Phishing
Published Last updated
Key Takeaway
Phishing is a cyberattack where criminals impersonate trusted platforms or contacts to trick you into revealing passwords, 2FA codes, or private keys to steal your crypto.
Learn These First
What Is Phishing?
Phishing is a cyberattack where criminals impersonate trusted platforms or contacts to trick you into revealing passwords, 2FA codes, or private keys to steal your crypto.
How Phishing Works
Frequently Asked Questions
What is phishing in crypto and how does it work?
Phishing in crypto is a scam where attackers impersonate legitimate platforms — exchanges, wallets, or support teams — to steal your account credentials or private keys. The attack is delivered through convincing fake emails, cloned websites with near-identical URLs, fraudulent apps, or social media messages. The attacker creates a sense of urgency — claiming your account is at risk or action is required immediately — pushing you to act without careful verification. Once you enter credentials on a fake site or share information with a fake support agent, the attacker uses that information to access your real account and transfer your funds.
How can I tell if a crypto email or website is a phishing attempt?
Several reliable signals indicate phishing. Check the URL carefully — attackers use domains one letter different from real ones, such as 'coinbas3.com' or 'binnance.com'. Hover over email links before clicking to preview the actual destination. Legitimate exchanges never send unsolicited emails asking you to log in urgently or verify sensitive information by clicking a link. Look for grammar errors, generic greetings instead of your registered name, and mismatched sender email domains. When in doubt, open your browser, type the exchange URL directly, and check your account from there — never through a link in the message itself.
What should I do if I think I have been phished?
Act immediately — speed is critical because blockchain transactions cannot be reversed. First, change your exchange password from a secure, uncompromised device. Next, disable and re-enable your 2FA to invalidate any session the attacker may have established. Contact the exchange's official support team to report the incident and request temporary account restrictions if funds remain. Enable withdrawal whitelisting if not already active to block further transfers. If funds were already moved, report the incident to relevant authorities and the exchange — while recovery is unlikely, documentation matters. After the immediate crisis, audit all your crypto accounts for similar vulnerabilities.
Common Misconceptions About Phishing
Phishing attempts are easy to spot because they look obviously fake.
Modern crypto phishing attacks are highly sophisticated and often indistinguishable from legitimate communications at a glance. Attackers invest considerable effort in replicating official exchange branding, email formatting, and website design with near-perfect accuracy. Clone websites can be pixel-for-pixel copies of the real platform. Phishing emails may include your real name, account number, and recent activity details obtained from prior data breaches. The only reliable defence is process — always access platforms through bookmarked URLs and never through links in emails or messages, regardless of how convincing they appear.
Entering your 2FA code on a phishing site cannot compromise your account because the code expires in 30 seconds.
Real-time phishing attacks specifically exploit the 30-second 2FA window. Attackers use automated systems that instantly relay your credentials — including your 2FA code — to the real exchange the moment you submit them on the fake site. The attacker logs into your real account in that same window before the code expires. This is called a man-in-the-middle attack. The 30-second expiry does not protect you when an attacker is actively relaying your credentials in real time. Typing your credentials on a phishing site exposes them regardless of 2FA code lifespan.
Phishing only happens through email — social media and apps are safe.
Phishing attacks are delivered through every digital channel available. Social media platforms are heavily targeted — attackers create fake exchange support accounts that respond to users posting complaints or help requests in public channels. Telegram and Discord are used to distribute fraudulent wallet links and fake airdrop offers. Fraudulent mobile apps that mimic legitimate wallets and exchanges appear regularly on app stores. SMS phishing, called smishing, delivers fake security alerts by text message. No communication channel is inherently safe — the same verification principles apply across email, social media, messaging apps, and mobile platforms.