Skip to main content

Overview

Phishing in cryptocurrency involves deceptive attempts to steal funds or credentials by impersonating legitimate projects, people, or services. Crypto phishing is particularly dangerous because transactions are irreversible.
Phishing is the most common attack vector in crypto. Always verify URLs, check official announcements, and never share seed phrases.

Types of Crypto Phishing

Website Phishing

  • Fake websites mimicking legitimate projects
  • Often use similar domain names (typosquatting)
  • Clone the UI of popular dApps

Social Engineering

  • Impersonating team members or support staff
  • Fake “verification” or “account issues”
  • Urgency tactics to pressure quick action

Airdrop Scams

  • Unsolicited tokens appearing in wallets
  • Links to “claim” more tokens
  • Interacting triggers malicious contracts

DNS Hijacking

  • Attackers compromise DNS records
  • Legitimate domain points to malicious site
  • Very difficult to detect

Detection Indicators

TagSeverityDescription
phishing_activitiesHighAddress involved in phishing operations
is_airdrop_scamHighFake airdrop attempting to steal funds
spam_domainMediumAssociated with known spam domains
is_scamHighConfirmed scam activity
spamLowSpam activity detected

Red Flags

URL Warning Signs

  • Misspelled domain names (uniswap → un1swap)
  • Extra characters (opensea-claim.com)
  • Different TLD (.io instead of .com)
  • Subdomains used deceptively (uniswap.malicious.com)

Communication Red Flags

  • Unsolicited DMs about “opportunities”
  • Requests for seed phrases or private keys
  • “Limited time” urgency pressure
  • Requests to “verify” your wallet

Transaction Red Flags

  • Unexpected approvals requested
  • Transactions to unfamiliar contracts
  • Higher gas fees than normal
  • Multiple transactions bundled together

API Example

# Check an address for phishing activity
curl -X GET "https://api.webacy.com/addresses/0x123...?chain=eth" \
  -H "x-api-key: YOUR_API_KEY"

# Check a URL for phishing
curl -X POST "https://api.webacy.com/url" \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://suspicious-site.com"}'
Response indicating phishing: 
{
  "overallRisk": 90.0,
  "issues": [
    {
      "tag": "phishing_activities",
      "severity": "high",
      "description": "Address involved in phishing activities. Proceed with extreme caution."
    }
  ]
}

Protection Strategies

  1. Bookmark official sites - Never click links from messages
  2. Verify announcements - Check official Twitter/Discord for news
  3. Use URL checkers - Our URL Risks endpoint
  4. Enable 2FA - On all exchange and service accounts
  5. Never share seeds - No legitimate service will ever ask
  6. Check contract addresses - Verify against official documentation