DeFi Scam Red Flags: How to Stay Safe
DeFi gives you financial sovereignty, but that means you are your own security department. Billions of dollars are lost to scams every year. Knowing the red flags is the single most important skill in crypto.
Key Takeaways
- The 8 most common DeFi scams follow predictable patterns: unrealistic yields, anonymous teams, unaudited code, unlocked liquidity, honeypot contracts, phishing, fake airdrops, and social engineering
- If the source of yield cannot be clearly explained, the yield is likely coming from new depositors -- a Ponzi structure
- ChainBridge protects users with phishing detection, transaction simulation, and curated token lists
- A hardware wallet and healthy skepticism are your two best defenses against the majority of attacks
Table of Contents
- Why Scams Thrive in DeFi
- 8 Red Flags to Watch For
- How ChainBridge Protects You
- 10-Point Safety Checklist
- What to Do If You Get Scammed
Why Scams Thrive in DeFi
DeFi is permissionless by design. Anyone can deploy a smart contract, create a token, or launch a protocol without approval from any authority. This openness is what makes DeFi powerful -- it enables innovation without gatekeepers. But it also means there is no gatekeeper filtering out bad actors.
Transactions on blockchains are irreversible. When you send tokens to a scam contract or approve a malicious transaction, there is no bank to call, no chargeback to file, and no customer support to reverse the transfer. The finality that makes blockchain useful for legitimate transactions also makes it attractive to criminals.
The pseudonymous nature of crypto makes it difficult to identify and prosecute scammers. While blockchain transactions are public, connecting wallet addresses to real-world identities requires significant law enforcement resources. Many scam operations run from jurisdictions with weak enforcement.
Finally, the pace of DeFi creates FOMO (fear of missing out). New protocols launch daily, and early participants in legitimate projects have earned enormous returns. Scammers exploit this by creating artificial urgency: "limited time," "first 1000 users only," "price doubling tomorrow." Pressure to act quickly is itself a red flag.
8 Red Flags to Watch For
These are the most common patterns used by DeFi scammers. Memorize them. A single red flag warrants investigation; multiple red flags together are a near-certain indicator of a scam.
Unrealistic APY Promises
Any protocol advertising yields above 100% APY without clear, verifiable sources of revenue is a major red flag. Sustainable DeFi yields come from trading fees, lending interest, or protocol revenue. When the yield comes from new depositors paying existing ones, you are in a Ponzi scheme. Even 20-50% APY should be scrutinized carefully -- ask where the money comes from.
Real example: Anchor Protocol offered a "guaranteed" 20% APY on UST deposits. When the yield became unsustainable, the entire UST/Luna ecosystem collapsed in May 2022, wiping out $40 billion.
Anonymous or Unverifiable Team
While pseudonymity is common in crypto, a project with no public team members, no professional history, and no verifiable track record should be treated with extreme caution. Legitimate projects either have doxxed founders or pseudonymous teams with years of on-chain reputation, active development, and community trust built over time.
Real example: Wonderland (TIME) was run by a pseudonymous treasurer who turned out to be a convicted fraudster. When his identity was revealed, the project collapsed as users rushed to withdraw.
Unaudited Smart Contracts
Any DeFi protocol asking you to deposit funds should have smart contracts audited by reputable firms (Trail of Bits, OpenZeppelin, Certora, Spearbit). An audit does not guarantee safety, but its absence guarantees that no professional has checked the code for exploits. Check the project docs for audit reports and verify them on the auditor's website.
Real example: Mango Markets on Solana was exploited for $115 million in October 2022. The attacker manipulated oracle prices to drain the protocol -- a vulnerability that a thorough audit would likely have identified.
No Locked or Non-Existent Liquidity
When a new token launches on a DEX, the team adds initial liquidity (token + ETH/USDC) to a pool. If this liquidity is not locked via a timelock contract, the team can remove it at any moment -- taking all the ETH/USDC and leaving holders with worthless tokens. This is called a "rug pull." Always check if liquidity is locked and for how long.
Real example: Squid Game Token (SQUID) surged 75,000% before the creators pulled all liquidity from the Pancakeswap pool. Holders could not sell because the contract also included a sell restriction -- a double rug.
Honeypot Token Contracts
A honeypot is a token where the smart contract allows buying but prevents or heavily taxes selling. The contract might include hidden transfer restrictions, extreme sell taxes (90-99%), or whitelist-only selling. The price looks like it is only going up because nobody can sell. Always verify a token contract on a honeypot detector before buying.
Real example: Thousands of honeypot tokens launch weekly on Ethereum and BSC. They typically mimic popular token names or trending memes to lure unsuspecting buyers.
Phishing Sites and Fake dApps
Scammers create pixel-perfect copies of popular DeFi sites (Uniswap, Aave, OpenSea) with slightly different URLs. When you connect your wallet and approve a transaction, you are actually granting the scammer unlimited access to drain your tokens. Always bookmark official URLs, double-check the domain before connecting, and verify contract addresses.
Real example: Fake Uniswap sites with domains like "uniswap-app.com" or "uniswapp.org" have stolen millions by tricking users into signing malicious token approvals.
Fake Airdrops and Token Claims
You receive unexpected tokens in your wallet or see a "claim airdrop" link on social media. The claim site asks you to connect your wallet and approve a transaction -- which actually grants the attacker permission to drain your real tokens. Legitimate airdrops are announced through official project channels and verified on multiple sources.
Real example: Attackers regularly send worthless tokens to thousands of wallets. When users try to sell or interact with these tokens, the token contract redirects them to a phishing site that drains their wallet.
Social Engineering and Impersonation
Scammers impersonate project team members, support staff, or influencers on Discord, Telegram, and Twitter. They direct message you with "help" for a problem you posted about, "exclusive investment opportunities," or fake customer support. No legitimate project will ever DM you first or ask for your seed phrase, private key, or wallet password.
Real example: Fake MetaMask support accounts on Twitter respond to users asking for help, then direct them to "support sites" that steal their seed phrases. This remains one of the most common attack vectors.
How ChainBridge Protects You
ChainBridge implements multiple layers of protection to help users avoid scams and malicious interactions. While no platform can prevent all attacks -- especially social engineering that happens outside the app -- these features significantly reduce your risk surface.
Phishing Detection
ChainBridge includes a built-in PhishingDetector that analyzes token names and symbols for suspicious patterns. It checks for unicode lookalike characters (e.g., using Cyrillic "a" instead of Latin "a"), symbol similarity to known tokens, and addresses on known blacklists. Suspicious tokens are flagged before you can interact with them.
Transaction Simulation
Before you execute a swap, ChainBridge can simulate the transaction via the Tenderly API. Simulation reveals exactly what will happen: which tokens move, how much gas will be consumed, and whether the transaction will succeed or revert. This catches many malicious contracts that behave differently than expected.
Curated Token Lists
ChainBridge uses verified token lists with manually confirmed contract addresses for all supported tokens. This prevents you from accidentally swapping a legitimate token for a copycat with the same name but a different contract. If a token is not on the list, you should verify its contract address independently.
Slippage Protection
Default 1% slippage tolerance prevents sandwich attacks from extracting excessive value from your trades. The Smart Order Router also compares prices across 7 aggregators, making it harder for any single source to provide a manipulated price.
Security Headers and CSRF Protection
The ChainBridge web application implements comprehensive security headers (CSP, HSTS, X-Frame-Options) and CSRF protection to prevent cross-site attacks that could trick your browser into signing malicious transactions.
10-Point Safety Checklist
Follow these rules consistently and you will avoid the vast majority of DeFi scams. Print this list. Make it a habit.
- Verify the URL before connecting your wallet -- bookmark official sites and never click links from DMs or ads
- Check if smart contracts are audited by reputable firms and verify the audit report on the auditor's official website
- Confirm liquidity is locked via a timelock contract before buying any new token
- Use a hardware wallet (Ledger, Trezor) for any significant holdings -- it adds a physical confirmation step for every transaction
- Never share your seed phrase, private key, or wallet password with anyone, for any reason, ever
- Test new protocols with a small amount first before committing larger sums
- Revoke unused token approvals regularly using tools like Revoke.cash or the built-in approval manager in your wallet
- Be skeptical of unsolicited DMs, especially anyone offering help, investment opportunities, or claiming to be support staff
- Verify token contract addresses on CoinGecko or the project's official documentation before swapping
- If something sounds too good to be true -- guaranteed returns, risk-free yield, free money -- it is a scam
What to Do If You Get Scammed
If you believe you have interacted with a scam contract or had funds stolen, act immediately. Time matters because attackers often drain wallets in stages.
Revoke All Token Approvals
Go to Revoke.cash immediately and revoke every approval for the compromised wallet, especially unlimited approvals. If the scammer has an approval for your tokens, they can drain them at any time -- even days or weeks later.
Move Remaining Funds
Transfer any remaining tokens to a new, clean wallet address. If the attacker has your private key (e.g., from a phishing seed phrase attack), they have full access to everything in that wallet. You need a completely new wallet.
Document Everything
Screenshot the transactions, save the scam site URL, note the contract addresses involved, and record the timeline. This information is crucial for any report you file and may help others identify the same scam.
Report the Scam
Report to the blockchain explorer (Etherscan has a report feature), to the platform where you discovered the scam (Twitter, Discord, Telegram), and to law enforcement if the amount is significant. File an IC3 complaint (FBI) in the US or the equivalent authority in your country.
Warn the Community
Post about your experience on social media and relevant community forums. Describe exactly how the scam worked. Your report could prevent others from falling for the same attack. This is especially impactful for emerging scam patterns.
Related Articles
Trade Safely on ChainBridge
Phishing detection, transaction simulation, curated token lists, and slippage protection. Security built into every swap.