • "Connect your wallet to claim." Getting you to connect your wallet to a malicious site and sign an authorization, which may amount to allowing them to move the assets out of your wallet. Many people aren't scammed out of a password but unwittingly sign an authorization.
  • "Send a small fee / activation fee first to claim." A real airdrop never makes you pay first. Anyone asking you to transfer first is, flatly, a scam.
  • Unknown tokens airdropped to you, luring you to "cash out." An unknown token suddenly appears in your wallet, and interacting with it may trigger an authorization trap. Don't touch or authorize tokens you don't recognize.

The verification logic is the same as before: for any "claim money" action, go into the official announcements from your official bookmark to check — don't click in from a pop-up, DM, or ad. You can view and manage wallet authorizations on a block explorer (like Etherscan or TRONSCAN), and revoke any suspicious authorization promptly.

6. One rule: never give anyone your private key, seed phrase, or codes

If you remember only one line from this whole piece, remember this. It shuts out the vast majority of scams:

Private key, seed phrase, login password, 2FA code — never hand them over, to anyone, for any reason. No legitimate process will ask you for these. Support, "the official team," "the person helping you unfreeze" — none of them will. Whoever asks is the scammer.

The reasoning is hard: a seed phrase or private key is the wallet itself, and codes and passwords are the keys to login and withdrawals — hand them over and you've given away the safe and its key together, and no amount of good settings can stop you passing the key yourself. For the matching account defenses, see account security: setting up 2FA, an anti-phishing code, and a withdrawal whitelist.

7. What to do the moment you've been hit

If you've already been caught, don't freeze up in self-blame — race the clock on these, and salvage what you can:

  • Change your password immediately. Change your exchange login password, and any email or account using the same password.
  • Revoke suspicious authorizations, freeze/lock the account. Revoke wallet signing authorizations with a tool as soon as possible; lock the exchange account in an emergency and disable withdrawals per official guidance.
  • Check and reset 2FA and devices. Sign out of all devices, reset two-factor auth, and check whether an API was quietly created (one with withdrawal permission is especially dangerous).
  • Contact the platform through official channels. Go into the official help center from your bookmark to find support and report it — don't use the contact details the scammer gave.
  • Preserve evidence and file a report. Screenshot the chat, transfer records, suspicious links, and transaction hashes, and report to your local police.
  • If assets are still safe, move them fast. If the coins are still there, immediately move them to a brand-new safe address or wallet — don't leave them in a possibly compromised environment.
An honest word Once an on-chain transfer confirms it's basically irreversible, and the hope of recovering coins moved out is slim — which is exactly why "prevention" matters far more than "rescue." But still do the steps above: at minimum they stop further loss and preserve evidence for any investigation.
A reminder from the editorial team The tricks summarized here were checked against public phishing and fraud material and the relatively fixed scripts these scams use, so you can recognize the "faces" rather than recount some specific experience. In practice only two things are most worth drilling into reflex: before clicking any link, hover to see the full domain — a domain a character or two off is basically fake; and the moment the other side touches your codes, password, or seed phrase, end the conversation. Those two beat memorizing any particular case.
The two most concrete anti-scam steps you can do right now
One, set up 2FA, an anti-phishing code, and a withdrawal whitelist following the account-security check — the anti-phishing code helps you spot a fake email at a glance. Two, bookmark the official entry and only ever go in from the bookmark. When withdrawal costs come up, estimate them with the on-site tools, and never trust an offer to "operate for you."

This section doesn't recommend signing up at any platform. Always go by the official channel you've verified yourself; this site will never ask you for any account information.

Run an account-security check

8. An anti-scam checklist

Turn the items below into muscle memory and most scams can't get near you:

  • Download and log in only from your own saved bookmark or the official app store, checking the domain character by character;
  • Refuse any "no-verification," "cracked," or "internal version" client outright;
  • Any "support" that contacts you first is a scammer by default; if you have an issue, go into the official help center yourself;
  • Anyone asking for a password, code, or seed phrase — end it immediately, no exception;
  • For "claim an airdrop / reward," check the official announcement first; anyone asking you to transfer first is a scam;
  • Don't touch or sign for unknown tokens or unknown authorizations; periodically check and revoke suspicious authorizations;
  • If you've been hit, in order: change your password first, then revoke authorizations or lock the account, then reset 2FA, report to the official channel, preserve evidence and file a report, and finally move remaining assets.

None of these needs any technical skill — they all rely on the habit of "slow down one second, verify first." Scammers bet on your hurry, your greed, your trust in the words "official"; keep the pace in your own hands and their playbook fails. In the end the way out is just two things — only go in and out through the official bookmark you've verified, and give your keys, seed phrase, and codes to no one.

Lin Yue · Bitu editorial
Notes on using exchanges, written for beginners. Lin Yue is a pen name; we don't pretend to be anyone's expert — we just write down the steps and traps we've checked for ourselves, again and again. For anything involving money, go by the official pages and your own verification.

Read next