Phishing Patterns
How attackers trick people into giving up their crypto.
Phishing exploits trust and urgency. Attackers create convincing replicas of legitimate services and manufacture scenarios where victims feel they must act quickly. Even experienced users fall for sophisticated attacks.
Common Attack Patterns
Fake Websites
Clone sites that look identical to real exchanges/wallets but steal credentials.
- • uniswapp.com instead of uniswap.org
- • metamask.io.com instead of metamask.io
- • Sites appearing in Google Ads before real results
Bookmark official sites. Never click links from messages.
Phishing Emails
Emails claiming urgent action needed on your account.
- • "Your account will be suspended"
- • "Verify your wallet to receive airdrop"
- • "Security alert: unauthorized login detected"
Never click email links. Go directly to official site.
Social Media DMs
Fake support accounts reaching out after you post questions.
- • "I'm a moderator, I can help with your issue"
- • "Connect wallet to this link to fix"
- • Accounts with similar names to official support
Real support NEVER DMs first. Ignore all unsolicited messages.
Malicious Browser Extensions
Fake wallet extensions that capture your seed phrase.
- • Extensions with names similar to popular wallets
- • Extensions asking to "import" existing wallet
- • Promoted extensions in app stores
Only download from official websites. Verify extension IDs.
URL Red Flags
Always examine URLs carefully before entering any information:
Anti-Phishing Checklist
- Slow down — urgency is a manipulation tactic
- When in doubt, don't click. Go directly to official site.
- No legitimate service will ever ask for your seed phrase
- Bookmark and use only those bookmarks for crypto sites
- Assume any unsolicited contact is a scam until proven otherwise