Risks & Security

Phishing

Cryptocurrency Phishing

Deceptive attacks to steal private keys or trick users into malicious transactions

Definition

Phishing attacks trick users into revealing private keys, seed phrases, or approving malicious transactions through fake websites, emails, or social media messages.

Phishing (Cryptocurrency Phishing) is a risk term used to understand Deceptive attacks to steal private keys or trick users into malicious transactions. In practice, it matters because it affects how users evaluate protocols, compare opportunities, and avoid hidden assumptions.

Example

A fake Uniswap website looks identical to the real one but steals your wallet connection details when you try to trade.

1

How it works

In practice, the concept shows up like this: A fake Uniswap website looks identical to the real one but steals your wallet connection details when you try to trade.

2

Why it matters

Phishing matters because small misunderstandings in DeFi can turn into bad pricing, liquidation, governance, custody, or smart-contract risk. A good mental model helps you compare protocols without relying on marketing language.

3

What to check

Treat it as a risk term: identify the failure mode, who can be harmed, and what evidence would reduce that risk. The main checks are: Wallet drainage; Identity theft; Unauthorized transactions.

Risks to Consider

  • Wallet drainage
  • Identity theft
  • Unauthorized transactions

Common Questions

What does Phishing mean in DeFi?

Phishing means Deceptive attacks to steal private keys or trick users into malicious transactions. The useful question is not only the definition, but how the mechanism changes risk, return, liquidity, or governance for the user.

How is Phishing used in practice?

A practical example: A fake Uniswap website looks identical to the real one but steals your wallet connection details when you try to trade.

What should I check before relying on Phishing?

Check wallet drainage, identity theft, unauthorized transactions. Also verify liquidity, oracle assumptions, admin controls, and whether the protocol has been tested during stressed markets.

Related Terms

    Related Articles

    The Hitchhiker's Guide to Crypto Bullshit: How to spot a shitcoin?

    The Hitchhiker's Guide to Crypto Bullshit: How to spot a shitcoin?

    Looking to invest in an ICO, or get your hands on some already traded coins? Awesome, welcome aboard! Before you jump in, let me give you some clues to spot shaky projects with examples taken from actual ones. These tips come from my experience (and failures) as well the discussion I had both with friends and the cryptocurrency community. The Whitepaper is ALWAYS the most insightful resource Whitepapers (WP for the rest of this article) can be scary. While some manage to keep it short (~10 pages), others can reach the hundreds yet it’s the best place to gauge the seriousness of a project. It’s still the first thing I check once I’m seriously considering a coin. So what should you be watching closely in a WP?

    DeFi Bullshit Detector

    DeFi Bullshit Detector

    In the Arena this week, I tried something different: instead of doing things onchain as usual, I wanted to show how to setup a Claude instance dedicated to DeFi research, and the results were impressive. In 1h15, we were able to setup a new Claude instance from scratch, have it write its claude.md file with our instructions, install the necessary tools to query onchain data, and perform a test analysis on ThGold which returned many critical red flags, several of which were not previously discovered by another researcher as far as I could see.

    DeFi Glossary