What Is Phishing in Crypto?

Phishing in crypto is an attack where someone tricks you into revealing your seed phrase or signing a malicious transaction. Common patterns include fake wallet support accounts on Discord, copycat dApp front-ends, "drainer" transactions that appear benign but drain approvals, and airdrops that require signing malicious messages. Phishing is the #1 cause of retail crypto loss.

Also known as: crypto phishing, wallet phishing, seed phishing

Ask Stingray anything about Phishing

Common phishing patterns

Seed-phrase extraction:

  • Fake “wallet support” DMs on Discord/Telegram. The “support rep” asks you to “verify your seed phrase” or “sync your wallet” through a form that captures the words.
  • Fake recovery sites that mimic MetaMask, Phantom, or Ledger recovery flows.
  • Spoofed customer-service calls from attackers claiming to be exchange security teams.

Malicious transaction signing:

  • Spoofed dApp front-ends that look like Uniswap, OpenSea, or a real protocol. You “swap” but actually sign a setApprovalForAll that lets the attacker drain your tokens later.
  • Airdrop claim” sites that require signing an opaque message. The signature authorizes fund transfer.
  • DM links (“claim your NFT drop”) that lead to drainer pages.

Address substitution:

  • Clipboard-hijacking malware that replaces addresses you copy with attacker addresses. You paste, confirm, send to the wrong address.
  • Fake token approvals — the attacker creates a token with the same name as a real one; you approve the fake, and it turns out to be a drain authorization.

Why phishing works

Crypto UX is unforgiving. A signed transaction is irreversible; an exposed seed phrase is permanently compromised. The attack surface is huge:

  • Users interact with hundreds of dApps across dozens of chains.
  • Every approval is a trust decision made in seconds based on a URL + a transaction summary.
  • dApp front-ends are hosted on regular websites — nothing cryptographic guarantees you’re seeing the real one.
  • Social engineering works the same way it does everywhere else; crypto just raises the stakes.

What scales recent drain attacks

“Drainer kits” sold as crypto-crime-as-a-service have lowered the bar. Services like Inferno, Angel, and Pink Drainer provide:

  • Pre-built front-ends that impersonate popular dApps.
  • Deployed drainer contracts that extract approvals.
  • Revenue-sharing with affiliates who distribute phishing links.

Collective losses to drainer kits have been in the hundreds of millions since 2023.

Defenses that actually work

  1. Verify URLs before signing. Bookmark trusted dApps; don’t click into them from social media or search.
  2. Read transaction preview. Tools like Rabby and Pocket Universe preview the state change before signing. Blind signing is where phishing succeeds.
  3. Never share your seed phrase. No legitimate support asks. Period.
  4. Revoke old token approvals. Revoke.cash, Debank’s approval scanner, Etherscan’s token approval tool. Regular hygiene prevents dormant approvals from being exploited.
  5. Use hardware wallets for significant balances. The physical confirmation step gives you a chance to catch the attack before signing.
  6. Separate wallets for separate activities. A drained airdrop-farming wallet doesn’t touch your long-term storage.
  7. Be suspicious of unsolicited “help.” Real support doesn’t DM. Real airdrops don’t require urgent signing.
  8. Verify contracts on explorers. If you’re interacting with an unfamiliar contract, check its verification status, source code, and deployment history.

Risks and considerations

Phishing sophistication is increasing. Recent attacks have featured perfectly-cloned front-ends, social engineering over WhatsApp and LinkedIn, deepfaked video calls, and even malicious Chrome extensions that modify signing prompts. The generic advice still works, but the bar for staying safe rises every year. The practical stance: treat every transaction as potentially malicious until you’ve verified the destination, the contract, and the impact.

See also on Stingray

Related terms

Rug Pull A rug pull is a crypto scam where the token's deployer drains the liquidity pool and disappears, leaving holders with a worthless token. Wallet A crypto wallet is a tool that stores private keys and signs transactions on behalf of a user. Self Custody Self-custody means holding your own private keys and bearing full responsibility for their security. Seed Phrase A seed phrase is a 12 or 24-word sequence that deterministically generates every private key in a wallet.