π£ Phishing Phishing
A scam where an attacker pretends to be someone you trust (an exchange, a wallet app, or a support team) to trick you into handing over a password, your seed phrase, or a wallet signature. In crypto the stolen money cannot be reversed.
π¦ The simple version β a fake bank branch
Picture a scammer setting up a storefront that looks exactly like your bank: same logo, same sign, a fake teller in the right uniform. You walk in trusting the storefront and hand over your account details. It was never the bank. Phishing is that trick moved online. The attacker copies a familiar logo and website so well that you give up your details, or in crypto, approve an action that lets them take your coins. The thing being exploited is your trust in the brand, not any flaw in the technology.
π£ How a phishing attack usually runs
Most attacks follow the same few steps. The attacker sends a message that looks like it came from a real exchange, wallet, or support team. The message links to a fake website that looks identical to the real one. There you either type in your login or seed phrase, or you connect your wallet and sign. Either way, the attacker now has what they need to drain your funds.
| Common bait | What it looks like |
|---|---|
| π§ Fake exchange or wallet email | An urgent warning that your account is at risk, with a button to a fake login page |
| π Fake support pop-up | A window claiming to be wallet support, asking you to enter or verify your recovery phrase |
| π Fake airdrop site | A free-token offer that wants you to connect your wallet and sign to claim it |
| π Malicious search or social ads | Paid ads sending you to a look-alike domain that is one letter off from the real one |
π§ Crypto-specific traps to know
- π§ Ice phishing β You are tricked into signing a smart contract token-approval. Your seed phrase is never revealed, yet that approval lets the attacker move your tokens later
- π Address poisoning β A tiny or zero-value transfer arrives from an address that looks like one you use. It clutters your history so you later copy the wrong address and pay the scammer (one reported victim lost about $111,726)
- π€ Wallet drainers β Ready-made scam kits sold to attackers that automatically empty any wallet that connects to a malicious site
- π― Spear phishing β A targeted attack aimed at one specific high-value person rather than a mass blast
π Crypto phishing reportedly drained hundreds of millions of dollars in 2024. Totals vary by source, so treat any single figure as an estimate, not a precise count.
π‘οΈ How beginners stay safe
- π Never type your seed phrase anywhere β No real wallet, exchange, or support agent will ever ask for it. Keep your private key off the internet entirely
- π Type the address yourself β Reach an exchange or wallet by typing the URL or using a saved bookmark, not by clicking links in emails, DMs, or ads
- βοΈ Read what you sign β Before approving any wallet transaction, check what it actually grants. A signature is not automatically safe
- π Copy addresses carefully β Verify the first and last characters every time, and never copy from your transaction history without checking
β FAQ
- I would never type my seed phrase into a website, so am I safe from phishing?
- No. In crypto the bigger trap is being tricked into signing a transaction or token approval (called ice phishing). You never reveal your seed phrase, yet the signature gives the attacker permission to move your tokens, and your wallet still gets drained.
- Can I get my crypto back if I fall for a phishing scam?
- Almost never. Crypto transfers are irreversible and there is no chargeback like with a bank or card. Once funds leave your wallet the attacker can move them instantly, which is why phishing is so much more dangerous with crypto than with a normal bank login.
- What is address poisoning?
- An attacker sends a tiny or zero-value transfer from an address that looks almost identical to one you use. It pollutes your transaction history, so later you copy the look-alike address by mistake and send your funds to the scammer. One reported victim lost about $111,726 this way.