Crypto Phishing Scams: How They Work and How to Avoid Them

Crypto phishing scams cost holders an estimated $17 billion in 2025 — not because attackers cracked open blockchains, but because they tricked people. Impersonation schemes grew 1,400% year over year according to Chainalysis''s 2026 Crypto Crime Report, driven by AI tools that generate convincing fake messages at scale and are now 4.5 times more profitable than traditional attacks. Understanding how these work is the first step to not falling for one.

How crypto phishing scams actually work

Modern crypto phishing has moved well beyond fake login pages. Three attack types now account for the majority of losses:

Impersonation scams. Attackers pose as exchange support teams, hardware wallet manufacturers, or familiar contacts. In 2025, scammers sent physical letters to Ledger and Trezor users urging them to scan QR codes for a "mandatory security update." Others called victims posing as Coinbase representatives, convincing them to transfer assets to "secure" wallets the scammers controlled. AI tools now enable these messages to match the exact tone and branding of legitimate companies.

Wallet drainers. A victim connects their wallet to what looks like a legitimate DeFi platform or NFT site. The site presents a transaction request — often framed as a routine approval — that once signed gives attackers permission to empty the wallet. The victim sees nothing unusual until the funds are gone.

Address poisoning. Attackers send a tiny transaction from an address that looks nearly identical to one the victim uses regularly. The victim copies the familiar-looking address from their transaction history and sends funds to the attacker instead of the intended recipient. A single trader lost $50 million in USDT to this method in December 2025 (Chainalysis, 2025).

The red flags that matter most

Most phishing attacks rely on one of three triggers: urgency, authority, or familiarity. If a message checks any of these boxes without you initiating contact, treat it as suspicious.

Seed phrase request. No legitimate platform, support team, or hardware wallet company will ever ask for your recovery phrase. If someone asks for it — in any format, for any stated reason — it is a scam.

Unsolicited contact. Real exchange support teams do not DM you first. Real hardware wallet manufacturers do not mail you for security updates. Any message that initiates contact and asks you to act is worth verifying through an official channel before doing anything.

Transaction requests you didn''t initiate. Before signing any transaction, read what you''re approving on your hardware wallet''s screen — not your computer screen, which can be spoofed. "Set Approval for All" or "Unlimited Spend" from an unfamiliar source is a reliable warning sign.

What to check in your own setup

A few habits reduce exposure significantly:

• Bookmark exchange and wallet URLs the first time you visit them via an official source. Never navigate to an exchange by clicking a link in an email or message — phishing sites frequently appear as Google Ads above legitimate search results.
• Use app-based or hardware-key 2FA rather than SMS. SMS can be bypassed through SIM-swap attacks where attackers convince your carrier to transfer your number to a SIM they control. For more on where 2FA falls short, see Why 2FA Alone Isn''t Enough to Protect Your Crypto.
• Keep a separate wallet with minimal assets for DeFi interactions. If a drainer hits that wallet, your main holdings stay untouched. Three Proven Wallet Configurations for Different Portfolio Sizes covers how to structure this in practice.
• Verify the full recipient address before sending — at minimum check the first and last six characters, which is where address poisoning attempts differ from the real address.