Phishing in the Crypto World

Alessandro G
Alessandro G
  • Updated

Phishing is no longer just about fake emails from a "Prince" asking for a wire transfer. In the cryptocurrency world, phishing is a sophisticated, automated, and high-stakes attempt to trick you into signing away your assets.

While traditional hackers attack computer code, phishers attack human psychology. They exploit fear, curiosity, and the "Fear Of Missing Out" (FOMO) to steal passwords, seed phrases, and digital assets.

The Evolution: Beyond the Email

The classic definition involves email, but modern crypto phishing is omnichannel. It happens on:

  • Search Engines: Scammers buy ads on Google for terms like "Trezor Support" or "Metamask Login" to lead you to fake sites.

  • Social Media: Fake "Customer Support" bots on X (Twitter), Discord, and Telegram that DM you offering to "sync your wallet" or "fix your transaction."

  • Dating Apps: Known as "Pig Butchering," scammers build long-term romantic trust before convincing you to invest in a fake crypto platform.

4 Crypto-Specific Tactics You Must Know

To protect your assets, you must recognize the tactics peculiar to the blockchain world.

1. Ice Phishing (The "Permit" Trap)

Unlike traditional phishing where you hand over a password, Ice Phishing tricks you into signing a malicious permission on the blockchain.

  • The Trap: You try to mint a free NFT or claim an airdrop on a website. A pop-up appears asking you to "Approve" or "Sign" a transaction.

  • The Reality: You aren't claiming an item; you are signing a setApprovalForAll or a "Permit" signature. This grants the attacker’s smart contract permission to move all your tokens without your help. They drain your wallet minutes later.

  • Defense: Never sign a transaction unless you know exactly what it does. Read the permission request carefully—if it asks for access to all your funds, reject it.

2. Address Poisoning

This relies on your habit of copy-pasting addresses.

  • The Trap: Scammers monitor the blockchain. When they see you send a transaction, they use software to generate a "vanity address" that looks 95% identical to yours (matching the first and last 4 characters). They send you $0.00 worth of tokens (dust) or a fake NFT from this address.

  • The Goal: They hope that next time you need to copy your address from your transaction history, you will accidentally copy their lookalike address instead of your own.

  • Defense: Never copy addresses blindly from your history. Always double-check every character, or use the "Address Book" feature in your wallet app.

3. Wallet Drainers (Automated Scripts)

These are "scam-as-a-service" kits sold to criminals. They automatically scan your wallet the moment you connect it to a fake site.

  • The Trap: "Urgent! Your wallet is compromised. Click here to secure your assets."

  • The Reality: The site runs a script that detects your most valuable assets and prompts you to sign a transaction to "move" them to safety. In reality, you are sending them to the hacker.

4. Fake Support & Impersonation

Hackers often fake emails or create fake social media profiles posing as Technical Support.

  • The Lie: "We need you to verify your identity to unfreeze your account. Please reply with your 12-word seed phrase."

  • The Rule: No legitimate support agent, including SwissBorg staff, will EVER ask for your password, 12-word recovery phrase, or private keys.

SwissBorg Specific Security Protocols

If you are a user of the SwissBorg app, adhere to these strict communication rules:

  1. In-App Support Only: Only use the SwissBorg Help Center and Support Tab to communicate with Customer Support.

  2. Official Sources: Do not install application updates from third-party websites. All SwissBorg App updates are only available on the Apple App Store and Google Play Store.

  3. Zero-Trust: If you receive an email claiming to be from SwissBorg that asks for personal credentials or payment, it is a scam.

How to Report Phishing

Security is a community effort. Reporting scams helps shut down domains and blacklists wallet addresses, saving other users.

  1. Chainalysis & CryptoScamDB: Report suspicious crypto addresses and domains to CryptoScamDB. This database feed into security tools that warn other users.

  2. Google Safe Browsing: If you find a phishing site, report it to Google Safe Browsing to get a "Red Warning" placed on the site for Chrome users.

  3. Email Reporting: Most providers (like Gmail) allow you to report a specific message as "Phishing" via the top-right menu options.

  4. Law Enforcement: For significant losses, file a report with your local cybercrime division (e.g., IC3 in the US, Action Fraud in the UK).

Summary: The Golden Rules

  • Don't Trust, Verify: Always hover over links to see the real URL.

  • Bookmark Official Sites: Never search for your crypto exchange on Google; navigate to your bookmarks.

  • Use a Hardware Wallet: For large amounts, use a Ledger or Trezor.

  • Check Allowances: Regularly use tools like Revoke.cash to check which websites have permission to move your funds and revoke access to old or suspicious sites.

Now you know exactly what phishing is.

Not fishing.

Was this article helpful?