How to spot crypto scams and phishing in Canada

• Never share a recovery phrase, private keys, or 2FA codes for any reason.
• Treat “urgent” messages about taxes, refunds, or account security as suspicious until they can be verified independently.
• Scams need to be stopped at the source. Report suspected fraud to the Canadian Anti-Fraud Centre and report impersonation of a crypto platform to its official support channel.

Most crypto scams rely on social engineering (manipulation), rather than “hacking” a wallet, crypto trading platform, or the blockchain.That said, technical vulnerabilities and security incidents can occur in digital systems, which is why layered security controls and user vigilance are essential. Other scams involve impersonation of a trusted entity or investment scams that try to convince a user to “invest” funds. In Canada, crypto assets are not covered by deposit insurance and are not protected like insured bank deposits.

• Phishing: A fake message or website that tries to trick a user into giving wallet details or other compromising information.
• Recovery phrase (seed phrase): A set of words that can restore a wallet and control the user’s crypto assets.
• 2FA code: A temporary login and security code; scammers need this to unlock and access a compromised account.
• Self-custody vs custody: Whether a user controls the keys (self-custody) or a platform controls them for the user.

Crypto phishing refers to a scammer using a fake email, text, phone call, or website in an attempt to steal a user’s login details or wallet secrets. The goal is usually to take over an account and steal crypto, or to convince a user to send it to the wrong place.

Government or tax impersonation ranks among the most common forms of crypto scams in Canada. A user may receive a message stating they owe money to a government entity, usually the Canada Revenue Agency. This scam relies on fear and intimidation, and messages may include threats of jail.

The CRA warns that it does not accept cryptocurrency as payment, and any request to do so is a scam.

Fake “account security” outreach is another common scam. A scammer may claim a user’s account is frozen and ask them to “confirm” codes or move funds.
 

Urgency and threats are the largest red flags, followed by requests for secrets and “too good to be true” promises of guaranteed profits. Users should also be on the lookout for scams that use look-alike websites or emails with slight spelling changes, extra characters, or suspicious links.

The simplest way to confirm whether a message is a scam is to contact the company or government agency directly. Use a regulator-backed website to double-check contact information. For example, the Ontario Securities Commission website lists Ndax’s physical address, website, and e-mail address.

Stop. Don’t send more funds and don’t continue any conversations. It is also important to change all passwords, reset security settings, and assume any exposed information has been compromised. Users are encouraged to report scams impersonating their crypto trading platform to its customer support. Save screenshots, wallet addresses, transaction IDs, email headers, and all relevant information for reporting.

Users who sent money via Interac e-Transfer, credit card, or bank transfer should contact their bank immediately.
 

The Canadian Anti-Fraud Centre is a good starting point. If fiat banking rails were used (Interac e-Transfer, credit card, wire transfer, etc.), the bank needs to be notified as well. 

Crypto assets are not covered by the Canadian Investor Protection Fund (CIPF) or deposit insurance. Ndax operates within Canadian regulatory requirements. Canadians can check whether a crypto platform is authorised to do business with Canadians using the Canadian Securities Administrators’ list.

Can crypto transactions be reversed?
In the vast majority of cases, once crypto is sent on-chain, it’s generally irreversible, which is why verification before sending is critical.

Does the CRA accept cryptocurrency payments?
No. CRA guidelines indicate it does not accept cryptocurrency as payment, and any requests should be considered a scam.

How can someone check if a firm is registered in Canada?
Use a regulator-backed registration lookup tool, although registration status may vary by province. For example, Québec’s Autorité des marchés financiers lists Ndax as a platform registered to provide Québec investors with crypto services.