Crypto security glossary

As blockchain technology continues to evolve, so does the language that surrounds it. From “rug pulls” to “MEV attacks,” the world of crypto security comes with its own rapidly growing vocabulary. It can feel complex even for seasoned professionals. This crypto security glossary breaks down the most important terms, concepts and attack types in clear, accessible language to help investigators, developers, and crypto users better understand the risks and how to defend against them. 

Social engineering and impersonations

These exploit human psychology, trust, and emotions rather than code vulnerabilities. 

• Phishing scam: A fraudulent attempt to obtain sensitive information, such as private keys or login credentials, by posing as a trustworthy entity in electronic communications.

• Dating app scam: In this type of scam, fraudsters create fake profiles on dating apps to establish romantic relationships with victims. Once trust is built, they manipulate victims into sending them cryptocurrency or personal financial information under the pretense of emergencies, gifts, or travel expenses. 

• Pig butchering scam: These scams involve fraudulent cryptocurrency investment opportunities where scammers gain the trust of victims over time and promise high returns on investments in fake projects. They disappear after funds are collected, leaving investors with substantial losses and no real assets. 

• Fake recovery service scam: A fake recovery service scam preys on individuals who have fallen victim to cryptocurrency-related frauds, such as scams or hacks. Scammers pose as recovery experts or agencies claiming to help victims retrieve lost funds. They often request upfront fees or sensitive personal information, promising to recover the assets but ultimately disappear after payment, leaving victims with additional losses. 

• Technical support scam: Scammers impersonate cryptocurrency wallet or exchange support teams, convincing users to grant them remote access to their devices and steal their assets.

• Celebrity impersonation scam: Fraudsters create fake social media profiles or websites posing as celebrities, requesting cryptocurrency donations or investments from their followers. 

• Impersonation scam: Scammers impersonate cryptocurrency project leaders or team members to gain trust and solicit investments, often using cloned websites and social media profiles.

• Fake job scam: Fraudsters pose as recruiters or companies offering crypto-related jobs, tricking victims into transferring funds or downloading malicious software for the purposes of stealing wallet credentials and draining funds. 

• Social media giveaway scam: Fake promotions on platforms like Twitter (X) offering free crypto in exchange for sending a small amount first. Scammers often also require ‘winners’ to share personal details or link to websites that download malware onto the victim's device.

Investment and financial fraud schemes

These involve promises of profit, misleading investments, or manipulation of investor behavior.

• Rug pull scam: This occurs in the world of decentralized finance (DeFi) when creators of a cryptocurrency project or token suddenly and intentionally drain the liquidity or value of the asset by selling off a significant portion. This action leaves investors with worthless tokens, resulting in substantial financial losses.

• Slow rug pull scam: A slow rug pull is a deceptive tactic in which the creators of a cryptocurrency project gradually reduce the value of the token over an extended period rather than executing a sudden and dramatic exit. This strategy aims to delay investors’ realization of the scam while extracting funds over time, eventually causing significant losses. 

• Ponzi scheme: A fraudulent investment scheme that promises high returns to early investors but pays these returns using the capital of newer investors rather than legitimate profits. 

• Pyramid scheme: Similar to a Ponzi scheme, this scam relies on recruiting new participants who invest money and recruit others, creating a pyramid structure. Returns are paid to earlier participants and the scheme collapses when recruitment slows. 

• ICO (initial coin offering) scam: Fraudulent initial coin offerings that entice investors with the promise of a new cryptocurrency but disappear after raising funds, leading investors with worthless tokens. 

• Crypto pump-and-dump: A coordinated effort to inflate the price of a cryptocurrency through false or misleading information, followed by selling off assets to profit, causing the price to crash.

• Mining investment scam: Scammers offer the opportunity to invest in cryptocurrency mining operations or equipment, promising high returns but never delivering on their promises.  

• Fake token sale: Scammers launch fake token sales, often using misleading advertising and false endorsements to trick users into purchasing non-existent tokens.

• Signal group scam: Fake signal groups provide trading advice and charge fees for their services but often provide inaccurate information, leading to trading losses.

• Investment manager scam: Scammers claim to be “crypto investment managers” and promise guaranteed profits if victims hand over their private keys or funds. 

DeFi and smart contract exploits

These exploit vulnerabilities in decentralized applications, smart contracts, or trading mechanisms. 

• Smart contract exploit: A vulnerability in a smart contract that hackers exploit to drain funds or manipulate project behavior.

• Reentrancy attack: A common DeFi exploit where attackers repeatedly call a contract function before the first call is completed, allowing them to withdraw funds multiple times. 

• Flash loan attach: Hackers exploit uncollateralized loans in DeFi protocols to manipulate prices or drain liquidity pools

• Oracle manipulation attack: Exploiting vulnerabilities in price oracles to manipulate asset prices on DeFi platforms.

• Bridge exploit: Attacks targeting cross-chain bridges to steal assets transferred between blockchains. 

• Front-running or sandwich attack: A DeFi exploit where bots intercept and manipulate pending transactions for profit. 

Exchange and platform scams

These occur on or via crypto exchanges, wallets, or other custodial platforms. 

• Fake exchange scam: Bogus cryptocurrency exchanges that deceive users into depositing their assets. These platforms often lack security measures and can lead to significant losses. 

• Exchange exit scam: When a legitimate-looking project or exchange disappears after collecting user deposits. 

• Airdrop scam: Fake cryptocurrency airdrops promise free tokens but require users to provide sensitive information or pay a fee to claim their rewards. 

• Crypto margin trading scam: Fraudulent platforms offer leveraged trading but manipulate prices, liquidating users’ assets when their positions are profitable.

• Dusting attack: A privacy-focused exploit where attackers send tiny amounts of crypto (“dust”) to multiple wallets. By tracking how these small amounts move or are consolidated, the attacker attempts to deanonymize wallet owners. The goal is surveillance and often a precursor to phishing or extortion attempts.

• Fake NFT project: Fraudulent NFT drops or collections created to lure buyers with fake endorsements or plagiarized art.

• Wash trading: Artificially inflating the trading volume or price of an NFT or token to mislead buyers.

• Sybil attack: This attack happens when a single bad actor creates or controls many fake identities or nodes within a network to gain disproportionate influence. This can undermine consensus mechanisms or manipulate governance votes.

Money laundering and obfuscation

Illicit actors’ tactics for concealing the source and flow of funds. 

• Chain hopping: The process of moving crypto assets between multiple blockchains or through cross-chain bridges, often rapidly, to obscure the origin of funds. It’s a common tactic in money laundering to make tracing illicit transactions more difficult. 

• Mixers / tumblers: Services that combine many users’ coins and redistribute them to obscure tracing.

• Over-the-counter (OTC) brokers: Using OTC desks or brokers to convert large crypto amounts off-exchange, often with less transparent KYC processes.

Malware and technical attacks

These threats involve direct device compromise or software-based theft.

• Malware and ransomware: Cybercriminals distribute malware or ransomware to steal cryptocurrency wallets or lock users’ devices, demanding a ransom for decryption.

• SIM swap attack: This attack occurs when an attacker takes control of a victim’s phone number by convincing a mobile carrier to transfer it to a SIM card the attacker controls. Once the number is hijacked, the attacker can intercept two-factor authentication codes or password resets, gaining access to critical accounts.

• Drainer scripts: Malicious JavaScript or transaction approvals that trick users into giving “unlimited spend” permissions to attackers.

Crypto security glossary: The first line of defense

Understanding the language of crypto security isn’t just about keeping up with industry jargon, it’s about staying prepared. As scams evolve, exploits grow more sophisticated, and illicit tactics become harder to detect. Knowing how these threats operate is the first line of defense. 

Whether you’re an investigator tracing funds, a developer securing smart contracts, or a crypto user protecting your assets, staying fluent in these terms helps you recognize warning signs early, make informed decisions, and strengthen the broader ecosystem’s resilience against fraud and abuse.