Crypto
3 min read

Phishing

A social-engineering attack that tricks users into revealing private keys, signing malicious transactions, or visiting fraudulent sites. The leading cause of crypto theft from individuals.

How phishing works

The basic pattern:

  1. Attacker creates fake interface mimicking a legitimate service.
  2. User receives lure — usually via email, Discord message, Telegram, or social media.
  3. User clicks link to attacker's fake site.
  4. User authenticates or signs transaction thinking it's the real site.
  5. Attacker captures credentials or executes malicious transaction.
  6. User's funds drained.

Variations exist (smishing via SMS, voice phishing via phone, etc.) but the pattern is consistent.

Common crypto phishing scenarios

Several specific patterns:

  • Fake wallet websites — clones of MetaMask, Phantom, or hardware-wallet sites that ask for seed phrases.
  • Fake DEX or NFT marketplace sites — clones of Uniswap, OpenSea, etc. — that prompt malicious transaction signatures.
  • Fake airdrop pages — promise tokens but actually drain wallets.
  • Discord support scams — fake "support" agents asking to verify wallets.
  • Wallet drainer kits — sophisticated phishing infrastructure sold to attackers.
  • Address poisoning — sending small transactions to similar addresses, hoping you'll copy the wrong one later.
  • Permit/sign exploits — getting you to sign transactions that grant unlimited token spending.

Phishing scale

Scale of crypto phishing:

  • Hundreds of millions of dollars stolen annually through phishing.
  • Wallet drainers have professionalized — software-as-a-service for attackers.
  • Major specific attacks have drained tens of millions from individual victims.
  • Long-tail of smaller attacks affecting many users.

Phishing is consistently among the largest categories of crypto theft.

Why phishing is so effective

Several factors:

  • Visual mimicry. Modern phishing sites look identical to real ones.
  • URL deception — typosquatting (similar-looking domains), homoglyph attacks (using lookalike characters), URL shorteners obscuring destinations.
  • Time pressure. Limited-time offers, fake urgency.
  • Social context. Lures arrive through trusted channels (Discord servers, emails).
  • Cognitive load. Web3 transactions are hard to evaluate; users approve to keep moving.
  • Permanent consequences. Crypto transactions can't be reversed; mistakes are final.

High-profile phishing victims

Various prominent individuals have lost crypto to phishing:

  • Various celebrities with verified accounts targeted.
  • Notable founders and influencers publicly hit.
  • Anonymous high-net-worth holders drained for millions.

The pattern: nobody is immune. Sophisticated users get phished by sophisticated phishing.

Defenses

Several patterns reduce risk:

  • Bookmark real URLs — don't trust links from emails, Discord, Twitter.
  • Verify URLs character by character — typosquatting is common.
  • Use hardware wallets — confirms transactions on the device's screen.
  • Verify transaction details before signing — what's actually being approved.
  • Limit token approvals — approve specific amounts, not unlimited.
  • Revoke unused approvals — tools like revoke.cash help.
  • Use simulation tools — Tenderly, Blockaid show what transactions will do.
  • Ignore unsolicited messages — Discord DMs, fake support agents, "free" offers.

Wallet drainers

A specific category of malicious infrastructure:

  • Drainer-as-a-service — fake-site templates and backends sold to attackers.
  • Cleaner technical execution than amateur phishing.
  • Higher conversion rates because of sophistication.
  • Major drainer brands have caused tens of millions in losses each.

These drainers represent the professionalization of crypto phishing.

Sign-in vs. sign-transaction risks

Two different attack categories:

  • Sign-in phishing — capture seed phrases or private keys directly.
  • Transaction phishing — get user to sign malicious transactions.

The latter has grown more common because hardware wallets and good security hygiene make seed-phrase capture harder. Malicious-transaction signing remains a major vector.

Address poisoning

A specific pattern:

  1. Attacker generates address that looks similar to your frequently-used address.
  2. Sends small transaction from that lookalike address to you.
  3. Your transaction history now shows the lookalike address.
  4. Later, when you want to send to your real address, you might copy the lookalike from your history.
  5. Funds go to attacker.

Defenses: verify full addresses, not just first/last characters; use saved address books; double-check before sending.

What individuals should know

For most crypto holders:

  • Treat security as a habit — every transaction matters.
  • Bookmark important URLs — never click links.
  • Use hardware wallets for meaningful balances.
  • Verify transactions on-device before signing.
  • Limit approvals — specific amounts, not unlimited.
  • Don't engage with unsolicited messages — Discord, Telegram, email.
  • Skepticism by default — anything that seems too good is probably malicious.

For affected users:

  • Move funds quickly if you suspect compromise.
  • Don't pay "ransom" — never recover funds; further targets.
  • Report to relevant exchanges, security firms, and platforms.
  • Document evidence — screenshots, transaction hashes.

The honest framing: crypto phishing is sophisticated, well-funded, and consistently effective. Operating safely requires deliberate habits and skepticism. The losses come not from naivety but from momentary lapses combined with sophisticated lures. Defense requires layering — multiple precautions, multiple verification steps — rather than any single trick.