Protecting Against Phishing & Scams
Overview
Phishing and social engineering are the most common ways people lose cryptocurrency. Attackers create fake websites, impersonate support staff, send malicious links, create fake token approvals, and use urgency to trick users into revealing credentials or signing malicious transactions. In crypto, transactions are irreversible — once you sign a malicious transaction or enter your seed phrase on a fake site, your funds are gone.
Security Features
Fake websites mimicking exchanges and wallets (check the URL character by character), Fake support on Twitter/Telegram/Discord (legitimate support will NEVER DM you first), Malicious token approvals (approve() giving unlimited access to your tokens), Dusting attacks (small token airdrops designed to track your wallet or trick interaction), Address poisoning (sending tiny amounts from similar-looking addresses to trick copy-paste), Clipboard malware (replaces copied wallet addresses with attacker's address)
Pros & Cons
Pros of awareness: saves your entire portfolio. Cons of complacency: complete loss of funds with zero recourse.
Setup Steps
1. Bookmark exchange and wallet URLs — never click links from emails or messages. 2. Verify URLs character by character before entering credentials. 3. Use anti-phishing codes (most exchanges offer this feature). 4. Never approve unlimited token allowances — use revoke.cash regularly. 5. Verify wallet addresses character by character before sending. 6. Be extremely sceptical of unsolicited messages, especially on Discord/Telegram. 7. If it sounds too good to be true, it is.
Best For
Every crypto user — phishing is the #1 threat
Tips & Recommendations
Specific red flags: anyone DMing you first about crypto. 'Connect your wallet to claim rewards'. Urgency ('do this now or lose your funds'). Requests for your seed phrase. 'Customer support' reaching out to you. Free money / guaranteed returns. Projects asking you to 'verify' your wallet.
Related Wallet Guides
Cold Storage Best Practices
Cold storage refers to keeping cryptocurrency completely offline — disconnected from the internet at all times. This includes hardware wallets, paper wallets, and air-gapped computers. Cold storage is the gold standard for securing large holdings because it eliminates remote attack vectors entirely. The key principle: your private keys have never touched an internet-connected device.
Seed Phrase Security Guide
Your seed phrase (recovery phrase, mnemonic) is the master key to all your cryptocurrency. Anyone with your seed phrase has complete, irreversible control over your funds. It's typically 12 or 24 words generated by your wallet using the BIP-39 standard. Protecting your seed phrase is the single most important security practice in crypto. The number one rule: NEVER store it digitally.
Two-Factor Authentication (2FA) Guide
Two-Factor Authentication adds a second layer of security beyond your password. For crypto accounts, 2FA is essential — it means that even if your password is compromised, an attacker still needs access to your second factor. Authenticator apps (Google Authenticator, Authy) are strongly preferred over SMS 2FA, which is vulnerable to SIM-swapping attacks.
Crypto Inheritance & Estate Planning
An estimated $20+ billion in cryptocurrency is permanently lost because holders died without sharing access information. Crypto inheritance planning ensures your digital assets can be transferred to heirs without compromising security during your lifetime. Solutions range from simple sealed envelopes with instructions to sophisticated multi-party schemes using time-locks, dead man's switches, and professional custodians.