Why Crypto Phishing is Different

Traditional phishing steals passwords, which can often be reset. Crypto phishing steals private keys or seed phrases, which cannot be reset. One successful phishing attack can permanently drain your entire wallet in seconds. There is no customer support to call, no chargeback to file, and no way to reverse the transaction.

Fake Wallet Websites

Scammers create pixel-perfect copies of popular wallet interfaces:

• Fake versions of MetaMask, Phantom, Ledger Live, and other popular wallet sites
• URLs use subtle tricks: metamask.io vs metamask-io.com vs rnetamask.io (rn looks like m)
• These sites ask you to "import your wallet" by entering your seed phrase
• The moment you enter your seed phrase, all funds are automatically swept

Malicious Browser Extensions

• Fake wallet extensions published to Chrome Web Store or Firefox Add-ons with names similar to real wallets
• Some request excessive permissions that allow them to read all website data
• They may overlay fake transaction confirmations or modify displayed addresses
• Always install wallet extensions from the official project website link, never from searching the extension store directly

Clipboard Hijacking

Clipboard hijacking malware monitors your clipboard for cryptocurrency addresses. When you copy an address to send funds:

• The malware detects the address format (Bitcoin, Ethereum, etc.)
• It silently replaces the copied address with the attacker's address
• When you paste, you paste the attacker's address without realizing it
• You send funds directly to the attacker thinking you sent them to the intended recipient

Address Poisoning

A newer and particularly insidious attack:

• The attacker generates a wallet address that matches the first and last few characters of an address you regularly send to
• They send a tiny transaction (dust) from this lookalike address to your wallet
• This transaction appears in your history, looking like the address you normally use
• Next time you need to send funds, you might copy the attacker's lookalike address from your transaction history instead of the real one

Defense: never copy addresses from transaction history. Always use your address book or get the address directly from the intended recipient.

Fake Support Channels

• Scammers monitor social media for users posting about wallet problems
• They DM the user pretending to be official support, often within minutes
• They direct the user to a "support tool" or "wallet repair site" that harvests seed phrases
• Real support teams will never DM you first and will never ask for your seed phrase

Email Phishing for Exchange Accounts

• Fake "security alert" emails from exchanges urging you to log in immediately
• Links lead to convincing replicas of the exchange login page
• After capturing your credentials, attackers log in and initiate withdrawals
• Some phishing kits also intercept 2FA codes in real time (adversary-in-the-middle attacks)

How to Protect Yourself

• Bookmark official sites and always navigate from bookmarks, never from search results or links
• Verify URLs character by character before entering any credentials
• Use a hardware wallet that shows transaction details on its own screen
• Enable anti-phishing codes on exchanges that support them
• Verify the full address after pasting, before every transaction
• Never enter your seed phrase into any website
• Use hardware-based 2FA (security keys) when possible, as they are phishing-resistant

Summary

• Crypto phishing is more dangerous than traditional phishing because losses are irreversible
• Fake wallet sites, malicious extensions, and fake support are the most common vectors
• Clipboard hijacking and address poisoning silently replace destination addresses
• Always verify full addresses, bookmark official sites, and never enter seed phrases online