Phishing Attack
A phishing attack tricks crypto users into revealing private keys, seed phrases, or login details via fake emails, websites, or messages mimicking legitimate wallets or exchanges.
What Is a Phishing Attack?
A Phishing Attack is a social engineering scam where attackers impersonate trusted cryptocurrency services to trick users into revealing private keys, seed phrases, or login credentials. They use fake emails, websites, messages, or apps that mimic legitimate wallets or exchanges. Also known as a phishing scam.
Attackers craft urgent messages, such as 'Your account is compromised—verify now!' These lead to counterfeit sites that capture entered data. For example, a fake MetaMask site steals seed phrases when users 'recover' their wallet. Attackers exploit trust and fear to bypass technical security.
Phishing matters in crypto because stolen keys grant irreversible fund access. Unlike banks, blockchains offer no chargebacks. Billions in crypto losses stem from phishing annually.
Common types include:
- Email phishing: Mass emails with malicious links.
- Spear phishing: Targeted attacks using personal details.
- Typosquatting: Domains like 'binanace.com' instead of 'binance.com'.
- App-based: Fake mobile apps on stores or sideloaded.
Users spot phishing by checking URLs, avoiding unsolicited requests, and verifying via official channels.
Cryptocurrency is a digital or virtual currency secured by cryptography, operating on decentralized blockchain networks to enable secure, peer-to-peer transactions.
Read full definitionReal-World Examples
Example 1: A user receives an email from 'support@coinbase-help.com' claiming their account needs verification due to suspicious activity. The email links to 'c0inbase-login.com', a fake site that captures login credentials and 2FA codes when entered.
Example 2: Someone visits 'metamaskk.io' after a typo while typing 'metamask.io'. The site prompts for seed phrase 'recovery', stealing wallet access and draining funds to attacker addresses.
Example 3: A fake app named 'Trust Wallet Pro' appears on a third-party store. Users download it, grant permissions, and it sends private keys to scammers via background sync.
Example 4: In spear phishing, an attacker emails a trader using details from social media: 'Hi [Name], urgent Ledger firmware update required for your ETH holdings.' The link leads to a malicious firmware signer that extracts seed phrases.
Two-Factor Authentication (2FA) secures cryptocurrency accounts and wallets by requiring two verification methods, such as a password plus a code from an authenticator app.
Read full definitionLedger is a brand of hardware wallets that securely store cryptocurrency private keys offline, such as the Ledger Nano series.
Read full definitionFirmware Update installs new low-level software on a hardware wallet to fix bugs, enhance security, or add features in cryptocurrency devices.
Read full definitionEthereum is a decentralized blockchain platform that enables smart contracts and decentralized applications (dApps). Its native cryptocurrency is Ether (ETH).
Read full definitionReady to Choose a Secure Wallet?
Use our tools to find the right hardware wallet for your needs.