Source context: BullSpot report from 2026-06-22T17:37:19.591Z (Fresh report: generated this cycle).

The Setup Scammers Actually Want

Bitcoin's sitting at $64,430 after a bruising week, Reddit sentiment on BTC and ETH is at -60, and the news flow has been 5 bearish stories to every 3 bullish ones. You know who's thrilled about that combo? Every phishing operator, fake-project founder, and "mentor" running a pig-butchering ring from a server farm in Southeast Asia.

Bear markets don't kill scammers. They feed them. The psychology flips from FOMO to fear, and fear is a more reliable lever. Greed gets you to ape into a 50x alt. Fear gets you to type your seed phrase into a "wallet validator" because you genuinely believe your funds are at risk. I've watched both happen. The second one is worse because the victim thinks they're being careful.

This is a working guide to the scams you'll actually encounter at this market moment — not a generic listicle, but the patterns that show up in post-mortems.

Phishing: The Boring Kill That Still Works

Phishing is the unsexy scam. It's not glamorous like a $50M rug pull. But it's the highest-volume attack in crypto and it works the same way every time: copy something trusted, swap one character, wait.

How the actual plays look

  • Wallet drainer sites. A clone of Uniswap, OpenSea, or Phantom's site with one letter off in the domain. You connect, sign a "claim" transaction, and your hot wallet is drained in one block. The recent pattern: airdrop pages for tokens you didn't know existed, asking you to "verify ownership" by signing a transaction.
  • Telegram and Discord imposters. Someone DMs you after a public post, claiming to be from "BullSpot Support" or "MetaMask Team." Real teams don't DM first. Ever. The verification step is a Google Doc or a fake Trezor site that harvests your seed phrase.
  • Google search ads. Search "Trezor Bridge" and the top result is a paid ad for trezor-bridge-io.com. This one has been running for years. Google has been notified. Google does not care.
  • Email "security alerts." "Your account has been suspended, click here to verify." Same template as the bank phishing emails from 2008. Same success rate.

Prevention that actually works

Bookmark the domains you actually use. Type them, don't search. Use a hardware wallet for any meaningful stack — a phishing site can't drain what it can't see. And for the love of everything, never type your seed phrase into a website. Not for verification, not for "importing," not for "re-syncing." A legitimate wallet will never ask. If a website asks, it is hostile by definition.

Social Engineering and Impersonation

This is the human layer of phishing. Same end goal, different mechanism: someone talks you into giving up control instead of a website asking for it.

The classic play in this market is the "recovery specialist." You got drained, you post about it on Twitter or Reddit, and within hours a verified-looking account DMs you offering to help retrieve the funds for a percentage. They need your seed phrase to "trace the wallet." Or they need an upfront fee. Sometimes both. You are now being scammed by a person who specifically searches for victims of the first scam.

Another one: fake support agents on Telegram channels. They monitor the chat for anyone asking for help, then DM. The legitimate team will never ask for your seed phrase, your private key, or remote access to your machine. If anyone does, block.

The smartest play: assume that anyone who contacts you about your crypto holdings is an adversary until proven otherwise. The inverse — assume your contacts are legitimate — is how people lose five-figure stacks.

Rug Pulls: The Crime That Travels in Pairs

A rug pull is when the team behind a token takes the liquidity and disappears. It used to be obvious: a random BSC token, anonymous team, no audit. Those still exist, but the modern rug pull is insidiously polished.

The pattern at this market moment: a project launches with a professional site, locked liquidity on a tracker like Unicrypt, and a KYC badge from a "certified" firm you've never heard of. The KYC badge looks legitimate. The firm charges $200 for a rubber-stamp review. The team "vested" their tokens, but the unlock cliff is in two weeks and they can unstake manually through a multisig they still control.

How to read the structure, not the marketing

  • Liquidity locked ≠ safe. It means the LP tokens are locked. It does not mean the team can't withdraw their own tokens the moment vesting ends.
  • KYC ≠ legit. Check who issued it. If you can't find the firm's audit methodology, the badge is decoration.
  • Anonymous team is fine. Anonymous team with no on-chain history is not. Look for the deployer's wallet. If they have three prior deploys and all rugged, the pattern is clear.
  • Hype ≠ product. A project with 50K Telegram members and no working product is selling you a community, not a protocol.

The Bitcoin lesson applies here: time in market, not narrative, separates the durable from the disposable.

Pump and Dump Schemes

The mechanics are simple. A group accumulates a low-cap token, coordinates a buy on Discord or Telegram, the price spikes on volume, insiders sell into the move, and late buyers hold a -70% bag. This has happened every cycle since 2017 and will happen forever.

The 2026 wrinkle: it's increasingly run through "alpha groups" that charge subscription fees to retail. You pay $500/month for "exclusive signals," and the signals are real — because the group is run by one of the wallets that bought before you. You're paying to be exit liquidity.

Telltale signs

  • Telegram or Discord with paid "VIP" entry and signals that look like timestamps of buys.
  • Coordinated posting across X with the same phrasing about a token within minutes.
  • Sudden volume spike on a token with no catalyst and a sub-$50M market cap.
  • The leader's wallet is conspicuously absent from any on-chain proof.

The most useful question to ask: if the alpha is real, why sell it to me?

Romance Scams (Pig Butchering)

This is the longest-running, highest-margin scam in crypto, and it's the one nobody wants to talk about because the victims are embarrassed.

The pattern: someone contacts you on a dating app, LinkedIn, Instagram, or even a wrong-number text. They build a relationship over weeks. They mention they made money in crypto — gently at first, then more. Eventually they walk you through signing up on a "platform" they've used. The platform looks legitimate. You deposit. They show you gains. You deposit more. When you try to withdraw, you can't. The platform demands a "release fee" or "tax payment." You pay it. Then it asks for more.

The platforms are fake. The "counterparty" on the other side of your trades is the scammer. The customer service rep is the scammer. The withdrawal block is the scammer. The whole thing is a single operation.

The most reliable red flag: anyone who brings up trading platforms in a romantic or quasi-romantic context. The platform is always the destination. The relationship is the funnel.

Too-Good-to-Be-True Yields

You're seeing these right now. "Stablecoin yield 18% APY, no lockup, audited weekly." The annual return looks like a hedge fund's best year. The risk language looks like a bank disclaimer.

The actual mechanics:

  • Staking programs on tokens you can't price. 1,200% APY on a token that trades -95% from its "ATH" is a negative real yield once you account for the token's depreciation.
  • Lending platforms that rehypothecate deposits across uncollateralized loans. The yield is real until the first loss event, then it's gone.
  • Liquidity mining on unaudited protocols. Your yield is the token the protocol minted to pay you. The protocol can stop emitting tomorrow.
  • Wrapped BTC yield products that promise >0%. BTC doesn't pay a native yield. Anyone offering one is taking duration risk, credit risk, or counterparty risk. Sometimes all three.

A useful rule: the yield you don't understand is the yield you can't keep. If you can't articulate where the return comes from, the return comes from you.

Red Flags That Actually Matter

A short list that catches most of the above:

  1. Unsolicited contact from "support," a "mentor," or a "recovered funds specialist."
  2. Seed phrase or private key requests, in any context, for any reason.
  3. Domain mismatches in wallet and exchange URLs.
  4. Guaranteed returns with no drawdown language.
  5. Pressure to act fast — "this fills in 24 hours," "withdrawal closes tomorrow."
  6. Platforms that only let you deposit, never withdraw.
  7. A team that's anonymous AND has no on-chain footprint older than the project.
  8. A "mentor" you met on a dating app who wants to show you their trading platform.

What to Do If You've Been Scammed

This is the part most guides skip because it's uncomfortable. The honest version:

First, stop the bleeding. Move remaining funds off any wallet or account that interacted with the scam. Revoke token approvals on Etherscan or the relevant chain explorer — search "revoke.cash" and use the legitimate site. Change passwords and rotate keys if you've reused credentials.

Document everything. Transaction hashes, wallet addresses, the scammer's contact info, screenshots of the chat. This is what law enforcement actually needs.

Report it. In the US, that's the FBI's IC3. In the EU, it's national cybercrime agencies. Chainalysis and similar firms work with law enforcement but don't expect them to recover your funds directly. Recovery is rare.

Ignore "recovery services" that DM you afterward. They are the same scam, second verse.

Don't beat yourself up in public. Scammers are professionals. Most victims are smart. The industry has spent a decade building UX that punishes mistakes instead of preventing them. You're not stupid; you ran into someone who does this forty hours a week.

The Takeaway

A market where Reddit is at -60 and the smart-money board is sitting neutral is fertile ground for every operator with a Telegram channel and a domain name. The plays you'll see this week — fake support DMs, "recovery" services, yield products with no source of return, polished rug pulls dressed in locked liquidity — are the same plays that ran during the 2022 bottom and the 2018 bottom.

The defense is unglamorous: bookmark your real domains, refuse to type your seed phrase anywhere digital, treat unsolicited contact as hostile, and resist the urge to chase yield when fear is at extremes. The trade that protects your stack during a $64K Bitcoin tape is the one where you don't lose it.

None of this is financial advice. It's the same operational discipline you'd apply to keeping cash in your pocket at a crowded bar. The market will give you another entry. It won't give you another stack.