Crypto is full of jargon, and scammers love hiding behind the words you don't quite understand. This page lays out the terms you'll run into most in the anti-scam world, one at a time, in plain English. When a word trips you up, come back and look it up—then click through to the scam it relates to, and you'll be that much harder to fool.
Scam tactics
| Term | In plain English | Related reading |
|---|---|---|
| Phishing | A scammer poses as someone you trust (an exchange, support, an official page) and lures you into entering your password or a verification code somewhere fake, or clicking a malicious link—stealing your account or assets. What it really attacks is your belief that you're dealing with the real thing. | Fake Exchanges |
| Social engineering | It doesn't break the system—it breaks the person. It exploits your trust, fear ("your account has a problem"), greed ("guaranteed returns"), sympathy, or sense of urgency to get you to do the damage yourself. Nearly every scam has this at its core. | Fake Support |
| Pig butchering | The scammer (often posing as a romantic partner or an "investment mentor") first spends time building a bond or mentor relationship—that's "fattening the pig." Then they steer you into a fake platform that looks like a sure thing and push you to deposit more and more—"feeding." Once you've invested all you can, they vanish with the money—the "slaughter." | Pig Butchering |
| Honeypot token | A token contract that lets money in but never out. At the code level it allows you to buy but blocks you from selling—you watch a "paper gain" you can never actually cash out. | Rug Pulls & Exit Scams |
| Rug pull | After drawing in a lot of capital, the project suddenly pulls the liquidity from the trading pool or simply runs off with the funds. The token price drops to zero in an instant and investors are wiped out—like someone yanking the rug out from under you. | Rug Pulls & Exit Scams |
| Ponzi scheme | No real source of profit—it survives purely by paying earlier participants "returns" out of later participants' money. The moment fresh money slows down, the whole thing collapses. Anything promising "guaranteed high returns" is almost always this. | Fake High-Rebate Scams |
| Recovery scam | A scam that specifically targets people who've already been scammed. Posing as a "recovery team" or "white-hat hacker," they offer to "recover your losses," make you pay a fee or deposit up front, and scam you a second time. After being defrauded, this is the thing to watch for most. | USDT Recovery / Unfreezing Scams |
Wallets & on-chain actions
| Term | In plain English | Related reading |
|---|---|---|
| Airdrop | A project sends free tokens to wallet addresses. A genuine airdrop never asks you to sign an approval, pay a transfer fee, or hand over your private key. Anything along the lines of "claim your airdrop—just sign here / pay a little gas / connect and approve your wallet" is very likely a drain trap. | Fake Airdrops & Approval Drains |
| Token approval | When you tap "Approve," you're granting a smart contract permission to move a particular token in your wallet. A lot of thefts happen when you give a malicious contract an "unlimited approval" and it then moves all your tokens out in one go. Approvals can—and should—be revoked periodically. | Fake Airdrops & Approval Drains |
| Signing vs. approving | Two actions that are easy to mix up. Signing uses your private key to prove "this is me" or "I agree to this message"—it doesn't necessarily spend anything. Approving hands a contract the power to spend your tokens. But beware: certain malicious signatures (like off-chain approvals) can also be used to move assets. The takeaway is simple—if you don't understand what you're signing or approving, don't tap. | Fake Airdrops & Approval Drains |
| Private key / seed phrase | The ultimate password to your wallet. A seed phrase (usually 12 or 24 words) can restore your private key directly, and whoever has it can move every asset you hold. Anyone, any platform, or any "support agent" asking for your private key or seed phrase is running a scam—100% of the time, no exceptions. | Fake Airdrops & Approval Drains |
| Cold wallet / hot wallet | A hot wallet is online and convenient (a phone or browser-extension wallet) but more exposed; a cold wallet keeps your private key offline (a hardware wallet)—safer, but less seamless. The common approach: small everyday amounts in a hot wallet, large long-term holdings in a cold wallet. | Wallet Approvals & Drains |
Account security & platforms
| Term | In plain English | Related reading |
|---|---|---|
| 2FA (two-factor authentication) | A second gate beyond your password—logging in or withdrawing requires an extra one-time code. Prefer an authenticator app (like Google Authenticator) over SMS, because text messages can be hijacked. Even if your password leaks, 2FA buys you another layer. | Pick a Legit Exchange |
| Withdrawal address whitelist | An exchange security setting: once enabled, you can only withdraw to addresses you've pre-registered—unknown addresses can't pull funds out, and adding a new address usually carries a time lock. This buys you precious reaction time if your account is ever compromised. Strongly recommended. | Fake Exchanges (what to do if compromised) |
| KYC | "Know Your Customer"—a platform's compliance process for verifying a user's real identity, which most large, legitimate exchanges require. Note: KYC only ever happens inside a platform's official channels. Links impersonating "KYC verification" or "identity review" are a common phishing front. | Fake Support & "Account Verification" |
| Proof of Reserves (PoR) | A public way for an exchange to demonstrate to everyone that "we really do hold enough assets to cover user withdrawals." It speaks to the "will this platform blow up and run off" worry, and it's one input into judging whether an exchange is trustworthy. | Pick a Legit Exchange |
| Homograph (IDN) domain | Scammers register fake domains using look-alike characters (for example, a Cyrillic "о" standing in for the Latin "o") that the eye simply can't tell apart. Don't fight this with your eyes—rely on bookmarks and a password manager to auto-match the real domain. | Fake Exchanges (domain sleight of hand) |
| Repackaged app | A copycat web page or a scammer's fake backend, bundled into an app installer that looks legitimate and pushed at you—via DM or a web page—outside the official stores. Once installed, the interface looks real, but it's a clone or an empty shell: deposit and you can't withdraw. Only download apps from the official store or the official site. | Knockoff & Clone Apps |
If you don't understand it, don't tap it
The most useful way to use this page is simple: when someone throws a term you don't fully understand at you and rushes you to act, stop and look it up here. What scammers fear most is you slowing down and checking before you move. When you're unsure, you can also run it through the scam self-test.
To build your judgment systematically, see the general 7-step scam check, or get to know each scam one by one in the scam guide.