A Guide to Onchain Safety

Ah, Crypto: a world where your cartoon penguin is worth more than your car. Where ‘just clicking a link’ could cost your ETH and ‘DYOR’ (Do Your Own Research) isn’t just advice but is a survival guide. 

For every crypto ape making it big, there’s a scammer lurking in the shadows of the blockchain, ready to rug, drain or just confuse you into submission. Before diving into the madness of on-chain scams, let’s take a moment to appreciate how far we have come or fallen. 

Back in the good old internet days, scams were simple and almost charming in their laziness. A Nigerian prince needed your help, or a pop-up told you that you had won an iPhone.

But in crypto? Oh, it’s a whole different playground. Scams here are coded, automated and dressed up like your favourite dApps (Decentralized Applications). They don’t just slide into your DMs but they also live on–chain, ready to drain your wallet before you even finish your coffee. Let’s break down the most common on-chain scams with no fluff, a bit of fun and all the tools you need to avoid waking up to an empty wallet at 3AM.

Figure 1: Yearly crypto scam revenue

Source: Chainalysis (13 February 13 2025)

It usually starts with a fear of missing out. You rush to buy a low-cap gem that’s been pumped on X or Telegram. The candles are green, your heart is racing, and you are already planning that Lambo. And then you try to sell… and nothing happens. That’s when the panic sets in. Welcome to the honeypot, a smart contract that happily takes your money but won’t give it back. Think of it as DeFi’s version of a roach motel: funds go in, but they never come out.

To avoid this sticky trap, use tools like detecthoneypot.com or DEXTools to inspect the contract before you buy. As a general rule: if a 7-follower Twitter account with an anime PFP is shilling it hard, maybe sit that one out.

You copy a wallet address from a recent transaction to send funds again. Seems harmless, right? But here’s the catch scammers send tiny amounts of tokens (aka “dust”) from a wallet address that looks almost identical to yours. If you’re not paying close attention, you might paste their fake address instead of your own. One typo and your ETH goes into the void or worse, straight into the scammer’s wallet.

Defend yourself by bookmarking your real address or using name services like Ethereum Name Service (ENS) if you’re feeling fancy. And never blindly trust your recent transaction history, especially when real money is on the line.

You stumble onto some site that promises an airdrop, NFT mint or magic yield farming. It looks a bit sketchy, but curiosity wins. It asks for token approval. You unassumingly click ‘Approve’… and just like that, you’ve granted infinite access to your tokens. Now the scammer can move them at will and they do.

Always use tools like revoke.cash to check and clean up your token approvals regularly. Only approve what you actually need. And before you connect your wallet to any website, ask yourself: does this look legitimate, or is it running purely on vibes?

You’re told to “sign this message” to log in or verify you’re human. No gas involved, seems safe. So, you sign it. But what you actually signed was a malicious permit () or EIP-712 payload which gave the attacker permission to move your assets. Now your funds are gone, and you never even hit ‘Send.’

Be extremely cautious with message signatures. If a dApp asks you to sign something, make sure you know exactly what you’re agreeing to. Use wallets like Rabby or tools like Wallet Guard to read the content of signatures.

So, your wallet got compromised. But you think, “If I just send ETH quickly and move the assets before they do, I can save them.” Nope. Scammers use sweeper bots that monitor wallets 24/7. The moment they see ETH land in a compromised wallet, the bot instantly sweeps it. It’s a race against time and you will come second at best.

Instead of trying to outsmart the bot, abandon the wallet entirely. Fund a new one, transfer your assets there, and move on. Cold wallets are your safest bet for long-term storage, while hot wallets should be treated like checking accounts and not the place for your life savings.

On-chain is like the wild west, transparent but absolutely ruthless. Scammers aren’t just shady characters anymore but are developers with cleaner code. Now that you have the playbook, you’ve got a real shot at staying safe. Bookmark your real wallet address, clean up your token approvals regularly, read everything you sign and stick to trusted tools and wallets that have your back.

And seriously, don’t keep your life savings in a hot wallet. Use cold storage for anything you’d cry over losing. In crypto, DYOR isn’t just a meme it’s your armour. Because no one’s coming to save you here but with good habits, sharp tools and a bit of paranoia, you won’t need saving.

—

Disclaimer

This document has been prepared by AMINA Bank Ltd. (“AMINA”) in Switzerland. AMINA is a Swiss licensed bank and securities dealer with its head office and legal domicile in Switzerland. It is authorized and regulated by the Swiss Financial Market Supervisory Authority (“FINMA”).

This document is published solely for educational purposes; it is not an advertisement nor a solicitation or an offer to buy or sell any financial investment or to participate in any particular investment strategy. This document is for publication only on AMINA website, blog, and AMINA social media accounts as permitted by applicable law. It is not directed to, or intended for distribution to or use by, any person or entity who is a citizen or resident of or located in any locality, state, country or other jurisdiction where such distribution, publication, availability or use would be contrary to law or regulation or would subject AMINA to any registration or licensing requirement within such jurisdiction.

Research will initiate, update and cease coverage solely at the discretion of AMINA. This document is based on various sources, incl. AMINA ones, and was generated using artificial intelligence (“AI”). No representation or warranty, either express or implied, is provided in relation to the accuracy, completeness or reliability of the information contained in this document, except with respect to information concerning AMINA. The information is not intended to be a complete statement or summary of the subjects alluded to in the document, whereas general information, financial investments, markets or developments. AMINA does not undertake to update or keep current information. Any statements contained in this document attributed to a third party represent AMINA’s interpretation of the data, information and/or opinions provided by that third party either publicly or through a subscription service, and such use and interpretation have not been reviewed by the third party.

Any formulas, equations, or prices stated in this document are for informational or explanatory purposes only and do not represent valuations for individual investments. There is no representation that any transaction can or could have been affected at those formulas, equations, or prices, and any formula(s), equation(s), or price(s) do not necessarily reflect AMINA’s internal books and records or theoretical model-based valuations and may be based on certain assumptions. Different assumptions by AMINA or any other source may yield substantially different results.

Nothing in this document constitutes a representation that any investment strategy or investment is suitable or appropriate to an investor’s individual circumstances or otherwise constitutes a personal recommendation. Investments involve risks, and investors should exercise prudence and their own judgment in making their investment decisions. Financial investments described in the document may not be eligible for sale in all jurisdictions or to certain categories of investors. Certain services and products are subject to legal restrictions and cannot be offered on an unrestricted basis to certain investors. Recipients are therefore asked to consult the restrictions relating to investments, products or services for further information. Furthermore, recipients may consult their legal/tax advisors should they require any clarifications.

At any time, investment decisions (including, among others, deposit, buy, sell or hold investments) made by AMINA and its employees may differ from or be contrary to the opinions expressed in AMINA research publications.

This document may not be reproduced, or copies circulated without prior authority of AMINA. Unless otherwise agreed in writing, AMINA expressly prohibits the distribution and transfer of this document to third parties for any reason. AMINA accepts no liability whatsoever for any claims or lawsuits from any third parties arising from the use or distribution of this document.

©AMINA, Kolinplatz 15, 6300 Zug