Interactive tool
Is This a Scam? The Spotter Quiz
On-chain there is no chargeback. Run 10 real-world scenarios and train the one habit that beats every scam: slow down before you sign, send, or share.
Spot the red flag
10 scenarios drawn from real, documented cases. No score is a guarantee of safety — the goal is the instinct.
SentinelEducation only. This quiz teaches how to spot common scams. It is not financial, legal, or security advice, and a high score is not a guarantee of safety. It never asks for your seed phrase, private key, password, or wallet — and you should never type those into any website, including this one. When in doubt, slow down (the 24-hour rule) and verify independently.
SentinelSharing copies a short text result to your clipboard only — nothing is posted, sent, or tracked. A badge is a pat on the back, not a shield. Keep the habits.
The full answer key
The interactive scored quiz needs JavaScript. With it off, here is every scenario, the right call, the red flag, and the Marshal's reframe — tap any to open.
Pig butcheringA “wrong number” text turns into weeks of friendly chat, then a can’t-lose trade tip on a slick platform. What is it?
- The right call
- It’s a scam — walk away.
- Red flag
- A stranger who finds you online and then steers you to a trading site is running a script. Easy deposit, fee-walled withdrawal.
- The Marshal’s reframe
- If the relationship and the investment advice arrived in the same person, the relationship is the bait and the investment is the hook.
- Source
- FBI IC3 2024 · Chainalysis 2024 (pig butchering).
Fake supportA DM from “Coinbase Support” warns of suspicious activity and asks you to read back your 2FA code. Do you?
- The right call
- Never. Hang up / ignore and log in yourself by typing the URL.
- Red flag
- Anyone asking for your seed, password, or 2FA code — or to install software or move funds “to a safe wallet.”
- The Marshal’s reframe
- Real support never needs your keys, your codes, or for you to move your money. The moment a “support agent” asks for any of those, they ARE the attack.
- Source
- Coinbase Help · Ledger Academy.
Wallet drainerA free-claim site says “verify your wallet” and pops a request to sign a Permit. Safe to sign?
- The right call
- Reject it. Signing a Permit is spend permission, not a login.
- Red flag
- A “login/verify/claim” step that asks you to sign; signature text mentions
Permit/Approve/setOwner. - The Marshal’s reframe
- Connecting a wallet is showing your ID. Signing is handing over the keys. A site that needs you to SIGN to “log in” is asking for a blank check.
- Source
- Scam Sniffer 2024 (~$494M drained) · Blockaid.
Recovery scamDays after you were scammed, someone DMs offering to recover your funds — for an upfront fee. Legit?
- The right call
- No. Any upfront fee is the second scam.
- Red flag
- Upfront fees, claims of government/FBI affiliation, guarantees of recovery, an unsolicited DM right after you lost money.
- The Marshal’s reframe
- The only person who profits from your loss twice is the second scammer. No real cop charges a fee to chase a thief.
- Source
- FBI IC3 PSA 240624 · IC3 2024 (~$1.4B recovery scams).
Address poisoningYou’re about to send funds and copy the recipient from your wallet history. The first 4 and last 4 characters match. Send it?
- The right call
- Stop. Verify the FULL address; never copy from history.
- Red flag
- A recent $0 / tiny incoming tx from a lookalike address planted in your history to be copied later.
- The Marshal’s reframe
- Matching the first four and last four is how the trap is sprung, not how you avoid it. The middle of the address is where the lie hides.
- Source
- USENIX Security 2025 (~270M attempts, $83.8M+) · Ledger / Chainalysis.
Bitcoin ATMA “bank fraud department” caller says to withdraw cash, feed it into a Bitcoin ATM, and scan a QR they texted. Comply?
- The right call
- Never. Hang up. That instruction alone is the entire scam.
- Red flag
- Anyone directing you to a Bitcoin ATM to “fix / protect / verify” money; a QR from the caller; urgency + secrecy.
- The Marshal’s reframe
- No real bank, agency, or company will ever ask you to fix a problem by feeding cash into a Bitcoin machine.
- Source
- FTC Data Spotlight, Sept 2024 ($110M+ 2023; 60+ = 71% of H1-2024 losses).
Fake airdropA claim site offers free tokens but first asks you to pay a small “gas / unlock fee” to a contract. Worth it?
- The right call
- No. A real gift never costs you a payment to a stranger’s contract.
- Red flag
- Upfront gas to “unlock” a free reward, a connect-and-sign step, lookalike URL, or mystery tokens you didn’t buy.
- The Marshal’s reframe
- You can’t be airdropped a bill. A gift that asks you to connect and sign is a withdrawal request wearing a bow.
- Source
- Cointelegraph · Phantom (common scams).
Seed safetyYour new hardware wallet’s setup screen shows a 24-word phrase. A pop-up asks you to type it into a website to “back it up to the cloud.” Do it?
- The right call
- Never. Write it on paper/metal offline. No screen, no cloud, no photo.
- Red flag
- Any prompt to type, photograph, screenshot, email, or cloud-store a seed phrase. The words ARE the money.
- The Marshal’s reframe
- A backup that can be photographed, emailed, or uploaded isn’t a backup — it’s a leak waiting to happen. The seed never touches an internet-connected screen.
- Source
- BIP-39 (bitcoin/bips) · Ledger / Trezor backup docs.
Guaranteed returnsA platform advertises a “guaranteed 1% per day” staking return, with screenshots of others’ profits. In?
- The right call
- No. “Guaranteed” returns are the oldest tell of a Ponzi.
- Red flag
- Fixed daily/weekly returns, profit screenshots as “proof,” pressure to recruit. 1%/day compounds to ~3,700%/yr — impossible.
- The Marshal’s reframe
- “Guaranteed” and “returns” can’t share a sentence. A screenshot is a text file; trust the withdrawal test, not the testimonial.
- Source
- SEC v. BitConnect ($2.4B Ponzi) · Chainalysis.
Rug pullA hot new token: anonymous team, no liquidity lock, and a few wallets hold most of the supply. The chart is rocketing. Ape in?
- The right call
- No. Those are the classic rug-pull / honeypot signals.
- Red flag
- Concentrated supply (~50%+ in few wallets), no / short liquidity lock, anonymous unaudited team, owner privileges not renounced, sell-tax >10%.
- The Marshal’s reframe
- If the people who built the token can still pull the money out, the only question is when. Locked liquidity and spread-out supply are the difference between an investment and a trap you fund yourself.
- Source
- Chainalysis (rug pulls) · Squid Game token case (CBS News).
Your keys. Your call. Our map.
We never touch your money, keys, or trades. By design.
Go deeper
The goal is the instinct — not the score.
Education only, not financial, legal, or security advice. A high score is never a guarantee of safety.